Merge branch 'main' into dev

* main: (66 commits) rbac: filters: fix missing attribute for unauthenticated requests (#10061) tests/e2e: docker-compose.yml: remove version element forgotten last time (#10067) providers/microsoft_entra: fix error when updating connection attributes (#10039) website/integrations: aws: fix about service link (#10062) translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#10060) core: bump github.com/redis/go-redis/v9 from 9.5.2 to 9.5.3 (#10046) core: bump github.com/gorilla/websocket from 1.5.1 to 1.5.2 (#10047) translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10058) core: bump sentry-sdk from 2.5.0 to 2.5.1 (#10048) core: bump django-cte from 1.3.2 to 1.3.3 (#10049) core: bump packaging from 24.0 to 24.1 (#10050) web: bump yaml from 2.4.3 to 2.4.5 in /web (#10054) web: bump @sentry/browser from 8.7.0 to 8.8.0 in /web in the sentry group (#10051) web: bump esbuild from 0.21.4 to 0.21.5 in /web (#10053) crypto: update fingerprint at same time as certificate (#10036) translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10056) website/integrations: gitea: fix helm values (#10043) core, web: update translations (#10038) translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10040) docs/troubleshooting: upgrade docker: erroneous command (#10044) ...
2024-06-11 08:25:49 -07:00
parent 312f364e0c 837a0325ca
commit fcab99027b
81 changed files with 8407 additions and 2848 deletions
--- a/authentik/blueprints/v1/importer.py
+++ b/authentik/blueprints/v1/importer.py
@ -58,7 +58,7 @@ from authentik.outposts.models import OutpostServiceConnection
 from authentik.policies.models import Policy, PolicyBindingModel
 from authentik.policies.reputation.models import Reputation
 from authentik.providers.oauth2.models import AccessToken, AuthorizationCode, RefreshToken
-from authentik.providers.scim.models import SCIMGroup, SCIMUser
+from authentik.providers.scim.models import SCIMProviderGroup, SCIMProviderUser
 from authentik.sources.scim.models import SCIMSourceGroup, SCIMSourceUser
 from authentik.stages.authenticator_webauthn.models import WebAuthnDeviceType
 from authentik.tenants.models import Tenant
@ -97,8 +97,8 @@ def excluded_models() -> list[type[Model]]:
        # FIXME: these shouldn't need to be explicitly listed, but rather based off of a mixin
        FlowToken,
        LicenseUsage,
-        SCIMGroup,
+        SCIMProviderGroup,
-        SCIMUser,
+        SCIMProviderUser,
        Tenant,
        SystemTask,
        ConnectionToken,
--- a/authentik/core/api/groups.py
+++ b/authentik/core/api/groups.py
@ -2,6 +2,7 @@
 from json import loads
 from django.db.models import Prefetch
 from django.http import Http404
 from django_filters.filters import CharFilter, ModelMultipleChoiceFilter
 from django_filters.filterset import FilterSet
@ -166,8 +167,14 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
    def get_queryset(self):
        base_qs = Group.objects.all().select_related("parent").prefetch_related("roles")
        if self.serializer_class(context={"request": self.request})._should_include_users:
            base_qs = base_qs.prefetch_related("users")
        else:
            base_qs = base_qs.prefetch_related(
                Prefetch("users", queryset=User.objects.all().only("id"))
            )
        return base_qs
    @extend_schema(
--- a/authentik/core/api/property_mappings.py
+++ b/authentik/core/api/property_mappings.py
@ -80,8 +80,10 @@ class PropertyMappingViewSet(
    class PropertyMappingTestSerializer(PolicyTestSerializer):
        """Test property mapping execution for a user/group with context"""
-        user = PrimaryKeyRelatedField(queryset=User.objects.all(), required=False)
+        user = PrimaryKeyRelatedField(queryset=User.objects.all(), required=False, allow_null=True)
-        group = PrimaryKeyRelatedField(queryset=Group.objects.all(), required=False)
+        group = PrimaryKeyRelatedField(
            queryset=Group.objects.all(), required=False, allow_null=True
        )
    queryset = PropertyMapping.objects.select_subclasses()
    serializer_class = PropertyMappingSerializer
--- a/authentik/enterprise/providers/google_workspace/api/groups.py
+++ b/authentik/enterprise/providers/google_workspace/api/groups.py
@ -19,6 +19,7 @@ class GoogleWorkspaceProviderGroupSerializer(ModelSerializer):
        model = GoogleWorkspaceProviderGroup
        fields = [
            "id",
            "google_id",
            "group",
            "group_obj",
            "provider",
--- a/authentik/enterprise/providers/google_workspace/api/users.py
+++ b/authentik/enterprise/providers/google_workspace/api/users.py
@ -19,6 +19,7 @@ class GoogleWorkspaceProviderUserSerializer(ModelSerializer):
        model = GoogleWorkspaceProviderUser
        fields = [
            "id",
            "google_id",
            "user",
            "user_obj",
            "provider",
--- a/authentik/enterprise/providers/google_workspace/clients/groups.py
+++ b/authentik/enterprise/providers/google_workspace/clients/groups.py
@ -92,12 +92,14 @@ class GoogleWorkspaceGroupClient(
        google_group = self.to_schema(group, connection)
        self.check_email_valid(google_group["email"])
        try:
-            return self._request(
+            response = self._request(
                self.directory_service.groups().update(
                    groupKey=connection.google_id,
                    body=google_group,
                )
            )
            connection.attributes = response
            connection.save()
        except NotFoundSyncException:
            # Resource missing is handled by self.write, which will re-create the group
            raise
--- a/authentik/enterprise/providers/google_workspace/clients/users.py
+++ b/authentik/enterprise/providers/google_workspace/clients/users.py
@ -88,9 +88,11 @@ class GoogleWorkspaceUserClient(GoogleWorkspaceSyncClient[User, GoogleWorkspaceP
        self.check_email_valid(
            google_user["primaryEmail"], *[x["address"] for x in google_user.get("emails", [])]
        )
-        self._request(
+        response = self._request(
            self.directory_service.users().update(userKey=connection.google_id, body=google_user)
        )
        connection.attributes = response
        connection.save()
    def discover(self):
        """Iterate through all users and connect them with authentik users if possible"""
--- a/authentik/enterprise/providers/microsoft_entra/api/groups.py
+++ b/authentik/enterprise/providers/microsoft_entra/api/groups.py
@ -19,6 +19,7 @@ class MicrosoftEntraProviderGroupSerializer(ModelSerializer):
        model = MicrosoftEntraProviderGroup
        fields = [
            "id",
            "microsoft_id",
            "group",
            "group_obj",
            "provider",
--- a/authentik/enterprise/providers/microsoft_entra/api/users.py
+++ b/authentik/enterprise/providers/microsoft_entra/api/users.py
@ -19,6 +19,7 @@ class MicrosoftEntraProviderUserSerializer(ModelSerializer):
        model = MicrosoftEntraProviderUser
        fields = [
            "id",
            "microsoft_id",
            "user",
            "user_obj",
            "provider",
--- a/authentik/enterprise/providers/microsoft_entra/clients/base.py
+++ b/authentik/enterprise/providers/microsoft_entra/clients/base.py
@ -23,6 +23,7 @@ from msgraph.graph_service_client import GraphServiceClient
 from msgraph_core import GraphClientFactory
 from authentik.enterprise.providers.microsoft_entra.models import MicrosoftEntraProvider
 from authentik.events.utils import sanitize_item
 from authentik.lib.sync.outgoing import HTTP_CONFLICT
 from authentik.lib.sync.outgoing.base import BaseOutgoingSyncClient
 from authentik.lib.sync.outgoing.exceptions import (
@ -106,4 +107,4 @@ class MicrosoftEntraSyncClient[TModel: Model, TConnection: Model, TSchema: dict]
        we can't JSON serialize"""
        raw_data = asdict(entity)
        raw_data.pop("backing_store", None)
-        return raw_data
+        return sanitize_item(raw_data)
--- a/authentik/enterprise/providers/microsoft_entra/clients/groups.py
+++ b/authentik/enterprise/providers/microsoft_entra/clients/groups.py
@ -1,3 +1,4 @@
 from deepmerge import always_merger
 from django.db import transaction
 from msgraph.generated.groups.groups_request_builder import GroupsRequestBuilder
 from msgraph.generated.models.group import Group as MSGroup
@ -104,9 +105,12 @@ class MicrosoftEntraGroupClient(
        microsoft_group = self.to_schema(group, connection)
        microsoft_group.id = connection.microsoft_id
        try:
-            return self._request(
+            response = self._request(
                self.client.groups.by_group_id(connection.microsoft_id).patch(microsoft_group)
            )
            if response:
                always_merger.merge(connection.attributes, self.entity_as_dict(response))
                connection.save()
        except NotFoundSyncException:
            # Resource missing is handled by self.write, which will re-create the group
            raise
--- a/authentik/enterprise/providers/microsoft_entra/clients/users.py
+++ b/authentik/enterprise/providers/microsoft_entra/clients/users.py
@ -1,3 +1,4 @@
 from deepmerge import always_merger
 from django.db import transaction
 from msgraph.generated.models.user import User as MSUser
 from msgraph.generated.users.users_request_builder import UsersRequestBuilder
@ -110,7 +111,12 @@ class MicrosoftEntraUserClient(MicrosoftEntraSyncClient[User, MicrosoftEntraProv
        """Update existing user"""
        microsoft_user = self.to_schema(user, connection)
        self.check_email_valid(microsoft_user.user_principal_name)
-        self._request(self.client.users.by_user_id(connection.microsoft_id).patch(microsoft_user))
+        response = self._request(
            self.client.users.by_user_id(connection.microsoft_id).patch(microsoft_user)
        )
        if response:
            always_merger.merge(connection.attributes, self.entity_as_dict(response))
            connection.save()
    def discover(self):
        """Iterate through all users and connect them with authentik users if possible"""
--- a/authentik/lib/logging.py
+++ b/authentik/lib/logging.py
@ -102,6 +102,8 @@ def get_logger_config():
        "gunicorn": "INFO",
        "requests_mock": "WARNING",
        "hpack": "WARNING",
        "httpx": "WARNING",
        "azure": "WARNING",
    }
    for handler_name, level in handler_level_map.items():
        base_config["loggers"][handler_name] = {
--- a/authentik/lib/sync/mapper.py
+++ b/authentik/lib/sync/mapper.py
@ -57,6 +57,8 @@ class PropertyMappingManager:
            mapping.set_context(user, request, **kwargs)
            try:
                value = mapping.evaluate(mapping.model.expression)
            except PropertyMappingExpressionException as exc:
                raise exc from exc
            except Exception as exc:
                raise PropertyMappingExpressionException(exc, mapping.model) from exc
            if value is None:
--- a/authentik/lib/sync/outgoing/base.py
+++ b/authentik/lib/sync/outgoing/base.py
@ -91,10 +91,9 @@ class BaseOutgoingSyncClient[
            }
            eval_kwargs.setdefault("user", None)
            for value in self.mapper.iter_eval(**eval_kwargs):
-                try:
+                always_merger.merge(raw_final_object, value)
-                    always_merger.merge(raw_final_object, value)
+        except SkipObjectException as exc:
-                except SkipObjectException as exc:
+            raise exc from exc
                    raise exc from exc
        except PropertyMappingExpressionException as exc:
            # Value error can be raised when assigning invalid data to an attribute
            Event.new(
@ -104,7 +103,7 @@ class BaseOutgoingSyncClient[
            ).save()
            raise StopSync(exc, obj, exc.mapping) from exc
        if not raw_final_object:
-            raise StopSync(ValueError("No user mappings configured"), obj)
+            raise StopSync(ValueError("No mappings configured"), obj)
        for key, value in defaults.items():
            raw_final_object.setdefault(key, value)
        return raw_final_object
--- a/authentik/lib/sync/outgoing/tasks.py
+++ b/authentik/lib/sync/outgoing/tasks.py
@ -14,6 +14,7 @@ from authentik.core.models import Group, User
 from authentik.events.logs import LogEvent
 from authentik.events.models import TaskStatus
 from authentik.events.system_tasks import SystemTask
 from authentik.events.utils import sanitize_item
 from authentik.lib.sync.outgoing import PAGE_SIZE, PAGE_TIMEOUT
 from authentik.lib.sync.outgoing.base import Direction
 from authentik.lib.sync.outgoing.exceptions import (
@ -125,6 +126,7 @@ class SyncTasks:
            try:
                client.write(obj)
            except SkipObjectException:
                self.logger.debug("skipping object due to SkipObject", obj=obj)
                continue
            except BadRequestSyncException as exc:
                self.logger.warning("failed to sync object", exc=exc, obj=obj)
@ -144,8 +146,8 @@ class SyncTasks:
                                )
                            ),
                            log_level="warning",
-                            logger="",
+                            logger=f"{provider._meta.verbose_name}@{object_type}",
-                            attributes={"arguments": exc.args[1:]},
+                            attributes={"arguments": exc.args[1:], "obj": sanitize_item(obj)},
                        )
                    )
                )
@ -167,7 +169,8 @@ class SyncTasks:
                                )
                            ),
                            log_level="warning",
-                            logger="",
+                            logger=f"{provider._meta.verbose_name}@{object_type}",
                            attributes={"obj": sanitize_item(obj)},
                        )
                    )
                )
@ -184,7 +187,8 @@ class SyncTasks:
                                )
                            ),
                            log_level="warning",
-                            logger="",
+                            logger=f"{provider._meta.verbose_name}@{object_type}",
                            attributes={"obj": sanitize_item(obj)},
                        )
                    )
                )
--- a/authentik/policies/event_matcher/models.py
+++ b/authentik/policies/event_matcher/models.py
@ -102,7 +102,7 @@ class EventMatcherPolicy(Policy):
            result = checker(request, event)
            if result is None:
                continue
-            LOGGER.info(
+            LOGGER.debug(
                "Event matcher check result",
                checker=checker.__name__,
                result=result,
--- a/authentik/providers/scim/api/groups.py
+++ b/authentik/providers/scim/api/groups.py
@ -0,0 +1,43 @@
 """SCIMProviderGroup API Views"""
 from rest_framework import mixins
 from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import GenericViewSet
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.users import UserGroupSerializer
 from authentik.providers.scim.models import SCIMProviderGroup
 class SCIMProviderGroupSerializer(ModelSerializer):
    """SCIMProviderGroup Serializer"""
    group_obj = UserGroupSerializer(source="group", read_only=True)
    class Meta:
        model = SCIMProviderGroup
        fields = [
            "id",
            "scim_id",
            "group",
            "group_obj",
            "provider",
        ]
 class SCIMProviderGroupViewSet(
    mixins.CreateModelMixin,
    mixins.RetrieveModelMixin,
    mixins.DestroyModelMixin,
    UsedByMixin,
    mixins.ListModelMixin,
    GenericViewSet,
 ):
    """SCIMProviderGroup Viewset"""
    queryset = SCIMProviderGroup.objects.all().select_related("group")
    serializer_class = SCIMProviderGroupSerializer
    filterset_fields = ["provider__id", "group__name", "group__group_uuid"]
    search_fields = ["provider__name", "group__name"]
    ordering = ["group__name"]
