From 2909a15009ee010d4c3c1b0842e9afeb07d99c04 Mon Sep 17 00:00:00 2001
From: "authentik-automation[bot]"
 <135050075+authentik-automation[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 15:27:59 +0100
Subject: [PATCH 01/12] core, web: update translations (#11858)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com>
---
 locale/zh-Hans/LC_MESSAGES/django.mo | Bin 70682 -> 73648 bytes
 web/xliff/zh-Hans.xlf                |  40 +++++++++++++--------------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/locale/zh-Hans/LC_MESSAGES/django.mo b/locale/zh-Hans/LC_MESSAGES/django.mo
index 3377f5d23975b6706eb4f18a1457c51e869f3595..05a66744b3c9ad1f5da10c4332625b09aa53426c 100644
GIT binary patch
delta 18720
zcmbu`2Y6J~zW4E+&_f4lp$#BiLhn_YN=JH?Bn%J(Nk|3|6o(!_dgvg%Bh8_QW}&Jm
zf*=PQnn_WV;<12=@Ao%r1vuxt&vWm2-~HUhXZ_b+d+pWs-UFVya$DBDC$oCLDwK7J
z!*MOxaZ2HpqK@-H7RQ-WL#2*$xS8Wz#3MKaXEt}7shELta8wJ&DT5ENKbC0eIAhU+
zJ@E&O!B(vthpe*)2jFd_p4aL4tmAO4^DfrLpw^C466+%Obh=^=oPz~$F-GEM%!|3&
zIL<&UhEJgftKcjwh;LipM_qr_#%WlT`#bl^WaC7Ew)7H<;sor2b@5YVQk?AV%*aY(
zXX3?J2*1U`_zUL7T<y&OieMh%+BgJT;9y*f<?$gF;r>p!=gbWnVp-xYsFB2=rgo|=
z-+;Q|yQmv}h8kf87QsJI9WD4gZDJM7fgLamUqsF9WMs_Fo9Im>bCZl3h<d?Hkr#EN
z1*ir#B9q|kM3&vTgZVM6gQ?d7)uHZK8r_%;r($-Tg@bSbhT>1Cf#&MS{4XL?wWH${
z$784weTM338fpfzbaI@^SRN~22Mo**>bj|@y|5bd;SPKL2x?##u{)-qI?#aiD}~)V
zGyl2B#899cyn+pI9p=Srm>d1bpq;y@dQH1HPF9RW-EaizM&nR3F&FdTdSsV7yHV{{
z?CLnL;Xo`J<T%&8WLi;hryJ9cwdp1gg0l)WMPH((`Y%+6^1f(pSQ6_JSHn6u7<1x6
z<iT)OqMoWRu|AgS;W&-(MeKubU_<nNN2U^)l02+xpfzf0J7OXZ!8(|Z+FT`jne%l}
zBYO@tl_xL+Z=hx@75m{mT!Ni?n;H2QHIUm_OV9sbWOTzYx>W?*U}5ZsC2$mK%@R?Y
zX#>)xvmJBb-<S_`^ffmqit0cG8`s1v#LZBfvlVJj4aN{X{}ajRf|>Tj;=l>V@uAl6
zg!KdK=ctDKsHY+e!>owUqc&#@YWFWfwYwbE&L%95`)v6IEYJO&t7P<Mx{rF3h4gov
zmvA^X#j~g-$TGleq6VlDkHSLu8fuTs$0oQIo8mugc~Kfw`<1XJHbf0zIC|@mnNFrU
z9>uztij6RohgKu$fkm+&YN_H-YdsycBnyyLbe5qy`V(rz<p!Ij48wxNtx-$d6V=|!
zgPDI#-DC<%<5mpA(^v}siJG#4OouvH4clXHtcq`96+DaVW9JTrW7{Fr#Vx3TTtYpr
zA)M5V<wxzY^5I@Hk_HrLt)9iQ*cqS3QP>a{p{DKvs>2V^g{}xbIQT5qz=P<<6jTR0
zM4B1&pf>FU)J%MWTC#7wWVDv|P*WB()N!;V`A{QngFGfqENZ0dP*Z#!HG)4;OHzQl
zDz1o%8>1fUE~uwuj6FZmo?nP1DEDq5qY<A%7k-1~Fld<hN>#uz#O+b_+!%_}F&nN!
z7j8jacNVpj8K~=W3^z+z302<4#^EORI<J$-&WY9b#6~Pee9HPcYWLnj?dqTrdTa0@
z!ZvsuHMK#!KG}CpAIymdP&07?wdpP+4}_C}H088=S$l?-c9H2wK~OZK!OlpL^Al>M
z{YIJ}CLXLpyaly6KgMQw3oBsNQT$lJ&ZtfHCTjEUMQy_Km<NMn%qu=WmeokQlhFmE
zQ6rsZU4k0H77W2;TYd($iLPO8%s|cHFQ`rRC%Q0CtXYy8sCK(zJ{*F5F&4cV$vHC5
zp&#30jX3j5#e-V2%c!-yi+QoYXwy&`R0nFH+G&ic-y1bj59YwhsOx5-mSP!diFS=<
z{^Q9Uq~KMoN|1n?aUYf-(8xYO&BUju2GVT&7xId53VF<%b2KIqUqoJ-PQ(~91IIBJ
z@z<y&$v_P#cr5c@mQ1;^X3CyL?cxa3NT#74lMPr8k6~xLi`t|u$C*vp2VKNTSPl1M
z0sPu}2h~o{E9Un@NoyM~8C8r%?Sa=&n`}Pn@j8r}suQT0IE$Lvi&zkEpsxE7i=s2$
zbgUR^%4?$PH%ASq18U?W?0Ih@nZgt-!KZM$^#m3nzKm)(1B;=48s`pT8nFZ6)2!QZ
zj74>*#%rcSEwMH6i`WyFU`_lUb-&Pwf%|!#Ffv^zXoIzI5w^wmuny*Y-E7LHs0OEC
zZ9I+5@i*Ly^;yben2Nn{<0P~B?xP;#pvmSpWhvB*Ho{VR{+}hIDH@D=j-#<S&PR=W
z8){@HF+W~HJw`XJcWn9Js6CQ@irE8gu@!MFY9{wu&tOU7FR(iIcYY@`2%ny6Za4)8
z60bll$*-sea!)fIDTjLO>S8HuiKTHMY9JHPg^8$<ZbR*zeW(E(Mh)N`dUb<qWORdD
zwnFf9vv~?xU8s6tsF`Skm9ZCA!iiV|H{mn*DXN2iqi&pghUr)#)TS(pdN0(N!Tf9Y
z*QY=Yx5v8J7uCZ#s2;Dv?6?!F<J+hXeTC}y&!~~-N;Eepii)2`%}i}9gI(?U7+d~Y
zBJ-~)T1kOku^X+stw&HDcpqJO1<T<tsE!w#X?AlJREL_O%DbaR8i9Ih;*eK>GZO=k
z=`3?yF)ta7ygKT_<~HtP9fI17@yL_oyn$^o=WH|b&RBvt5;bEJu_DgFtoSx&!$X)8
zkE1$v1~ntzD`d)&`5Cn<3%_9+s)^cMEig9@u<>xzlukoU@di|bdr(Vp95uqrs1ALP
zx$!=#y=-&L_2rT4y-q7K>S<@pjxSpKS%+W_%7<eXj74=I0X2e!7=n9IH%hkUXHhei
zin_k~T=SExF1}1W2=nUsKSxGAy^5M@KdK`SQ7?{c^Z0_H3z>aq18S2#GvDlqA*c>a
zMqNJ#2jgZ`N3$+4-;DC8C5XeuI3COC`S+1g&p*TbcoTKuUCe{|7n&(9g;j{Fp{BS8
zR>GH216YWwaUE(Yn=dj0>4z@jA*jte8S~;s^y<QWWOSob_QXf1hHqd63{Enevl3P%
zZiqS`j_T-4)GptGy1@z5T7QF;@h{XKtGL)KSv%B#hc0IRb>lb+3gSd8g!55*VgqW8
zx1t(2gSs#kb=^JG68()@vd|@Ft;=CO;;PsL2V-kofiC<4)#1OEF#k2l6j^F|+74B5
z6yC?Zcm{VYGasqZ%gqv;!uKf8z`D3=g?Y?wqB@d>gYYLTjGb1R_rnnD7%W2hY%iHG
zGV4$s`PjyPqoz7+mDxOfu@&(a)RLrOJIu|3m&fkd7d_YoKSFh^)SIS$H`I)JP%}3k
zwFkU2$Y|;pqo#ffYO0T*3$J4Ve1NK#dyTO)s(wu@g{`qPzJw)lqAg!x<AXN-6xH5s
zq&?<;t$9uhp*Bw+R72yf%WU}pRFALWQ|QMR@Bt=Z+jVB-hf#059P7<TDX+CD>c&wx
z8Yf_J-TxMu1{7r5U|yxoP>*468xKQ`XcFr2Ta9YyG-_?HqFylHV-()QkvMRp`KOoj
zsOSD~ERQ)inI)-?`MJN-m5fI85^7U;P&b&Z3b@L~J5dcC!)ACIqcM0huV0M8dst?R
z`8S?|TX_nC=oIRWw`QA}p<LVfE)e%cZ(}mKcbLB#wL?wKdVCfO?=(NXdLbLxS&cKX
z!CQQa@g%mz=w0R~*Irb|vhOy(ire5T#9kbNzvFQ1M{l3UclI#<)yRbGHB($4OAvRr
zMx$nCI+n$iSO<?{8T=8oG<o)!y;B8?6L&!Efk+!iq3Tb;thgSt;Ff*Ne*#mqgM#-c
zDC09T@hwgzZn2+FFTRUUWBmi>Upo4uhj<^h#!3gxnnz&`;;T3SvmP?vf+47xIf?b~
zPYlJ{-oxe%)d{tU60rczM{TBcs67yJ#QdvwDC+rr9W|miun_J*)jMwEkF4L=@}E&J
zrYuLzKf{M$EU~u(nObCyq8j=EBk>`=fDy^2;kT^EP#yRXi{o`0-$PyZHx9$dV`fP%
zpgMNT`X}n~&T~9)Kh~d2NeY@<`=M?y#ySN<i07j^xYD}IdI~jjm$4?^KrL176Xq|q
zwNRV(6;wxpP8thhK|TNF$f$w3*aVwmT^x(~a0jYGN33U1kLhL9lxA4(U`OKLPy=dn
z%J>rUig8{=%~<Jo%s?7o;QRjq8J&nmEyXmQzyr4Yn)ME91i9WdmatZ}HpVube*x9r
zT<aFp08U~R{16-CFX&Z+HQzH0w#3%NT~WJu5o&~|Pz{_#Ex{Gkb!qneZ`hOgA=bej
z@0)lA-Xgw%wej3(vqv6aOX9(2n14;xnlt7GM^QI8YyAhRBR`^MrsP@Ep-!ms9@rKq
zqn7Lp>Q(*#2Vm`UW=ZFwX5<{^#G6<ezdz^YOGPH<d2@pqsEUVB9r*<N;CHBwHoagv
z+Q&K+yHh?IXXAUeyvqls-T<sd`3NkCN!HD%89d}AQ<%(I>kZ6Kd>i}XuQu-bp=q$U
zHPRYqorqbeKO4*9JnL=@A--t6jv9H2jlIDinTGRPL#>rDl#2E6IqZt1a2e{wvmf)|
zWz<Z4WBnO5Q`s+?nJkZ5nx?21TP$|ON%#``&-svy*6f*&%~VBV4dQvI8yv&@c;3d>
zu@P~qwd^ORUSF#lt8hLZOW-OSA3!}-Utwi*F6n-(e-$#C@*b#>^tX;ebzqV`KNout
zFGe+xj=8YFr>29U)@rDBnpitydEz0cy)_ke{c4@({?7Z#;5B?2zsKh>|7FwTzNjgk
zfX#6!YIk2jZLV5Z%oGnm4P-v5y`|Re7??@xc~nQPqE}OLn@k-n_?emdwx}D%qdGJX
zN21T3cU?9Ayw(NPf$gXpU%}3J0}Eo+Yvv8w6xD$a);_2u9D0rUZ%F1%3ToqLsHw{F
zx%qp3H7r2f+dAC(iggyM{z}vhj@$AJ)*GnZehXa~a@|-RD-d_O&ipGAXA2fv52G&p
z0`*uuz@qrjTI3(*v3<tc3N__Dt;4MotaDNAtixis$$HF7CX|9Js2kkI#+dyEUqEby
znxTWJSMyJ(y;1uMv-u{VMn28D5W5qv!G3rLyJCkg%}=tGxQ+NKMx)pJm3gjzK&^Go
zug$;V)IjyLKQ_R4tcu&QC0<6Yap7;w*RUcsBW{Z7&?~5pPDc&wB5H>G*58qOUMKfW
zbD}tE6IDkwP{-QRmUluuZar-IAS_P&vURF0Uyb=G-;OWg5!4H-#JA>eOpUCsW1OD<
z_sM9a^}jQAMvcsE9fvuIXW>)0$hy^*A47HQG#0^+u_XF!c~FY^yI^jNr929U;dR`}
z{hd~RGxA%g8~<$0mTGQT4Et054EDi9oQq%EcvPCX;b~MyZel6?0n1{}bYm4PPyD<!
z8oer*M@ARy!^(IO`{J)y7`tYe_d+D<saS|%xCb@TudENS9C6X_&0cC`9fYbk1+@p(
zpkDF&zGwckk@=bet+^kw<2~zrTkiZ|&gZp;S}UXK*TY=c6tx8HtOIQMXw*Pnwa&M0
z{DJw`i9;0VG5o-qifjuf=$4uK6x>GK@<;PVOSk@p8cFt_%;u_xdR!-<UR-Zm-?Qhh
zpdRng+vd8SUNU;TreIw>g0=8RYneOdvFeJ`D4&B%vEW_v^L!fyW(+m8_pN#Enewt&
