48ddbc4283
core: Bump msgraph-sdk from 1.12.0 to 1.13.0 ( #12191 )
...
Bumps [msgraph-sdk](https://github.com/microsoftgraph/msgraph-sdk-python ) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/microsoftgraph/msgraph-sdk-python/releases )
- [Changelog](https://github.com/microsoftgraph/msgraph-sdk-python/blob/main/CHANGELOG.md )
- [Commits](https://github.com/microsoftgraph/msgraph-sdk-python/compare/v1.12.0...v1.13.0 )
---
updated-dependencies:
- dependency-name: msgraph-sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-26 14:11:02 +01:00
bd92f9ab50
core: Bump selenium from 4.26.1 to 4.27.0 ( #12192 )
...
Bumps [selenium](https://github.com/SeleniumHQ/Selenium ) from 4.26.1 to 4.27.0.
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases )
- [Commits](https://github.com/SeleniumHQ/Selenium/commits/selenium-4.27.0 )
---
updated-dependencies:
- dependency-name: selenium
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-26 14:10:50 +01:00
6c1ad982a1
website/docs: Fix CSP syntax ( #12124 )
...
Fix CSP syntax
Scheme sources need to not have quotes https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#scheme-source
Signed-off-by: Felix Schäfer <felix.schaefer@tu-dortmund.de >
2024-11-25 18:58:44 +01:00
630e0e6bf2
ci: only mirror if secret is available ( #12181 )
...
* ci: only mirror if secret is available
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix unrelated issues
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-25 14:59:07 +01:00
bebd4cd03f
root: fix database ssl options not set correctly ( #12180 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-25 14:56:05 +01:00
71b9b29a7d
core, web: update translations ( #12145 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com >
2024-11-25 14:32:41 +01:00
cc65fcd806
core: bump tornado from 6.4.1 to 6.4.2 ( #12165 )
...
Bumps [tornado](https://github.com/tornadoweb/tornado ) from 6.4.1 to 6.4.2.
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst )
- [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.1...v6.4.2 )
---
updated-dependencies:
- dependency-name: tornado
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 14:32:14 +01:00
9f82c87d2a
website: bump the docusaurus group in /website with 9 updates ( #12172 )
...
Bumps the docusaurus group in /website with 9 updates:
| Package | From | To |
| --- | --- | --- |
| [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus ) | `3.6.2` | `3.6.3` |
| [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects ) | `3.6.2` | `3.6.3` |
| [@docusaurus/plugin-content-docs](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-content-docs ) | `3.6.2` | `3.6.3` |
| [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic ) | `3.6.2` | `3.6.3` |
| [@docusaurus/theme-common](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-common ) | `3.6.2` | `3.6.3` |
| [@docusaurus/theme-mermaid](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-mermaid ) | `3.6.2` | `3.6.3` |
| [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases ) | `3.6.2` | `3.6.3` |
| [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig ) | `3.6.2` | `3.6.3` |
| [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types ) | `3.6.2` | `3.6.3` |
Updates `@docusaurus/core` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus )
Updates `@docusaurus/plugin-client-redirects` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-plugin-client-redirects )
Updates `@docusaurus/plugin-content-docs` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-plugin-content-docs )
Updates `@docusaurus/preset-classic` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-preset-classic )
Updates `@docusaurus/theme-common` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-theme-common )
Updates `@docusaurus/theme-mermaid` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-theme-mermaid )
Updates `@docusaurus/module-type-aliases` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-module-type-aliases )
Updates `@docusaurus/tsconfig` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-tsconfig )
Updates `@docusaurus/types` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.3/packages/docusaurus-types )
---
updated-dependencies:
- dependency-name: "@docusaurus/core"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-client-redirects"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-content-docs"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/preset-classic"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-common"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-mermaid"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/module-type-aliases"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/tsconfig"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/types"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 11:53:21 +01:00
0f76445ed7
website: bump typescript from 5.6.3 to 5.7.2 in /website ( #12173 )
...
Bumps [typescript](https://github.com/microsoft/TypeScript ) from 5.6.3 to 5.7.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.6.3...v5.7.2 )
---
updated-dependencies:
- dependency-name: typescript
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 11:53:10 +01:00
ab1e9a0cec
ci: bump actions/checkout from 3 to 4 ( #12174 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 11:53:00 +01:00
30fa8ee75f
core: bump github.com/stretchr/testify from 1.9.0 to 1.10.0 ( #12175 )
...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 11:52:50 +01:00
ea9a596780
core: bump coverage from 7.6.7 to 7.6.8 ( #12176 )
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.6.7 to 7.6.8.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.7...7.6.8 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 11:52:41 +01:00
ca34d39c16
core: bump ruff from 0.7.4 to 0.8.0 ( #12177 )
...
Bumps [ruff](https://github.com/astral-sh/ruff ) from 0.7.4 to 0.8.0.
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.4...0.8.0 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-25 11:52:32 +01:00
3d5a189fa7
ci: mirror repo to internal repo ( #12160 )
...
* don't push when on internal repo
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* only run certain workflows on main repo
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add mirror
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* how tf did a tab get in there
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* ooops
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-22 18:26:56 +01:00
785403de18
core: bump goauthentik.io/api/v3 from 3.2024102.2 to 3.2024104.1 ( #12149 )
...
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go ) from 3.2024102.2 to 3.2024104.1.
