Merge branch 'main' into dev

* main:
  web: bump API Client version (#9035)
  website/docs: maintenance, re-add system settings (#9026)
  core: bump duo-client from 5.2.0 to 5.3.0 (#9029)
  website: bump express from 4.18.2 to 4.19.2 in /website (#9027)
  web: bump express from 4.18.3 to 4.19.2 in /web (#9028)
  web: bump the eslint group in /web with 2 updates (#9030)
  core: bump goauthentik.io/api/v3 from 3.2024022.3 to 3.2024022.5 (#9031)
  website: bump @types/react from 18.2.69 to 18.2.70 in /website (#9032)
  web: bump the eslint group in /tests/wdio with 2 updates (#9033)
  web: bump katex from 0.16.9 to 0.16.10 in /web (#9025)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#9023)
  website/docs: include OS-specific docker-compose install instructions + minor fixes (#8975)

authentik/admin/api/version.py

@@ -39,7 +39,7 @@ class VersionSerializer(PassiveSerializer):
             return __version__
         return version_in_cache
 
-    def get_version_latest_valid(self, _) -> str:
+    def get_version_latest_valid(self, _) -> bool:
         """Check if latest version is valid"""
         return cache.get(VERSION_CACHE_KEY) != VERSION_NULL
 

go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.9.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2024022.3
+	goauthentik.io/api/v3 v3.2024022.5
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.18.0
 	golang.org/x/sync v0.6.0

go.sum

@@ -280,8 +280,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-goauthentik.io/api/v3 v3.2024022.3 h1:LngiHQkTVAZvUiq5Ffn34YOC6iwEsymuTsTLyPAcbvw=
+goauthentik.io/api/v3 v3.2024022.5 h1:z1ZaVY/UpwpHAghf/PyYRSOQT7U9g8E2N23YlRB5BJQ=
-goauthentik.io/api/v3 v3.2024022.3/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2024022.5/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

locale/fr/LC_MESSAGES/django.po

@@ -19,7 +19,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-03-01 00:07+0000\n"
+"POT-Creation-Date: 2024-03-05 00:07+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Marc Schmitt, 2024\n"
 "Language-Team: French (https://app.transifex.com/authentik/teams/119923/fr/)\n"
@@ -802,6 +802,10 @@ msgstr "Jeton du flux"
 msgid "Flow Tokens"
 msgstr "Jetons du flux"
 
+#: authentik/flows/views/executor.py
+msgid "Invalid next URL"
+msgstr "URL suivante invalide"
+
 #: authentik/lib/utils/time.py
 #, python-format
 msgid "%(value)s is not in the correct format of 'hours=3;minutes=1'."

poetry.lock

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand.
 
 [[package]]
 name = "aiohttp"
@@ -1389,13 +1389,13 @@ files = [
 
 [[package]]
 name = "duo-client"
-version = "5.2.0"
+version = "5.3.0"
 description = "Reference client for Duo Security APIs"
 optional = false
 python-versions = "*"
 files = [
-    {file = "duo_client-5.2.0-py3-none-any.whl", hash = "sha256:da3237e34300665c40ba5215f1e6656fec1a0136295917541aa973e7fcbf027e"},
+    {file = "duo_client-5.3.0-py3-none-any.whl", hash = "sha256:85614bb684cef96285268aef0c1e858df939f6e8a190fb2c707d700bb0215766"},
-    {file = "duo_client-5.2.0.tar.gz", hash = "sha256:f82361740792b06303f9721e7ba593916080461769396b4f73c0502c0bfcee44"},
+    {file = "duo_client-5.3.0.tar.gz", hash = "sha256:afa5ef98a42f06965a2702ca41dba9c85c483abd945e0a440f0ec4871b7593bf"},
 ]
 
 [package.dependencies]

schema.yml

@@ -45615,7 +45615,7 @@ components:
           description: Get latest version from cache
           readOnly: true
         version_latest_valid:
-          type: string
+          type: boolean
           description: Check if latest version is valid
           readOnly: true
         build_hash:

tests/wdio/package-lock.json

@@ -10,8 +10,8 @@
             },
             "devDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-                "@typescript-eslint/eslint-plugin": "^7.3.1",
+                "@typescript-eslint/eslint-plugin": "^7.4.0",
-                "@typescript-eslint/parser": "^7.3.1",
+                "@typescript-eslint/parser": "^7.4.0",
                 "@wdio/cli": "^8.35.1",
                 "@wdio/local-runner": "^8.35.1",
                 "@wdio/mocha-framework": "^8.35.0",
@@ -955,16 +955,16 @@
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.4.0.tgz",
-            "integrity": "sha512-STEDMVQGww5lhCuNXVSQfbfuNII5E08QWkvAw5Qwf+bj2WT+JkG1uc+5/vXA3AOYMDHVOSpL+9rcbEUiHIm2dw==",
+            "integrity": "sha512-yHMQ/oFaM7HZdVrVm/M2WHaNPgyuJH4WelkSVEWSSsir34kxW2kDJCxlXRhhGWEsMN0WAW/vLpKfKVcm8k+MPw==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/regexpp": "^4.5.1",
-                "@typescript-eslint/scope-manager": "7.3.1",
+                "@typescript-eslint/scope-manager": "7.4.0",
-                "@typescript-eslint/type-utils": "7.3.1",
+                "@typescript-eslint/type-utils": "7.4.0",
-                "@typescript-eslint/utils": "7.3.1",
+                "@typescript-eslint/utils": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1",
+                "@typescript-eslint/visitor-keys": "7.4.0",
                 "debug": "^4.3.4",
                 "graphemer": "^1.4.0",
                 "ignore": "^5.2.4",
@@ -990,15 +990,15 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.4.0.tgz",
-            "integrity": "sha512-Rq49+pq7viTRCH48XAbTA+wdLRrB/3sRq4Lpk0oGDm0VmnjBrAOVXH/Laalmwsv2VpekiEfVFwJYVk6/e8uvQw==",
+            "integrity": "sha512-ZvKHxHLusweEUVwrGRXXUVzFgnWhigo4JurEj0dGF1tbcGh6buL+ejDdjxOQxv6ytcY1uhun1p2sm8iWStlgLQ==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/scope-manager": "7.3.1",
+                "@typescript-eslint/scope-manager": "7.4.0",
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/typescript-estree": "7.3.1",
+                "@typescript-eslint/typescript-estree": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1",
+                "@typescript-eslint/visitor-keys": "7.4.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -1018,13 +1018,13 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.4.0.tgz",
-            "integrity": "sha512-fVS6fPxldsKY2nFvyT7IP78UO1/I2huG+AYu5AMjCT9wtl6JFiDnsv4uad4jQ0GTFzcUV5HShVeN96/17bTBag==",
+            "integrity": "sha512-68VqENG5HK27ypafqLVs8qO+RkNc7TezCduYrx8YJpXq2QGZ30vmNZGJJJC48+MVn4G2dCV8m5ZTVnzRexTVtw==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1"
+                "@typescript-eslint/visitor-keys": "7.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || >=20.0.0"
@@ -1035,13 +1035,13 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.4.0.tgz",
-            "integrity": "sha512-iFhaysxFsMDQlzJn+vr3OrxN8NmdQkHks4WaqD4QBnt5hsq234wcYdyQ9uquzJJIDAj5W4wQne3yEsYA6OmXGw==",
+            "integrity": "sha512-247ETeHgr9WTRMqHbbQdzwzhuyaJ8dPTuyuUEMANqzMRB1rj/9qFIuIXK7l0FX9i9FXbHeBQl/4uz6mYuCE7Aw==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "7.3.1",
+                "@typescript-eslint/typescript-estree": "7.4.0",
-                "@typescript-eslint/utils": "7.3.1",
+                "@typescript-eslint/utils": "7.4.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^1.0.1"
             },
@@ -1062,9 +1062,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.4.0.tgz",
-            "integrity": "sha512-2tUf3uWggBDl4S4183nivWQ2HqceOZh1U4hhu4p1tPiIJoRRXrab7Y+Y0p+dozYwZVvLPRI6r5wKe9kToF9FIw==",
+            "integrity": "sha512-mjQopsbffzJskos5B4HmbsadSJQWaRK0UxqQ7GuNA9Ga4bEKeiO6b2DnB6cM6bpc8lemaPseh0H9B/wyg+J7rw==",
             "dev": true,
             "engines": {
                 "node": "^18.18.0 || >=20.0.0"
@@ -1075,13 +1075,13 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.4.0.tgz",
-            "integrity": "sha512-tLpuqM46LVkduWP7JO7yVoWshpJuJzxDOPYIVWUUZbW+4dBpgGeUdl/fQkhuV0A8eGnphYw3pp8d2EnvPOfxmQ==",
+            "integrity": "sha512-A99j5AYoME/UBQ1ucEbbMEmGkN7SE0BvZFreSnTd1luq7yulcHdyGamZKizU7canpGDWGJ+Q6ZA9SyQobipePg==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1",
+                "@typescript-eslint/visitor-keys": "7.4.0",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -1127,17 +1127,17 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.4.0.tgz",
-            "integrity": "sha512-jIERm/6bYQ9HkynYlNZvXpzmXWZGhMbrOvq3jJzOSOlKXsVjrrolzWBjDW6/TvT5Q3WqaN4EkmcfdQwi9tDjBQ==",
+            "integrity": "sha512-NQt9QLM4Tt8qrlBVY9lkMYzfYtNz8/6qwZg8pI3cMGlPnj6mOpRxxAm7BMJN9K0AiY+1BwJ5lVC650YJqYOuNg==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.4.0",
                 "@types/json-schema": "^7.0.12",
                 "@types/semver": "^7.5.0",
-                "@typescript-eslint/scope-manager": "7.3.1",
+                "@typescript-eslint/scope-manager": "7.4.0",
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/typescript-estree": "7.3.1",
+                "@typescript-eslint/typescript-estree": "7.4.0",
                 "semver": "^7.5.4"
             },
             "engines": {
@@ -1152,12 +1152,12 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.4.0.tgz",
-            "integrity": "sha512-9RMXwQF8knsZvfv9tdi+4D/j7dMG28X/wMJ8Jj6eOHyHWwDW4ngQJcqEczSsqIKKjFiLFr40Mnr7a5ulDD3vmw==",
+            "integrity": "sha512-0zkC7YM0iX5Y41homUUeW1CHtZR01K3ybjM1l6QczoMuay0XKtrb93kv95AxUGwdjGr64nNqnOCwmEl616N8CA==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
                 "eslint-visitor-keys": "^3.4.1"
             },
             "engines": {