zg7Qk38(X24xDysaug7K*QA@DWy4AYh`i}J?s)IMMI_CM={KRU6g@_X{Kh8isc1y87
z9zea&en8a=|7Tz`dmRs%f)spc{R-8<9n6W&FXk!8Wi5j$uZ!Aj%}_Hi*y={zU?gfl
zUK`J`uC?WF2W0(E+JX;Jd*C{%fq!B(%<-#Pt2)?-cnE3+R$u|Vfa<^v)D6G2-nQj`
z+BnN^=6nIHLcP)$`2M$7hJt>mhDM@pkbt_uChGwVAwFZhWXr!mJ-$C$Lw+~cRYnb{
z5o*SIpspWi9gbcV#FHtE6HzaWh1Pwx{1U1oe(SHOCCYK%{F6*EEKXbz$6yOAg8NZ3
za>07dnqs|spXXl<Kcql2kpF@C@Au`gF7Y%}Lx-&wQ4OY`*8VPP#tQ#o3`LzUhuTwN
zs25f%>tKAE_%(Ze{U5Bq3Val3iay7u@TT=wTb}z*)8JEBjPsSOEo^yj)b%4!*N?W&
zu;r^TE9IL|9o}x;>$RCfn1d51Y<vba!jG)CQ6nq(m$3|n5?9CPu|4Yg`KTAtGK|2}
zsHLj%(AWq|5<ic6V|s^@(b~n}6imd481lE7nVF~yc41yTkE(wSBk>NF!JbY~;J04_
zs-y2<OT37h;e0`+ye_Ikt<c5&oo-~*lhM{!Q4LN<t^Foc2acll$W@$-8K`>E!9js3
zosF8Yg;pP`BcEBnwcfV=iIw&J&y^)8@FuH`x?m8N#h0-X&PI)RAF2Zv?D;QI9rz1X
zuT)mkfi_k*s=Y+(V(WVAZp_O4on$gDJY~I!dRGT$Gv-6hL?~+W)Uq~2y`WlPGmJt_
z`4-enq@rdnXLeKXY1BZvVq+YE-iKs1km1ARtj`e?_#cfe$QcxP{65CLlxN9h)^I<n
z1J|wJp!Pr->M`yZVjPHi{6<;5Sdn-k*2Y8l3}%D`c>_~dl>egKo`UAs2&bV7kE2HR
z6>20U^8^Kc0X4*S#PhKMeukQfJb6tA8={t~g|)kNsC68c;QZ{oUX$5mPn@t`vZh#n
z!=hXelFwKUwIq$KU93Z`6HpykVBLrs$U)T7{EVfsh&R8P+PbLC)ED)5j6<zeA~wf$
zI2OM`J@35=n31kQJ@1>b0$xUKy5F!TW-VyqeyAB5hPux}TkhRUMmIWcy^8vQa2qv(
zVugYNZ?tNtwQq@0*xtGq>l23-4hp;hyP=-<e%9Af1KNn1F`xCkDfc>GlgY=4+t!Du
z_d(vL%qA>`y@@;Go45hbW2+)&FNE;Fqol7+1oo%gQ_Sp*k8uHUk>X~CwqSSSD>w)%
zmC)0|^EZu*9*6gFDL%w8xFpoPXmXb{Yd06WP<{bBVu@1bIyY)Y)}k8DRoXZlTM(Z{
z{mRZ-#!P)>YkMrA=ig1H6nascY&F(FpDJJ~mPMzmd5m1B`t4D_o+DA;f+%$1G}KaU
z#w_?2GC_eKw3o>2AbE&C2{!+1@9ZM;BB>#TGgOm9H(Wy5avQ5G3o%b(;5fpc$I1VJ
zGi}*CbdhQ&bq_17kvSW=LdUa|{$R3!@8EUfv7}hilSeljze?d;@~@D*q|?N8X=^e0
zzU1fQ5!?1stWFw2xeMEJ?vB1J9m$L!X%{%07yxm2l(I0aOw#ckv5pDY(3aIEpOgGa
z8-IYmQ8o;Jw)J&QAM(H8P0}=yHi9_<<L4jhx!^@AmA4Ju=WKc6rlc*lOcxv`^(4Me
z`3vMf$73WNFW7qHOvqnL_<&RP4)Ivj<FJgf6ud`jr}|Y$JILJTL}!wY?$}BvIUd-u
z27$%mwc^B)MsW6h)N5LMv9GPwmAu{`$)wLHdzE@`liyAHg2Wf#(c!cCe)djNiF=Ws
zN!m-TH}PxAJ|zt!=7IM*Z&9eHWi;xz$VvSK%sk$wJf5<1*bsHB!11^btC03`u4Uj1
z|DlVx7b%W7#FmL`q(hYJ&<nDE;C?LDbGC3Dg@Z{tJ|>-}{7uq7$hSnk_K%JbF8<iY
zGbz<;qcO2wc+&$7^UnpuXNgymT9Go3U1ai5M=#qs+T+g<{D|Qs9Xm+Bk@T)vY#Sr%
z@ZNiL{7vqFJ=cT$AkNh#@!Q53L41*O2T6rU`oingA5YrE`AgVZ=gE6lkkRoW$xFUF
z={@pOIH{wv!AU3PTj;Fgyq~hl_PkE-v335P1PU71dS}T0YAY1LZM5@RFzY{#3ZD_^
zIE+6KN0Ay3pSR_$iC5cv5sbHaU2}?aO-P?owwyS~o@<PKh}U2S?x)TsdoGQ9Rr0y?
z8JJJz0}5_YDUtkeyn?eS<J02IAwOP;ypE&f{~})t^<DZ1_0#_p={@o~hTu?Jf4X%o
z=CpZJizi9z{{pG1Em=qYpCmW&c6^Vd-w$0;M>Tr`<)0#d&z29tiIlCv7x86$+14G2
zj5F~6=~ED&BW{i(N#4KsL&qY+qdyCid)-F*7Im=sIyBsk{8roea@<PU1=1Uo>-(eQ
zp~3lrau2B~@jKL=iZzMDNE_6zHnyQ=n2*AP_QI0rBgIgbd7QNQE0}Hz_38H$Z{Ye{
z_WW0rO(tK0vW3Wp+j*X}nly#7S2$mb)J5}Bkiz-|I#!d8Q$fc<QY`6D&g<xb7x6(L
z;y-E=Hz%DWPU4!Mv6Q{`GWiR(-ah=!=J~ztJWX0px<PtP>$1#Vw1I-7#HrYYvaiYi
zgM8)@LjEe{qbR6g3-c4dME)4AB<UDMy>OdXe1+7CvY$x1Nji3Oz7l#nQSi4d)QKLP
z7*6~WX&`YbNxv&cQC=E#+%-7usPm4!b_QirNRvq0C`&{gXSr@3X&))`XrGzU`q!fJ
zA$zi_ZR~q0RIvFfoU2LP7PsRG%8!ullIl=43)@g0Onxx=0i-X9_2XE_0?PN3j*%aT
znMavGp7}3D$r&zMLW(AT7&DIuD&-_7M45ivW*(ECs53gV5R)jMhXuH9wzT!OSo=|y
zopYT?T}hj@{!bp2sMv=S<?IDR?MaH9Qk1pDZUncn7wHem>ggnhoBT64i<E^FYRfZh
zTg7dxpN^-<H^#vI_u2}FDA3W4^c<-t<@^OJ@bkSNMsm?WTlZ=5ok<^)bgacWChN2$
zzlwCpp6gBdHLlx)|0M0P<z&6i2mG0N9I%bArQo_P{1hi}!8y)VC;vL`B)&@iG)^X+
zA(ge)>arZf_3$iZ?~?z9d?QkI;)%q&a1HTh{u&xMLMbS3vQ7u`t;sj1Vk6RUQejdZ
zd%hs~`Q+PBuPFJ6xS04e(jwwS;-#eA#O;Z*kuQlAQO5yNF`J*R`+rODGM*#tv?sp7
z8e9}X*|WIPmJ<e!x%}CPvT3A^<XceZ8S;^~-ZIKOlzoC}Bpq&I9iLF=vdw#Ekr`tz
ziZSOO{W*hkJBdz^mOLuu!$JK*PsGa3rtV9mWRi}rY@6N5SF?E^=knR}%_vLJ?>`;I
z38G08$k)f;@pDo+Di0+spiD<B`MI`%9K`RE%5d%@{0M8<dV`3!lKR@ZWCO=E;)+T{
z+eiso|6CN5;KH|`sC<>U9_a*SO{mxrdy}F_orqg-?iW&NVjb_2ze6fVet<2DAYO0t
zd&uwS+*ndF`45#i_m-DTQ!=mNI6O{;SL{W9lCNa*WStJ=M^i8Jm_%HkRMXa(ii1d{
zsgn)Ikcv~e35Mg3r0+SGm-r1*R+2Y2e-z`yQ=AAQJtXBIJx^IN&h;nXn>38{D@n(z
zxLplks3~$>*1?pYr~ESM4boCu9z(f~8>BUq+r#U8Nsx~yFR2P?qdmF8*0@Q$#pa*n
zS%UXTlSyT1JPadAI--f&bKNTPo9&Gga3Lv)vI_W?D(cP`2-XJzy}z3lZP+<H+U-gh
z6YqA7j~(M05kA)K8XG<`YN*Q-6&daJB)F=?MtH)bV!|UvawaO=6&)25<*AyqzDbda
z;W0y9k+CtuqK0!lSB!AGBI0AmCAi}$j*oXodPa^9qh`_aBi-Q%Zq@aKM|yOpcvtw)
zQM8oci4XV0#)pL@-EC4S>0px^zKzW~WbqYgwV<H44UM{EJW=5zU6J9DH13IYjiH%g
zvGJ}R-MX}UuB$65M$ssjXMCKyNxVBDYUr5ok<Q}_6CPg~K8F6$T4cB<&{A}u1A)d8
z#>Yg4xjK(Y@VFw}YEvT__JSJj*{@r>CmN<o>?l`sd_?^)4czu9%+)Kwoe;PxVSIwe
zJ<1gu!&HoS4RsF-A2ZV9+tfWgN7Ao-D|_Q&qhdU+XCHTkp*$BGJDj;~>mC~w>2~#u
zS2x<k#>6mv8mK3HxZ7zLGxY!Q(uBv?wsjZLEuJh;oZze2@0Va-vw=&ply}Drjfxp=
zM&eFLh>B%?;~8<dD=t2EY}8P9eA4NcmiKBO8&6j?OInZEVVqBhb4NxEi;8ry`eWGu
zG2x@0T&e$@Ud`_FJ$rU*H6k{_quRcKL$(KH84)`wsa8Z0U+sueK{-3R<0IVhu?b1F
zmlw|WTzu@9IM<`1xX93?d&`RZ+>sr!^jB9h7dW~Gi=_P+7oLzXE;fFsYh2XGky_a?
zaYI@Bp~$#K#tvtt$3=NY1O}4X?&GT>!g&B<eCvl*&Qdcx&J#Hz+{F&#(gb&y>qWOG
ze!Qk?RQPyTLhMK$8_$TS1Xol-!Weg0(ut_Qikhywda&7<^vw2?f<~5jVqBh3Z{`_W
zGvQHHZWlgs6ybPHGtXD7%N-LLKR(VA=&>i3?j?k|`mn8;b<Z<YP|2g=+R9w12Q}X9
z8519)Ai>q4PrHOL+i=p!my0HKjc$<CJbJ(&_jpfugl?2Mng8R{62XJrpk58`6+4v1
z*|C|=&wo5VzNOJ&g)00nTK6SSoEBU)CNe6HNB@8BjIYV0-?K-U7s3<$*5-|Oj~)}n
zUU2ODBH9e_KRX>4u6+>evK5{jL;DvxwQHjDzFLXbvRBYr#3z`?;?dIaR6m}xXkYNW
zsX2T}ONs?QvC_+nKMvv|pYm;9HY%v#qXshfsxN58>EIgf_^4rl-4%FK+IMPLSeVnB
zTWefwHTL*;r+1WlT++ObMSWkd8vpoaz6xvV<ZGC|=TO@E-RZkGrB2zF`o`we)wA?}
zOJ=5R-j+Id_w8ddGbXJ}KbdG==&tm6hx{j&-99!;Z}xKjBL`CsFZLgLJ9XDa8p)VG
zH|_ZD)C2R=x6bsh*!JC|DXLY9JETuuoaRgB4rwc=rR`pywqS;T;d0KK_j#|kuKFtN
zz8CCkvae|YuU&(b<0sP=tG+*R7ad7EmgL{H{PwXq{^J|`$L6OTKKgHObN_;cF8i`h
zKe;M>{haipJ5!R6XY81hzGreu@@7-$Uoa<i*XDm~m5!KJ{U@hqbXlLQ#{cz=p1x)B
zqyD5P?(pwknQ~;-;}<*)WF#+V4s9i0a$53Q)jPb!=Xob6N79IMWxYH1q)j>UWT%*-
z%(r^_?i2n^i76-7rz9t*pInnVZ!;$|mLE*reZWck|GY5Jw3C+GG!uw?i_VP?PU?EK
zq_52fC9{-FNuHNFe?iKLRcYJa@E@I@mYkIO=Gv5FE7SM9nRMx5;iSPA=XUlVJL;dw
zY9Gz~rrM#-I>Kb6uAb|ky`C=n7tBrDy7yn^(@baJ6`pc9Id%0>>iE9DxFpCo=aY6p
zWgl(r)T0Z`$epz0X|BxTq^p-I`23f41@~RBhwYHM>>yhp^XZLtu_gS0P37M+BW>Me
z|K1sN+rN67>D;4MT=w*Wd78`>$^PR@Xeo8o{?w&=eG9Jq9^8N(VRnjINt)|Fx>#$P
zI5&OI694=?=~ItuI<{`~&+w)0+LW<ucg6;7-=xXcQXjvV838X#`#vY|?^}~PX>028
zb^g86{&y!H*UH#1!@qW|!;n*s&hyV+#{g22H>J&*qpiDVM#iGen&d50Qr9$F&F0~;
z)1xtSg{h>@ZrEuqQ#p@m@@BoxU1p!BpIq!;wMGLN_IcT)KRz#?bnWwK?|=COF}wN<
zs2@BwEHk%g9eB;V(vB@<9=UVs%%$m*rayjU|MjWrIEK%5jN8MHB6g6k+x3J3VgKDz
z>`TsgEx7)F*>SdE%JC#$-CIkuM`o;^#Iv2br=NT}o&OjQQ=eJU4Bf@>T#w%Sc5YS6
zo=!is$A4m)@7%q4*(>pkQEWGdeG9RlXCCs;-23P=8tv<KzjclSn}YHL*LYm}i6<j)
z#sB5ZvSYzPWe%MU4yqQE>(O17mCPDc;?UhJLD9k0c5URTFgx75g&)18zn!$jNt-n@
eb@f~Rc{BX;-#*kod(e!>ABjWza|R8|{eJ*xlUaKJ