--- a/authentik/providers/scim/api/users.py
+++ b/authentik/providers/scim/api/users.py
@ -0,0 +1,43 @@
 """SCIMProviderUser API Views"""
 from rest_framework import mixins
 from rest_framework.serializers import ModelSerializer
 from rest_framework.viewsets import GenericViewSet
 from authentik.core.api.groups import GroupMemberSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.providers.scim.models import SCIMProviderUser
 class SCIMProviderUserSerializer(ModelSerializer):
    """SCIMProviderUser Serializer"""
    user_obj = GroupMemberSerializer(source="user", read_only=True)
    class Meta:
        model = SCIMProviderUser
        fields = [
            "id",
            "scim_id",
            "user",
            "user_obj",
            "provider",
        ]
 class SCIMProviderUserViewSet(
    mixins.CreateModelMixin,
    mixins.RetrieveModelMixin,
    mixins.DestroyModelMixin,
    UsedByMixin,
    mixins.ListModelMixin,
    GenericViewSet,
 ):
    """SCIMProviderUser Viewset"""
    queryset = SCIMProviderUser.objects.all().select_related("user")
    serializer_class = SCIMProviderUserSerializer
    filterset_fields = ["provider__id", "user__username", "user__id"]
    search_fields = ["provider__name", "user__username"]
    ordering = ["user__username"]
--- a/authentik/providers/scim/clients/groups.py
+++ b/authentik/providers/scim/clients/groups.py
@ -19,13 +19,18 @@ from authentik.providers.scim.clients.exceptions import (
 )
 from authentik.providers.scim.clients.schema import SCIM_GROUP_SCHEMA, PatchRequest
 from authentik.providers.scim.clients.schema import Group as SCIMGroupSchema
-from authentik.providers.scim.models import SCIMGroup, SCIMMapping, SCIMProvider, SCIMUser
+from authentik.providers.scim.models import (
    SCIMMapping,
    SCIMProvider,
    SCIMProviderGroup,
    SCIMProviderUser,
 )
-class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
+class SCIMGroupClient(SCIMClient[Group, SCIMProviderGroup, SCIMGroupSchema]):
    """SCIM client for groups"""
-    connection_type = SCIMGroup
+    connection_type = SCIMProviderGroup
    connection_type_query = "group"
    mapper: PropertyMappingManager
@ -37,7 +42,7 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
            ["group", "provider", "connection"],
        )
-    def to_schema(self, obj: Group, connection: SCIMGroup) -> SCIMGroupSchema:
+    def to_schema(self, obj: Group, connection: SCIMProviderGroup) -> SCIMGroupSchema:
        """Convert authentik user into SCIM"""
        raw_scim_group = super().to_schema(
            obj,
@ -52,7 +57,7 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
            scim_group.externalId = str(obj.pk)
        users = list(obj.users.order_by("id").values_list("id", flat=True))
-        connections = SCIMUser.objects.filter(provider=self.provider, user__pk__in=users)
+        connections = SCIMProviderUser.objects.filter(provider=self.provider, user__pk__in=users)
        members = []
        for user in connections:
            members.append(
@ -66,7 +71,7 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
    def delete(self, obj: Group):
        """Delete group"""
-        scim_group = SCIMGroup.objects.filter(provider=self.provider, group=obj).first()
+        scim_group = SCIMProviderGroup.objects.filter(provider=self.provider, group=obj).first()
        if not scim_group:
            self.logger.debug("Group does not exist in SCIM, skipping")
            return None
@ -88,9 +93,11 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
        scim_id = response.get("id")
        if not scim_id or scim_id == "":
            raise StopSync("SCIM Response with missing or invalid `id`")
-        return SCIMGroup.objects.create(provider=self.provider, group=group, scim_id=scim_id)
+        return SCIMProviderGroup.objects.create(
            provider=self.provider, group=group, scim_id=scim_id
        )
-    def update(self, group: Group, connection: SCIMGroup):
+    def update(self, group: Group, connection: SCIMProviderGroup):
        """Update existing group"""
        scim_group = self.to_schema(group, connection)
        scim_group.id = connection.scim_id
@ -158,16 +165,16 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
        """Add users in users_set to group"""
        if len(users_set) < 1:
            return
-        scim_group = SCIMGroup.objects.filter(provider=self.provider, group=group).first()
+        scim_group = SCIMProviderGroup.objects.filter(provider=self.provider, group=group).first()
        if not scim_group:
            self.logger.warning(
                "could not sync group membership, group does not exist", group=group
            )
            return
        user_ids = list(
-            SCIMUser.objects.filter(user__pk__in=users_set, provider=self.provider).values_list(
+            SCIMProviderUser.objects.filter(
-                "scim_id", flat=True
+                user__pk__in=users_set, provider=self.provider
-            )
+            ).values_list("scim_id", flat=True)
        )
        if len(user_ids) < 1:
            return
@ -184,16 +191,16 @@ class SCIMGroupClient(SCIMClient[Group, SCIMGroup, SCIMGroupSchema]):
        """Remove users in users_set from group"""
        if len(users_set) < 1:
            return
-        scim_group = SCIMGroup.objects.filter(provider=self.provider, group=group).first()
+        scim_group = SCIMProviderGroup.objects.filter(provider=self.provider, group=group).first()
        if not scim_group:
            self.logger.warning(
                "could not sync group membership, group does not exist", group=group
            )
            return
        user_ids = list(
-            SCIMUser.objects.filter(user__pk__in=users_set, provider=self.provider).values_list(
+            SCIMProviderUser.objects.filter(
-                "scim_id", flat=True
+                user__pk__in=users_set, provider=self.provider
-            )
+            ).values_list("scim_id", flat=True)
        )
        if len(user_ids) < 1:
            return
--- a/authentik/providers/scim/clients/users.py
+++ b/authentik/providers/scim/clients/users.py
@ -9,13 +9,13 @@ from authentik.policies.utils import delete_none_values
 from authentik.providers.scim.clients.base import SCIMClient
 from authentik.providers.scim.clients.schema import SCIM_USER_SCHEMA
 from authentik.providers.scim.clients.schema import User as SCIMUserSchema
-from authentik.providers.scim.models import SCIMMapping, SCIMProvider, SCIMUser
+from authentik.providers.scim.models import SCIMMapping, SCIMProvider, SCIMProviderUser
-class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
+class SCIMUserClient(SCIMClient[User, SCIMProviderUser, SCIMUserSchema]):
    """SCIM client for users"""
-    connection_type = SCIMUser
+    connection_type = SCIMProviderUser
    connection_type_query = "user"
    mapper: PropertyMappingManager
@ -27,7 +27,7 @@ class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
            ["provider", "connection"],
        )
-    def to_schema(self, obj: User, connection: SCIMUser) -> SCIMUserSchema:
+    def to_schema(self, obj: User, connection: SCIMProviderUser) -> SCIMUserSchema:
        """Convert authentik user into SCIM"""
        raw_scim_user = super().to_schema(
            obj,
@ -44,7 +44,7 @@ class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
    def delete(self, obj: User):
        """Delete user"""
-        scim_user = SCIMUser.objects.filter(provider=self.provider, user=obj).first()
+        scim_user = SCIMProviderUser.objects.filter(provider=self.provider, user=obj).first()
        if not scim_user:
            self.logger.debug("User does not exist in SCIM, skipping")
            return None
@ -66,9 +66,9 @@ class SCIMUserClient(SCIMClient[User, SCIMUser, SCIMUserSchema]):
        scim_id = response.get("id")
        if not scim_id or scim_id == "":
            raise StopSync("SCIM Response with missing or invalid `id`")
-        return SCIMUser.objects.create(provider=self.provider, user=user, scim_id=scim_id)
+        return SCIMProviderUser.objects.create(provider=self.provider, user=user, scim_id=scim_id)
-    def update(self, user: User, connection: SCIMUser):
+    def update(self, user: User, connection: SCIMProviderUser):
        """Update existing user"""
        scim_user = self.to_schema(user, connection)
        scim_user.id = connection.scim_id
--- a/authentik/providers/scim/migrations/0008_rename_scimgroup_scimprovidergroup_and_more.py
+++ b/authentik/providers/scim/migrations/0008_rename_scimgroup_scimprovidergroup_and_more.py
@ -0,0 +1,24 @@
 # Generated by Django 5.0.6 on 2024-06-04 07:45
 from django.conf import settings
 from django.db import migrations
 class Migration(migrations.Migration):
    dependencies = [
        ("authentik_core", "0035_alter_group_options_and_more"),
        ("authentik_providers_scim", "0007_scimgroup_scim_id_scimuser_scim_id_and_more"),
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
    ]
    operations = [
        migrations.RenameModel(
            old_name="SCIMGroup",
            new_name="SCIMProviderGroup",
        ),
        migrations.RenameModel(
            old_name="SCIMUser",
            new_name="SCIMProviderUser",
        ),
    ]
--- a/authentik/providers/scim/models.py
+++ b/authentik/providers/scim/models.py
@ -10,6 +10,7 @@ from django.utils.translation import gettext_lazy as _
 from rest_framework.serializers import Serializer
 from authentik.core.models import BackchannelProvider, Group, PropertyMapping, User, UserTypes
 from authentik.lib.models import SerializerModel
 from authentik.lib.sync.outgoing.base import BaseOutgoingSyncClient
 from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
@ -106,7 +107,7 @@ class SCIMMapping(PropertyMapping):
        verbose_name_plural = _("SCIM Mappings")
-class SCIMUser(models.Model):
+class SCIMProviderUser(SerializerModel):
    """Mapping of a user and provider to a SCIM user ID"""
    id = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@ -114,14 +115,20 @@ class SCIMUser(models.Model):
    user = models.ForeignKey(User, on_delete=models.CASCADE)
    provider = models.ForeignKey(SCIMProvider, on_delete=models.CASCADE)
    @property
    def serializer(self) -> type[Serializer]:
        from authentik.providers.scim.api.users import SCIMProviderUserSerializer
        return SCIMProviderUserSerializer
    class Meta:
        unique_together = (("scim_id", "user", "provider"),)
    def __str__(self) -> str:
-        return f"SCIM User {self.user_id} to {self.provider_id}"
+        return f"SCIM Provider User {self.user_id} to {self.provider_id}"
-class SCIMGroup(models.Model):
+class SCIMProviderGroup(SerializerModel):
    """Mapping of a group and provider to a SCIM user ID"""
    id = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@ -129,8 +136,14 @@ class SCIMGroup(models.Model):
    group = models.ForeignKey(Group, on_delete=models.CASCADE)
    provider = models.ForeignKey(SCIMProvider, on_delete=models.CASCADE)
    @property
    def serializer(self) -> type[Serializer]:
        from authentik.providers.scim.api.groups import SCIMProviderGroupSerializer
        return SCIMProviderGroupSerializer
    class Meta:
        unique_together = (("scim_id", "group", "provider"),)
    def __str__(self) -> str:
-        return f"SCIM Group {self.group_id} to {self.provider_id}"
+        return f"SCIM Provider Group {self.group_id} to {self.provider_id}"
--- a/authentik/providers/scim/urls.py
+++ b/authentik/providers/scim/urls.py
@ -1,9 +1,17 @@
 """API URLs"""
 from authentik.providers.scim.api.groups import (
    SCIMProviderGroupViewSet,
 )
 from authentik.providers.scim.api.property_mappings import SCIMMappingViewSet
 from authentik.providers.scim.api.providers import SCIMProviderViewSet
 from authentik.providers.scim.api.users import (
    SCIMProviderUserViewSet,
 )
 api_urlpatterns = [
    ("providers/scim", SCIMProviderViewSet),
    ("providers/scim_users", SCIMProviderUserViewSet),
    ("providers/scim_groups", SCIMProviderGroupViewSet),
    ("propertymappings/scim", SCIMMappingViewSet),
 ]
--- a/authentik/rbac/filters.py
+++ b/authentik/rbac/filters.py
@ -25,7 +25,7 @@ class ObjectFilter(ObjectPermissionsFilter):
        # Outposts (which are the only objects using internal service accounts)
        # except requests to return an empty list when they have no objects
        # assigned
-        if request.user.type == UserTypes.INTERNAL_SERVICE_ACCOUNT:
+        if getattr(request.user, "type", None) == UserTypes.INTERNAL_SERVICE_ACCOUNT:
            return queryset
        if not queryset.exists():
            # User doesn't have direct permission to all objects
--- a/authentik/rbac/tests/test_api_filters.py
+++ b/authentik/rbac/tests/test_api_filters.py
@ -147,3 +147,11 @@ class TestAPIPerms(APITestCase):
            },
        )
        self.assertEqual(res.status_code, 403)
    def test_anonymous_user_denied(self):
        """Test anonymous user denied"""
        res = self.client.get(reverse("authentik_api:invitation-list"))
        self.assertEqual(res.status_code, 403)
        res = self.client.get(reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}))
        self.assertEqual(res.status_code, 403)
--- a/authentik/sources/ldap/sync/base.py
+++ b/authentik/sources/ldap/sync/base.py
@ -161,19 +161,18 @@ class BaseLDAPSynchronizer:
                dn=object_dn,
                source=self._source,
            ):
-                try:
+                if isinstance(value, (bytes)):
-                    if isinstance(value, (bytes)):
+                    self._logger.warning("property mapping returned bytes", mapping=mapping)
-                        self._logger.warning("property mapping returned bytes", mapping=mapping)
+                    continue
-                        continue
+                object_field = mapping.object_field
-                    object_field = mapping.object_field
+                if object_field.startswith("attributes."):
-                    if object_field.startswith("attributes."):
+                    # Because returning a list might desired, we can't
-                        # Because returning a list might desired, we can't
+                    # rely on flatten here. Instead, just save the result as-is
-                        # rely on flatten here. Instead, just save the result as-is
+                    set_path_in_dict(properties, object_field, value)
-                        set_path_in_dict(properties, object_field, value)
+                else:
-                    else:
+                    properties[object_field] = flatten(value)
-                        properties[object_field] = flatten(value)
+        except SkipObjectException as exc:
-                except SkipObjectException as exc:
+            raise exc from exc
                    raise exc from exc
        except PropertyMappingExpressionException as exc:
            # Value error can be raised when assigning invalid data to an attribute
            Event.new(
--- a/authentik/stages/authenticator_webauthn/mds/aaguid.json
+++ b/authentik/stages/authenticator_webauthn/mds/aaguid.json
--- a/authentik/stages/authenticator_webauthn/mds/blob.jwt
+++ b/authentik/stages/authenticator_webauthn/mds/blob.jwt
--- a/authentik/stages/email/tests/test_templates.py
+++ b/authentik/stages/email/tests/test_templates.py
@ -96,7 +96,7 @@ class TestEmailStageTemplates(FlowTestCase):
        """Test addresses are correctly parsed"""
        message = TemplateEmailMessage(to=[("foo@bar.baz", "foo@bar.baz")])
        [sanitize_address(addr, "utf-8") for addr in message.recipients()]
-        self.assertEqual(message.recipients(), ["foo@bar.baz"])
+        self.assertEqual(message.recipients(), ['"foo@bar.baz" <foo@bar.baz>'])
        message = TemplateEmailMessage(to=[("some-name", "foo@bar.baz")])
        [sanitize_address(addr, "utf-8") for addr in message.recipients()]
        self.assertEqual(message.recipients(), ["some-name <foo@bar.baz>"])
--- a/authentik/stages/email/utils.py