tests/wdio/package.json

@@ -4,8 +4,8 @@
     "type": "module",
     "devDependencies": {
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-        "@typescript-eslint/eslint-plugin": "^7.3.1",
+        "@typescript-eslint/eslint-plugin": "^7.4.0",
-        "@typescript-eslint/parser": "^7.3.1",
+        "@typescript-eslint/parser": "^7.4.0",
         "@wdio/cli": "^8.35.1",
         "@wdio/local-runner": "^8.35.1",
         "@wdio/mocha-framework": "^8.35.0",

web/package-lock.json

@@ -17,7 +17,7 @@
                 "@codemirror/theme-one-dark": "^6.1.2",
                 "@formatjs/intl-listformat": "^7.5.5",
                 "@fortawesome/fontawesome-free": "^6.5.1",
-                "@goauthentik/api": "^2024.2.2-1711369360",
+                "@goauthentik/api": "^2024.2.2-1711460547",
                 "@lit-labs/task": "^3.1.0",
                 "@lit/context": "^1.1.0",
                 "@lit/localize": "^0.12.1",
@@ -73,8 +73,8 @@
                 "@types/grecaptcha": "^3.0.9",
                 "@types/guacamole-common-js": "1.5.2",
                 "@types/showdown": "^2.0.6",
-                "@typescript-eslint/eslint-plugin": "^7.3.1",
+                "@typescript-eslint/eslint-plugin": "^7.4.0",
-                "@typescript-eslint/parser": "^7.3.1",
+                "@typescript-eslint/parser": "^7.4.0",
                 "babel-plugin-macros": "^3.1.0",
                 "babel-plugin-tsconfig-paths": "^1.0.3",
                 "chokidar": "^3.6.0",
@@ -2820,9 +2820,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2024.2.2-1711369360",
+            "version": "2024.2.2-1711460547",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.2.2-1711369360.tgz",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.2.2-1711460547.tgz",
-            "integrity": "sha512-8/J6cfxzpaUyz+piZUXrxPZuAlJ9SxwNrH+Z8xSRLAVavmEjmRM+Oy2XJEIZLDbcBKhNEuE99xdOxq6il/FJVw=="
+            "integrity": "sha512-MnU9SVpMtg+Tu0xASgPh0TXVLKo1n7W74z5Yh0WccirsrqlhBTNBgDFbAJKV4/EVt0b+c0/GEa9JxkSt3+DxaA=="
         },
         "node_modules/@hcaptcha/types": {
             "version": "1.0.3",
@@ -7088,16 +7088,16 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.4.0.tgz",
-            "integrity": "sha512-STEDMVQGww5lhCuNXVSQfbfuNII5E08QWkvAw5Qwf+bj2WT+JkG1uc+5/vXA3AOYMDHVOSpL+9rcbEUiHIm2dw==",
+            "integrity": "sha512-yHMQ/oFaM7HZdVrVm/M2WHaNPgyuJH4WelkSVEWSSsir34kxW2kDJCxlXRhhGWEsMN0WAW/vLpKfKVcm8k+MPw==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/regexpp": "^4.5.1",
-                "@typescript-eslint/scope-manager": "7.3.1",
+                "@typescript-eslint/scope-manager": "7.4.0",
-                "@typescript-eslint/type-utils": "7.3.1",
+                "@typescript-eslint/type-utils": "7.4.0",
-                "@typescript-eslint/utils": "7.3.1",
+                "@typescript-eslint/utils": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1",
+                "@typescript-eslint/visitor-keys": "7.4.0",
                 "debug": "^4.3.4",
                 "graphemer": "^1.4.0",
                 "ignore": "^5.2.4",
@@ -7153,15 +7153,15 @@
             "license": "ISC"
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.4.0.tgz",
-            "integrity": "sha512-Rq49+pq7viTRCH48XAbTA+wdLRrB/3sRq4Lpk0oGDm0VmnjBrAOVXH/Laalmwsv2VpekiEfVFwJYVk6/e8uvQw==",
+            "integrity": "sha512-ZvKHxHLusweEUVwrGRXXUVzFgnWhigo4JurEj0dGF1tbcGh6buL+ejDdjxOQxv6ytcY1uhun1p2sm8iWStlgLQ==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/scope-manager": "7.3.1",
+                "@typescript-eslint/scope-manager": "7.4.0",
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/typescript-estree": "7.3.1",
+                "@typescript-eslint/typescript-estree": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1",
+                "@typescript-eslint/visitor-keys": "7.4.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -7181,13 +7181,13 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.4.0.tgz",
-            "integrity": "sha512-fVS6fPxldsKY2nFvyT7IP78UO1/I2huG+AYu5AMjCT9wtl6JFiDnsv4uad4jQ0GTFzcUV5HShVeN96/17bTBag==",
+            "integrity": "sha512-68VqENG5HK27ypafqLVs8qO+RkNc7TezCduYrx8YJpXq2QGZ30vmNZGJJJC48+MVn4G2dCV8m5ZTVnzRexTVtw==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1"
+                "@typescript-eslint/visitor-keys": "7.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || >=20.0.0"
@@ -7198,13 +7198,13 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.4.0.tgz",
-            "integrity": "sha512-iFhaysxFsMDQlzJn+vr3OrxN8NmdQkHks4WaqD4QBnt5hsq234wcYdyQ9uquzJJIDAj5W4wQne3yEsYA6OmXGw==",
+            "integrity": "sha512-247ETeHgr9WTRMqHbbQdzwzhuyaJ8dPTuyuUEMANqzMRB1rj/9qFIuIXK7l0FX9i9FXbHeBQl/4uz6mYuCE7Aw==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "7.3.1",
+                "@typescript-eslint/typescript-estree": "7.4.0",
-                "@typescript-eslint/utils": "7.3.1",
+                "@typescript-eslint/utils": "7.4.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^1.0.1"
             },
@@ -7225,9 +7225,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.4.0.tgz",
-            "integrity": "sha512-2tUf3uWggBDl4S4183nivWQ2HqceOZh1U4hhu4p1tPiIJoRRXrab7Y+Y0p+dozYwZVvLPRI6r5wKe9kToF9FIw==",
+            "integrity": "sha512-mjQopsbffzJskos5B4HmbsadSJQWaRK0UxqQ7GuNA9Ga4bEKeiO6b2DnB6cM6bpc8lemaPseh0H9B/wyg+J7rw==",
             "dev": true,
             "engines": {
                 "node": "^18.18.0 || >=20.0.0"
@@ -7238,13 +7238,13 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.4.0.tgz",
-            "integrity": "sha512-tLpuqM46LVkduWP7JO7yVoWshpJuJzxDOPYIVWUUZbW+4dBpgGeUdl/fQkhuV0A8eGnphYw3pp8d2EnvPOfxmQ==",