delta 16111
zcma*ucYGB^-}mu734{<rCqNR)p@-gk4Mm#tCcT6ZLP;<rbU5@Tp@kv{BGN&M9(omN
zihu}+N>c<9xKvaSPy~5C-!qf@=6;_0k7r-k<o)~2&hF06%<egfT)U2CSh+ca=T@!^
zOC7eOevVTBgY!Dh7JtWiQC78%^FbZQ>4$4^8v50BoT@m}dJwmeKg4<XZav2-geB@b
zP7iE~qi_v&#=H$2Ck}^VL&xzr*9dx25k{tlqp%eIitKVi8aYm7?2O?!6S;=-A!foK
zFbAe#6#j)-u~#GohhQE&gAsTGb7IEE(&IS!2y}wdz6!^wgA9W6CT7GaY=p5m4!5F4
zphOeXt~;vZBd`soVJ@uR)NyiS3(SJOP&Y6bgK;|c<ND4bf<E{Ni(-dn+%+bmIx-gv
z<66|69LGX<)z&{jT`=SgbHNDI9o9pgr!DF{1F;B>M~&QS^i&|&K%kyoK|1gJj<c{@
zb8~{js1dq^y3ifWginz^JO3in>ojTMIN5Ous@)>g2&~6~xF0j(RSduzEg1ja1b3(i
z!^oEAPJ7{E@(Gw9v$ryL6oKk!9n=VP#Zs7r#c(zHMhJD>Rn%Je4YT1(yFa+Kxv?Ux
z8UGIKs7Zx7FbDM%tjElF9Cd*&u?9Xyov_TCW=?A%eRP_l+ReudxEFQ7L#Qb@iyDa^
zF&O_utr?ex6{8c6!3nq%^ST_TTwAl~nzUo#Q9m77xXwe=TBy|C40U@{hx(x|7>8P%
z6R`?@jDdI;S+~xwsHdtDcU>Jl@dPCaHlP}wLk;0KI1B%SI#EJLvxqjJ_8&&w!Plq}
zYthMZf-oAh;0WxF6L2YBMcw(Z&Zfg-v67zuSp+)ae$-H%$J}@aL-84EYI1fli>4g%
zKc^}`GT|K5oi9RN-~&_#w%hyw`jekVEyA;?wR0bX^!#V)Y7WSS+EEB~C-qS$Y+>zU
z9e_GfJZkkPV+p*3T7-Y0R(XML=DbBw=c#~Nlyz-=XDrI~oqhy4a2o23wFLX(A6OSV
zyk({!8EcS#in;I^>TwHVoOQ=xSP@I2I@lGfVIr2rEm#%5!CIKP2jj1vHYUi6Eie!E
zMU6lr>N)iwH|5O4DtHrhM>%?$sVay$$tz<BHbI@QJ8EP`pgOb+E8uR_nz_@H@y}17
z+t!;Y6xGwZ$UDf1!P2+`Bk((99XYPvj?*8zU>V$px}%>^k6(BnGeU0ETB?e=q2{QO
z>WF%Z`t)J^ixW(uq9(3G4dHcE&$BQOZmf)n*b$@g460-0`<c1!h8lt1s40m@ElLk+
zq~@ch;yu(2UPM;E^Fj@DXXUva4Q*FckLRGKVztdbvH5A#<9glJ`wcKpL0;5xg;2*;
z!BA|Dg|R=naS9f}53wkEP7)L%NJBLYh%%2`Nz~ei#Ddry)h-$f;B;HR*5=1-egm~;
zp4)oYKt5r~3t4NR7JFN)%k`bU1Rg5h!zLKc`0{8veUa&O_Ml!&xd)j$D}Y*Lm63Ji
zG{;W34qM|h`~aK8@Y#=dF$~)cHs2$LphkQZ7SNSX5!9pNCoG1AdEd6fCaA|O1+_>w
zqUQ1#M&dcth-Kp{YF7buXOY&9sHup;ARJ@sr=ix$63n7I-$)REpI}=&fXy**sCf$7
zqo!avY6|wC-uYKhi|i-Nf`6c<<|V3q*f7)KTBtW=Gt_ZyP$SqAJ%I#o6C~g`9FM=^
zNQ@oM2MFFob#OtPxua#M6Ku2jaqL5W6?<Xzct#BuBd-dl<Os9qreJ3Bb*K^DK7#Sr
z9i65^LwOI~nDK3MKuOe{v_P%qL8!-QGPc1zsKw<^?^#SvIJ&VLmccQY1J_x1qt0^*
zOW_X*jK6|R+^!l{#9Y`2Bd`-@#0jX8nu;2UcQ6<iV@_OyI__iCo9`s5W7knb{utHX
zm1u4#8|uc(c?i^?HRi_dm<NYjr=o^>IqJmQQ71l$SzLUD!dB$>lN{#=Rvl$J^arX#
z{-e$3eqQWM-W@CA4%GELw+QkOJi@k^X^eR@b;YLSv#<)D!#D61HpVx`n#XAl)+axN
zyYO#3j9bT<$2f)srNwsy^%$PQaQqP&QIGS2K&v+61T#cMQIBCo%#WQ=cRma?)YC9K
zF2!uP!MfYlpTKI=Uq-Egz=`IYR8`bSCR*oWxSszH2zs;QFzP~Klguivj2fBwr~}ub
zI&c8>xP6HQ@LMd1f1>6%7w2?iVbq#wgjzE#Q5|oO>UclQLviByp$kk$HCTyS6I-qO
zQ5`vr>cDl>qWu+1V#s6`64pa?EEaXaBvgkcpw2f3H5JQIi+v4xbi!Q(Rq-=a&z_<>
zl5vVTQ3#eLFM#Su3si@Dqb@KKb%Dt?pN|@m_plHiu=~HW^{J?l$uO1i4<g7q)x09}
zTZ^GOPyyZ80E=K>RL`fNR_|g|hc?>!L#U3N!+dxRS=Y`Z)YJ}{W{#VJy78sc7($(J
zldafqJ&Rg=H;{GYJV8AT3DeD;@54~?^QaL^!xH!uGhl%k=Dkq_b*H6J9jk;Ikp@^8
zdwU4<I7~#HXa#CfZAQ)IDVu+d8q$ZTArGEuP8f=sic+XMtdBZRXVmdgsPo06j-Q7*
zek-b@o_z!X1c$9BtY=Y+<!kiE?@=eXiMoS-P*WE+%Uq}gs(ocFjkR$IMxpNf0;*#-
zP$T;@2I%?EFx$KsvLNfiDT#A%Gip&*A#vj%)CFguPOupJ;5Jmpg65jfga`~IABDBi
zgIYTWP$P03wYJi*AlG-E5okz4-Z4EbiV@_MP(#`sOX3LB9W2LHxDhpVP3D;q?2B&l
zL8uGPLf!cm)N%VT7*E^!%UF`@JGTjnVPLXZjODO2d41G{V^DWEAGNAKLS5h_YHm|e
zi^+e!nVMplg}gE9f^AW&y(j83VK{2;C!<GmIfFnaSdTjJB<jG6sCV{FWUidQFcZGQ
zYM5yOzlvi$Y>cDPjR#R3y^a;}F_yw&3r)M$_&53dg^d4cg4v7Ahfll3X6WC?6V#tU
zt$}w^%;R(n)sa)!8_!{GEVIPC2O3yAp`MDtSOF)YI<np7H&G)Typ-{8Lr`O>nXBp8
zh<q_>N-kqFe1=7_{xZjT3;SVPJb+a(aJgw;4>h#?P$L+PSup`M1(Q)zuo(5;+2FA|
z_F6x;4X&Z)_E+?+?sv^%i$K*kwRwM=Peh$?CF(-kuqhrv9q+fo=tixb2B?mC`Vr(I
zh{KjR4M*a6)E!2yG(*1-%abp&o<v>n5x$N7@0rIk32Ttg$51?l;rIjUsrm<XTyY*D
zrq1J3C(xp5iLuxLhv6ZtjuETP^V|nD1u>|pnTy$R2kHinVhCPFUEqP;|J>$5@0;_4
z<52b&$DMlq7ZN<8qR|?@IAYZgSluob9S$M?bgdbQvLEsloqQbD#`5dTFCa0f5jcU7
zSbe?urZgHEMCT~-E_2@6z_j3P)YK$z<Qo##cP<gs!-!4hTWmCrAzzFAFl;k-jpMNe
z-oY|hZi^Y(Zm6LiX-!6r$R;d|hp`IYz(SaPt2wR$dbAi?5#+~Vm=R~#{2kN*>oEhK
zK!5xkM>0a^uqSz=kIdhOSD`NC-fkYZPRROoreOkx?=Zh@&&RIh-W`m8B0<nj^J4Iz
z=KeF(Vyn2zT%b4hAwPiXaQ=_Yh}FSr<fAbRKf*eA1~Z`_^QE;Ags~WoS~D{+3YUJu
z_y-gGO@;0>z-yk*5~zl?Y~I4!)7HnKUPP0yA<n>fJcX68`fhWcL8uFj#g=#zb>32Y
zj5R$3>OgbU6m+)vaMXe0a1h=?-FdUU=D-;1Xe>zmEX;))P><Vw>lM`bf49EGAo8Gn
zroAV`1`*b}sG)0%6|pN8$C=n1x8ZDjjJlHv`;GH3C;2MW@jFmcu@|f2AD9hG955ZK
zX7o6b1R?BbiyG2_)}h#%JOOn_N3GXzE%{T-kMABdck(f6gifOBQ&Cg#%GOspWa>Lw
zhhla;|I>W|zmHqjTX$m<oe*`xz{AEOs3EO`5!f7S;|SD<Y_%T5#^h&Fi#h8NbAxqJ
z$2Ug(uHdvI(18PNg9PkMJ{GIs1)IB$I?gZTU9mDYIcC;K5;i3N9>X#8Q*(jps5Q~p
z+6C2-!Kjg0h8_+183OINfO<2%K+Rd?adXE>7)U-J3*vH|h<i{cs`{B}HxPBfiP#Mn
zqB?XRb;lV_7;|C=@<JyV|G5Ms?2dn|fhWxyE(Eox8d*D{Mrt7D#zgCE)Qzmdw{V@!
zU!X4Rf6AD{TF_eNl*hc$YEn^{hIOqyQIE-Z>rB+0FS7Yg)QJyT&seWu81=VNPs<A|
zfK5-E_e+1&ag$LamF%&>2dJU)q88g%s42LQIk3PP^E8ylzT{)E27ZraFvsU+3hSaq
zC>C|0vDTRwL7sx4c-ZEis{}=;c!i~~$QR~>Eir&R5!KW2*7>LtueJMkU?=iDsN*xA
zHGku&jOs{TYirbbdRpVKs6PLv5a^EAqfT(dHn?Z~3pIpUzBDhQ2y8*#2G#LpsFB-`
z_3;Y!#9Zghjl`iwas}#!&Z9bV#V7NhMi5NJb8DvarbBs97buTaupO4isi+I?!s2)i
zhv6UC1N&Ss7e0Wx;9b-r{u#63OVss(zoKw`CzPNTmc*La7xjEEM~2Ax0?XnrsI`#)
zqOr8Kj<q$aeJ|7nJl1)3{|f6?)M7q_9yh`F1oAl+!|<<-4XshuS*QcIp+A0sdJNB7
zZ=;6xi8b(&$-}J`P{&1LK5TZ0`B%`J3OzPSm=_nKUa6Zf32&oDrrTxnN?m|j1D7x}
zhF>vvT*6ufJ5b*c+u<Uti??wz7W~G12R!`^<FCb4<*J#>c36%)5!JD^SOX7WY5W}<
zV%WE4PJ5s}yoRBMd@8DA3otK!hq>@KtKWB~T?neasE0s{q`KWv&)U+~cSYS{Z)}S(
z*bMhtUtm7+#@`!zU{3M`>vRkxUxs;bjdi!J_k2O13tU3o$qm%%eq`&jT{FLG<;QsH
zN8un$#ckN;y19YBQ5SY@7;~X6SR8v`ZS00iFd2U_xyKoI(_HWpsv{4v0RDxAG31u9