+++ b/authentik/stages/email/utils.py
@ -5,6 +5,7 @@ from functools import lru_cache
 from pathlib import Path
 from django.core.mail import EmailMultiAlternatives
 from django.core.mail.message import sanitize_address
 from django.template.exceptions import TemplateDoesNotExist
 from django.template.loader import render_to_string
 from django.utils import translation
@ -31,10 +32,7 @@ class TemplateEmailMessage(EmailMultiAlternatives):
        sanitized_to = []
        # Ensure that all recipients are valid
        for recipient_name, recipient_email in to:
-            if recipient_name == recipient_email:
+            sanitized_to.append(sanitize_address((recipient_name, recipient_email), "utf-8"))
                sanitized_to.append(recipient_email)
            else:
                sanitized_to.append(f"{recipient_name} <{recipient_email}>")
        super().__init__(to=sanitized_to, **kwargs)
        if not template_name:
            return
--- a/blueprints/system/providers-google-workspace.yaml
+++ b/blueprints/system/providers-google-workspace.yaml
@ -9,8 +9,9 @@ entries:
    model: authentik_providers_google_workspace.googleworkspaceprovidermapping
    attrs:
      name: "authentik default Google Workspace Mapping: User"
      # https://developers.google.com/admin-sdk/directory/reference/rest/v1/users#User
      expression: |
        # Field reference:
        # https://developers.google.com/admin-sdk/directory/reference/rest/v1/users#User
        # Google require givenName and familyName to be set
        givenName, familyName = request.user.name, " "
        formatted = request.user.name + " "
@ -20,23 +21,26 @@ entries:
        if " " in request.user.name:
            givenName, _, familyName = request.user.name.partition(" ")
            formatted = request.user.name
-        return {
+        user = {
            "name": {
                "fullName": formatted,
                "familyName": familyName.strip(),
                "givenName": givenName.strip(),
                "displayName": formatted,
            },
            "password": request.user.password,
            "suspended": not request.user.is_active,
        }
        if not connection:
            user["password"] = request.user.password
        return user
  - identifiers:
      managed: goauthentik.io/providers/google_workspace/group
    model: authentik_providers_google_workspace.googleworkspaceprovidermapping
    attrs:
      name: "authentik default Google Workspace Mapping: Group"
      # https://developers.google.com/admin-sdk/directory/reference/rest/v1/groups#Group
      expression: |
        # Field reference:
        # https://developers.google.com/admin-sdk/directory/reference/rest/v1/groups#Group
        return {
            "name": group.name,
        }
--- a/blueprints/system/providers-microsoft-entra.yaml
+++ b/blueprints/system/providers-microsoft-entra.yaml
@ -9,8 +9,9 @@ entries:
    model: authentik_providers_microsoft_entra.microsoftentraprovidermapping
    attrs:
      name: "authentik default Microsoft Entra Mapping: User"
      # https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
      expression: |
        # Field reference: (note that keys have to converted to snake_case)
        # https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
        from msgraph.generated.models.password_profile import PasswordProfile
        user = {
@ -35,8 +36,9 @@ entries:
    model: authentik_providers_microsoft_entra.microsoftentraprovidermapping
    attrs:
      name: "authentik default Microsoft Entra Mapping: Group"
      # https://learn.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http#request-body
      expression: |
        # Field reference: (note that keys have to converted to snake_case)
        # https://learn.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http#request-body
        return {
            "display_name": group.name,
            "mail_enabled": False,
--- a/go.mod
+++ b/go.mod
@ -16,21 +16,21 @@ require (
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/securecookie v1.1.2
 	github.com/gorilla/sessions v1.2.2
-	github.com/gorilla/websocket v1.5.1
+	github.com/gorilla/websocket v1.5.2
 	github.com/jellydator/ttlcache/v3 v3.2.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.7.0
 	github.com/prometheus/client_golang v1.19.1
-	github.com/redis/go-redis/v9 v9.5.2
+	github.com/redis/go-redis/v9 v9.5.3
 	github.com/sethvargo/go-envconfig v1.0.3
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.9.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2024042.9
+	goauthentik.io/api/v3 v3.2024042.11
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
-	golang.org/x/oauth2 v0.20.0
+	golang.org/x/oauth2 v0.21.0
 	golang.org/x/sync v0.7.0
 	gopkg.in/yaml.v2 v2.4.0
 	layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
--- a/go.sum
+++ b/go.sum
@ -176,8 +176,8 @@ github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/z
 github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
 github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.2 h1:qoW6V1GT3aZxybsbC6oLnailWnB+qTMVwMreOso9XUw=
-github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/gorilla/websocket v1.5.2/go.mod h1:0n9H61RBAcf5/38py2MCYbxzPIY9rOkpvvMT24Rqs30=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
@ -242,8 +242,8 @@ github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSz
 github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
-github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f3E=
+github.com/redis/go-redis/v9 v9.5.3 h1:fOAp1/uJG+ZtcITgZOfYFmTKPE7n4Vclj1wZFgRciUU=
-github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
+github.com/redis/go-redis/v9 v9.5.3/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
@ -294,8 +294,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-goauthentik.io/api/v3 v3.2024042.9 h1:zj3nqmOEHNBsfANTv7Ec4yLZA755GKHU+WLz2t+nfaI=
+goauthentik.io/api/v3 v3.2024042.11 h1:cGgUz1E8rlMphGvv04VI7i+MgT8eidZbxTpza5zd96I=
-goauthentik.io/api/v3 v3.2024042.9/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2024042.11/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@ -382,8 +382,8 @@ golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
--- a/internal/outpost/ak/crypto.go
+++ b/internal/outpost/ak/crypto.go
@ -38,7 +38,6 @@ func (cs *CryptoStore) AddKeypair(uuid string) error {
 	if err != nil {
 		return err
 	}
 	cs.fingerprints[uuid] = cs.getFingerprint(uuid)
 	return nil
 }
@ -73,6 +72,7 @@ func (cs *CryptoStore) Fetch(uuid string) error {
 		return err
 	}
 	cs.certificates[uuid] = &x509cert
 	cs.fingerprints[uuid] = cfp
 	return nil
 }
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-06-03 00:08+0000\n"
+"POT-Creation-Date: 2024-06-05 00:07+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -2363,6 +2363,14 @@ msgstr ""
 msgid "Private key, acquired your captcha Provider."
 msgstr ""
 #: authentik/stages/captcha/models.py
 msgid ""
 "When enabled and the received captcha score is outside of the given "
 "threshold, the stage will show an error message. When not enabled, the flow "
 "will continue, but the data from the captcha will be available in the "
 "context for policy decisions"
 msgstr ""
 #: authentik/stages/captcha/models.py
 msgid "Captcha Stage"
 msgstr ""
@ -2371,6 +2379,23 @@ msgstr ""
 msgid "Captcha Stages"
 msgstr ""
 #: authentik/stages/captcha/stage.py
 msgid "Unknown error"
 msgstr ""
 #: authentik/stages/captcha/stage.py
 #, python-brace-format
 msgid "Failed to validate token: {error}"
 msgstr ""
 #: authentik/stages/captcha/stage.py
 msgid "Invalid captcha response"
 msgstr ""
 #: authentik/stages/captcha/stage.py
 msgid "Failed to validate token"
 msgstr ""
 #: authentik/stages/consent/models.py
 msgid ""
 "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
--- a/locale/fr/LC_MESSAGES/django.mo
+++ b/locale/fr/LC_MESSAGES/django.mo
--- a/locale/fr/LC_MESSAGES/django.po
+++ b/locale/fr/LC_MESSAGES/django.po
@ -19,7 +19,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-05-03 00:08+0000\n"
+"POT-Creation-Date: 2024-06-05 00:07+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: Marc Schmitt, 2024\n"
 "Language-Team: French (https://app.transifex.com/authentik/teams/119923/fr/)\n"
@ -106,12 +106,14 @@ msgid "Brands"
 msgstr "Marques"
 #: authentik/core/api/providers.py
-msgid "SAML Provider from Metadata"
+msgid ""
-msgstr "Fournisseur SAML depuis métadonnées"
+"When not set all providers are returned. When set to true, only backchannel "
-
+"providers are returned. When set to false, backchannel providers are "
-#: authentik/core/api/providers.py
+"excluded"
-msgid "Create a SAML Provider by importing its Metadata."
+msgstr ""
-msgstr "Créer un fournisseur SAML en important ses métadonnées."
+"Si non défini, tous les fournisseurs sont retournés. Si vrai, seul les "
 "fournisseurs backchannels sont retournés. Si faux, les fournisseurs "
 "backchannels sont exclus"
 #: authentik/core/api/users.py
 msgid "No leading or trailing slashes allowed."
@ -466,6 +468,74 @@ msgstr "Entreprise est requis pour accéder à cette fonctionnalité."
 msgid "Feature only accessible for internal users."
 msgstr "Fonctionnalité accessible aux utilisateurs internes uniquement."
 #: authentik/enterprise/providers/google_workspace/models.py
 #: authentik/enterprise/providers/microsoft_entra/models.py
 #: authentik/providers/scim/models.py authentik/sources/ldap/models.py
 msgid "Property mappings used for group creation/updating."
 msgstr ""
 "Mappages de propriétés utilisés lors de la création et de la mise à jour des"
 " groupes."
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider"
 msgstr "Fournisseur Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Providers"
 msgstr "Fournisseurs Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider Mapping"
 msgstr "Mappage de propriété Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider Mappings"
 msgstr "Mappages de propriété Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider User"
 msgstr "Utilisateur du fournisseur Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider Users"
 msgstr "Utilisateurs du fournisseur Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider Group"
 msgstr "Groupe du fournisseur Google Workspace"
 #: authentik/enterprise/providers/google_workspace/models.py
 msgid "Google Workspace Provider Groups"
 msgstr "Groupes du fournisseur Google Workspace"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider"
 msgstr "Fournisseur Microsoft Entra"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Providers"
 msgstr "Fournisseurs Microsoft Entra"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider Mapping"
 msgstr "Mappage de propriété Microsoft Entra"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider Mappings"
 msgstr "Mappages de propriété Microsoft Entra"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider User"
 msgstr "Utilisateur du fournisseur Microsoft Entra"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider Group"
 msgstr "Groupe du fournisseur Microsoft Entra"
 #: authentik/enterprise/providers/microsoft_entra/models.py
 msgid "Microsoft Entra Provider Groups"
 msgstr "Groupes du fournisseur Microsoft Entra"
 #: authentik/enterprise/providers/rac/models.py
 #: authentik/stages/user_login/models.py
 msgid ""
@ -838,6 +908,25 @@ msgstr "Jetons du flux"
 msgid "Invalid next URL"
 msgstr "URL suivante invalide"
 #: authentik/lib/sync/outgoing/tasks.py
 msgid "Starting full provider sync"
 msgstr "Démarrage d'une synchronisation complète du fournisseur"
 #: authentik/lib/sync/outgoing/tasks.py
 #, python-format
 msgid "Syncing page %(page)d of users"
 msgstr "Synchronisation de la page %(page)d d'utilisateurs"
 #: authentik/lib/sync/outgoing/tasks.py
 #, python-format
 msgid "Syncing page %(page)d of groups"
 msgstr "Synchronisation de la page %(page)d de groupes"
 #: authentik/lib/sync/outgoing/tasks.py
 #, python-brace-format
 msgid "Stopping sync due to error: {error}"
 msgstr "Arrêt de la synchronisation due à l'erreur : {error}"
 #: authentik/lib/utils/time.py
 #, python-format
 msgid "%(value)s is not in the correct format of 'hours=3;minutes=1'."
@ -1526,10 +1615,6 @@ msgstr "Compatibilité GitHub : accès aux adresses email"
 msgid "GitHub Compatibility: Access your Groups"
 msgstr "Compatibilité GitHub : accès aux groupes"
 #: authentik/providers/oauth2/views/userinfo.py
 msgid "authentik API Access on behalf of your user"
 msgstr "Accès à l'API authentik au nom des utilisateurs"
 #: authentik/providers/proxy/api.py
 msgid "User and password attributes must be set when basic auth is enabled."
 msgstr ""
@ -1811,6 +1896,14 @@ msgstr "Mappages de propriétés SAML"
 msgid "SAML Property Mappings"
 msgstr "Mappages de propriétés SAML"
 #: authentik/providers/saml/models.py
 msgid "SAML Provider from Metadata"
 msgstr "Fournisseur SAML depuis métadonnées"
 #: authentik/providers/saml/models.py
 msgid "SAML Providers from Metadata"
 msgstr "Fournisseurs SAML depuis métadonnées"
 #: authentik/providers/scim/models.py
 msgid "Base URL to SCIM requests, usually ends in /v2"
 msgstr "URL de base pour les requêtes SCIM, se terminant généralement par /v2"
@ -1819,12 +1912,6 @@ msgstr "URL de base pour les requêtes SCIM, se terminant généralement par /v2
 msgid "Authentication token"
 msgstr "Jeton d'authentification"
 #: authentik/providers/scim/models.py authentik/sources/ldap/models.py
 msgid "Property mappings used for group creation/updating."
 msgstr ""
 "Mappages de propriétés utilisés lors de la création et de la mise à jour des"
 " groupes."
 #: authentik/providers/scim/models.py
 msgid "SCIM Provider"
 msgstr "Fournisseur SCIM"
@ -1841,39 +1928,6 @@ msgstr "Mappage SCIM"
 msgid "SCIM Mappings"
 msgstr "Mappages SCIM"
 #: authentik/providers/scim/tasks.py
 msgid "Starting full SCIM sync"
 msgstr "Démarrage d'une synchronisation SCIM complète"
 #: authentik/providers/scim/tasks.py
 #, python-format
 msgid "Syncing page %(page)d of users"
 msgstr "Synchronisation de la page %(page)d d'utilisateurs"
 #: authentik/providers/scim/tasks.py
 #, python-format
 msgid "Syncing page %(page)d of groups"
 msgstr "Synchronisation de la page %(page)d de groupes"
 #: authentik/providers/scim/tasks.py
 #, python-brace-format
 msgid "Failed to sync user {user_name} due to remote error: {error}"
 msgstr ""
 "Échec de synchronisation de l'utilisateur {user_name} dû à une erreur "
 "distante : {error}"
 #: authentik/providers/scim/tasks.py
 #, python-brace-format
 msgid "Stopping sync due to error: {error}"
 msgstr "Arrêt de la synchronisation due à l'erreur : {error}"
 #: authentik/providers/scim/tasks.py
 #, python-brace-format
 msgid "Failed to sync group {group_name} due to remote error: {error}"
 msgstr ""
 "Échec de synchronisation du groupe {group_name} dû à une erreur distante : "
 "{error}"
 #: authentik/rbac/models.py
 msgid "Role"
 msgstr "Rôle"
@ -1894,14 +1948,6 @@ msgstr "Permissions système"
 msgid "Can view system info"
 msgstr "Peut voir les informations du système"
 #: authentik/rbac/models.py
 msgid "Can view system tasks"
 msgstr "Peut voir les tâches du système"
 #: authentik/rbac/models.py
 msgid "Can run system tasks"
 msgstr "Peut lancer des tâches système"
 #: authentik/rbac/models.py
 msgid "Can access admin interface"
 msgstr "Peut accéder à l'interface d'administration"
@ -2562,6 +2608,18 @@ msgstr "Clé publique, acquise auprès de votre fournisseur captcha."
 msgid "Private key, acquired your captcha Provider."
 msgstr "Clé privée, acquise auprès de votre fournisseur captcha."
 #: authentik/stages/captcha/models.py
 msgid ""
 "When enabled and the received captcha score is outside of the given "
 "threshold, the stage will show an error message. When not enabled, the flow "
 "will continue, but the data from the captcha will be available in the "
 "context for policy decisions"
 msgstr ""
 "Si activé et le score captcha reçu est hors de la limite donnée, l'étape "
 "affichera un message d'erreur. Si désactivé, le flux continuera, mais la "
 "donnée du captcha sera disponible dans le contexte pour décision dans une "
 "politique."