+            "integrity": "sha512-A99j5AYoME/UBQ1ucEbbMEmGkN7SE0BvZFreSnTd1luq7yulcHdyGamZKizU7canpGDWGJ+Q6ZA9SyQobipePg==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/visitor-keys": "7.3.1",
+                "@typescript-eslint/visitor-keys": "7.4.0",
                 "debug": "^4.3.4",
                 "globby": "^11.1.0",
                 "is-glob": "^4.0.3",
@@ -7299,17 +7299,17 @@
             "dev": true
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.4.0.tgz",
-            "integrity": "sha512-jIERm/6bYQ9HkynYlNZvXpzmXWZGhMbrOvq3jJzOSOlKXsVjrrolzWBjDW6/TvT5Q3WqaN4EkmcfdQwi9tDjBQ==",
+            "integrity": "sha512-NQt9QLM4Tt8qrlBVY9lkMYzfYtNz8/6qwZg8pI3cMGlPnj6mOpRxxAm7BMJN9K0AiY+1BwJ5lVC650YJqYOuNg==",
             "dev": true,
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.4.0",
                 "@types/json-schema": "^7.0.12",
                 "@types/semver": "^7.5.0",
-                "@typescript-eslint/scope-manager": "7.3.1",
+                "@typescript-eslint/scope-manager": "7.4.0",
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
-                "@typescript-eslint/typescript-estree": "7.3.1",
+                "@typescript-eslint/typescript-estree": "7.4.0",
                 "semver": "^7.5.4"
             },
             "engines": {
@@ -7357,12 +7357,12 @@
             "dev": true
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "7.3.1",
+            "version": "7.4.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.3.1.tgz",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.4.0.tgz",
-            "integrity": "sha512-9RMXwQF8knsZvfv9tdi+4D/j7dMG28X/wMJ8Jj6eOHyHWwDW4ngQJcqEczSsqIKKjFiLFr40Mnr7a5ulDD3vmw==",
+            "integrity": "sha512-0zkC7YM0iX5Y41homUUeW1CHtZR01K3ybjM1l6QczoMuay0XKtrb93kv95AxUGwdjGr64nNqnOCwmEl616N8CA==",
             "dev": true,
             "dependencies": {
-                "@typescript-eslint/types": "7.3.1",
+                "@typescript-eslint/types": "7.4.0",
                 "eslint-visitor-keys": "^3.4.1"
             },
             "engines": {
@@ -8524,9 +8524,9 @@
             "license": "MIT"
         },
         "node_modules/cookie": {
-            "version": "0.5.0",
+            "version": "0.6.0",
-            "dev": true,
+            "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-            "license": "MIT",
+            "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
             "engines": {
                 "node": ">= 0.6"
             }
@@ -10526,16 +10526,17 @@
             }
         },
         "node_modules/express": {
-            "version": "4.18.3",
+            "version": "4.19.2",
+            "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz",
+            "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==",
             "dev": true,
-            "license": "MIT",
             "dependencies": {
                 "accepts": "~1.3.8",
                 "array-flatten": "1.1.1",
                 "body-parser": "1.20.2",
                 "content-disposition": "0.5.4",
                 "content-type": "~1.0.4",
-                "cookie": "0.5.0",
+                "cookie": "0.6.0",
                 "cookie-signature": "1.0.6",
                 "debug": "2.6.9",
                 "depd": "2.0.0",
@@ -12501,9 +12502,9 @@
             }
         },
         "node_modules/katex": {
-            "version": "0.16.9",
+            "version": "0.16.10",
-            "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.9.tgz",
+            "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.10.tgz",
-            "integrity": "sha512-fsSYjWS0EEOwvy81j3vRA8TEAhQhKiqO+FQaKWp0m39qwOzHVBgAUBIXWj1pB+O2W3fIpNa6Y9KSKCVbfPhyAQ==",
+            "integrity": "sha512-ZiqaC04tp2O5utMsl2TEZTXxa6WSC4yo0fv5ML++D3QZv/vx2Mct0mTlRx3O+uUkjfuAgOkzsCmq5MiUEsDDdA==",
             "funding": [
                 "https://opencollective.com/katex",
                 "https://github.com/sponsors/katex"
@@ -16448,13 +16449,6 @@
             "version": "2.0.1",
             "license": "Python-2.0"
         },
-        "node_modules/swagger-client/node_modules/cookie": {
-            "version": "0.6.0",
-            "license": "MIT",
-            "engines": {
-                "node": ">= 0.6"
-            }
-        },
         "node_modules/swagger-client/node_modules/is-plain-object": {
             "version": "5.0.0",
             "license": "MIT",

web/package.json

@@ -38,7 +38,7 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.5.5",
         "@fortawesome/fontawesome-free": "^6.5.1",
-        "@goauthentik/api": "^2024.2.2-1711369360",
+        "@goauthentik/api": "^2024.2.2-1711460547",
         "@lit-labs/task": "^3.1.0",
         "@lit/context": "^1.1.0",
         "@lit/localize": "^0.12.1",
@@ -94,8 +94,8 @@
         "@types/grecaptcha": "^3.0.9",
         "@types/guacamole-common-js": "1.5.2",
         "@types/showdown": "^2.0.6",
-        "@typescript-eslint/eslint-plugin": "^7.3.1",
+        "@typescript-eslint/eslint-plugin": "^7.4.0",
-        "@typescript-eslint/parser": "^7.3.1",
+        "@typescript-eslint/parser": "^7.4.0",
         "babel-plugin-macros": "^3.1.0",
         "babel-plugin-tsconfig-paths": "^1.0.3",
         "chokidar": "^3.6.0",

website/docs/core/certificates.md

@@ -8,7 +8,7 @@ Certificates in authentik are used for the following use cases:
 -   Signing JSON Web Tokens for OAuth and OIDC
 -   Connecting to remote docker hosts using the Docker integration
 -   Verifying LDAP Servers' certificates
--   Encrypting outposts's endpoints
+-   Encrypting outposts' endpoints
 
 ## Default certificate
 
@@ -16,15 +16,15 @@ Every authentik install generates a self-signed certificate on the first start.
 