zI%;)yv5v96hiZQm_5QeyZ=wGWW^wky^5i41Aij?k@G$!R{`a#l;9JX&=6NrMdaj#U
zhoDAe0cy^+p-y-dGvY6(xqpP3%2(Ea+onFNHOyMdS`7m{91uyMJ8yxSf{xa~wtf=o
zF`I2&W!+^xiDB&j&iWXCBG1MT4gDXeRsZH4^8$Ke&2X3JUw4w5K#M98YvL@-fyb;D
z?f%<XoBC4s%n0;HJsk_MDxStl_}p4H)qG9wh102Dfy=N^n)x=oCynRdH)K?3XanvW
zLs9kRFchm|7Hor><L;>TQ>;r+Q?SXp+j`u3!FnCl!TYE;YUl&TzYamO2j+y6F*|t*
z7Q%IygrC{{wf<vPack6SUuWHeI_?Yx;<u>P|D*MZtq=Oytg+mv8?5fJK|RzRH9_4;
zSDQy!N7?#0)@9apsJY*TI{r&6gSSvqoB0=W$2Cz?Iv91~u^5b=$u>x~J676!t#t=R
z(C`rI0(Y&?P$vrd)m$Ja>H>|eoiK=epf%psk3&7K?-)JKX1n7Q>Q1hrhVT#637%Us
zJ~Vj_)YA}-g|VWwovn{Yb!3`#32JIKU{>6N`SAoMvHqMJ1ir`aH!~!Itx49Y)&-~&
zuR@K)cI=OzqE>&=-_3ctT8CjU^;5A3E<lag$JYJYujl_5ffmy_)EnxS^#v9u5BtOH
zZ-~k}phjpEYLR)YOKklX%t`$xsLzIz)*H6|Pt@@Nk2qE*$WGvUSEF{+#thgP)#K*Y
zw$?6~iTYkPABeicq1I&7o$s_BMz#L}%j4HL0AD>~{Ie4bcx>h<0rje#ikb0!)Ld=G
zsdyYGV$(m(NPLEBpN5)S|0kw>PK+WigL;hTV;kI#>exTn5Cfkw{u<I2PtA_us1A)o
zH_k<MWSeyl>V(HI1aF}_@F(WN9M8-jv5TSFZ9t9SNz@2^Y5f(|k?fwoOi;jD+FAqk
zrfY&_aj30dj)lqBV@W)T`SE8|2QvI^_UA)&peE|VU9DqK7hY-gY_h>_>v7cFUqClr
zw*HA($U~kRi=alJJn9acSX-f9Kpn6iPCyOy0aQo+MvYkbKfZPzrzU~!U;x&}@%S(9
zL7q%!_Y3ncme##AkJ(SSi~77Y($t+nb>J84W7OO~#~j$_l`$T3l25iS#u9q|*ArA`
z$5||gFHl2U+Hv{*i)VY(kS)hrxE|ej6Lp9GVmQ`yxqRPnx?wZ&omc~(phl#epUc<L
zZm6m1Be}lwwyl_MU2ffKJz~9Ry@Po<?x{7azsolj#jSO$?X81Q7o1>Sfa>^%=+O)3
z2LcV{ODu#%Gq`+DK_qHwI$(Vqf}?OVw!p#}%^eL!J=gJA3|FH@>^OGD3pOtnU`C=6
z>byMzT;|{ZBvPT(o{Z}09?XNEqvrM|#^POT+e|Ls--h?2URV!NH}K3_Akf|bYLRxZ
z#@PCan2q}6K#vJlQQ>>eu`4_F;A#xc>~g-qt=J6{gIrEd7q4pUL4J$>2CuoU9qe)z
zq6ak+IkLKZzkoEr-sB6hAwEPc@(S5pzHdT<Jp@TqyuvA%l-<nDGi*y<Er-kZSFmZQ
z1HVFzL}q%S6OXihjSa{v=5qPICC8zra*=fxhLV4U1@HlC4S51`yL`Xh7DP2@kA-mv
zmcY5F19o9XJda^`8Qu60HAUI;xO~6c<wXX__m^@8?Z39m#7il4C|&(b^?$g&@B3H_
zDqB*tz0FP@U5Al!CaZ#N8Kt!^;!o?;#}Gfn;<T+oT!iw7yfFC&OeH@`(RDuJ$4u(9
zEwH{%{HAv5`Pa6<;CtaHY)R>3>zZR@8c(Cl_8r7$I1b@t?XfO?ZrcvPt<>pXQ(vc^
zPjIIMaScjG@?R+a#7%Tg${bxkg))*I+E_on@9uj{>a3vgCc95nSBU3gVZ4OB*spC7
z@}6<Z+FXz61mddH_42haKgyF|rF=^Hg5uf6j{-FO5&2%=l*ZpFYlu5wD|<p6t|y|8
z&7ZPws*OjY-f(f0{*?Rd`+-uFxD5LyQuY&T`;+?fl!27(E`Af^Npk{eP#al0PJYVU
z6y7oaW7DfSKIP+zxjkKIt!)tHOWSIMug3i72YYC<mwg2&H^~o?|Ml7#{m9>^%r}QP
zZP~}m#rI6@z;CH9!v1iI9*6X8ua-;?DyQ3%J;NsCzSj(Dn~vwGA4};<`HZ@0xPbb)
zz82<(-W1yOvGjv4;+qHU-nHjZRZq%f>e^A>A|CChCG*-AN8@kVnSwQ`uSJ<l97Fk(
z_&EEt)h6#xtoPoRl+EN7$ls;tb5gIlj@0F%{7S4X)*c&gRh|A-iZh>zo0J*Er6~y<
zq-~t_1FNYuAMELIagK|8?Sw1Y@tC}rJ!TjAQ_2zYg4Ex$2d>3a6yN>tX2)HMw(dB^
z9y|%}kuRox8s!dgE8A`?`;JjJLfSgL+G-J3#3Q)X);F?J?PQ{TQJXj5Bh%rViPM~l
zUAA&FCetW=<HN!CarUp>AB_#|&h@k_MxNicpRIkb9b27teQjHPD|vleOS>$Z|0f(Y
zg*{<ZoW`A$GSo$2Q_3I2+L9?fZQR@Xwe=K!K>5e!(`kE$vYqk?=iNvBec}Z4r=$^U
zE9qh9Uj)^tyhfQs(YBD1O#B@tQeueP&{o?~+h#BMVd5r~iPXC(nJI&8yF_by_IIaV
z+epeVN@lxH{~FoZLxWnjVi~cvnUulQHKQCRzHRHZPum#k*HK<kf1Z3Br5<?(?X+84
za&24evH6HUBd$d0O1w|&Z#79QNq^h89L}IFC$6UO*=jc821L1S`Ud`L_l>u8ZOEf(
z=cQ<SNnVdKo_si^1aU@+w%oop%>Qy*QILucDeq7sDBCFkl!2zb^BcA#&rSP&IGel>
zuEP%~*{IhSv=Hik#H*BW>RMCA5^K9oNn(E+T#0Kv?7T&3O40Tnl>;gL$mdZi5qG2h
z0`X6_%^d7PDNcQ5_WSEVw&lcku_r$9)tJAj?XdA?oXBxKD6NPOqUQiXS;|n7@*H@U
z_yF-T;+3eco=u7S5|^WdlLt}Kw~uUa24~RDMR`E{!q$($jg*BPt4-fTm(XS?4%64N
z0D=?j98UR;GLM}@C=Rh3-%`wW!1@mLuWwVy`KIc8L*>UQ9qQ%wOeJbg>%7$J`AXmZ
zCisTB|4^z>&QcDt|DtVhnp|5bb()v-EepY5@(H#s1(T?|M){k#l&!bzJ-)AcgQy(F
ziS!Np260{6kzo9jx_51Bv7S<u!q-%145bLA8hKWG%zi9MU2mJS%Xy_Ac3Xk5?E3|m
z>XkN%WG3Yh2UWlXc8ns{cg@jw2wPBp3$x=C>IM_<AdVtFK|G6ckvNH>ZNJrI=4WTx
zhf<$~Qkk-gydBqf5=jc#mUZxZN}$azpqFxka*#5BwzD{}Ar>Tmf$3X5;@cz{*uRmo
zgnZp=`_;~E^DXQjP3~z&psf_HvO71B7qamRjHA3w-2}=OingDrdyEnICguO$_Hn-N
zsegwZWw8NyBjSA6jJz9VmOj$7?WA%5r6!e~DcU~4bNCzfq7-HS74qZSX}8JLrEmEO
z*3fQ^tvf?J$Hv9j_ketnZG4#eRPwgEeiTWl-SHuni^(%mA}LF$kGK2Md7n1v+Z(ib
zM)EVI8KoQfS6Cn4qTMP?-zpNnB>9lCD!tO&Kd&+>qS7nzIi)_Onms{w;)TRnQCpbp
z#3PgX{;we?iThChwXM5s72{ru6~0Hi3h29jO->w1vXjb=7(~8^xCQYh;?|V(Z87zm
zNH$P6pHhSTD@qOOj!>!-&$ErQvA-`RFL`O4gk31Z?f#SL^RIk82QJ6mG)&(*5!A7H
z4)&|J?J1q8drqFd<slzJQU!NocMM^FMM_oT&v7ng8}Y~Z5hVw4-t@1uBdBOh@lv!^
zXJ`7BMqMNFH>v1gD~FO_vTbu>ChF@^#uL}4lqBA0_v;Wp;w9KgbwTd`-clZVGpDSs
zf1R2)<73<d`bQ0Q$HpbbyGum$A2DKBY*hcm*!Z~8BZE?Yte>}#n#3n1y5k42e?UV2
zxPh^8F?|zb6Ng3HCZ6u`Nu@?byNAWc#6%DL@5cY*WEI@Ba!2)#bH~J+OLD=)!O`yc
zQPBybVxvd9$%pk%ii;ZT?jIM=o&@)6Cn)ERPtXO@&ptLjDIvW-A+L4F-9IWSJ}EA-
zf;ykaJElP^{}Ms}KmGF_i%iMs4e#79Q_9?)`2*b}qeqTp6udQhJ@HG))i+<}I_~k&
z2?_BD6TPMTF85D)IAEUlV$^0=KHu=s_w@U4n#a2b#}7|g5FO%O7+t{S{cX?yfA4`I
zq5dgZ;vT1*jSs8rZWlLftUDq4?WEWQ25j`;=s0()Zk^qc!(!qSViN}scgK#T1Bn`v
zj-9GhuaQ!AM9q}25j|5LjVR##eMF92-g48%`+2{a@i@R+F8P}PZ|NnIG6lyCjf)>0
z=l1o|yWzc1Kkuv6gI(S^Yj*p2V?JE$=dH2fW!98u-m8V(?gz7yQ<v>ZTXE>#k){9Z
zyoYJutb^%e{Mry}WJ5fuQ#aq+_etvPh4<#J`LCw0O<3uX?mLsGrp@1VZ`EeCU9j`+
zp$+$sExGsJ`>B%;-QP6(!P-5kt2f+RxbxoJ&G%;Py?bccy@N~AmTdm*@VwO7%kEE}
zVb032X)CAyKivrC{P%ZnOr5=tt9Xy^{@1Tykm=I@-Wl(~eT{Og`~34vDc^jRE6bsj
z)YWV59$tBW=W6fU7svXge0wQZ&~JxVrqA$$OEvvd+Fniemi~5$EBN(Zdk=s2hAXA%
zwLB@6C_}I1_71%^)6d)b=2O3vNk9IO68cl2@^=r-xOXJQH=}7gmZy4`-rsRF?Z}S1
z`wyDgbf+%gn>r`?!K%skH%>_z_fv_K?mrDpX>%vPx6Pf{9Nu3ZC;E9;JY5{%UGOqF
zU|*9AuE<QmsjIf8t=aHk$%^|sckY{(#g)}>`L|hJ`SxAU>MG;fS1P+}sNcS$IbGBJ
M_KnKps*~ma0P=qizyJUM

diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf
index b1b22fedce..de693043ab 100644
--- a/web/xliff/zh-Hans.xlf
+++ b/web/xliff/zh-Hans.xlf
@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -596,9 +596,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>未找到 URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>未找到 URL "
+        <x id="0" equiv-text="${this.url}"/>"。</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1030,8 +1030,8 @@
         
       </trans-unit>
       <trans-unit id="sa8384c9c26731f83">
-        <source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-        <target>要允许任何重定向 URI，请将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+        <source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
+        <target>要允许任何重定向 URI，请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
         
       </trans-unit>
       <trans-unit id="s55787f4dfcdce52b">
@@ -1752,8 +1752,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -2916,8 +2916,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s76768bebabb7d543">
-        <source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
-        <target>包含组成员的字段。请注意，如果使用 &quot;memberUid&quot; 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
+        <source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
+        <target>包含组成员的字段。请注意，如果使用 "memberUid" 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
         
       </trans-unit>
       <trans-unit id="s026555347e589f0e">
@@ -3663,8 +3663,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s7b1fba26d245cb1c">
-        <source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
-        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 &quot;minutes=5&quot;。</target>
+        <source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
+        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 "minutes=5"。</target>
         
       </trans-unit>
       <trans-unit id="s44536d20bb5c8257">
@@ -3840,10 +3840,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>您确定要更新
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4919,7 +4919,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>像 YubiKey 这样的“漫游”身份验证器</target>
         
       </trans-unit>
@@ -5298,7 +5298,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
         
       </trans-unit>
@@ -7713,7 +7713,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -9067,7 +9067,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>同步组</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
+  <source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
   <target><x id="0" equiv-text="${prompt.name}"/>（&amp;quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&amp;quot;，类型为 <x id="2" equiv-text="${prompt.type}"/>）</target>
 </trans-unit>
 <trans-unit id="sa38c5a2731be3a46">
@@ -9264,4 +9264,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
\ No newline at end of file
+</xliff>

From ed6d1880a0332bceaf85e7f582f26af59b8158f1 Mon Sep 17 00:00:00 2001
From: Ken Sternberg
 <133134217+kensternberg-authentik@users.noreply.github.com>
Date: Wed, 30 Oct 2024 10:36:02 -0700
Subject: [PATCH 02/12] web/admin: provide default invalidation flows for LDAP
 and Radius (#11861)

* web: Add InvalidationFlow to Radius Provider dialogues

## What

- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
  - Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
    to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`

## Note

Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.