 #: authentik/stages/captcha/models.py
 msgid "Captcha Stage"
 msgstr "Étape de Captcha"
@ -2570,6 +2628,23 @@ msgstr "Étape de Captcha"
 msgid "Captcha Stages"
 msgstr "Étapes de Captcha"
 #: authentik/stages/captcha/stage.py
 msgid "Unknown error"
 msgstr "Erreur inconnue"
 #: authentik/stages/captcha/stage.py
 #, python-brace-format
 msgid "Failed to validate token: {error}"
 msgstr "Échec de validation du jeton : {error}"
 #: authentik/stages/captcha/stage.py
 msgid "Invalid captcha response"
 msgstr "Réponse captcha invalide"
 #: authentik/stages/captcha/stage.py
 msgid "Failed to validate token"
 msgstr "Échec de validation du jeton"
 #: authentik/stages/consent/models.py
 msgid ""
 "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
--- a/locale/it/LC_MESSAGES/django.po
+++ b/locale/it/LC_MESSAGES/django.po
--- a/locale/pl/LC_MESSAGES/django.mo
+++ b/locale/pl/LC_MESSAGES/django.mo
--- a/locale/pl/LC_MESSAGES/django.po
+++ b/locale/pl/LC_MESSAGES/django.po
--- a/locale/ru/LC_MESSAGES/django.mo
+++ b/locale/ru/LC_MESSAGES/django.mo
--- a/locale/ru/LC_MESSAGES/django.po
+++ b/locale/ru/LC_MESSAGES/django.po
@ -9,16 +9,16 @@
 # Nicholas Winterhalter, 2023
 # Ренат Шарафутдинов, 2023
 # Stepan Karavaev, 2024
-# Anton Babenko, 2024
+# Anton, 2024
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-06-03 00:08+0000\n"
+"POT-Creation-Date: 2024-06-05 00:07+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Anton Babenko, 2024\n"
+"Last-Translator: Anton, 2024\n"
 "Language-Team: Russian (https://app.transifex.com/authentik/teams/119923/ru/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@ -162,7 +162,7 @@ msgstr "Сбросить пароль"
 #: authentik/core/models.py
 msgid "Can impersonate other users"
-msgstr "Может выдавать себя за других пользователей"
+msgstr "Может имитировать других пользователей"
 #: authentik/core/models.py authentik/rbac/models.py
 msgid "Can assign permissions to users"
@ -2589,6 +2589,18 @@ msgstr "Открытый ключ, полученный от вашего про
 msgid "Private key, acquired your captcha Provider."
 msgstr "Закрытый ключ, полученный от вашего провайдера капчи."
 #: authentik/stages/captcha/models.py
 msgid ""
 "When enabled and the received captcha score is outside of the given "
 "threshold, the stage will show an error message. When not enabled, the flow "
 "will continue, but the data from the captcha will be available in the "
 "context for policy decisions"
 msgstr ""
 "Когда эта опция включена, и полученная оценка капчи находится за пределами "
 "заданного порогового значения, на этом этапе будет показано сообщение об "
 "ошибке. Когда эта опция не включена, поток будет продолжаться, но данные "
 "капчи будут доступны в контексте для принятия решений политики"
 #: authentik/stages/captcha/models.py
 msgid "Captcha Stage"
 msgstr "Этап с каптчей"
@ -2597,6 +2609,23 @@ msgstr "Этап с каптчей"
 msgid "Captcha Stages"
 msgstr "Этапы с каптчей"
 #: authentik/stages/captcha/stage.py
 msgid "Unknown error"
 msgstr "Неизвестная ошибка"
 #: authentik/stages/captcha/stage.py
 #, python-brace-format
 msgid "Failed to validate token: {error}"
 msgstr "Ошибка валидации токена: {error}"
 #: authentik/stages/captcha/stage.py
 msgid "Invalid captcha response"
 msgstr "Неверный ответ на капчу"
 #: authentik/stages/captcha/stage.py
 msgid "Failed to validate token"
 msgstr "Ошибка валидации токена"
 #: authentik/stages/consent/models.py
 msgid ""
 "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
@ -3054,7 +3083,7 @@ msgstr "Разделитель: Статическая разделительн
 #: authentik/stages/prompt/models.py
 msgid "Hidden: Hidden field, can be used to insert data into form."
 msgstr ""
-"Скрытый: Скрытое поле, может быть использовано для вставки данных в форму."
+"Скрыто: Скрытое поле, может быть использовано для вставки данных в форму."
 #: authentik/stages/prompt/models.py
 msgid "Static: Static value, displayed as-is."
@ -3086,7 +3115,7 @@ msgid ""
 msgstr ""
 "По желанию предварительно заполните поле ввода начальным значением. При "
 "создании поля с фиксированным выбором включите интерпретацию как выражение и"
-" возврат списка, чтобы вернуть несколько вариантов по умолчанию."
+" возвращайте список, чтобы вернуть несколько вариантов по умолчанию."
 #: authentik/stages/prompt/models.py
 msgid "Prompt"
--- a/locale/zh-Hans/LC_MESSAGES/django.po
+++ b/locale/zh-Hans/LC_MESSAGES/django.po
@ -7,17 +7,17 @@
 # Chen Zhikai, 2022
 # 刘松, 2022
 # Jens L. <jens@goauthentik.io>, 2024
 # deluxghost, 2024
 # Tianhao Chai <cth451@gmail.com>, 2024
 # deluxghost, 2024
 # 
 #, fuzzy
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-06-03 00:08+0000\n"
+"POT-Creation-Date: 2024-06-05 00:07+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
-"Last-Translator: Tianhao Chai <cth451@gmail.com>, 2024\n"
+"Last-Translator: deluxghost, 2024\n"
 "Language-Team: Chinese Simplified (https://app.transifex.com/authentik/teams/119923/zh-Hans/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@ -2401,6 +2401,14 @@ msgstr "公钥，从您的验证码提供商处取得。"
 msgid "Private key, acquired your captcha Provider."
 msgstr "私钥，从您的验证码提供商处取得。"
 #: authentik/stages/captcha/models.py
 msgid ""
 "When enabled and the received captcha score is outside of the given "
 "threshold, the stage will show an error message. When not enabled, the flow "
 "will continue, but the data from the captcha will be available in the "
 "context for policy decisions"
 msgstr "启用时，如果接收到的验证码分数超出给定的阈值，此阶段将显示错误信息。未启用时，流程会继续，但来自验证码的数据可在上下文中用于策略决定。"
 #: authentik/stages/captcha/models.py
 msgid "Captcha Stage"
 msgstr "验证码阶段"
@ -2409,6 +2417,23 @@ msgstr "验证码阶段"
 msgid "Captcha Stages"
 msgstr "验证码阶段"
 #: authentik/stages/captcha/stage.py
 msgid "Unknown error"
 msgstr "未知错误"
 #: authentik/stages/captcha/stage.py
 #, python-brace-format
 msgid "Failed to validate token: {error}"
 msgstr "验证令牌失败：{error}"
 #: authentik/stages/captcha/stage.py
 msgid "Invalid captcha response"
 msgstr "验证码响应无效"
 #: authentik/stages/captcha/stage.py
 msgid "Failed to validate token"
 msgstr "验证令牌失败"
 #: authentik/stages/consent/models.py
 msgid ""
 "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
--- a/locale/zh_CN/LC_MESSAGES/django.po
+++ b/locale/zh_CN/LC_MESSAGES/django.po
@ -14,7 +14,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-06-03 00:08+0000\n"
+"POT-Creation-Date: 2024-06-05 00:07+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: deluxghost, 2024\n"
 "Language-Team: Chinese (China) (https://app.transifex.com/authentik/teams/119923/zh_CN/)\n"
@ -2400,6 +2400,14 @@ msgstr "公钥，从您的验证码提供商处取得。"
 msgid "Private key, acquired your captcha Provider."
 msgstr "私钥，从您的验证码提供商处取得。"
 #: authentik/stages/captcha/models.py
 msgid ""
 "When enabled and the received captcha score is outside of the given "
 "threshold, the stage will show an error message. When not enabled, the flow "
 "will continue, but the data from the captcha will be available in the "
 "context for policy decisions"
 msgstr "启用时，如果接收到的验证码分数超出给定的阈值，此阶段将显示错误信息。未启用时，流程会继续，但来自验证码的数据可在上下文中用于策略决定。"
 #: authentik/stages/captcha/models.py
 msgid "Captcha Stage"
 msgstr "验证码阶段"
@ -2408,6 +2416,23 @@ msgstr "验证码阶段"
 msgid "Captcha Stages"
 msgstr "验证码阶段"
 #: authentik/stages/captcha/stage.py
 msgid "Unknown error"
 msgstr "未知错误"
 #: authentik/stages/captcha/stage.py
 #, python-brace-format
 msgid "Failed to validate token: {error}"
 msgstr "验证令牌失败：{error}"
 #: authentik/stages/captcha/stage.py
 msgid "Invalid captcha response"
 msgstr "验证码响应无效"
 #: authentik/stages/captcha/stage.py
 msgid "Failed to validate token"
 msgstr "验证令牌失败"
 #: authentik/stages/consent/models.py
 msgid ""
 "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
--- a/poetry.lock
+++ b/poetry.lock
@ -1020,43 +1020,43 @@ toml = ["tomli"]
 [[package]]
 name = "cryptography"
-version = "42.0.7"
+version = "42.0.8"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "cryptography-42.0.7-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:a987f840718078212fdf4504d0fd4c6effe34a7e4740378e59d47696e8dfb477"},
+    {file = "cryptography-42.0.8-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:81d8a521705787afe7a18d5bfb47ea9d9cc068206270aad0b96a725022e18d2e"},
-    {file = "cryptography-42.0.7-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:bd13b5e9b543532453de08bcdc3cc7cebec6f9883e886fd20a92f26940fd3e7a"},
+    {file = "cryptography-42.0.8-cp37-abi3-macosx_10_12_x86_64.whl", hash = "sha256:961e61cefdcb06e0c6d7e3a1b22ebe8b996eb2bf50614e89384be54c48c6b63d"},
-    {file = "cryptography-42.0.7-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a79165431551042cc9d1d90e6145d5d0d3ab0f2d66326c201d9b0e7f5bf43604"},
+    {file = "cryptography-42.0.8-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e3ec3672626e1b9e55afd0df6d774ff0e953452886e06e0f1eb7eb0c832e8902"},
-    {file = "cryptography-42.0.7-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a47787a5e3649008a1102d3df55424e86606c9bae6fb77ac59afe06d234605f8"},
+    {file = "cryptography-42.0.8-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e599b53fd95357d92304510fb7bda8523ed1f79ca98dce2f43c115950aa78801"},
-    {file = "cryptography-42.0.7-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:02c0eee2d7133bdbbc5e24441258d5d2244beb31da5ed19fbb80315f4bbbff55"},
+    {file = "cryptography-42.0.8-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:5226d5d21ab681f432a9c1cf8b658c0cb02533eece706b155e5fbd8a0cdd3949"},
-    {file = "cryptography-42.0.7-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:5e44507bf8d14b36b8389b226665d597bc0f18ea035d75b4e53c7b1ea84583cc"},
+    {file = "cryptography-42.0.8-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:6b7c4f03ce01afd3b76cf69a5455caa9cfa3de8c8f493e0d3ab7d20611c8dae9"},
-    {file = "cryptography-42.0.7-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:7f8b25fa616d8b846aef64b15c606bb0828dbc35faf90566eb139aa9cff67af2"},
+    {file = "cryptography-42.0.8-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:2346b911eb349ab547076f47f2e035fc8ff2c02380a7cbbf8d87114fa0f1c583"},
-    {file = "cryptography-42.0.7-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:93a3209f6bb2b33e725ed08ee0991b92976dfdcf4e8b38646540674fc7508e13"},
+    {file = "cryptography-42.0.8-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:ad803773e9df0b92e0a817d22fd8a3675493f690b96130a5e24f1b8fabbea9c7"},
-    {file = "cryptography-42.0.7-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:e6b8f1881dac458c34778d0a424ae5769de30544fc678eac51c1c8bb2183e9da"},
+    {file = "cryptography-42.0.8-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:2f66d9cd9147ee495a8374a45ca445819f8929a3efcd2e3df6428e46c3cbb10b"},
-    {file = "cryptography-42.0.7-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:3de9a45d3b2b7d8088c3fbf1ed4395dfeff79d07842217b38df14ef09ce1d8d7"},
+    {file = "cryptography-42.0.8-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:d45b940883a03e19e944456a558b67a41160e367a719833c53de6911cabba2b7"},
-    {file = "cryptography-42.0.7-cp37-abi3-win32.whl", hash = "sha256:789caea816c6704f63f6241a519bfa347f72fbd67ba28d04636b7c6b7da94b0b"},
+    {file = "cryptography-42.0.8-cp37-abi3-win32.whl", hash = "sha256:a0c5b2b0585b6af82d7e385f55a8bc568abff8923af147ee3c07bd8b42cda8b2"},
-    {file = "cryptography-42.0.7-cp37-abi3-win_amd64.whl", hash = "sha256:8cb8ce7c3347fcf9446f201dc30e2d5a3c898d009126010cbd1f443f28b52678"},
+    {file = "cryptography-42.0.8-cp37-abi3-win_amd64.whl", hash = "sha256:57080dee41209e556a9a4ce60d229244f7a66ef52750f813bfbe18959770cfba"},
-    {file = "cryptography-42.0.7-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:a3a5ac8b56fe37f3125e5b72b61dcde43283e5370827f5233893d461b7360cd4"},
+    {file = "cryptography-42.0.8-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:dea567d1b0e8bc5764b9443858b673b734100c2871dc93163f58c46a97a83d28"},
-    {file = "cryptography-42.0.7-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:779245e13b9a6638df14641d029add5dc17edbef6ec915688f3acb9e720a5858"},
+    {file = "cryptography-42.0.8-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c4783183f7cb757b73b2ae9aed6599b96338eb957233c58ca8f49a49cc32fd5e"},
-    {file = "cryptography-42.0.7-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0d563795db98b4cd57742a78a288cdbdc9daedac29f2239793071fe114f13785"},
+    {file = "cryptography-42.0.8-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a0608251135d0e03111152e41f0cc2392d1e74e35703960d4190b2e0f4ca9c70"},
-    {file = "cryptography-42.0.7-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:31adb7d06fe4383226c3e963471f6837742889b3c4caa55aac20ad951bc8ffda"},
+    {file = "cryptography-42.0.8-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:dc0fdf6787f37b1c6b08e6dfc892d9d068b5bdb671198c72072828b80bd5fe4c"},
-    {file = "cryptography-42.0.7-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:efd0bf5205240182e0f13bcaea41be4fdf5c22c5129fc7ced4a0282ac86998c9"},
+    {file = "cryptography-42.0.8-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:9c0c1716c8447ee7dbf08d6db2e5c41c688544c61074b54fc4564196f55c25a7"},
-    {file = "cryptography-42.0.7-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:a9bc127cdc4ecf87a5ea22a2556cab6c7eda2923f84e4f3cc588e8470ce4e42e"},
+    {file = "cryptography-42.0.8-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:fff12c88a672ab9c9c1cf7b0c80e3ad9e2ebd9d828d955c126be4fd3e5578c9e"},