 This certificate is generated to be used as a default for all OAuth2/OIDC providers, as these don't require the certificate to be configured on both sides (the signature of a JWT is validated using the [JWKS](https://auth0.com/docs/security/tokens/json-web-tokens/json-web-key-sets) URL).
 
-This certificate can also be used for SAML Providers/Sources, just keep in mind that the certificate is only valid for a year. Some SAML applications require the certificate to be valid, so they might need to be rotated regularly.
+This certificate can also be used for SAML Providers/Sources, but keep in mind that the certificate is only valid for a year. Some SAML applications require the certificate to be valid, so they might need to be rotated regularly.
 
-For SAML use-cases, you can generate a Certificate that's valid for longer than 1 year, on your own risk.
+For SAML use-cases, you can generate a Certificate that's valid for longer than 1 year, at your own risk.
 
 ## External certificates
 
 To use externally managed certificates, for example generated with certbot or HashiCorp Vault, you can use the discovery feature.
 
-The docker-compose installation maps a `certs` directory to `/certs`, you can simply use this as an output directory for certbot.
+The Docker Compose installation maps a `certs` directory to `/certs`. You can simply use this as an output directory for certbot.
 
 For Kubernetes, you can map custom secrets/volumes under `/certs`.
 
@@ -32,13 +32,13 @@ You can also bind mount single files into the folder, as long as they fall under
 
 -   Files in the root directory will be imported based on their filename.
 
-    `/foo.pem` Will be imported as the keypair `foo`. Based on its content its either imported as certificate or private key.
+    `/foo.pem` Will be imported as the keypair `foo`. Based on its content, the file is either imported as a certificate or a private key:
 
-    Files containing `PRIVATE KEY` it will imported as private key.
+    -   Files containing `PRIVATE KEY` will imported as private keys.
 
-    Otherwise it will be imported as certificate.
+    -   Otherwise the file will be imported as a certificate.
 
--   If the file is called `fullchain.pem` or `privkey.pem` (the output naming of certbot), they will get the name of the parent folder.
+-   If the file is called `fullchain.pem` or `privkey.pem` (the output naming of certbot), it will get the name of the parent folder.
 -   Files can be in any arbitrary file structure, and can have any extension.
 -   If the path contains `archive`, the files will be ignored (to better support certbot setups).
 
@@ -55,7 +55,7 @@ certs/
 └── foo.pem
 ```
 
-Files are checked every 5 minutes, and will trigger an Outpost refresh if the files differ.
+Files are checked every 5 minutes and will trigger an Outpost refresh if a file has changed.
 
 #### Manual imports
 
@@ -67,7 +67,7 @@ ak import_certificate --certificate /certs/mycert.pem --private-key /certs/somet
 # ak import_certificate --certificate /certs/othercert.pem --name test2
 ```
 
-This will import the certificate into authentik under the given name. This command is idempotent, meaning you can run it via a cron-job and authentik will only update the certificate when it changes.
+This will import the certificate into authentik under the given name. This command is safe to run as a cron job; authentik will only re-import the certificate if it changes.
 
 ## Web certificates
 
@@ -75,7 +75,7 @@ Starting with authentik 2021.12.4, you can configure the certificate authentik u
 
 #### Let's Encrypt
 
-To use let's encrypt certificates with this setup, using certbot, you can use this compose override (create or edit a file called `docker-compose.override.yml` in the same folder as the authentik docker-compose file)
+To use Let's Encrypt certificates with this setup, using certbot, you can use this compose override (create or edit a file called `docker-compose.override.yml` in the same folder as the authentik docker-compose file)
 
 ```yaml
 version: "3.2"
@@ -98,7 +98,7 @@ services:
             - --dns-route53
 ```
 
-Afterwards, run `docker compose up -d`, which will start certbot and generate your certificate. Within a few minutes, you'll see the certificate in your authentik interface. (If the certificate does not appear, restart the worker container. This is caused by incompatible permissions set by certbot).
+Afterward, run `docker compose up -d`, which will start certbot and generate your certificate. Within a few minutes, you'll see the certificate in your authentik interface. (If the certificate does not appear, restart the worker container. This is caused by incompatible permissions set by certbot).
 
 Navigate to _System -> Brands_, edit any brand and select the certificate of your choice.
 

website/docs/core/settings.md

@@ -0,0 +1,60 @@
+---
+title: System Settings
+---
+
+These settings are similar to the configuration options listed [here](../installation/configuration.mdx), however they can only be adjusted through the authentik Admin interface or API.
+
+### Avatars
+
+Configure how authentik should show avatars for users. Following values can be set:
+
+Default: `gravatar,initials`
+
+-   `none`: Disables per-user avatars and just shows a 1x1 pixel transparent picture
+-   `gravatar`: Uses gravatar with the user's email address
+-   `initials`: Generated avatars based on the user's name
+-   Any URL: If you want to use images hosted on another server, you can set any URL.
+
+    Additionally, these placeholders can be used:
+
+    -   `%(username)s`: The user's username
+    -   `%(mail_hash)s`: The email address, md5 hashed
+    -   `%(upn)s`: The user's UPN, if set (otherwise an empty string)
+
+You can also use an attribute path like `attributes.something.avatar`, which can be used in combination with the file field to allow users to upload custom avatars for themselves.
+
+Multiple modes can be set, and authentik will fallback to the next mode when no avatar could be found. For example, setting this to `gravatar,initials` will attempt to get an avatar from Gravatar, and if the user has not configured on there, it will fallback to a generated avatar.
+
+### Allow users to change name
+
+Enable the ability for users to change their name, defaults to `true`.
+
+### Allow users to change email
+
+Enable the ability for users to change their Email address, defaults to `false`.
+
+### Allow users to change username
+
+Enable the ability for users to change their Usernames, defaults to `false`.
+
+### Event retention
+
+Configure how long [Events](../events/index.md) are retained for within authentik. Default value is `days=365`. When forwarding events to an external application, this value can be decreased. When changing this value, only new events are affected.
+
+### Footer links
+
+This option configures the footer links on the flow executor pages.
+
+The setting can be used as follows:
+
+```json
+[{ "name": "Link Name", "href": "https://goauthentik.io" }]
+```
+
+### GDPR compliance
+
+When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true`.
+
+### Impersonation
+
+Globally enable/disable impersonation. Defaults to `true`.

website/docs/enterprise/get-started.md

@@ -8,7 +8,7 @@ Installing authentik is exactly the same process for both Enterprise version and
 
 To get started working with Enterprise authentik, upgrade to the [2023.8.x](../releases) version or later. For installation steps, refer to our [technical documentation](../installation/index.mdx) for instructions to install and configure authentik.
 