* web/admin: provide default invalidation flows for LDAP provider.

* admin/web: the default invalidation flows for LDAP and Radius are different from the others.
---
 .../ldap/ak-application-wizard-authentication-by-ldap.ts        | 1 +
 .../radius/ak-application-wizard-authentication-by-radius.ts    | 2 +-
 web/src/admin/providers/ldap/LDAPProviderForm.ts                | 1 +
 web/src/admin/providers/radius/RadiusProviderForm.ts            | 2 +-
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/web/src/admin/applications/wizard/methods/ldap/ak-application-wizard-authentication-by-ldap.ts b/web/src/admin/applications/wizard/methods/ldap/ak-application-wizard-authentication-by-ldap.ts
index aa1bbfbf5a..8a15009680 100644
--- a/web/src/admin/applications/wizard/methods/ldap/ak-application-wizard-authentication-by-ldap.ts
+++ b/web/src/admin/applications/wizard/methods/ldap/ak-application-wizard-authentication-by-ldap.ts
@@ -71,6 +71,7 @@ export class ApplicationWizardApplicationDetails extends WithBrandConfig(BasePro
                         flowType=${FlowsInstancesListDesignationEnum.Invalidation}
                         .currentFlow=${provider?.invalidationFlow}
                         .brandFlow=${this.brand.flowInvalidation}
+                        defaultFlowSlug="default-invalidation-flow"
                         required
                     ></ak-branded-flow-search>
                     <p class="pf-c-form__helper-text">${msg("Flow used for unbinding users.")}</p>
diff --git a/web/src/admin/applications/wizard/methods/radius/ak-application-wizard-authentication-by-radius.ts b/web/src/admin/applications/wizard/methods/radius/ak-application-wizard-authentication-by-radius.ts
index fca1666d81..cd38334a91 100644
--- a/web/src/admin/applications/wizard/methods/radius/ak-application-wizard-authentication-by-radius.ts
+++ b/web/src/admin/applications/wizard/methods/radius/ak-application-wizard-authentication-by-radius.ts
@@ -86,7 +86,7 @@ export class ApplicationWizardAuthenticationByRadius extends WithBrandConfig(Bas
                             <ak-flow-search
                                 flowType=${FlowsInstancesListDesignationEnum.Invalidation}
                                 .currentFlow=${provider?.invalidationFlow}
-                                defaultFlowSlug="default-provider-invalidation-flow"
+                                defaultFlowSlug="default-invalidation-flow"
                                 required
                             ></ak-flow-search>
                             <p class="pf-c-form__helper-text">
diff --git a/web/src/admin/providers/ldap/LDAPProviderForm.ts b/web/src/admin/providers/ldap/LDAPProviderForm.ts
index 18700e92db..d714ed1ff5 100644
--- a/web/src/admin/providers/ldap/LDAPProviderForm.ts
+++ b/web/src/admin/providers/ldap/LDAPProviderForm.ts
@@ -157,6 +157,7 @@ export class LDAPProviderFormPage extends WithBrandConfig(BaseProviderForm<LDAPP
                             flowType=${FlowsInstancesListDesignationEnum.Invalidation}
                             .currentFlow=${this.instance?.invalidationFlow}
                             .brandFlow=${this.brand.flowInvalidation}
+                            defaultFlowSlug="default-invalidation-flow"
                             required
                         ></ak-branded-flow-search>
                         <p class="pf-c-form__helper-text">
diff --git a/web/src/admin/providers/radius/RadiusProviderForm.ts b/web/src/admin/providers/radius/RadiusProviderForm.ts
index d3280d8013..a1d7aeacf9 100644
--- a/web/src/admin/providers/radius/RadiusProviderForm.ts
+++ b/web/src/admin/providers/radius/RadiusProviderForm.ts
@@ -176,7 +176,7 @@ export class RadiusProviderFormPage extends WithBrandConfig(BaseProviderForm<Rad
                         <ak-flow-search
                             flowType=${FlowsInstancesListDesignationEnum.Invalidation}
                             .currentFlow=${this.instance?.invalidationFlow}
-                            defaultFlowSlug="default-provider-invalidation-flow"
+                            defaultFlowSlug="default-invalidation-flow"
                             required
                         ></ak-flow-search>
                         <p class="pf-c-form__helper-text">

From f452617f29688b24b3a9947cf48a6f0710a6b4be Mon Sep 17 00:00:00 2001
From: "Jens L." <jens@goauthentik.io>
Date: Wed, 30 Oct 2024 20:05:02 +0100
Subject: [PATCH 03/12] website/docs: 2024.8.4 release notes (#11862)

* website/docs: 2024.8.4 release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* typo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 website/docs/releases/2024/v2024.8.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md
index ab05a126a6..2544f8da07 100644
--- a/website/docs/releases/2024/v2024.8.md
+++ b/website/docs/releases/2024/v2024.8.md
@@ -286,6 +286,20 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
 -   web: Fix missing integrity fields in package-lock.json (#11509)
 -   web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497)
 
+## Fixed in 2024.8.4
+
+-   blueprints: fix validation error when using internal storage (cherry-pick #11654) (#11656)
+-   core: fix permission check for scoped impersonation (cherry-pick #11603) (#11650)
+-   internal: restore /ping behaviour for embedded outpost (cherry-pick #11568) (#11570)
+-   policies/event_matcher: fix inconsistent behaviour (cherry-pick #11724) (#11726)
+-   providers/oauth2: don't overwrite attributes when updating service account (cherry-pick #11709) (#11723)
+-   providers/saml: fix incorrect ds:Reference URI (cherry-pick #11699) (#11701)
+-   providers/scim: add comparison with existing group on update and delta update users (cherry-pick #11414) (#11796)
+-   providers/scim: clamp batch size for patch requests (cherry-pick #11797) (#11802)
+-   providers/scim: handle no members in group in consistency check (cherry-pick #11801) (#11812)
+-   web/admin: fix invalid create date shown for MFA registered before date was saved (cherry-pick #11728) (#11729)
+-   web/admin: fix sync single button throwing error (cherry-pick #11727) (#11730)
+
 ## API Changes
 
 #### What's New

From 8245d08ddb0ba3dbb3ed98a82cb228d55188b1d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simonyi=20Gerg=C5=91?=
 <28359278+gergosimonyi@users.noreply.github.com>
Date: Thu, 31 Oct 2024 00:39:41 +0100
Subject: [PATCH 04/12] root: backport version bump 2024.10.0 (#11868)

* release: 2024.10.0-rc1

* root: `bumpversion` 2024.10 (#11865)

release: 2024.10.0
---
 .bumpversion.cfg                | 2 +-
 authentik/__init__.py           | 2 +-
 blueprints/schema.json          | 2 +-
 docker-compose.yml              | 4 ++--
 internal/constants/constants.go | 2 +-
 package.json                    | 2 +-
 pyproject.toml                  | 2 +-
 schema.yml                      | 2 +-
 web/src/common/constants.ts     | 2 +-
 9 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index b31c7e03e1..8978eeee7a 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2024.8.3
+current_version = 2024.10.0
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?
diff --git a/authentik/__init__.py b/authentik/__init__.py
index 548dde0b9c..259d0f83f6 100644
--- a/authentik/__init__.py
+++ b/authentik/__init__.py
@@ -2,7 +2,7 @@
 
 from os import environ
 
-__version__ = "2024.8.3"
+__version__ = "2024.10.0"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 
diff --git a/blueprints/schema.json b/blueprints/schema.json
index 0604c8d76d..fb53856754 100644
--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema",
     "$id": "https://goauthentik.io/blueprints/schema.json",
     "type": "object",
-    "title": "authentik 2024.8.3 Blueprint schema",
+    "title": "authentik 2024.10.0 Blueprint schema",
     "required": [
         "version",
         "entries"
diff --git a/docker-compose.yml b/docker-compose.yml
index 3f58105b7d..ca99ad0ca0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -31,7 +31,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.0}
     restart: unless-stopped
     command: server
     environment:
@@ -52,7 +52,7 @@ services:
       - postgresql
       - redis
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.0}
     restart: unless-stopped
     command: worker
     environment:
diff --git a/internal/constants/constants.go b/internal/constants/constants.go
index 74324a2788..4aa19f377c 100644
--- a/internal/constants/constants.go
+++ b/internal/constants/constants.go
@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2024.8.3"
+const VERSION = "2024.10.0"
diff --git a/package.json b/package.json
index 1232164804..dae8194aad 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2024.8.3",
+    "version": "2024.10.0",
     "private": true
 }
diff --git a/pyproject.toml b/pyproject.toml
index 47295a20f6..5c3f76c3ab 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "authentik"
-version = "2024.8.3"
+version = "2024.10.0"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
 
diff --git a/schema.yml b/schema.yml
index c920d1ab11..9960eccc59 100644
--- a/schema.yml
+++ b/schema.yml
@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2024.8.3
+  version: 2024.10.0
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
diff --git a/web/src/common/constants.ts b/web/src/common/constants.ts
index 5c390663ed..8dd39b249d 100644
--- a/web/src/common/constants.ts
+++ b/web/src/common/constants.ts
@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2024.8.3";
+export const VERSION = "2024.10.0";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

From fa78c24516f627d87f379862e97258e66cfa2128 Mon Sep 17 00:00:00 2001
From: "authentik-automation[bot]"
 <135050075+authentik-automation[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 23:59:56 +0000
Subject: [PATCH 05/12] web: bump API Client version (#11870)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
---
 web/package-lock.json | 8 ++++----
 web/package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/package-lock.json b/web/package-lock.json
index 7e3799333c..b8a1c52ede 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -23,7 +23,7 @@
                 "@floating-ui/dom": "^1.6.11",
                 "@formatjs/intl-listformat": "^7.5.7",
                 "@fortawesome/fontawesome-free": "^6.6.0",
-                "@goauthentik/api": "^2024.8.3-1729836831",
+                "@goauthentik/api": "^2024.10.0-1730331602",
                 "@lit-labs/ssr": "^3.2.2",
                 "@lit/context": "^1.1.2",
                 "@lit/localize": "^0.12.2",
@@ -1775,9 +1775,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2024.8.3-1729836831",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.8.3-1729836831.tgz",
-            "integrity": "sha512-nOgvjYQiK+HhWuiZ635h/aSsq7Mfj5cDrIyBJt+IJRQuJFtnnHx8nscRXKK/8sBl9obH2zMCoZgeqytK8145bg=="
+            "version": "2024.10.0-1730331602",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.10.0-1730331602.tgz",
+            "integrity": "sha512-VaXywdDCFkIs9RgmHVYt8jGf5xnc+czsu5ILEThNQOuXvBjkGa0J8aPWVSdfP++GiHnkjddWVFzJ6R6LOoHbWQ=="
         },
         "node_modules/@goauthentik/web": {
             "resolved": "",
diff --git a/web/package.json b/web/package.json
index 1929e4fdb7..e3a06342ac 100644
--- a/web/package.json
+++ b/web/package.json
@@ -11,7 +11,7 @@
         "@floating-ui/dom": "^1.6.11",
         "@formatjs/intl-listformat": "^7.5.7",
         "@fortawesome/fontawesome-free": "^6.6.0",
-        "@goauthentik/api": "^2024.8.3-1729836831",
+        "@goauthentik/api": "^2024.10.0-1730331602",
         "@lit-labs/ssr": "^3.2.2",
         "@lit/context": "^1.1.2",
         "@lit/localize": "^0.12.2",