-    {file = "cryptography-42.0.7-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:3577d029bc3f4827dd5bf8bf7710cac13527b470bbf1820a3f394adb38ed7d5f"},
+    {file = "cryptography-42.0.8-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:cafb92b2bc622cd1aa6a1dce4b93307792633f4c5fe1f46c6b97cf67073ec961"},
-    {file = "cryptography-42.0.7-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:2e47577f9b18723fa294b0ea9a17d5e53a227867a0a4904a1a076d1646d45ca1"},
+    {file = "cryptography-42.0.8-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:31f721658a29331f895a5a54e7e82075554ccfb8b163a18719d342f5ffe5ecb1"},
-    {file = "cryptography-42.0.7-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:1a58839984d9cb34c855197043eaae2c187d930ca6d644612843b4fe8513c886"},
+    {file = "cryptography-42.0.8-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:b297f90c5723d04bcc8265fc2a0f86d4ea2e0f7ab4b6994459548d3a6b992a14"},
-    {file = "cryptography-42.0.7-cp39-abi3-win32.whl", hash = "sha256:e6b79d0adb01aae87e8a44c2b64bc3f3fe59515280e00fb6d57a7267a2583cda"},
+    {file = "cryptography-42.0.8-cp39-abi3-win32.whl", hash = "sha256:2f88d197e66c65be5e42cd72e5c18afbfae3f741742070e3019ac8f4ac57262c"},
-    {file = "cryptography-42.0.7-cp39-abi3-win_amd64.whl", hash = "sha256:16268d46086bb8ad5bf0a2b5544d8a9ed87a0e33f5e77dd3c3301e63d941a83b"},
+    {file = "cryptography-42.0.8-cp39-abi3-win_amd64.whl", hash = "sha256:fa76fbb7596cc5839320000cdd5d0955313696d9511debab7ee7278fc8b5c84a"},
-    {file = "cryptography-42.0.7-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:2954fccea107026512b15afb4aa664a5640cd0af630e2ee3962f2602693f0c82"},
+    {file = "cryptography-42.0.8-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:ba4f0a211697362e89ad822e667d8d340b4d8d55fae72cdd619389fb5912eefe"},
-    {file = "cryptography-42.0.7-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:362e7197754c231797ec45ee081f3088a27a47c6c01eff2ac83f60f85a50fe60"},
+    {file = "cryptography-42.0.8-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:81884c4d096c272f00aeb1f11cf62ccd39763581645b0812e99a91505fa48e0c"},
-    {file = "cryptography-42.0.7-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:4f698edacf9c9e0371112792558d2f705b5645076cc0aaae02f816a0171770fd"},
+    {file = "cryptography-42.0.8-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:c9bb2ae11bfbab395bdd072985abde58ea9860ed84e59dbc0463a5d0159f5b71"},
-    {file = "cryptography-42.0.7-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:5482e789294854c28237bba77c4c83be698be740e31a3ae5e879ee5444166582"},
+    {file = "cryptography-42.0.8-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:7016f837e15b0a1c119d27ecd89b3515f01f90a8615ed5e9427e30d9cdbfed3d"},
-    {file = "cryptography-42.0.7-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:e9b2a6309f14c0497f348d08a065d52f3020656f675819fc405fb63bbcd26562"},
+    {file = "cryptography-42.0.8-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:5a94eccb2a81a309806027e1670a358b99b8fe8bfe9f8d329f27d72c094dde8c"},
-    {file = "cryptography-42.0.7-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:d8e3098721b84392ee45af2dd554c947c32cc52f862b6a3ae982dbb90f577f14"},
+    {file = "cryptography-42.0.8-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:dec9b018df185f08483f294cae6ccac29e7a6e0678996587363dc352dc65c842"},
-    {file = "cryptography-42.0.7-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:c65f96dad14f8528a447414125e1fc8feb2ad5a272b8f68477abbcc1ea7d94b9"},
+    {file = "cryptography-42.0.8-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:343728aac38decfdeecf55ecab3264b015be68fc2816ca800db649607aeee648"},
-    {file = "cryptography-42.0.7-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:36017400817987670037fbb0324d71489b6ead6231c9604f8fc1f7d008087c68"},
+    {file = "cryptography-42.0.8-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:013629ae70b40af70c9a7a5db40abe5d9054e6f4380e50ce769947b73bf3caad"},
-    {file = "cryptography-42.0.7.tar.gz", hash = "sha256:ecbfbc00bf55888edda9868a4cf927205de8499e7fabe6c050322298382953f2"},
+    {file = "cryptography-42.0.8.tar.gz", hash = "sha256:8d09d05439ce7baa8e9e95b07ec5b6c886f548deb7e0f69ef25f64b3bce842f2"},
 ]
 [package.dependencies]
@ -1196,13 +1196,13 @@ bcrypt = ["bcrypt"]
 [[package]]
 name = "django-cte"
-version = "1.3.2"
+version = "1.3.3"
 description = "Common Table Expressions (CTE) for Django"
 optional = false
 python-versions = "*"
 files = [
-    {file = "django-cte-1.3.2.tar.gz", hash = "sha256:841b264f83417d421393c8c4644f76300962c6c3ddbc37339cf99672eb3696a2"},
+    {file = "django-cte-1.3.3.tar.gz", hash = "sha256:0c1aeef067278a22886151c1d27f6f665a303952d058900e5ca82a24cde40697"},
-    {file = "django_cte-1.3.2-py2.py3-none-any.whl", hash = "sha256:9ca0a900df4819bbe86447a594f27272d67069f3ef13da61e905b0ace67704e9"},
+    {file = "django_cte-1.3.3-py2.py3-none-any.whl", hash = "sha256:85bbc3efb30c2f8c9ae3080ca6f0b9570e43d2cb4b6be10846c8ef9f046873fa"},
 ]
 [[package]]
@ -1707,13 +1707,13 @@ grpcio-gcp = ["grpcio-gcp (>=0.2.2,<1.0.dev0)"]
 [[package]]
 name = "google-api-python-client"
-version = "2.131.0"
+version = "2.132.0"
 description = "Google API Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "google-api-python-client-2.131.0.tar.gz", hash = "sha256:1c03e24af62238a8817ecc24e9d4c32ddd4cb1f323b08413652d9a9a592fc00d"},
+    {file = "google-api-python-client-2.132.0.tar.gz", hash = "sha256:d6340dc83b72d72333cee5d50f7dcfecbff66a8783164090e945f985ec4c374d"},
-    {file = "google_api_python_client-2.131.0-py2.py3-none-any.whl", hash = "sha256:e325409bdcef4604d505d9246ce7199960a010a0569ac503b9f319db8dbdc217"},
+    {file = "google_api_python_client-2.132.0-py2.py3-none-any.whl", hash = "sha256:cde87700bd4d37f39f5e940292c1c6cd0910990b5b01f50b1332a8cea38e8595"},
 ]
 [package.dependencies]
@ -2172,13 +2172,13 @@ zookeeper = ["kazoo (>=2.8.0)"]
 [[package]]
 name = "kubernetes"
-version = "29.0.0"
+version = "30.1.0"
 description = "Kubernetes python client"
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "kubernetes-29.0.0-py2.py3-none-any.whl", hash = "sha256:ab8cb0e0576ccdfb71886366efb102c6a20f268d817be065ce7f9909c631e43e"},
+    {file = "kubernetes-30.1.0-py2.py3-none-any.whl", hash = "sha256:e212e8b7579031dd2e512168b617373bc1e03888d41ac4e04039240a292d478d"},
-    {file = "kubernetes-29.0.0.tar.gz", hash = "sha256:c4812e227ae74d07d53c88293e564e54b850452715a59a927e7e1bc6b9a60459"},
+    {file = "kubernetes-30.1.0.tar.gz", hash = "sha256:41e4c77af9f28e7a6c314e3bd06a8c6229ddd787cad684e0ab9f69b498e98ebc"},
 ]
 [package.dependencies]
@ -3019,13 +3019,13 @@ attrs = ">=19.2.0"
 [[package]]
 name = "packaging"
-version = "24.0"
+version = "24.1"
 description = "Core utilities for Python packages"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "packaging-24.0-py3-none-any.whl", hash = "sha256:2ddfb553fdf02fb784c234c7ba6ccc288296ceabec964ad2eae3777778130bc5"},
+    {file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
-    {file = "packaging-24.0.tar.gz", hash = "sha256:eb82c5e3e56209074766e6885bb04b8c38a0c015d0a30036ebe7ece34c9989e9"},
+    {file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
 ]
 [[package]]
@ -3624,13 +3624,13 @@ files = [
 [[package]]
 name = "pytest"
-version = "8.2.1"
+version = "8.2.2"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pytest-8.2.1-py3-none-any.whl", hash = "sha256:faccc5d332b8c3719f40283d0d44aa5cf101cec36f88cde9ed8f2bc0538612b1"},
+    {file = "pytest-8.2.2-py3-none-any.whl", hash = "sha256:c434598117762e2bd304e526244f67bf66bbd7b5d6cf22138be51ff661980343"},
-    {file = "pytest-8.2.1.tar.gz", hash = "sha256:5046e5b46d8e4cac199c373041f26be56fdb81eb4e67dc11d4e10811fc3408fd"},
+    {file = "pytest-8.2.2.tar.gz", hash = "sha256:de4bb8104e201939ccdc688b27a89a7be2079b22e2bd2b07f806b6ba71117977"},
 ]
 [package.dependencies]
@ -4052,28 +4052,28 @@ pyasn1 = ">=0.1.3"
 [[package]]
 name = "ruff"
-version = "0.4.7"
+version = "0.4.8"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.4.7-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:e089371c67892a73b6bb1525608e89a2aca1b77b5440acf7a71dda5dac958f9e"},
+    {file = "ruff-0.4.8-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:7663a6d78f6adb0eab270fa9cf1ff2d28618ca3a652b60f2a234d92b9ec89066"},
-    {file = "ruff-0.4.7-py3-none-macosx_11_0_arm64.whl", hash = "sha256:10f973d521d910e5f9c72ab27e409e839089f955be8a4c8826601a6323a89753"},
+    {file = "ruff-0.4.8-py3-none-macosx_11_0_arm64.whl", hash = "sha256:eeceb78da8afb6de0ddada93112869852d04f1cd0f6b80fe464fd4e35c330913"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:59c3d110970001dfa494bcd95478e62286c751126dfb15c3c46e7915fc49694f"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:aad360893e92486662ef3be0a339c5ca3c1b109e0134fcd37d534d4be9fb8de3"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:fa9773c6c00f4958f73b317bc0fd125295110c3776089f6ef318f4b775f0abe4"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:284c2e3f3396fb05f5f803c9fffb53ebbe09a3ebe7dda2929ed8d73ded736deb"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:07fc80bbb61e42b3b23b10fda6a2a0f5a067f810180a3760c5ef1b456c21b9db"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a7354f921e3fbe04d2a62d46707e569f9315e1a613307f7311a935743c51a764"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:fa4dafe3fe66d90e2e2b63fa1591dd6e3f090ca2128daa0be33db894e6c18648"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:72584676164e15a68a15778fd1b17c28a519e7a0622161eb2debdcdabdc71883"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a7c0083febdec17571455903b184a10026603a1de078428ba155e7ce9358c5f6"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9678d5c9b43315f323af2233a04d747409d1e3aa6789620083a82d1066a35199"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ad1b20e66a44057c326168437d680a2166c177c939346b19c0d6b08a62a37589"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:704977a658131651a22b5ebeb28b717ef42ac6ee3b11e91dc87b633b5d83142b"},
-    {file = "ruff-0.4.7-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cbf5d818553add7511c38b05532d94a407f499d1a76ebb0cad0374e32bc67202"},
+    {file = "ruff-0.4.8-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d05f8d6f0c3cce5026cecd83b7a143dcad503045857bc49662f736437380ad45"},
-    {file = "ruff-0.4.7-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:50e9651578b629baec3d1513b2534de0ac7ed7753e1382272b8d609997e27e83"},
+    {file = "ruff-0.4.8-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:6ea874950daca5697309d976c9afba830d3bf0ed66887481d6bca1673fc5b66a"},
-    {file = "ruff-0.4.7-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:8874a9df7766cb956b218a0a239e0a5d23d9e843e4da1e113ae1d27ee420877a"},
+    {file = "ruff-0.4.8-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:fc95aac2943ddf360376be9aa3107c8cf9640083940a8c5bd824be692d2216dc"},
-    {file = "ruff-0.4.7-py3-none-musllinux_1_2_i686.whl", hash = "sha256:b9de9a6e49f7d529decd09381c0860c3f82fa0b0ea00ea78409b785d2308a567"},
+    {file = "ruff-0.4.8-py3-none-musllinux_1_2_i686.whl", hash = "sha256:384154a1c3f4bf537bac69f33720957ee49ac8d484bfc91720cc94172026ceed"},
-    {file = "ruff-0.4.7-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:13a1768b0691619822ae6d446132dbdfd568b700ecd3652b20d4e8bc1e498f78"},
+    {file = "ruff-0.4.8-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:e9d5ce97cacc99878aa0d084c626a15cd21e6b3d53fd6f9112b7fc485918e1fa"},
-    {file = "ruff-0.4.7-py3-none-win32.whl", hash = "sha256:769e5a51df61e07e887b81e6f039e7ed3573316ab7dd9f635c5afaa310e4030e"},
+    {file = "ruff-0.4.8-py3-none-win32.whl", hash = "sha256:6d795d7639212c2dfd01991259460101c22aabf420d9b943f153ab9d9706e6a9"},
-    {file = "ruff-0.4.7-py3-none-win_amd64.whl", hash = "sha256:9e3ab684ad403a9ed1226894c32c3ab9c2e0718440f6f50c7c5829932bc9e054"},
+    {file = "ruff-0.4.8-py3-none-win_amd64.whl", hash = "sha256:e14a3a095d07560a9d6769a72f781d73259655919d9b396c650fc98a8157555d"},
-    {file = "ruff-0.4.7-py3-none-win_arm64.whl", hash = "sha256:10f2204b9a613988e3484194c2c9e96a22079206b22b787605c255f130db5ed7"},
+    {file = "ruff-0.4.8-py3-none-win_arm64.whl", hash = "sha256:14019a06dbe29b608f6b7cbcec300e3170a8d86efaddb7b23405cb7f7dcaf780"},
-    {file = "ruff-0.4.7.tar.gz", hash = "sha256:2331d2b051dc77a289a653fcc6a42cce357087c5975738157cd966590b18b5e1"},
+    {file = "ruff-0.4.8.tar.gz", hash = "sha256:16d717b1d57b2e2fd68bd0bf80fb43931b79d05a7131aa477d66fc40fbd86268"},
 ]
 [[package]]
@ -4130,13 +4130,13 @@ urllib3 = {version = ">=1.26,<3", extras = ["socks"]}
 [[package]]
 name = "sentry-sdk"
-version = "2.3.1"
+version = "2.5.1"
 description = "Python client for Sentry (https://sentry.io)"
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "sentry_sdk-2.3.1-py2.py3-none-any.whl", hash = "sha256:c5aeb095ba226391d337dd42a6f9470d86c9fc236ecc71cfc7cd1942b45010c6"},
+    {file = "sentry_sdk-2.5.1-py2.py3-none-any.whl", hash = "sha256:1f87acdce4a43a523ae5aa21a3fc37522d73ebd9ec04b1dbf01aa3d173852def"},
-    {file = "sentry_sdk-2.3.1.tar.gz", hash = "sha256:139a71a19f5e9eb5d3623942491ce03cf8ebc14ea2e39ba3e6fe79560d8a5b1f"},
+    {file = "sentry_sdk-2.5.1.tar.gz", hash = "sha256:fbc40a78a8a9c6675133031116144f0d0940376fa6e4e1acd5624c90b0aaf58b"},
 ]
 [package.dependencies]
@ -4451,22 +4451,22 @@ celery = "*"
 [[package]]
 name = "tornado"
-version = "6.4"
+version = "6.4.1"
 description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed."