--   [Docker Compose installation](../installation/docker-compose.md)
+-   [Docker Compose installation](../installation/docker-compose.mdx)
 -   [Kubernetes installation](../installation/kubernetes.md)
 
 ## Access Enterprise

website/docs/index.mdx

@@ -7,21 +7,21 @@ slug: /
 
 Our tech docs cover the typical topics, from installation to configuration, adding providers, defining policies and creating login flows, event monitoring, security, and attributes. [Enterprise](./enterprise/index.md) version documentation is included here, within our standard tech docs.
 
--   For information about integrating a specific application or software into authentik, refer to our [Integrations](../integrations) section, accessible from the top menu-bar.
+-   For information about integrating a specific application or software into authentik, refer to our [Integrations](../integrations) section, accessible from the top menu bar.
 
--   For developer-focused documentation, such as using our APIs and blueprints, setting up your development environment, translations, or how to contribute, refer to the [Developer](../developer-docs) area, accessible from the top menu-bar.
+-   For developer-focused documentation, such as using our APIs and blueprints, setting up your development environment, translations, or how to contribute, refer to the [Developer](../developer-docs) area, accessible from the top menu bar.
 
 ## What is authentik?
 
 authentik is an open-source Identity Provider, focused on flexibility and versatility. With authentik, site administrators, application developers, and security engineers have a dependable and secure solution for authentication in almost any type of environment. There are robust recovery actions available for the users and applications, including user profile and password management. You can quickly edit, deactivate, or even impersonate a user profile, and set a new password for new users or reset an existing password.
 
-You can use authentik in an existing environment to add support for new protocols, so introducing authentik to your current tech stack doesn't present re-architecting challenges. We already support all of the major providers, such as OAuth2, SAML, LDAP, and SCIM, so you can pick the protocol that you need for each application.
+You can use authentik in an existing environment to add support for new protocols, so introducing authentik to your current tech stack doesn't present re-architecting challenges. We support all of the major providers, such as OAuth2, SAML, LDAP, and SCIM, so you can pick the protocol that you need for each application.
 
 The authentik product provides the following consoles:
 
 -   **Admin interface**: a visual tool for the creation and management of users and groups, tokens and credentials, application integrations, events, and the Flows that define standard and customizable login and authentication processes. Easy-to-read visual dashboards display system status, recent logins and authentication events, and application usage.
 
--   **User interface**: this console view in authentik displays all of the applications and integrations in which you have implemented authentik. Click on the app that you want to access to open it, or drill down to edit its configuration in the admin interface
+-   **User interface**: this console view in authentik displays all of the applications and integrations in which you have implemented authentik. Click on the app that you want to access to open it, or drill down to edit its configuration in the admin interface.
 
 -   **Flows**: [_Flows_](./flow) are the steps by which the various _Stages_ of a login and authentication process occurs. A stage represents a single verification or logic step in the sign-on process. authentik allows for the customization and exact definition of these flows.
 
@@ -29,11 +29,11 @@ The authentik product provides the following consoles:
 
 Refer to the installation steps in either [Docker-compose](installation/docker-compose) or [Kubernetes](installation/kubernetes).
 
-For more information about configuration, Beta versions, and additional installation options, see our main [Installation](installation) section.
+For more information about configuration, beta versions, and additional installation options, see our main [Installation](installation) section.
 
 ## Screenshots
 
-authentik can use Light or Dark mode for the Admin interface, User interface and the flow interface.
+authentik can use Light or Dark mode for the Admin interface, User interface and the Flow interface.
 
 import "react-before-after-slider-component/dist/build.css";
 import ReactBeforeSliderComponent from "react-before-after-slider-component";

website/docs/installation/configuration.mdx

@@ -110,7 +110,7 @@ To check if your config has been applied correctly, you can run the following co
 ## Broker Settings
 
 -   `AUTHENTIK_BROKER__URL`: Broker configuration URL, defaults to Redis using [the respective settings](#redis-settings)
--   `AUTHENTIK_BROKER__TRANSPORT_OPTIONS`: Base64 encoded broker transport options
+-   `AUTHENTIK_BROKER__TRANSPORT_OPTIONS`: Base64-encoded broker transport options
 
     :::info
     `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for.
@@ -144,19 +144,19 @@ These settings affect where media files are stored. Those files include applicat
 -   `AUTHENTIK_STORAGE__MEDIA__S3__SECURITY_TOKEN`: Security token to authenticate to S3. May be omitted. Supports hot-reloading.
 -   `AUTHENTIK_STORAGE__MEDIA__S3__BUCKET_NAME`: Name of the bucket to use to store files.
 -   `AUTHENTIK_STORAGE__MEDIA__S3__CUSTOM_DOMAIN`: Domain to use to create URLs for users. Mainly useful for non-AWS providers. May include a port. Must include the bucket. Example: `s3.company:8080/authentik-media`.
--   `AUTHENTIK_STORAGE__MEDIA__S3__SECURE_URLS`: Whether URLS created for users use `http` or `https`. Defaults to `true`.
+-   `AUTHENTIK_STORAGE__MEDIA__S3__SECURE_URLS`: Whether URLs created use HTTPS (set to `true` by default) or HTTP.
 
 ## authentik Settings
 
 ### `AUTHENTIK_SECRET_KEY`
 
-Secret key used for cookie signing and unique user IDs, don't change this after the first install.
+Secret key used for cookie signing and unique user IDs. Do not change this after the first install.
 
 ### `AUTHENTIK_LOG_LEVEL`
 
-Log level for the server and worker containers. Possible values: debug, info, warning, error
+Log level for the server and worker containers. Possible values: `debug`, `info`, `warning`, `error`.
 
-Starting with 2021.12.3, you can also set the log level to _trace_. This has no affect on the core authentik server, but shows additional messages for the embedded outpost.
+Starting with 2021.12.3, you can also set the log level to `trace`. This has no effect on the core authentik server, but shows additional messages for the embedded outpost.
 
 :::danger
 Setting the log level to `trace` will include sensitive details in logs, so it shouldn't be used in most cases.
@@ -188,7 +188,7 @@ Disable the inbuilt update-checker. Defaults to `false`.
 
     Enable error reporting. Defaults to `false`.
 
-    Error reports are sent to https://sentry.io, and are used for debugging and general feedback. Anonymous performance data is also sent.
+    Error reports are sent to https://sentry.io and are used for debugging and general feedback. Anonymous performance data is also sent.
 
 -   `AUTHENTIK_ERROR_REPORTING__SENTRY_DSN`
 
@@ -202,8 +202,7 @@ Disable the inbuilt update-checker. Defaults to `false`.
 
     The environment tag associated with all data sent to Sentry. Defaults to `customer`.
 
-    When error reporting has been enabled to aid in debugging issues, this should be set to a unique
+    When error reporting has been enabled to aid in debugging issues, this should be set to a unique value, such as an email address.
-    value, such as an e-mail address.
 
 -   `AUTHENTIK_ERROR_REPORTING__SEND_PII`
 
@@ -326,7 +325,7 @@ Requires authentik 2022.9
 Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html).
 
 If running in Kubernetes, the default value is set to 2 and should in most cases not be changed, as scaling can be done with multiple pods running the web server.
-Otherwise, authentik will use 1 worker for each 4 CPU cores + 1 as a value below 2 workers is not recommended.
+Otherwise, authentik will use 1 worker for each 4 CPU cores + 1. A value below 2 workers is not recommended.
 