From faaba483a00b5b1a77376c7c560bfcaae7040a3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simonyi=20Gerg=C5=91?=
 <28359278+gergosimonyi@users.noreply.github.com>
Date: Thu, 31 Oct 2024 01:02:37 +0100
Subject: [PATCH 06/12] website: update supported versions (#11841)

update supported versions
---
 SECURITY.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 871f95a6fe..2e0beb7d72 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -18,10 +18,10 @@ Even if the issue is not a CVE, we still greatly appreciate your help in hardeni
 
 (.x being the latest patch release for each version)
 
-| Version  | Supported |
-| -------- | --------- |
-| 2024.6.x | ✅        |
-| 2024.8.x | ✅        |
+| Version   | Supported |
+| --------- | --------- |
+| 2024.8.x  | ✅        |
+| 2024.10.x | ✅        |
 
 ## Reporting a Vulnerability
 

From d43940d5d6cd7c22affe82dc8b3c6607f3d2c491 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simonyi=20Gerg=C5=91?=
 <28359278+gergosimonyi@users.noreply.github.com>
Date: Thu, 31 Oct 2024 01:31:41 +0100
Subject: [PATCH 07/12] website: remove RC disclaimer for version 2024.10
 (#11871)

---
 website/docs/releases/2024/v2024.10.md | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/website/docs/releases/2024/v2024.10.md b/website/docs/releases/2024/v2024.10.md
index 070f9ce376..d3aa0654e5 100644
--- a/website/docs/releases/2024/v2024.10.md
+++ b/website/docs/releases/2024/v2024.10.md
@@ -3,12 +3,6 @@ title: Release 2024.10
 slug: "/releases/2024.10"
 ---
 
-:::::note
-2024.10 has not been released yet! We're publishing these release notes as a preview of what's to come, and for our awesome beta testers trying out release candidates.
-
-To try out the release candidate, replace your Docker image tag with the latest release candidate number, such as 2024.10.0-rc1. You can find the latest one in [the latest releases on GitHub](https://github.com/goauthentik/authentik/releases). If you don't find any, it means we haven't released one yet.
-:::::
-
 ## Highlights
 
 -   **Chrome Device Trust** <span class="badge badge--primary">Enterprise</span> <span class="badge badge--info">Preview</span>: Verify that your users are logging in from managed devices and validate the devices' compliance with company policies.

From e2f8574b6a28fabd88fd2164ca129465497d9bc0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simonyi=20Gerg=C5=91?=
 <28359278+gergosimonyi@users.noreply.github.com>
Date: Thu, 31 Oct 2024 01:48:21 +0100
Subject: [PATCH 08/12] website: fix docs redirect (#11873)

fix docs redirect
---
 website/netlify.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/netlify.toml b/website/netlify.toml
index 1aaf3f1b4a..4747ceed7c 100644
--- a/website/netlify.toml
+++ b/website/netlify.toml
@@ -675,8 +675,8 @@
   force = true
 
 [[redirects]]
-  from = "/docs/providers/radius/x"
-  to = "/docs/add-secure-apps/providers/radius/x"
+  from = "/docs/providers/radius/"
+  to = "/docs/add-secure-apps/providers/radius/"
   status = 302
   force = true
 

From 712e5084c194ecee98380d01619d8e274580c6d4 Mon Sep 17 00:00:00 2001
From: Tana M Berry <tanamarieberry@yahoo.com>
Date: Thu, 31 Oct 2024 08:26:51 -0500
Subject: [PATCH 09/12] website/docs: add info about invalidation flow, default
 flows in general (#11800)

* restructure

* tweak

* fix header

* added more definitions

* jens excellent idea

* restructure the Layouts content

* tweaks

* links fix

* links still

* fighting links and cache

* argh links

* ditto

* remove link

* anothe link

* Jens' edit

* listed default flows set by brand

* add links back

* tweaks

* used import for list

* tweak

* rewrite some stuff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* mangled rebase, fixed

* bump

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
---
 .../applications/manage_apps.md               |  2 +-
 .../flow/examples/default_flows.md            | 11 ++++++++
 .../flows-stages/flow/examples/flows.md       |  2 +-
 .../flows-stages/flow/executors/if-flow.md    | 24 ++++++++++++++++++
 .../flow/flow_list/_defaultflowlist.mdx       | 13 ++++++++++
 .../flows-stages/flow/index.md                | 20 +++------------
 .../flows-stages/flow/layouts.md              | 25 -------------------
 .../docs/add-secure-apps/providers/index.mdx  |  4 ++-
 website/docs/customize/brands.md              | 13 ++++++++--
 website/netlify.toml                          |  5 +++-
 website/sidebars.js                           |  4 +--
 11 files changed, 74 insertions(+), 49 deletions(-)
 create mode 100644 website/docs/add-secure-apps/flows-stages/flow/examples/default_flows.md
 create mode 100644 website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx
 delete mode 100644 website/docs/add-secure-apps/flows-stages/flow/layouts.md

diff --git a/website/docs/add-secure-apps/applications/manage_apps.md b/website/docs/add-secure-apps/applications/manage_apps.md
index db6ad6c8a8..72cc5c9fa9 100644
--- a/website/docs/add-secure-apps/applications/manage_apps.md
+++ b/website/docs/add-secure-apps/applications/manage_apps.md
@@ -26,7 +26,7 @@ To add an application to authentik and have it display on users' **My applicatio
 
 ## Authorization
 
-Application access can be configured using (Policy) Bindings. Click on an application in the applications list, and select the _Policy / Group / User Bindings_ tab. There you can bind users/groups/policies to grant them access. When nothing is bound, everyone has access. You can use this to grant access to one or multiple users/groups, or dynamically give access using policies.
+Application access can be configured using (Policy) bindings. Click on an application in the applications list, and select the _Policy / Group / User Bindings_ tab. There you can bind users/groups/policies to grant them access. When nothing is bound, everyone has access. You can use this to grant access to one or multiple users/groups, or dynamically give access using policies.
 
 By default, all users can access applications when no policies are bound.
 
diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/default_flows.md b/website/docs/add-secure-apps/flows-stages/flow/examples/default_flows.md
new file mode 100644
index 0000000000..e301339f2b
--- /dev/null
+++ b/website/docs/add-secure-apps/flows-stages/flow/examples/default_flows.md
@@ -0,0 +1,11 @@
+---
+title: Default flows
+---
+
+When you create a new provider, you can select certain default flows that will be used with the provider and its associated application. For example, you can [create a custom flow](../index.md#create-a-custom-flow) that override the defaults configured on the brand.
+
+If no default flow is selected when the provider is created, to determine which flow should be used authentik will first check if there is a default flow configured in the active [**Brand**](../../../../customize/brands.md). If no default is configured there, authentik will go through all flows with the matching designation, sorted by `slug` and evaluate policies bound directly to the flows, and the first flow whose policies allow access will be picked.
+
+import DefaultFlowList from "../../flow/flow_list/\_defaultflowlist.mdx";
+
+<DefaultFlowList />
diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/flows.md b/website/docs/add-secure-apps/flows-stages/flow/examples/flows.md
index 7143797e13..b81bcdd5eb 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/examples/flows.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/examples/flows.md
@@ -1,5 +1,5 @@
 ---
-title: Example Flows
+title: Example flows
 ---
 
 :::info
diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md b/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md
index 20419a1a67..101f945a21 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md
@@ -7,3 +7,27 @@ This is the default, web-based environment that flows are executed in. All stage
 :::info
 All flow executors use the same [API](../../../../developer-docs/api/flow-executor.md), which allows for the implementation of custom flow executors.
 :::
+
+## Layouts
+
+Starting with authentik 2022.5, the layout of the default flow executor can be changed. Below are examples for the available options:
+
+### Stacked (default)
+
+![](../layouts/stacked.png)
+
+### Content besides logo (left)
+
+![](../layouts/content_left.png)
+
+### Content besides logo (right)
+
+![](../layouts/content_right.png)
+
+### Sidebar (left)
+
+![](../layouts/sidebar_left.png)
+
+### Sidebar (right)
+
+![](../layouts/sidebar_right.png)
diff --git a/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx b/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx
new file mode 100644
index 0000000000..5a49106c8f
--- /dev/null
+++ b/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx
@@ -0,0 +1,13 @@
+-   **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](../../stages/user_login/index.md) stage, which attaches the staged user to the current session.
+
+-   **Authorization**: designates a flow to be used for authorization of an application. Can be used to add additional verification steps before the user is allowed to access an application. This flow is defined per provider, when the provider is created, to state whether implicit or explicit authorization is required.
+
+-   **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**Email**](../../stages/email/index.mdx) or **Captcha**. At the end, to create the user, you can use the [**User Write**](../../stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
+
+-   **Invalidation**: designates a default flow to be used to invalidate a session. Use `default-invalidation-flow` for invalidation from authentik itself, or use `default-provider-invalidation-flow` to invalidate when the session of an application ends. When you use the `default-invalidation-flow` as a global invalidation flow, it should contain a [**User Logout**](../../stages/user_logout.md) stage. When you use the `default-provider-invalidation-flow` (supported with OIDC, SAML, Proxy, and RAC providers), you can configure this default flow to present users log-off options such as "log out of the app but remain logged in to authentik" or "return to the **My Applications** page", or "log out completely". (Alternatively, you can create a custom invalidation flow, with a branded background image.)
+
+-   **Recovery**: designates a flow for recovery. This flow normally contains an [**Identification**](../../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**Email**](../../stages/email/index.mdx) or [**CAPTCHA**](../../stages/captcha/index.md). Afterwards, use the [**Prompt**](../../stages/prompt/index.md) stage to ask the user for a new password and the [**User Write**](../../stages/user_write.md) stage to update the password.
+
+-   **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure authenticators, like change a password and set up TOTP.
+
+-   **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](../../stages/email/index.mdx) or [**Captcha**](../../stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](../../stages/user_delete.md) stage.
diff --git a/website/docs/add-secure-apps/flows-stages/flow/index.md b/website/docs/add-secure-apps/flows-stages/flow/index.md
index 18707cd67a..53617a786e 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/index.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/index.md
@@ -4,11 +4,11 @@ title: Flows
 
 Flows are a major component in authentik. In conjunction with stages and [policies](../../../customize/policies/index.md), flows are at the heart of our system of building blocks, used to define and execute the workflows of authentication, authorization, enrollment, and user settings.
 