 optional = false
-python-versions = ">= 3.8"
+python-versions = ">=3.8"
 files = [
-    {file = "tornado-6.4-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:02ccefc7d8211e5a7f9e8bc3f9e5b0ad6262ba2fbb683a6443ecc804e5224ce0"},
+    {file = "tornado-6.4.1-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:163b0aafc8e23d8cdc3c9dfb24c5368af84a81e3364745ccb4427669bf84aec8"},
-    {file = "tornado-6.4-cp38-abi3-macosx_10_9_x86_64.whl", hash = "sha256:27787de946a9cffd63ce5814c33f734c627a87072ec7eed71f7fc4417bb16263"},
+    {file = "tornado-6.4.1-cp38-abi3-macosx_10_9_x86_64.whl", hash = "sha256:6d5ce3437e18a2b66fbadb183c1d3364fb03f2be71299e7d10dbeeb69f4b2a14"},
-    {file = "tornado-6.4-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f7894c581ecdcf91666a0912f18ce5e757213999e183ebfc2c3fdbf4d5bd764e"},
+    {file = "tornado-6.4.1-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e2e20b9113cd7293f164dc46fffb13535266e713cdb87bd2d15ddb336e96cfc4"},
-    {file = "tornado-6.4-cp38-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e43bc2e5370a6a8e413e1e1cd0c91bedc5bd62a74a532371042a18ef19e10579"},
+    {file = "tornado-6.4.1-cp38-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:8ae50a504a740365267b2a8d1a90c9fbc86b780a39170feca9bcc1787ff80842"},
-    {file = "tornado-6.4-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f0251554cdd50b4b44362f73ad5ba7126fc5b2c2895cc62b14a1c2d7ea32f212"},
+    {file = "tornado-6.4.1-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:613bf4ddf5c7a95509218b149b555621497a6cc0d46ac341b30bd9ec19eac7f3"},
-    {file = "tornado-6.4-cp38-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:fd03192e287fbd0899dd8f81c6fb9cbbc69194d2074b38f384cb6fa72b80e9c2"},
+    {file = "tornado-6.4.1-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:25486eb223babe3eed4b8aecbac33b37e3dd6d776bc730ca14e1bf93888b979f"},
-    {file = "tornado-6.4-cp38-abi3-musllinux_1_1_i686.whl", hash = "sha256:88b84956273fbd73420e6d4b8d5ccbe913c65d31351b4c004ae362eba06e1f78"},
+    {file = "tornado-6.4.1-cp38-abi3-musllinux_1_2_i686.whl", hash = "sha256:454db8a7ecfcf2ff6042dde58404164d969b6f5d58b926da15e6b23817950fc4"},
-    {file = "tornado-6.4-cp38-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:71ddfc23a0e03ef2df1c1397d859868d158c8276a0603b96cf86892bff58149f"},
+    {file = "tornado-6.4.1-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a02a08cc7a9314b006f653ce40483b9b3c12cda222d6a46d4ac63bb6c9057698"},
-    {file = "tornado-6.4-cp38-abi3-win32.whl", hash = "sha256:6f8a6c77900f5ae93d8b4ae1196472d0ccc2775cc1dfdc9e7727889145c45052"},
+    {file = "tornado-6.4.1-cp38-abi3-win32.whl", hash = "sha256:d9a566c40b89757c9aa8e6f032bcdb8ca8795d7c1a9762910c722b1635c9de4d"},
-    {file = "tornado-6.4-cp38-abi3-win_amd64.whl", hash = "sha256:10aeaa8006333433da48dec9fe417877f8bcc21f48dda8d661ae79da357b2a63"},
+    {file = "tornado-6.4.1-cp38-abi3-win_amd64.whl", hash = "sha256:b24b8982ed444378d7f21d563f4180a2de31ced9d8d84443907a0a64da2072e7"},
-    {file = "tornado-6.4.tar.gz", hash = "sha256:72291fa6e6bc84e626589f1c29d90a5a6d593ef5ae68052ee2ef000dfd273dee"},
+    {file = "tornado-6.4.1.tar.gz", hash = "sha256:92d3ab53183d8c50f8204a51e6f91d18a15d5ef261e84d452800d4ff6fc504e9"},
 ]
 [[package]]
@ -4505,13 +4505,13 @@ wsproto = ">=0.14"
 [[package]]
 name = "twilio"
-version = "9.1.0"
+version = "9.1.1"
 description = "Twilio API client and TwiML generator"
 optional = false
 python-versions = ">=3.7.0"
 files = [
-    {file = "twilio-9.1.0-py2.py3-none-any.whl", hash = "sha256:eb4687a9f81dc3118e8981c5a46d9f8184baee135c79afed47c714c759c31bbc"},
+    {file = "twilio-9.1.1-py2.py3-none-any.whl", hash = "sha256:cc3e090c3884db7d70e7c647358b9cf1f4d30fd3fbe0412adcae0df8459d29b0"},
-    {file = "twilio-9.1.0.tar.gz", hash = "sha256:ab2eb19c779855bf02cdca8a7e02ebaa64feee47da7b591ac9088ec07a6962e2"},
+    {file = "twilio-9.1.1.tar.gz", hash = "sha256:cfe72b12cabac2f0997f1060d53cea14bd1196e2cbda14789e53c7dd762c4349"},
 ]
 [package.dependencies]
--- a/schema.yml
+++ b/schema.yml
@ -19726,6 +19726,403 @@ paths:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /providers/scim_groups/:
    get:
      operationId: providers_scim_groups_list
      description: SCIMProviderGroup Viewset
      parameters:
      - in: query
        name: group__group_uuid
        schema:
          type: string
          format: uuid
      - in: query
        name: group__name
        schema:
          type: string
      - name: ordering
        required: false
        in: query
        description: Which field to use when ordering the results.
        schema:
          type: string
      - name: page
        required: false
        in: query
        description: A page number within the paginated result set.
        schema:
          type: integer
      - name: page_size
        required: false
        in: query
        description: Number of results to return per page.
        schema:
          type: integer
      - in: query
        name: provider__id
        schema:
          type: integer
      - name: search
        required: false
        in: query
        description: A search term.
        schema:
          type: string
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedSCIMProviderGroupList'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
    post:
      operationId: providers_scim_groups_create
      description: SCIMProviderGroup Viewset
      tags:
      - providers
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SCIMProviderGroupRequest'
        required: true
      security:
      - authentik: []
      responses:
        '201':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SCIMProviderGroup'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /providers/scim_groups/{id}/:
    get:
      operationId: providers_scim_groups_retrieve
      description: SCIMProviderGroup Viewset
      parameters:
      - in: path
        name: id
        schema:
          type: string
          format: uuid
        description: A UUID string identifying this scim provider group.
        required: true
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SCIMProviderGroup'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
    delete:
      operationId: providers_scim_groups_destroy
      description: SCIMProviderGroup Viewset
      parameters:
      - in: path
        name: id
        schema:
          type: string
          format: uuid
        description: A UUID string identifying this scim provider group.
        required: true
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '204':
          description: No response body
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /providers/scim_groups/{id}/used_by/:
    get:
      operationId: providers_scim_groups_used_by_list
      description: Get a list of all objects that use this object
      parameters:
      - in: path
        name: id
        schema:
          type: string
          format: uuid
        description: A UUID string identifying this scim provider group.
        required: true
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '200':
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UsedBy'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /providers/scim_users/:
    get:
      operationId: providers_scim_users_list
      description: SCIMProviderUser Viewset
      parameters:
      - name: ordering
        required: false
        in: query
        description: Which field to use when ordering the results.
        schema:
          type: string
      - name: page
        required: false
        in: query
        description: A page number within the paginated result set.
        schema:
          type: integer
      - name: page_size
        required: false
        in: query
        description: Number of results to return per page.
        schema:
          type: integer
      - in: query
        name: provider__id
        schema:
          type: integer
      - name: search
        required: false
        in: query
        description: A search term.
        schema:
          type: string
      - in: query
        name: user__id
        schema:
          type: integer
      - in: query
        name: user__username
        schema:
          type: string
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PaginatedSCIMProviderUserList'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
    post:
      operationId: providers_scim_users_create
      description: SCIMProviderUser Viewset
      tags:
      - providers
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SCIMProviderUserRequest'
        required: true
      security:
      - authentik: []
      responses:
        '201':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SCIMProviderUser'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /providers/scim_users/{id}/:
    get:
      operationId: providers_scim_users_retrieve
      description: SCIMProviderUser Viewset
      parameters:
      - in: path
        name: id
        schema:
          type: string
          format: uuid
        description: A UUID string identifying this scim provider user.
        required: true
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SCIMProviderUser'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
    delete:
      operationId: providers_scim_users_destroy
      description: SCIMProviderUser Viewset
      parameters:
      - in: path
        name: id
        schema:
          type: string
          format: uuid
        description: A UUID string identifying this scim provider user.
        required: true
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '204':
          description: No response body
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /providers/scim_users/{id}/used_by/:
    get:
      operationId: providers_scim_users_used_by_list
      description: Get a list of all objects that use this object
      parameters:
      - in: path
        name: id
        schema:
          type: string
          format: uuid
        description: A UUID string identifying this scim provider user.
        required: true
      tags:
      - providers
      security:
      - authentik: []
      responses:
        '200':
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/UsedBy'
          description: ''
        '400':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
          description: ''
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GenericError'
          description: ''
  /rac/connection_tokens/:
    get:
      operationId: rac_connection_tokens_list
@ -36335,6 +36732,8 @@ components:
          type: string
          format: uuid
          readOnly: true
        google_id:
          type: string
        group:
          type: string
          format: uuid
@ -36348,6 +36747,7 @@ components:
          readOnly: true
      required:
      - attributes
      - google_id
      - group
      - group_obj
      - id
@ -36356,12 +36756,16 @@ components:
      type: object
      description: GoogleWorkspaceProviderGroup Serializer
      properties:
        google_id:
          type: string
          minLength: 1
        group:
          type: string
          format: uuid
        provider:
          type: integer
      required:
      - google_id
      - group
      - provider
    GoogleWorkspaceProviderMapping:
@ -36484,6 +36888,8 @@ components:
          type: string
          format: uuid
          readOnly: true
        google_id:
          type: string
        user:
          type: integer
        user_obj:
@ -36496,6 +36902,7 @@ components:
          readOnly: true
      required:
      - attributes
      - google_id
      - id
      - provider
      - user
@ -36504,11 +36911,15 @@ components:
      type: object
      description: GoogleWorkspaceProviderUser Serializer
      properties:
        google_id:
          type: string
          minLength: 1
        user:
          type: integer
        provider:
          type: integer
      required:
      - google_id
      - provider
      - user
    Group:
@ -38003,6 +38414,8 @@ components:
          type: string
          format: uuid
          readOnly: true
        microsoft_id:
          type: string
        group:
          type: string
          format: uuid
@ -38019,11 +38432,15 @@ components:
      - group
      - group_obj
      - id
      - microsoft_id
      - provider
    MicrosoftEntraProviderGroupRequest:
      type: object
      description: MicrosoftEntraProviderGroup Serializer
      properties:
        microsoft_id:
          type: string
          minLength: 1
        group:
          type: string
          format: uuid
@ -38031,6 +38448,7 @@ components:
          type: integer
      required:
      - group
      - microsoft_id
      - provider
    MicrosoftEntraProviderMapping:
      type: object
@ -38149,6 +38567,8 @@ components:
          type: string
          format: uuid
          readOnly: true
        microsoft_id:
          type: string
        user:
          type: integer
        user_obj:
@ -38162,6 +38582,7 @@ components:
      required:
      - attributes
      - id
      - microsoft_id
      - provider
      - user
      - user_obj
@ -38169,11 +38590,15 @@ components:
      type: object
      description: MicrosoftEntraProviderUser Serializer
      properties:
        microsoft_id:
          type: string
          minLength: 1
        user:
          type: integer
        provider:
          type: integer
      required:
      - microsoft_id
      - provider
      - user
    ModelEnum:
@ -40166,6 +40591,18 @@ components:
      required:
      - pagination
      - results
    PaginatedSCIMProviderGroupList:
      type: object
      properties:
        pagination:
          $ref: '#/components/schemas/Pagination'
        results:
          type: array
          items:
            $ref: '#/components/schemas/SCIMProviderGroup'
      required:
      - pagination
      - results
    PaginatedSCIMProviderList:
      type: object
      properties:
@ -40178,6 +40615,18 @@ components:
      required:
      - pagination
      - results
    PaginatedSCIMProviderUserList:
      type: object
      properties:
        pagination:
          $ref: '#/components/schemas/Pagination'
        results:
          type: array
          items:
            $ref: '#/components/schemas/SCIMProviderUser'
      required:
      - pagination
      - results
    PaginatedSCIMSourceGroupList:
      type: object
      properties:
@ -44147,12 +44596,14 @@ components:
      properties:
        user:
          type: integer
          nullable: true
        context:
          type: object
          additionalProperties: {}
        group:
          type: string
          format: uuid
          nullable: true
    PropertyMappingTestResult:
      type: object
      description: Result of a Property-mapping test
@ -45906,6 +46357,47 @@ components:
      - url
      - verbose_name
      - verbose_name_plural
    SCIMProviderGroup:
      type: object
      description: SCIMProviderGroup Serializer
      properties:
        id:
          type: string
          format: uuid
          readOnly: true
        scim_id:
          type: string
        group:
          type: string
          format: uuid
        group_obj:
          allOf:
          - $ref: '#/components/schemas/UserGroup'
          readOnly: true
        provider:
          type: integer
      required:
      - group
      - group_obj
      - id
      - provider
      - scim_id
    SCIMProviderGroupRequest:
      type: object
      description: SCIMProviderGroup Serializer
      properties:
        scim_id:
          type: string
          minLength: 1
        group:
          type: string
          format: uuid
        provider:
          type: integer
      required:
      - group
      - provider
      - scim_id
    SCIMProviderRequest:
      type: object
      description: SCIMProvider Serializer
@ -45942,6 +46434,45 @@ components:
      - name
      - token
      - url
    SCIMProviderUser:
      type: object
      description: SCIMProviderUser Serializer
      properties:
        id:
          type: string
          format: uuid
          readOnly: true
        scim_id:
          type: string
        user:
          type: integer
        user_obj:
          allOf:
          - $ref: '#/components/schemas/GroupMember'
          readOnly: true
        provider:
          type: integer
      required:
      - id
      - provider
      - scim_id
      - user
      - user_obj
    SCIMProviderUserRequest:
      type: object
      description: SCIMProviderUser Serializer
      properties:
        scim_id:
          type: string
          minLength: 1
        user:
          type: integer
        provider:
          type: integer
      required:
      - provider
      - scim_id
      - user
    SCIMSource:
      type: object
      description: SCIMSource Serializer
--- a/tests/e2e/docker-compose.yml
+++ b/tests/e2e/docker-compose.yml
@ -1,5 +1,3 @@
 version: '3.7'
 services:
  chrome:
    image: docker.io/selenium/standalone-chrome:122.0
--- a/tests/wdio/package-lock.json
+++ b/tests/wdio/package-lock.json
@ -20,7 +20,7 @@
                "eslint-config-google": "^0.14.0",
                "eslint-plugin-sonarjs": "^0.25.1",
                "npm-run-all": "^4.1.5",
-                "prettier": "^3.3.0",
+                "prettier": "^3.3.1",
                "ts-node": "^10.9.2",
                "typescript": "^5.4.5",