 ### `AUTHENTIK_WEB__THREADS`
 
@@ -358,7 +357,7 @@ Additional settings are configurable using the Admin interface, under **System**
 
 ## Custom python settings
 
-To modify additional settings further than the options above allow, you can create a custom python file and mount it to `/data/user_settings.py`. This file will be loaded on startup by both the server and the worker. All default settings are [here](https://github.com/goauthentik/authentik/blob/main/authentik/root/settings.py)
+To modify additional settings further than the options above allow, you can create a custom Python file and mount it to `/data/user_settings.py`. This file will be loaded on startup by both the server and the worker. All default settings are [here](https://github.com/goauthentik/authentik/blob/main/authentik/root/settings.py)
 
 :::caution
 Using these custom settings is not supported and can prevent your authentik instance from starting. Use with caution.

website/docs/installation/docker-compose.mdx

@@ -2,7 +2,7 @@
 title: Docker Compose installation
 ---
 
-This installation method is for test-setups and small-scale production setups.
+This installation method is for test setups and small-scale production setups.
 
 ## Requirements
 
@@ -12,32 +12,51 @@ This installation method is for test-setups and small-scale production setups.
 
 ## Video
 
-<iframe width="560" height="315" src="https://www.youtube.com/embed/O1qUbrk4Yc8?si=HiSBjmJYhE_oJhB1&amp;start=22" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+<iframe
+    width="560"
+    height="315"
+    src="https://www.youtube.com/embed/O1qUbrk4Yc8?si=HiSBjmJYhE_oJhB1&amp;start=22"
+    title="YouTube video player"
+    frameborder="0"
+    allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
+    allowfullscreen
+></iframe>
 
 ## Preparation
 
 To download the latest `docker-compose.yml` open your terminal and navigate to the directory of your choice.
 Run the following command:
 
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+{/* prettier-ignore */}
+<Tabs groupId="OS">
+    <TabItem value="Linux" label="Linux" default>
+        ```shell
+        wget https://goauthentik.io/docker-compose.yml
+        ```
+    </TabItem>
+    <TabItem value="MacOS" label="MacOS">
+        ```shell
+        curl -O https://goauthentik.io/docker-compose.yml
+        ```
+    </TabItem>
+</Tabs>
+
+If this is a fresh authentik installation, you need to generate a password and a secret key. Use a secure password generator of your choice such as pwgen, or you can use `openssl` as below.
+
+Run the following commands to generate a password and secret key and write them to your `.env` file:
+
+{/* prettier-ignore */}
 ```shell
-wget https://goauthentik.io/docker-compose.yml
+echo "PG_PASS=$(openssl rand -base64 36)" >> .env
+echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 36)" >> .env
 ```
 
-If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen**, a popular generator:
+:::info
-
+Because of a PostgreSQL limitation, only passwords up to 99 chars are supported. See: https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
-```shell
+:::
-# You can also use openssl instead: `openssl rand -base64 36`
-sudo apt-get install -y pwgen
-```
-
-Next, run the following commands to generate a password and secret key and write them to your `.env` file:
-
-```shell
-echo "PG_PASS=$(pwgen -s 40 1)" >> .env
-echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env
-# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported
-# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
-```
 
 To enable error reporting, run the following command:
 
@@ -87,7 +106,7 @@ Do not update or mount `/etc/timezone` or `/etc/localtime` in the authentik cont
 This will not give any advantages. It will cause problems with OAuth and SAML authentication, e.g. [see this GitHub issue](https://github.com/goauthentik/authentik/issues/3005).
 :::
 
-Afterwards, run these commands to finish:
+Afterward, run these commands to finish:
 
 ```shell
 docker compose pull
@@ -98,6 +117,6 @@ The `docker-compose.yml` file statically references the latest version available
 
 To start the initial setup, navigate to `http://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
 
-There you are prompted to set a password for the akadmin user (the default user).
+There you are prompted to set a password for the `akadmin` user (the default user).
 
-An explanation about what each service in the docker compose file does, see [Architecture](../core/architecture.md).
+For an explanation about what each service in the docker compose file does, see [Architecture](../core/architecture.md).

website/docs/installation/kubernetes.md

@@ -32,7 +32,7 @@ Create a `values.yaml` file with a minimum of these settings:
 
 ```yaml
 authentik:
-    secret_key: "PleaseGenerateA50CharKey"
+    secret_key: "PleaseGenerateASecureKey"
     # This sends anonymous usage-data, stack traces on errors and
     # performance data to sentry.io, and is fully opt-in
     error_reporting:
@@ -60,7 +60,7 @@ See all configurable values on [ArtifactHub](https://artifacthub.io/packages/hel
 
 ### Install authentik Helm Chart
 
-Now, execute the following commands to install authentik
+Now, execute the following commands to install authentik:
 
 ```
 helm repo add authentik https://charts.goauthentik.io
@@ -72,7 +72,7 @@ During the installation process, the database migrations will be applied automat
 
 ### Accessing authentik
 
-Once the installation is complete, access authentik at `https://<ingress-host-name>/if/flow/initial-setup/`. Here, you can set a password for the default akadmin user.
+After the installation is complete, access authentik at `https://<ingress-host-name>/if/flow/initial-setup/`. Here, you can set a password for the default `akadmin` user.
 
 ### Optional step: Configure global email credentials
 
@@ -87,17 +87,17 @@ email:
     # -- SMTP Server emails are sent from, fully optional
     host: ""
     port: 587
-    # -- SMTP credentials, when left empty, no authentication will be done
+    # -- SMTP credentials. When left empty, no authentication will be done.
     username: ""
-    # -- SMTP credentials, when left empty, no authentication will be done
+    # -- SMTP credentials. When left empty, no authentication will be done.
     password: ""
-    # -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
+    # -- Enable either use_tls or use_ssl. They can't be enabled at the same time.
     use_tls: false
-    # -- Enable either use_tls or use_ssl, they can't be enabled at the same time.
+    # -- Enable either use_tls or use_ssl. They can't be enabled at the same time.
     use_ssl: false
-    # -- Connection timeout
+    # -- Connection timeout in seconds
     timeout: 30
-    # -- Email from address, can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
+    # -- Email 'from' address can either be in the format "foo@bar.baz" or "authentik <foo@bar.baz>"
     from: ""
 ```
 

website/docs/installation/monitoring.md

@@ -2,11 +2,11 @@
 title: Monitoring
 ---
 
-authentik can be easily monitored multiple ways.
+authentik can be easily monitored in multiple ways.
 
 ## Server monitoring
 
-Configure your monitoring software to send requests to `/-/health/live/`, which will return a HTTP 204 response as long as authentik is running. You can also send HTTP requests to `/-/health/ready/`, which will return HTTP 204 if both PostgreSQL and Redis connections can be/have been established correctly.
+Configure your monitoring software to send requests to `/-/health/live/`, which will return a `HTTP 204` response as long as authentik is running. You can also send HTTP requests to `/-/health/ready/`, which will return `HTTP 204` if both PostgreSQL and Redis connections can be/have been established correctly.
 
 ## Worker monitoring
 
@@ -14,11 +14,11 @@ The worker container can be monitored by running `ak healthcheck` in the worker
 
 ## Outpost monitoring
 
-Both kinds of outpost (proxy and LDAP) listen on a separate port (9300), and can be monitored by sending HTTP requests to `/outpost.goauthentik.io/ping`.
+Both kinds of outpost (proxy and LDAP) listen on a separate port (9300) and can be monitored by sending HTTP requests to `/outpost.goauthentik.io/ping`.
 