-There are over a dozen default, out-of-the box flows available in authentik. Users can decide if they already have everything they need with the default flows or if they want to [create](#create-a-custom-flow) their own custom flow, using the Admin interface.
+There are over a dozen default, out-of-the box flows available in authentik. Users can decide if they already have everything they need with the [default flows](../flow/examples/default_flows.md) or if they want to [create](#create-a-custom-flow) their own custom flow, using the Admin interface, Terraform, or via the API.
 
 A flow is a method of describing a sequence of stages. A stage represents a single verification or logic step. By connecting a series of stages within a flow (and optionally attaching policies as needed) you can build a highly flexible process for authenticating users, enrolling them, and more.
 
-For example, a standard login flow would consist of the following stages:
+For example a standard login flow would consist of the following stages:
 
 -   **Identification stage**: user identifies themselves via a username or email address
 -   **Password stage**: the user's password is checked against the hash in the database
@@ -22,8 +22,6 @@ By default, policies are evaluated dynamically, right before the stage (to which
 
 This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.md).
 
-To determine which flow should be used, authentik will first check which default authentication flow is configured in the active [**Brand**](../../../customize/brands.md). If no default is configured there, the policies in all flows with the matching designation are checked, and the first flow with matching policies sorted by `slug` will be used.
-
 ## Permissions
 
 Flows can have [policies](../stages/index.md) assigned to them. These policies determine if the current user is allowed to see and use this flow.
@@ -64,19 +62,9 @@ When creating or editing a flow in the UI of the Admin interface, you can set th
 
 **Designation**: Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
 
--   **Authentication**: this option designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](../stages/user_login/index.md) stage, which attaches the staged user to the current session.
+import Defaultflowlist from "../flow/flow_list/\_defaultflowlist.mdx";
 
--   **Authorization**: designates a flow to be used for authorization of an application. Can be used to add additional verification steps before the user is allowed to access an application.
-
--   **Invalidation**: designates a flow to be used to invalidate a session. Both used to invalidate a session from authentik and when the session of an application ends. When used as a global invalidation flow should contain a [**User Logout**](../stages/user_logout.md) stage.
-
--   **Enrollment**: designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**Email**](../stages/email/index.mdx) or [**Captcha**](../stages/captcha/index.md). At the end, to create the user, you can use the [**User Write**](../stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
-
--   **Unenrollment**: designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](../stages/email/index.mdx) or [**Captcha**](../stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](../stages/user_delete.md) stage.
-
--   **Recovery**: designates a flow for recovery. This flow normally contains an [**Identification**](../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**Email**](../stages/email/index.mdx) or [**captcha**](../stages/captcha/index.md). Afterwards, use the [**Prompt**](../stages/prompt/index.md) stage to ask the user for a new password and the [**User Write**](../stages/user_write.md) stage to update the password.
-
--   **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure authenticators, like change a password and setup TOTP.
+<Defaultflowlist />
 
 **Authentication**: Using this option, you can configure whether the the flow requires initial authentication or not, whether the user must be a superuser, or if the flow requires an outpost.
 
diff --git a/website/docs/add-secure-apps/flows-stages/flow/layouts.md b/website/docs/add-secure-apps/flows-stages/flow/layouts.md
deleted file mode 100644
index 77b15a3b6c..0000000000
--- a/website/docs/add-secure-apps/flows-stages/flow/layouts.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: Layouts
----
-
-Starting with authentik 2022.5, the layout of the default flow executor can be changed. Below are examples for the available options:
-
-### Stacked (default)
-
-![](./layouts/stacked.png)
-
-### Content besides logo (left)
-
-![](./layouts/content_left.png)
-
-### Content besides logo (right)
-
-![](./layouts/content_right.png)
-
-### Sidebar (left)
-
-![](./layouts/sidebar_left.png)
-
-### Sidebar (right)
-
-![](./layouts/sidebar_right.png)
diff --git a/website/docs/add-secure-apps/providers/index.mdx b/website/docs/add-secure-apps/providers/index.mdx
index 99790ab300..b88c6aad57 100644
--- a/website/docs/add-secure-apps/providers/index.mdx
+++ b/website/docs/add-secure-apps/providers/index.mdx
@@ -13,7 +13,9 @@ Applications can use additional providers to augment the functionality of the ma
 
 You can create a new provider in the Admin interface, or you can use the [Application wizard](../applications/manage_apps.md#instructions) to create a new application and its provider at the same time.
 
-Refer to the documentation for each provider:
+When you create certain types of providers, you need to select specific [flows](../flows-stages/flow/index.md) to apply to users who access authentik via the provider. To learn more, refer to our [default flow documentation](../flows-stages/flow/examples/default_flows.md).
+
+To learn more about each provider type, refer to the documentation for each provider:
 
 <DocCardList />
 
diff --git a/website/docs/customize/brands.md b/website/docs/customize/brands.md
index dc4931f05a..fbaa057517 100644
--- a/website/docs/customize/brands.md
+++ b/website/docs/customize/brands.md
@@ -9,13 +9,22 @@ The main settings that brands influence are flows and branding.
 
 ## Flows
 
-authentik picks a default flow by selecting the flow that is configured in the current brand, otherwise any flow that:
+You can explicitly select, in your instance's Brand settings, the default flow to use for the following configurations:
+
+-   Authentication flow: the flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used.
+-   Invalidation flow: for typical use cases, select the `default-invalidation-flow` (Logout) flow. This flow logs the user out of authentik when the application session ends (user logs out of the app).
+-   Recovery flow: if set, the user can access an option to recover their login credentials.
+-   Unenrollment flow: if set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown.
+-   User settings flow: if set, users are able to configure details of their profile.
+-   Device code flow: if set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code.
+
+If a default flow is _not_ set in the brand, then authentik selects any flow that:
 
     - matches the required designation
     - comes first sorted by slug
     - is allowed by policies
 
-This means that if you want to select a default flow based on policy, you can leave the brand default empty.
+This means that if you want to select a default flow based on policy, you can leave the brand default empty. To learn more about default flows, refer to our [documentation](../add-secure-apps/flows-stages/flow/examples/default_flows.md).
 
 ## Branding
 
diff --git a/website/netlify.toml b/website/netlify.toml
index 4747ceed7c..de729ecb93 100644
--- a/website/netlify.toml
+++ b/website/netlify.toml
@@ -62,7 +62,10 @@
   to = "/docs/providers/property-mappings/expression"
   status = 302
 
-
+[[redirects]]
+  from = "/docs/add-secure-apps/flows-stages/flow/layouts.md"
+  to = "/docs/add-secure-apps/flows-stages/flow/executors/if-flow.md"
+  status = 302
 
 
 
diff --git a/website/sidebars.js b/website/sidebars.js
index 0fd73b6e29..d7ae2be133 100644
--- a/website/sidebars.js
+++ b/website/sidebars.js
@@ -251,14 +251,14 @@ export default {
                                 id: "add-secure-apps/flows-stages/flow/index",
                             },
                             items: [
-                                "add-secure-apps/flows-stages/flow/layouts",
                                 "add-secure-apps/flows-stages/flow/inspector",
                                 "add-secure-apps/flows-stages/flow/context/index",
                                 {
                                     type: "category",
-                                    label: "Examples",
+                                    label: "Defaults and Examples",
                                     items: [
                                         "add-secure-apps/flows-stages/flow/examples/flows",
+                                        "add-secure-apps/flows-stages/flow/examples/default_flows",
                                         "add-secure-apps/flows-stages/flow/examples/snippets",
                                     ],
                                 },

From 38adb4124461563da95e1fd2fc0e3c2f6aa0d94c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:31:37 +0100
Subject: [PATCH 10/12] core: bump goauthentik.io/api/v3 from 3.2024083.14 to
 3.2024100.1 (#11876)

Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2024083.14 to 3.2024100.1.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024083.14...v3.2024100.1)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3b36858dd0..74b8d14040 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2024083.14
+	goauthentik.io/api/v3 v3.2024100.1
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.23.0
 	golang.org/x/sync v0.8.0
diff --git a/go.sum b/go.sum
index fb4733c1dd..6ee92559be 100644
--- a/go.sum
+++ b/go.sum
@@ -299,8 +299,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-goauthentik.io/api/v3 v3.2024083.14 h1:8iLXkNpVS275S4DLMBr6WIeaMkkaIJbzlNRLCFe+k3A=
-goauthentik.io/api/v3 v3.2024083.14/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2024100.1 h1:ve8xiaKOyUD5oCkNAsu1o3nc7aolt9bKTTR2qMI1iU4=
+goauthentik.io/api/v3 v3.2024100.1/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

From ecd013401c8b5934944d3dcdca80daf575c6b523 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:31:45 +0100
Subject: [PATCH 11/12] core: bump selenium from 4.25.0 to 4.26.0 (#11875)

Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.25.0 to 4.26.0.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](https://github.com/SeleniumHQ/Selenium/compare/selenium-4.25.0...selenium-4.26.0)

---
updated-dependencies:
- dependency-name: selenium
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 poetry.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/poetry.lock b/poetry.lock
index 9fde46832f..1692261527 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -4354,13 +4354,13 @@ django-query = ["django (>=3.2)"]
 
 [[package]]
 name = "selenium"
-version = "4.25.0"
+version = "4.26.0"
 description = "Official Python bindings for Selenium WebDriver"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "selenium-4.25.0-py3-none-any.whl", hash = "sha256:3798d2d12b4a570bc5790163ba57fef10b2afee958bf1d80f2a3cf07c4141f33"},
-    {file = "selenium-4.25.0.tar.gz", hash = "sha256:95d08d3b82fb353f3c474895154516604c7f0e6a9a565ae6498ef36c9bac6921"},
+    {file = "selenium-4.26.0-py3-none-any.whl", hash = "sha256:48013f36e812de5b3948ef53d04e73f77bc923ee3e1d7d99eaf0618179081b99"},
+    {file = "selenium-4.26.0.tar.gz", hash = "sha256:f0780f85f10310aa5d085b81e79d73d3c93b83d8de121d0400d543a50ee963e8"},
 ]
 
 [package.dependencies]

From f192690f256bf30cf804a45be5617a59977aeff5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 14:33:00 +0100
Subject: [PATCH 12/12] website: bump elliptic from 6.5.7 to 6.6.0 in /website
 (#11869)

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.7 to 6.6.0.
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.7...v6.6.0)

---
updated-dependencies:
- dependency-name: elliptic
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 website/package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/website/package-lock.json b/website/package-lock.json
index 0c30dfa5b3..f5e293db97 100644
--- a/website/package-lock.json
+++ b/website/package-lock.json
@@ -8895,9 +8895,9 @@
             "integrity": "sha512-f/ZeWvW/BCXbhGEf1Ujp29EASo/lk1FDnETgNKwJrsVvGZhUWCZyg3xLJjAsxfOmt8KjswHmI5EwCQcPMpOYhQ=="
         },
         "node_modules/elliptic": {
-            "version": "6.5.7",
-            "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.7.tgz",
-            "integrity": "sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==",
+            "version": "6.6.0",
+            "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.0.tgz",
+            "integrity": "sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==",
             "dependencies": {
                 "bn.js": "^4.11.9",
                 "brorand": "^1.1.0",