                "wdio-wait-for": "^3.0.11"
@ -6908,9 +6908,9 @@
            }
        },
        "node_modules/prettier": {
-            "version": "3.3.0",
+            "version": "3.3.1",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.0.tgz",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.1.tgz",
-            "integrity": "sha512-J9odKxERhCQ10OC2yb93583f6UnYutOeiV5i0zEDS7UGTdUt0u+y8erxl3lBKvwo/JHyyoEdXjwp4dke9oyZ/g==",
+            "integrity": "sha512-7CAwy5dRsxs8PHXT3twixW9/OEll8MLE0VRPCJyl7CkS6VHGPSlsVaWTiASPTyGyYRyApxlaWTzwUxVNrhcwDg==",
            "dev": true,
            "bin": {
                "prettier": "bin/prettier.cjs"
--- a/tests/wdio/package.json
+++ b/tests/wdio/package.json
@ -14,7 +14,7 @@
        "eslint-config-google": "^0.14.0",
        "eslint-plugin-sonarjs": "^0.25.1",
        "npm-run-all": "^4.1.5",
-        "prettier": "^3.3.0",
+        "prettier": "^3.3.1",
        "ts-node": "^10.9.2",
        "typescript": "^5.4.5",
        "wdio-wait-for": "^3.0.11"
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@ -38,15 +38,15 @@
        "@codemirror/theme-one-dark": "^6.1.2",
        "@formatjs/intl-listformat": "^7.5.7",
        "@fortawesome/fontawesome-free": "^6.5.2",
-        "@goauthentik/api": "^2024.4.2-1717493155",
+        "@goauthentik/api": "^2024.4.2-1717645682",
        "@lit-labs/task": "^3.1.0",
-        "@lit/context": "^1.1.1",
+        "@lit/context": "^1.1.2",
        "@lit/localize": "^0.12.1",
        "@lit/reactive-element": "^2.0.4",
        "@open-wc/lit-helpers": "^0.7.0",
        "@patternfly/elements": "^3.0.1",
        "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^8.7.0",
+        "@sentry/browser": "^8.8.0",
        "@webcomponents/webcomponentsjs": "^2.8.0",
        "base64-js": "^1.5.1",
        "chart.js": "^4.4.3",
@ -54,10 +54,10 @@
        "codemirror": "^6.0.1",
        "construct-style-sheets-polyfill": "^3.1.0",
        "core-js": "^3.37.1",
-        "country-flag-icons": "^1.5.11",
+        "country-flag-icons": "^1.5.12",
        "fuse.js": "^7.0.0",
        "guacamole-common-js": "^1.5.0",
-        "lit": "^3.1.3",
+        "lit": "^3.1.4",
        "md-front-matter": "^1.0.4",
        "mermaid": "^10.9.1",
        "rapidoc": "^9.3.4",
@ -65,29 +65,29 @@
        "style-mod": "^4.1.2",
        "ts-pattern": "^5.1.2",
        "webcomponent-qr-code": "^1.2.0",
-        "yaml": "^2.4.3"
+        "yaml": "^2.4.5"
    },
    "devDependencies": {
-        "@babel/core": "^7.24.6",
+        "@babel/core": "^7.24.7",
        "@babel/plugin-proposal-class-properties": "^7.18.6",
-        "@babel/plugin-proposal-decorators": "^7.24.6",
+        "@babel/plugin-proposal-decorators": "^7.24.7",
-        "@babel/plugin-transform-private-methods": "^7.24.6",
+        "@babel/plugin-transform-private-methods": "^7.24.7",
-        "@babel/plugin-transform-private-property-in-object": "^7.24.6",
+        "@babel/plugin-transform-private-property-in-object": "^7.24.7",
-        "@babel/plugin-transform-runtime": "^7.24.6",
+        "@babel/plugin-transform-runtime": "^7.24.7",
-        "@babel/preset-env": "^7.24.6",
+        "@babel/preset-env": "^7.24.7",
-        "@babel/preset-typescript": "^7.24.6",
+        "@babel/preset-typescript": "^7.24.7",
        "@hcaptcha/types": "^1.0.3",
        "@jeysal/storybook-addon-css-user-preferences": "^0.2.0",
        "@lit/localize-tools": "^0.7.2",
-        "@rollup/plugin-replace": "^5.0.5",
+        "@rollup/plugin-replace": "^5.0.7",
        "@spotlightjs/spotlight": "^1.2.17",
-        "@storybook/addon-essentials": "^8.1.5",
+        "@storybook/addon-essentials": "^8.1.6",
-        "@storybook/addon-links": "^8.1.5",
+        "@storybook/addon-links": "^8.1.6",
        "@storybook/api": "^7.6.17",
        "@storybook/blocks": "^8.0.8",
-        "@storybook/manager-api": "^8.1.5",
+        "@storybook/manager-api": "^8.1.6",
-        "@storybook/web-components": "^8.1.5",
+        "@storybook/web-components": "^8.1.6",
-        "@storybook/web-components-vite": "^8.1.5",
+        "@storybook/web-components-vite": "^8.1.6",
        "@trivago/prettier-plugin-sort-imports": "^4.3.0",
        "@types/chart.js": "^2.9.41",
        "@types/codemirror": "5.60.15",
@ -100,7 +100,7 @@
        "babel-plugin-tsconfig-paths": "^1.0.3",
        "chokidar": "^3.6.0",
        "cross-env": "^7.0.3",
-        "esbuild": "^0.21.4",
+        "esbuild": "^0.21.5",
        "eslint": "^8.57.0",
        "eslint-config-google": "^0.14.0",
        "eslint-plugin-custom-elements": "0.0.8",
@ -111,16 +111,16 @@
        "glob": "^10.4.1",
        "lit-analyzer": "^2.0.3",
        "npm-run-all": "^4.1.5",
-        "prettier": "^3.3.0",
+        "prettier": "^3.3.1",
        "pseudolocale": "^2.0.0",
        "react": "^18.2.0",
        "react-dom": "^18.3.1",
        "rollup-plugin-modify": "^3.0.0",
        "rollup-plugin-postcss-lit": "^2.1.0",
-        "storybook": "^8.1.5",
+        "storybook": "^8.1.6",
        "storybook-addon-mock": "^5.0.0",
        "ts-lit-plugin": "^2.0.2",
-        "tslib": "^2.6.2",
+        "tslib": "^2.6.3",
        "turnstile-types": "^1.2.1",
        "typescript": "^5.4.5",
        "vite-tsconfig-paths": "^4.3.2"
--- a/web/src/admin/property-mappings/PropertyMappingTestForm.ts
+++ b/web/src/admin/property-mappings/PropertyMappingTestForm.ts
@ -126,6 +126,7 @@ export class PolicyTestForm extends Form<PropertyMappingTestRequest> {
    renderForm(): TemplateResult {
        return html`<ak-form-element-horizontal label=${msg("User")} name="user">
                <ak-search-select
                    blankable
                    .fetchObjects=${async (query?: string): Promise<User[]> => {
                        const args: CoreUsersListRequest = {
                            ordering: "username",
@ -153,6 +154,7 @@ export class PolicyTestForm extends Form<PropertyMappingTestRequest> {
            </ak-form-element-horizontal>
            <ak-form-element-horizontal label=${msg("Group")} name="group">
                <ak-search-select
                    blankable
                    .fetchObjects=${async (query?: string): Promise<Group[]> => {
                        const args: CoreGroupsListRequest = {
                            ordering: "name",
--- a/web/src/admin/providers/google_workspace/GoogleWorkspaceProviderGroupList.ts
+++ b/web/src/admin/providers/google_workspace/GoogleWorkspaceProviderGroupList.ts
@ -1,5 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { msg } from "@lit/localize";
@ -19,6 +20,26 @@ export class GoogleWorkspaceProviderGroupList extends Table<GoogleWorkspaceProvi
        return true;
    }
    checkbox = true;
    clearOnRefresh = true;
    renderToolbarSelected(): TemplateResult {
        const disabled = this.selectedElements.length < 1;
        return html`<ak-forms-delete-bulk
            objectLabel=${msg("Google Workspace Group(s)")}
            .objects=${this.selectedElements}
            .delete=${(item: GoogleWorkspaceProviderGroup) => {
                return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceGroupsDestroy({
                    id: item.id,
                });
            }}
        >
            <button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
                ${msg("Delete")}
            </button>
        </ak-forms-delete-bulk>`;
    }
    async apiEndpoint(page: number): Promise<PaginatedResponse<GoogleWorkspaceProviderGroup>> {
        return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceGroupsList({
            page: page,
--- a/web/src/admin/providers/google_workspace/GoogleWorkspaceProviderUserList.ts
+++ b/web/src/admin/providers/google_workspace/GoogleWorkspaceProviderUserList.ts
@ -1,5 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { msg } from "@lit/localize";
@ -19,6 +20,26 @@ export class GoogleWorkspaceProviderUserList extends Table<GoogleWorkspaceProvid
    expandable = true;
    checkbox = true;
    clearOnRefresh = true;
    renderToolbarSelected(): TemplateResult {
        const disabled = this.selectedElements.length < 1;
        return html`<ak-forms-delete-bulk
            objectLabel=${msg("Google Workspace User(s)")}
            .objects=${this.selectedElements}
            .delete=${(item: GoogleWorkspaceProviderUser) => {
                return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceUsersDestroy({
                    id: item.id,
                });
            }}
        >
            <button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
                ${msg("Delete")}
            </button>
        </ak-forms-delete-bulk>`;
    }
    async apiEndpoint(page: number): Promise<PaginatedResponse<GoogleWorkspaceProviderUser>> {
        return new ProvidersApi(DEFAULT_CONFIG).providersGoogleWorkspaceUsersList({
            page: page,
--- a/web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderGroupList.ts
+++ b/web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderGroupList.ts
@ -1,5 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { msg } from "@lit/localize";
@ -19,6 +20,23 @@ export class MicrosoftEntraProviderGroupList extends Table<MicrosoftEntraProvide
        return true;
    }
    renderToolbarSelected(): TemplateResult {
        const disabled = this.selectedElements.length < 1;
        return html`<ak-forms-delete-bulk
            objectLabel=${msg("Microsoft Entra Group(s)")}
            .objects=${this.selectedElements}
            .delete=${(item: MicrosoftEntraProviderGroup) => {
                return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraGroupsDestroy({
                    id: item.id,
                });
            }}
        >
            <button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
                ${msg("Delete")}
            </button>
        </ak-forms-delete-bulk>`;
    }
    async apiEndpoint(page: number): Promise<PaginatedResponse<MicrosoftEntraProviderGroup>> {
        return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraGroupsList({
            page: page,
--- a/web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderUserList.ts
+++ b/web/src/admin/providers/microsoft_entra/MicrosoftEntraProviderUserList.ts
@ -1,5 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { msg } from "@lit/localize";
@ -19,6 +20,26 @@ export class MicrosoftEntraProviderUserList extends Table<MicrosoftEntraProvider
        return true;
    }
    checkbox = true;
    clearOnRefresh = true;
    renderToolbarSelected(): TemplateResult {
        const disabled = this.selectedElements.length < 1;
        return html`<ak-forms-delete-bulk
            objectLabel=${msg("Microsoft Entra User(s)")}
            .objects=${this.selectedElements}
            .delete=${(item: MicrosoftEntraProviderUser) => {
                return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraUsersDestroy({
                    id: item.id,
                });
            }}
        >
            <button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
                ${msg("Delete")}
            </button>
        </ak-forms-delete-bulk>`;
    }
    async apiEndpoint(page: number): Promise<PaginatedResponse<MicrosoftEntraProviderUser>> {
        return new ProvidersApi(DEFAULT_CONFIG).providersMicrosoftEntraUsersList({
            page: page,
--- a/web/src/admin/providers/scim/SCIMProviderGroupList.ts
+++ b/web/src/admin/providers/scim/SCIMProviderGroupList.ts
@ -0,0 +1,63 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import { ProvidersApi, SCIMProviderGroup } from "@goauthentik/api";
@customElement("ak-provider-scim-groups-list")
 export class SCIMProviderGroupList extends Table<SCIMProviderGroup> {
    @property({ type: Number })
    providerId?: number;
    searchEnabled(): boolean {
        return true;
    }
    checkbox = true;
    clearOnRefresh = true;
    renderToolbarSelected(): TemplateResult {
        const disabled = this.selectedElements.length < 1;
        return html`<ak-forms-delete-bulk
            objectLabel=${msg("SCIM Group(s)")}
            .objects=${this.selectedElements}
            .delete=${(item: SCIMProviderGroup) => {
                return new ProvidersApi(DEFAULT_CONFIG).providersScimGroupsDestroy({
                    id: item.id,
                });
            }}
        >
            <button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
                ${msg("Delete")}
            </button>
        </ak-forms-delete-bulk>`;
    }
    async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMProviderGroup>> {
        return new ProvidersApi(DEFAULT_CONFIG).providersScimGroupsList({
            page: page,
            pageSize: (await uiConfig()).pagination.perPage,
            ordering: this.order,
            search: this.search || "",
            providerId: this.providerId,
        });
    }
    columns(): TableColumn[] {
        return [new TableColumn(msg("Name")), new TableColumn(msg("ID"))];
    }
    row(item: SCIMProviderGroup): TemplateResult[] {
        return [
            html`<a href="#/identity/groups/${item.groupObj.pk}">
                <div>${item.groupObj.name}</div>
            </a>`,
            html`${item.id}`,
        ];
    }
 }
--- a/web/src/admin/providers/scim/SCIMProviderUserList.ts
+++ b/web/src/admin/providers/scim/SCIMProviderUserList.ts
@ -0,0 +1,64 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { uiConfig } from "@goauthentik/common/ui/config";
 import "@goauthentik/elements/forms/DeleteBulkForm";
 import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
 import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import { ProvidersApi, SCIMProviderUser } from "@goauthentik/api";
@customElement("ak-provider-scim-users-list")
 export class SCIMProviderUserList extends Table<SCIMProviderUser> {
    @property({ type: Number })
    providerId?: number;
    searchEnabled(): boolean {
        return true;
    }
    checkbox = true;
    clearOnRefresh = true;
    renderToolbarSelected(): TemplateResult {
        const disabled = this.selectedElements.length < 1;
        return html`<ak-forms-delete-bulk
            objectLabel=${msg("SCIM User(s)")}
            .objects=${this.selectedElements}
            .delete=${(item: SCIMProviderUser) => {
                return new ProvidersApi(DEFAULT_CONFIG).providersScimUsersDestroy({
                    id: item.id,
                });
            }}
        >
            <button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
                ${msg("Delete")}
            </button>
        </ak-forms-delete-bulk>`;
    }
    async apiEndpoint(page: number): Promise<PaginatedResponse<SCIMProviderUser>> {
        return new ProvidersApi(DEFAULT_CONFIG).providersScimUsersList({
            page: page,
            pageSize: (await uiConfig()).pagination.perPage,
            ordering: this.order,
            search: this.search || "",
            providerId: this.providerId,
        });
    }
    columns(): TableColumn[] {
        return [new TableColumn(msg("Username")), new TableColumn(msg("ID"))];
    }
    row(item: SCIMProviderUser): TemplateResult[] {
        return [
            html`<a href="#/identity/users/${item.userObj.pk}">
                <div>${item.userObj.username}</div>
                <small>${item.userObj.name}</small>
            </a>`,
            html`${item.id}`,
        ];
    }
 }
--- a/web/src/admin/providers/scim/SCIMProviderViewPage.ts
+++ b/web/src/admin/providers/scim/SCIMProviderViewPage.ts
@ -1,4 +1,6 @@
 import "@goauthentik/admin/providers/scim/SCIMProviderForm";
 import "@goauthentik/admin/providers/scim/SCIMProviderGroupList";
 import "@goauthentik/admin/providers/scim/SCIMProviderUserList";
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { EVENT_REFRESH } from "@goauthentik/common/constants";
 import "@goauthentik/components/events/ObjectChangelog";
@ -102,6 +104,28 @@ export class SCIMProviderViewPage extends AKElement {
                    </div>
                </div>
            </section>
            <section
                slot="page-users"
                data-tab-title="${msg("Provisioned Users")}"
                class="pf-c-page__main-section pf-m-no-padding-mobile"
            >
                <div class="pf-l-grid pf-m-gutter">
                    <ak-provider-scim-users-list
                        providerId=${this.provider.pk}
                    ></ak-provider-scim-users-list>
                </div>
            </section>
            <section
                slot="page-groups"
                data-tab-title="${msg("Provisioned Groups")}"
                class="pf-c-page__main-section pf-m-no-padding-mobile"
            >
                <div class="pf-l-grid pf-m-gutter">
                    <ak-provider-scim-groups-list
                        providerId=${this.provider.pk}
                    ></ak-provider-scim-groups-list>
                </div>
            </section>
            <ak-rbac-object-permission-page
                slot="page-permissions"
                data-tab-title="${msg("Permissions")}"
--- a/web/src/flow/FlowInspector.ts
+++ b/web/src/flow/FlowInspector.ts
@ -15,7 +15,7 @@ import PFProgressStepper from "@patternfly/patternfly/components/ProgressStepper
 import PFStack from "@patternfly/patternfly/layouts/Stack/stack.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
-import { FlowInspection, FlowsApi, Stage } from "@goauthentik/api";
+import { FlowInspection, FlowsApi, ResponseError, Stage } from "@goauthentik/api";