 ---
 
-Both docker-compose and Kubernetes deployments use these methods by default to determine when authentik is ready after starting, and to only route traffic to healthy instances, and unhealthy instances are restarted
+Both Docker Compose and Kubernetes deployments use these methods by default to determine when authentik is ready after starting, and to only route traffic to healthy instances; unhealthy instances are restarted.
 
 ## Metrics
 

website/docs/installation/reverse-proxy.md

@@ -6,9 +6,9 @@ title: Reverse-proxy
 Since authentik uses WebSockets to communicate with Outposts, it does not support HTTP/1.0 reverse-proxies. The HTTP/1.0 specification does not officially support WebSockets or protocol upgrades, though some clients may allow it.
 :::
 
-If you want to access authentik behind a reverse-proxy, there are a few headers that must be passed upstream:
+If you want to access authentik behind a reverse proxy, there are a few headers that must be passed upstream:
 
--   `X-Forwarded-Proto`: Tells authentik and Proxy Providers if they are being served over a HTTPS connection.
+-   `X-Forwarded-Proto`: Tells authentik and Proxy Providers if they are being served over an HTTPS connection.
 -   `X-Forwarded-For`: Without this, authentik will not know the IP addresses of clients.
 -   `Host`: Required for various security checks, WebSocket handshake, and Outpost and Proxy Provider communication.
 -   `Connection: Upgrade` and `Upgrade: WebSocket`: Required to upgrade protocols for requests to the WebSocket endpoints under HTTP/1.1.

website/docs/installation/storage-s3.md

@@ -6,9 +6,9 @@ title: S3 storage setup
 
 First, create a user on your S3 storage provider and get access credentials for S3, hereafter referred as `access_key` and `secret_key`.
 
-You'll also need to know which endpoint authentik is going to use to access the S3 API, hereafter referred as `https://s3.provider`.
+You will also need to know which endpoint authentik is going to use to access the S3 API, hereafter referred as `https://s3.provider`.
 
-The bucket in which authentik is going to store files is going to be called `authentik-media`. You may need to change this name depending on your S3 provider limitations. Also, we're suffixing the bucket name with `-media` as authentik currently only stores media files, but may use other buckets in the future.
+The bucket in which authentik is going to store files is going to be called `authentik-media`. You may need to change this name depending on your S3 provider limitations. Also, we are suffixing the bucket name with `-media` as authentik currently only stores media files, but may use other buckets in the future.
 
 The domain used to access authentik is going to be referred to as `authentik.company`.
 
@@ -18,7 +18,7 @@ You will also need the AWS CLI.
 
 #### Bucket creation
 
-Let's create the bucket in which authentik is going to store files:
+Create the bucket in which authentik is going to store files:
 
 ```bash
 AWS_ACCESS_KEY_ID=access_key AWS_SECRET_ACCESS_KEY=secret_key aws s3api --endpoint-url=https://s3.provider create-bucket --bucket=authentik-media --acl=private
@@ -30,7 +30,7 @@ The bucket ACL is set to private, although that is not strictly necessary, as an
 
 #### CORS policy
 
-Next, let's associate a CORS policy to the bucket, to allow the authentik web interface to show images stored in the bucket.
+Next, associate a CORS policy to the bucket to allow the authentik web interface to show images stored in the bucket.
 
 First, save the following file locally as `cors.json`:
 
@@ -49,7 +49,7 @@ First, save the following file locally as `cors.json`:
 
 If authentik is accessed from multiple domains, you can add them to the `AllowedOrigins` list.
 
-Let's apply that policy to the bucket:
+Apply that policy to the bucket:
 
 ```bash
 AWS_ACCESS_KEY_ID=access_key AWS_SECRET_ACCESS_KEY=secret_key aws s3api --endpoint-url=https://s3.provider put-bucket-cors --bucket=authentik-media --cors-configuration=file://cors.json
@@ -66,13 +66,13 @@ AUTHENTIK_STORAGE__MEDIA__S3__SECRET_KEY=secret_key
 AUTHENTIK_STORAGE__MEDIA__S3__BUCKET_NAME=authentik-media
 ```
 
-If you're using AWS S3 as your S3 provider, add the following:
+If you are using AWS S3 as your S3 provider, add the following:
 
 ```env
 AUTHENTIK_STORAGE__MEDIA__S3__REGION=us-east-1  # Use the region of the bucket
 ```
 
-If you're not using AWS S3 as your S3 provider, add the following:
+If you are not using AWS S3 as your S3 provider, add the following:
 
 ```env
 AUTHENTIK_STORAGE__MEDIA__S3__ENDPOINT=https://s3.provider
@@ -81,7 +81,7 @@ AUTHENTIK_STORAGE__MEDIA__S3__CUSTOM_DOMAIN=s3.provider/authentik-media
 
 The `ENDPOINT` setting specifies how authentik talks to the S3 provider.
 
-The `CUSTOM_DOMAIN` setting specifies how URLs are constructed to be shown on the web interface. For example, an object stored at `application-icons/application.png` with a `CUSTOM__DOMAIN` setting of `s3.provider/authentik-media` will result in a URL of `https://s3.provider/authentik-media/application-icons/application.png`. You can also use subdomains for your buckets depending on what your S3 provider offers: `authentik-media.s3.provider`. Whether HTTPS is used is controlled by the `AUTHENTIK_STORAGE__MEDIA__S3__SECURE_URLS` which defaults to true.
+The `CUSTOM_DOMAIN` setting specifies how URLs are constructed to be shown on the web interface. For example, an object stored at `application-icons/application.png` with a `CUSTOM__DOMAIN` setting of `s3.provider/authentik-media` will result in a URL of `https://s3.provider/authentik-media/application-icons/application.png`. You can also use subdomains for your buckets depending on what your S3 provider offers: `authentik-media.s3.provider`. Whether HTTPS is used is controlled by `AUTHENTIK_STORAGE__MEDIA__S3__SECURE_URLS`, which defaults to true.
 
 For more control over settings, refer to the [configuration reference](./configuration.mdx#media-storage-settings)
 

website/docs/releases/2021/v2021.1.md

@@ -10,7 +10,7 @@ slug: "/releases/2021.1"
 
     In previous versions, you had to configure email connection details per [Email Stage](../../flow/stages/email/index.mdx). Now, you can (and should) configure global settings.
 
-    This is documented under the [docker-compose](../../installation/docker-compose.md) and [Kubernetes](../../installation/kubernetes.md) sections.
+    This is documented under the [docker-compose](../../installation/docker-compose.mdx) and [Kubernetes](../../installation/kubernetes.md) sections.
 
 -   New notification system
 

website/docs/releases/2023/v2023.2.md

@@ -21,7 +21,7 @@ slug: "/releases/2023.2"
 
 -   Generated avatars, multiple avatar modes
 
-    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../installation/configuration.mdx#authentik_avatars)
+    authentik now supports multiple avatar modes, and will use the next configured mode when a mode doesn't have an avatar. For example, the new default configuration attempts to use gravatar, but if the user's email does not have a gravatar setup, it will instead use the new generated avatars. See [Configuration](../../core/settings.md#avatars)
 
 ## Upgrading
 

website/docusaurus.config.ts

@@ -11,6 +11,7 @@ module.exports = async function (): Promise<Config> {
         url: "https://docs.goauthentik.io",
         baseUrl: "/",
         onBrokenLinks: "throw",
+        onBrokenAnchors: "throw",
         favicon: "img/icon.png",
         organizationName: "Authentik Security Inc.",
         projectName: "authentik",

website/integrations/services/nextcloud/index.md

@@ -98,7 +98,7 @@ Create a provider for Nextcloud. In the Admin Interface, go to _Applications_ ->
         -   `Nextcloud Profile` (or `authentik default Oauth Mapping profile` if you skipped the [custom profile scope](#custom-profile-scope) section)
     -   Subject mode: Based on the User's UUID
         :::danger
-        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set this to `Based on the User's username`.
+        Nextcloud will use the UUID as username. However, mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the subject mode to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set this to `Based on the User's username`.
         :::
     -   Include claims in ID token: ✔️
 
@@ -233,7 +233,7 @@ Set the following values:
 
 -   Attribute to map the UID to: `http://schemas.goauthentik.io/2021/02/saml/uid`
     :::danger
-    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/installation/configuration#authentik_default_user_change_username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
+    Nextcloud uses the UID attribute as username. However, mapping it to authentik usernames is **not recommended** due to their mutable nature. This can lead to security issues such as user impersonation. If you still wish to map the UID to an username, [disable username changing](../../../docs/core/settings#allow-users-to-change-username) in authentik and set the UID attribute to "http://schemas.goauthentik.io/2021/02/saml/username".
     :::
 -   Optional display name of the identity provider (default: "SSO & SAML log in"): `authentik`
 -   Identifier of the IdP entity (must be a URI): `https://authentik.company`

website/integrations/sources/google/index.md

@@ -99,4 +99,4 @@ return False
 
 Afterwards, edit the source's enrollment flow (by default _default-source-enrollment_), expand the policies bound to the first stage (_default-source-enrollment-prompt_), and bind the policy created above. Make sure the newly created policy comes before _default-source-enrollment-if-username_. Afterwards, any new logins will automatically have their google email address used as their username.
 
-This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/installation/configuration#authentik_default_user_change_username).
+This can be combined with disallowing users from changing their usernames, see [Configuration](../../../docs/core/settings#allow-users-to-change-username).

website/package-lock.json

@@ -33,7 +33,7 @@
                 "@docusaurus/module-type-aliases": "3.1.1",
                 "@docusaurus/tsconfig": "3.1.1",
                 "@docusaurus/types": "3.1.1",
-                "@types/react": "^18.2.69",
+                "@types/react": "^18.2.70",
                 "prettier": "3.2.5",
                 "typescript": "~5.4.3"
             },
@@ -3999,9 +3999,9 @@
             "integrity": "sha512-+0autS93xyXizIYiyL02FCY8N+KkKPhILhcUSA276HxzreZ16kl+cmwvV2qAM/PuCCwPXzOXOWhiPcw20uSFcA=="
         },
         "node_modules/@types/react": {
-            "version": "18.2.69",
+            "version": "18.2.70",
-            "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.69.tgz",
+            "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.70.tgz",
-            "integrity": "sha512-W1HOMUWY/1Yyw0ba5TkCV+oqynRjG7BnteBB+B7JmAK7iw3l2SW+VGOxL+akPweix6jk2NNJtyJKpn4TkpfK3Q==",
+            "integrity": "sha512-hjlM2hho2vqklPhopNkXkdkeq6Lv8WSZTpr7956zY+3WS5cfYUewtCzsJLsbW5dEv3lfSeQ4W14ZFeKC437JRQ==",
             "dependencies": {
                 "@types/prop-types": "*",
                 "@types/scheduler": "*",
@@ -4677,12 +4677,12 @@
             }
         },
         "node_modules/body-parser": {
-            "version": "1.20.1",
+            "version": "1.20.2",
-            "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+            "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
-            "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+            "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
             "dependencies": {
                 "bytes": "3.1.2",
-                "content-type": "~1.0.4",
+                "content-type": "~1.0.5",
                 "debug": "2.6.9",
                 "depd": "2.0.0",
                 "destroy": "1.2.0",
@@ -4690,7 +4690,7 @@
                 "iconv-lite": "0.4.24",
                 "on-finished": "2.4.1",
                 "qs": "6.11.0",
-                "raw-body": "2.5.1",
+                "raw-body": "2.5.2",
                 "type-is": "~1.6.18",
                 "unpipe": "1.0.0"
             },
@@ -4731,20 +4731,6 @@
             "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
             "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
         },
-        "node_modules/body-parser/node_modules/qs": {
-            "version": "6.11.0",
-            "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
-            "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
-            "dependencies": {
-                "side-channel": "^1.0.4"
-            },
-            "engines": {
-                "node": ">=0.6"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/ljharb"
-            }
-        },
         "node_modules/bonjour-service": {
             "version": "1.1.1",
             "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.1.1.tgz",
@@ -5469,9 +5455,9 @@
             "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg=="
         },
         "node_modules/cookie": {
-            "version": "0.5.0",
+            "version": "0.6.0",
-            "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
+            "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-            "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==",
+            "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
             "engines": {
                 "node": ">= 0.6"
             }
@@ -7159,16 +7145,16 @@
             }
         },
         "node_modules/express": {
-            "version": "4.18.2",
+            "version": "4.19.2",
-            "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
+            "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz",
-            "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==",
+            "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==",
             "dependencies": {
                 "accepts": "~1.3.8",
                 "array-flatten": "1.1.1",
-                "body-parser": "1.20.1",
+                "body-parser": "1.20.2",
                 "content-disposition": "0.5.4",
                 "content-type": "~1.0.4",
-                "cookie": "0.5.0",
+                "cookie": "0.6.0",
                 "cookie-signature": "1.0.6",
                 "debug": "2.6.9",
                 "depd": "2.0.0",
@@ -7233,20 +7219,6 @@
             "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
             "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
         },
-        "node_modules/express/node_modules/qs": {
-            "version": "6.11.0",
-            "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
-            "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
-            "dependencies": {
-                "side-channel": "^1.0.4"
-            },
-            "engines": {
-                "node": ">=0.6"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/ljharb"
-            }
-        },
         "node_modules/express/node_modules/range-parser": {
             "version": "1.2.1",
             "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@@ -13579,6 +13551,20 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
+        "node_modules/qs": {
+            "version": "6.11.0",
+            "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
+            "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+            "dependencies": {
+                "side-channel": "^1.0.4"
+            },
+            "engines": {
+                "node": ">=0.6"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/ljharb"
+            }
+        },
         "node_modules/queue": {
             "version": "6.0.2",
             "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz",
@@ -13634,9 +13620,9 @@
             }
         },
         "node_modules/raw-body": {
-            "version": "2.5.1",
+            "version": "2.5.2",
-            "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+            "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
-            "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+            "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
             "dependencies": {
                 "bytes": "3.1.2",
                 "http-errors": "2.0.0",

website/package.json

@@ -52,7 +52,7 @@
         "@docusaurus/module-type-aliases": "3.1.1",
         "@docusaurus/tsconfig": "3.1.1",
         "@docusaurus/types": "3.1.1",
-        "@types/react": "^18.2.69",
+        "@types/react": "^18.2.70",
         "prettier": "3.2.5",
         "typescript": "~5.4.3"
     },

website/sidebars.js

@@ -40,6 +40,7 @@ const docsSidebar = {
                 "core/certificates",
                 "core/geoip",
                 "core/architecture",
+                "core/settings",
             ],
         },
         {