@customElement("ak-flow-inspector")
 export class FlowInspector extends AKElement {
@ -25,7 +25,7 @@ export class FlowInspector extends AKElement {
    state?: FlowInspection;
    @property({ attribute: false })
-    error?: Response;
+    error?: ResponseError;
    static get styles(): CSSResult[] {
        return [
@ -70,6 +70,7 @@ export class FlowInspector extends AKElement {
                flowSlug: this.flowSlug,
            })
            .then((state) => {
                this.error = undefined;
                this.state = state;
            })
            .catch((exc) => {
@ -100,7 +101,7 @@ export class FlowInspector extends AKElement {
                    <div class="pf-l-stack pf-m-gutter">
                        <div class="pf-l-stack__item">
                            <div class="pf-c-card">
-                                <div class="pf-c-card__body">${this.error?.statusText}</div>
+                                <div class="pf-c-card__body">${this.error?.message}</div>
                            </div>
                        </div>
                    </div>
--- a/web/xliff/de.xlf
+++ b/web/xliff/de.xlf
@ -6641,6 +6641,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/en.xlf
+++ b/web/xliff/en.xlf
@ -6907,6 +6907,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/es.xlf
+++ b/web/xliff/es.xlf
@ -6558,6 +6558,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/fr.xlf
+++ b/web/xliff/fr.xlf
@ -8604,108 +8604,191 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="s8cfd29891b2c93f0">
  <source>Google Workspace Provider</source>
  <target>Fournisseur Google Workspace</target>
 </trans-unit>
 <trans-unit id="sa817aa9f6f88a991">
  <source>Credentials</source>
  <target>Identifiants</target>
 </trans-unit>
 <trans-unit id="sc668815044e218c2">
  <source>Delegated Subject</source>
  <target>Sujet délégué</target>
 </trans-unit>
 <trans-unit id="se89a9ecf275e4343">
  <source>Default group email domain</source>
  <target>Domaine de courriel de groupe par défaut</target>
 </trans-unit>
 <trans-unit id="s64a0a6da6ed6d680">
  <source>Default domain that is used to generate a group's email address. Can be customized using property mappings.</source>
  <target>Domain par défaut utilisé pour générer le courriel d'un groupe. Peut être personnalisé avec des mappages de propriété.</target>
 </trans-unit>
 <trans-unit id="sd061e65955e036ca">
  <source>User deletion action</source>
  <target>Action de suppression d'un utilisateur</target>
 </trans-unit>
 <trans-unit id="s87f86f65b5e19ea7">
  <source>User is deleted</source>
  <target>L'utilisateur est supprimé</target>
 </trans-unit>
 <trans-unit id="s3906cd4a102867a3">
  <source>Suspend</source>
  <target>Suspendre</target>
 </trans-unit>
 <trans-unit id="s0bf5b364e2c79392">
  <source>User is suspended, and connection to user in authentik is removed.</source>
  <target>L'utilisateur est suspendu, et la connection à authentik est supprimée.</target>
 </trans-unit>
 <trans-unit id="s4acb0250d735c2a9">
  <source>Do Nothing</source>
  <target>Ne rien faire</target>
 </trans-unit>
 <trans-unit id="s5fe525d19499ed47">
  <source>The connection is removed but the user is not modified</source>
  <target>La connexion est supprimée mais l'utilisateur n'est pas modifié</target>
 </trans-unit>
 <trans-unit id="s676a0127c35d240a">
  <source>Determines what authentik will do when a User is deleted.</source>
  <target>Détermine ce qu'authentik fera si un utilisateur est supprimé.</target>
 </trans-unit>
 <trans-unit id="sd1aa04cc32caf2b0">
  <source>Group deletion action</source>
  <target>Action de suppression d'un groupe</target>
 </trans-unit>
 <trans-unit id="s874c788479481131">
  <source>Group is deleted</source>
  <target>Le groupe est supprimé</target>
 </trans-unit>
 <trans-unit id="s0983fa9b84e4a9f7">
  <source>The connection is removed but the group is not modified</source>
  <target>La connexion est supprimée mais le groupe n'est pas modifié</target>
 </trans-unit>
 <trans-unit id="sdb872a9f425937fa">
  <source>Determines what authentik will do when a Group is deleted.</source>
  <target>Détermine ce qu'authentik fera si un groupe est supprimé.</target>
 </trans-unit>
 <trans-unit id="sa5f28f1ad0bee45b">
  <source>Google Workspace Provider is in preview.</source>
  <target>Le fournisseur Google Workspace est en aperçu technique.</target>
 </trans-unit>
 <trans-unit id="s958928ab6208d748">
  <source>Microsoft Entra Provider</source>
  <target>Fournisseur Microsoft Entra</target>
 </trans-unit>
 <trans-unit id="sc7d6bc4aebb58fe9">
  <source>Google Cloud credentials file.</source>
  <target>Fichier d'identifiants Google Cloud.</target>
 </trans-unit>
 <trans-unit id="s2e707072d5a9615d">
  <source>Email address of the user the actions of authentik will be delegated to.</source>
  <target>Courriel de l'utilisateur auquel les actions d'authentik seront déléguées.</target>
 </trans-unit>
 <trans-unit id="s03a759e65ceb722d">
  <source>Client ID for the app registration.</source>
  <target>Client ID pour l'enregistrement de l'application.</target>
 </trans-unit>
 <trans-unit id="s479980cf9252628c">
  <source>Client secret for the app registration.</source>
  <target>Client secret pour l'enregistrement de l'application.</target>
 </trans-unit>
 <trans-unit id="s25c2392ffcb78df2">
  <source>Tenant ID</source>
  <target>Tenant ID</target>
 </trans-unit>
 <trans-unit id="s89e4e698cdb1187f">
  <source>ID of the tenant accounts will be synced into.</source>
  <target>ID du tenant dans lequel les comptes seront synchronisés.</target>
 </trans-unit>
 <trans-unit id="sf341f5dfc7a11633">
  <source>Microsoft Entra Provider is in preview.</source>
  <target>Le fournisseur Microsoft Entra est en aperçu technique.</target>
 </trans-unit>
 <trans-unit id="s79dd6df244c05ae9">
  <source>Update Microsoft Entra Provider</source>
  <target>Mettre à jour le fournisseur Microsoft Entra</target>
 </trans-unit>
 <trans-unit id="saf4b498d81141878">
  <source>Finished successfully</source>
  <target>Fini avec succès</target>
 </trans-unit>
 <trans-unit id="s46f1d86ffec6223c">
  <source>Finished with errors</source>
  <target>Fini avec erreurs</target>
 </trans-unit>
 <trans-unit id="sbd12ed8a1053a108">
  <source>Finished <x id="0" equiv-text="${getRelativeTime(task.finishTimestamp)}"/> (<x id="1" equiv-text="${task.finishTimestamp.toLocaleString()}"/>)</source>
  <target>Fini <x id="0" equiv-text="${getRelativeTime(task.finishTimestamp)}"/> (<x id="1" equiv-text="${task.finishTimestamp.toLocaleString()}"/>)</target>
 </trans-unit>
 <trans-unit id="sc3c334d642866997">
  <source>Sync currently running</source>
  <target>Synchronisation en cours</target>
 </trans-unit>
 <trans-unit id="sd520a4089006ca93">
  <source>Update Google Workspace Provider</source>
  <target>Mettre à jour le fournisseur Google Workspace</target>
 </trans-unit>
 <trans-unit id="sfdfa5bb4ddd99d70">
  <source>Enterprise only</source>
  <target>Entreprise uniquement</target>
 </trans-unit>
 <trans-unit id="scffa59cfac1951f2">
  <source><x id="0" equiv-text="${type.name}"/> Icon</source>
  <target>Icône <x id="0" equiv-text="${type.name}"/></target>
 </trans-unit>
 <trans-unit id="s1da3499258024860">
  <source><x id="0" equiv-text="${versionString}"/> (build <x id="1" equiv-text="${this.outpostHealth.buildHash.substring(0, 8)}"/>)</source>
  <target><x id="0" equiv-text="${versionString}"/> (build <x id="1" equiv-text="${this.outpostHealth.buildHash.substring(0, 8)}"/>)</target>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
  <target><x id="0" equiv-text="${versionString}"/> (FIPS)</target>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
  <target>Seuil minimum du score</target>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
  <target>Score minimum requis pour continuer</target>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
  <target>Seuil maximum du score</target>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
  <target>Score maximum requis pour continuer</target>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
  <target>Erreur sur score invalide</target>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
  <target>Si activé et que le score résultant est hors des seuils, l'utilisateur ne pourra pas continuer. Si désactivé, l'utilisateur pourra continuer et le score pourra être utilisé dans des politiques pour configurer les étapes suivantes.</target>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
  <target>Groupe(s) du fournisseur Microsoft Entra</target>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
  <target>Utilisateur(s) du fournisseur Microsoft Entra</target>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
  <target>Groupe(s) du fournisseur Google Workspace</target>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
  <target>Utilisateur(s) du fournisseur Google Workspace</target>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
  <target>Groupe(s) du fournisseur SCIM</target>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
  <target>Utilisateur(s) du fournisseur SCIM</target>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/ko.xlf
+++ b/web/xliff/ko.xlf
@ -8487,6 +8487,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/nl.xlf
+++ b/web/xliff/nl.xlf
@ -8331,6 +8331,42 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/pl.xlf
+++ b/web/xliff/pl.xlf
--- a/web/xliff/pseudo-LOCALE.xlf
+++ b/web/xliff/pseudo-LOCALE.xlf
@ -8602,4 +8602,40 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
 </body></file></xliff>
--- a/web/xliff/tr.xlf
+++ b/web/xliff/tr.xlf
@ -6551,6 +6551,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh-CN.xlf
+++ b/web/xliff/zh-CN.xlf
@ -5473,6 +5473,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/zh-Hans.xlf
+++ b/web/xliff/zh-Hans.xlf
@ -8743,6 +8743,54 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
  <target><x id="0" equiv-text="${versionString}"/>（FIPS）</target>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
  <target>分数最小阈值</target>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
  <target>允许继续所需的最小分数</target>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
  <target>分数最大阈值</target>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
  <target>允许继续所需的最大分数</target>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
  <target>分数无效时报错</target>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
  <target>启用时，如果结果分数超出阈值，用户将无法继续。禁用时，用户可以继续，分数可用于自定义下一阶段的策略。</target>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
  <target>Microsoft Entra 组</target>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
  <target>Microsoft Entra 用户</target>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
  <target>Google Workspace 组</target>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
  <target>Google Workspace 用户</target>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
  <target>SCIM 组</target>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
  <target>SCIM 用户</target>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh-Hant.xlf
+++ b/web/xliff/zh-Hant.xlf
@ -6599,6 +6599,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh_CN.xlf
+++ b/web/xliff/zh_CN.xlf
@ -8743,6 +8743,54 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
  <target><x id="0" equiv-text="${versionString}"/>（FIPS）</target>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
  <target>分数最小阈值</target>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
  <target>允许继续所需的最小分数</target>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
  <target>分数最大阈值</target>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
  <target>允许继续所需的最大分数</target>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
  <target>分数无效时报错</target>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
  <target>启用时，如果结果分数超出阈值，用户将无法继续。禁用时，用户可以继续，分数可用于自定义下一阶段的策略。</target>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
  <target>Microsoft Entra 组</target>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
  <target>Microsoft Entra 用户</target>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
  <target>Google Workspace 组</target>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
  <target>Google Workspace 用户</target>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
  <target>SCIM 组</target>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
  <target>SCIM 用户</target>
 </trans-unit>
    </body>
  </file>
--- a/web/xliff/zh_TW.xlf
+++ b/web/xliff/zh_TW.xlf
@ -8448,6 +8448,42 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s001fd928369d4ddc">
  <source><x id="0" equiv-text="${versionString}"/> (FIPS)</source>
 </trans-unit>
 <trans-unit id="sce17c2bdea3e6ace">
  <source>Score minimum threshold</source>
 </trans-unit>
 <trans-unit id="sf2fcb974c62625fc">
  <source>Minimum required score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s7452199a73ce8b78">
  <source>Score maximum threshold</source>
 </trans-unit>
 <trans-unit id="s2d3a6cd50b46b44d">
  <source>Maximum allowed score to allow continuing</source>
 </trans-unit>
 <trans-unit id="s9d6e40d9a9a58fbf">
  <source>Error on invalid score</source>
 </trans-unit>
 <trans-unit id="s2af59e2f9f12847a">
  <source>When enabled and the resultant score is outside the threshold, the user will not be able to continue. When disabled, the user will be able to continue and the score can be used in policies to customize further stages.</source>
 </trans-unit>
 <trans-unit id="s10092327ad833090">
  <source>Microsoft Entra Group(s)</source>
 </trans-unit>
 <trans-unit id="s811c45ad24a5feae">
  <source>Microsoft Entra User(s)</source>
 </trans-unit>
 <trans-unit id="s7d2d3d298fdccfc8">
  <source>Google Workspace Group(s)</source>
 </trans-unit>
 <trans-unit id="s8c9cf2c004755526">
  <source>Google Workspace User(s)</source>
 </trans-unit>
 <trans-unit id="sd000b42fea07c34a">
  <source>SCIM Group(s)</source>
 </trans-unit>
 <trans-unit id="s146769fb55f1ee50">
  <source>SCIM User(s)</source>
 </trans-unit>
    </body>
  </file>
--- a/website/docs/troubleshooting/postgres/upgrade_docker.md
+++ b/website/docs/troubleshooting/postgres/upgrade_docker.md
@ -36,7 +36,7 @@ Add `network_mode: none` to prevent connections being established to the databas
 Pull new images and re-create the PostgreSQL container: `docker compose pull && docker compose up --force-recreate -d postgresql`
-Apply your backup to the new database: `cat upgrade_backup_12.sql | docker compose exec postgresql psql -U authentik`
+Apply your backup to the new database: `cat upgrade_backup_12.sql | docker compose exec -T postgresql psql -U authentik`
 Remove the network configuration setting `network_mode: none` that you added to the Compose file in the previous step.
--- a/website/integrations/services/aws/index.md
+++ b/website/integrations/services/aws/index.md
@ -8,7 +8,7 @@ title: Amazon Web Services
 > Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud, with more than 200 fully featured services available from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, increase security, become more agile, and innovate faster.
 >
-> -- https://www.aboutamazon.com/what-we-do/amazon-web-
+> -- https://www.aboutamazon.com/what-we-do/amazon-web-services
 ## Select your method
--- a/website/integrations/services/gitea/index.md
+++ b/website/integrations/services/gitea/index.md
@ -168,7 +168,7 @@ gitea:
          provider: "openidConnect"
          key: "CLIENT_ID_FROM_AUTHENTIK" #Step 1
          secret: "CLIENT_SECRET_FROM_AUTHENTIK" #Step 1
-          autoDiscoveryUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
+          autoDiscoverUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
          iconUrl: "https://goauthentik.io/img/icon.png"
          scopes: "email profile"
 ```
@ -198,7 +198,7 @@ gitea:
        - name: "authentik"
          provider: "openidConnect"
          existingSecret: gitea-authentik-secret
-          autoDiscoveryUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
+          autoDiscoverUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
          iconUrl: "https://goauthentik.io/img/icon.png"
          scopes: "email profile"
 ```
--- a/website/package-lock.json
+++ b/website/package-lock.json
@ -35,7 +35,7 @@
                "@docusaurus/tsconfig": "^3.4.0",
                "@docusaurus/types": "^3.3.2",
                "@types/react": "^18.3.3",
-                "prettier": "3.3.0",
+                "prettier": "3.3.1",
                "typescript": "~5.4.5"
            },
            "engines": {
@ -15002,9 +15002,9 @@
            }
        },
        "node_modules/prettier": {
-            "version": "3.3.0",
+            "version": "3.3.1",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.0.tgz",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.1.tgz",
-            "integrity": "sha512-J9odKxERhCQ10OC2yb93583f6UnYutOeiV5i0zEDS7UGTdUt0u+y8erxl3lBKvwo/JHyyoEdXjwp4dke9oyZ/g==",
+            "integrity": "sha512-7CAwy5dRsxs8PHXT3twixW9/OEll8MLE0VRPCJyl7CkS6VHGPSlsVaWTiASPTyGyYRyApxlaWTzwUxVNrhcwDg==",
            "dev": true,
            "bin": {
                "prettier": "bin/prettier.cjs"
--- a/website/package.json
+++ b/website/package.json
@ -54,7 +54,7 @@
        "@docusaurus/tsconfig": "^3.4.0",
        "@docusaurus/types": "^3.3.2",
        "@types/react": "^18.3.3",
-        "prettier": "3.3.0",
+        "prettier": "3.3.1",
        "typescript": "~5.4.5"
    },
    "engines": {