- [Release notes](https://github.com/goauthentik/client-go/releases )
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go )
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024102.2...v3.2024104.1 )
---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-22 15:22:41 +01:00
1c4165a373
core: bump debugpy from 1.8.8 to 1.8.9 ( #12150 )
...
Bumps [debugpy](https://github.com/microsoft/debugpy ) from 1.8.8 to 1.8.9.
- [Release notes](https://github.com/microsoft/debugpy/releases )
- [Commits](https://github.com/microsoft/debugpy/compare/v1.8.8...v1.8.9 )
---
updated-dependencies:
- dependency-name: debugpy
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-22 14:17:36 +01:00
bbd03b2b05
core: bump webauthn from 2.2.0 to 2.3.0 ( #12151 )
...
Bumps [webauthn](https://github.com/duo-labs/py_webauthn ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases )
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md )
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v2.2.0...v2.3.0 )
---
updated-dependencies:
- dependency-name: webauthn
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-22 14:17:28 +01:00
dd79aec5a6
core: bump pydantic from 2.10.0 to 2.10.1 ( #12152 )
...
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 2.10.0 to 2.10.1.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.0...v2.10.1 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-22 14:17:20 +01:00
3634ae3db9
translate: Updates for file web/xliff/en.xlf in zh_CN ( #12156 )
...
Translate web/xliff/en.xlf in zh_CN
100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-22 14:17:13 +01:00
12e1ee93ed
translate: Updates for file web/xliff/en.xlf in zh-Hans ( #12157 )
...
Translate web/xliff/en.xlf in zh-Hans
100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-22 14:16:52 +01:00
62aa3659b8
core: bump sentry-sdk from 2.18.0 to 2.19.0 ( #12153 )
...
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python ) from 2.18.0 to 2.19.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/2.18.0...2.19.0 )
---
updated-dependencies:
- dependency-name: sentry-sdk
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-22 13:52:28 +01:00
23ec05a86c
web: bump API Client version ( #12147 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-11-22 13:51:40 +01:00
520148bba4
root: Backport version change ( #12146 )
...
* release: 2024.10.3
* release: 2024.10.4
2024-11-22 01:51:30 +01:00
1c5d61209e
website/docs: update info about footer links to match new UI ( #12120 )
...
* edit to match new UI
* polished text
* more tweaks
* additional sentence about Flow Executor and link to docs
---------
Co-authored-by: Tana M Berry <tana@goauthentik.com >
2024-11-21 14:14:15 -06:00
5fd1cdbb49
website/docs: prepare release notes ( #12142 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 19:11:22 +01:00
0831bef098
providers/oauth2: fix migration ( #12138 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 18:54:26 +01:00
26e852e8d5
providers/oauth2: fix migration dependencies ( #12123 )
...
we had to change these dependencies for 2024.8.x since that doesn't have invalidation flows
they also need to be changed for 2024.10 when upgrading, and these migrations don't need the invalidation flow migration at all
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 17:24:47 +01:00
95f54abb58
web: bump API Client version ( #12129 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-11-21 17:24:36 +01:00
a4b6fa1786
providers/oauth2: fix redirect uri input ( #12122 )
...
* fix elements disappearing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix incorrect field input
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix wizard form and display
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 17:21:16 +01:00
2c0923e827
providers/proxy: fix redirect_uri ( #12121 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 17:21:06 +01:00
7f224cbfea
website/docs: prepare release notes ( #12119 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 15:06:17 +01:00
db32439aa9
web: bump API Client version ( #12118 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-11-21 14:50:27 +01:00
85bb638243
security: fix CVE 2024 52289 ( #12113 )
...
* initial migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix loading
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* start dynamic ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* initial ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add serialize
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add error message handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix/add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* prepare docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* migrate to new input
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:46:43 +01:00
5ea4580884
security: fix CVE 2024 52307 ( #12115 )
...
* security: fix CVE-2024-52307
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:24:28 +01:00
e9c29e1644
security: fix CVE 2024 52287 ( #12114 )
...
* security: CVE-2024-52287
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:22:46 +01:00
a9b3a4cf25
website/docs: add CSP to hardening ( #11970 )
...
* add CSP to hardening
* re-word docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* fix typo
* use the correct term "location" instead of "origin" in CSP docs
* reword docs
* add comments to permissive CSP directives
* add warning about overwriting existing CSP headers
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-11-21 14:20:04 +01:00
96964d2950
core: bump uvicorn from 0.32.0 to 0.32.1 ( #12103 )
...
Bumps [uvicorn](https://github.com/encode/uvicorn ) from 0.32.0 to 0.32.1.
- [Release notes](https://github.com/encode/uvicorn/releases )
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md )
- [Commits](https://github.com/encode/uvicorn/compare/0.32.0...0.32.1 )
---
updated-dependencies:
- dependency-name: uvicorn
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-21 13:08:15 +01:00
c89f663ca8
core: bump google-api-python-client from 2.153.0 to 2.154.0 ( #12104 )
...
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client ) from 2.153.0 to 2.154.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases )
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.153.0...v2.154.0 )
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-21 13:07:55 +01:00
2ccb21ac87
core: bump pydantic from 2.9.2 to 2.10.0 ( #12105 )
...
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 2.9.2 to 2.10.0.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v2.9.2...v2.10.0 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-21 13:07:25 +01:00
d383cca297
translate: Updates for file locale/en/LC_MESSAGES/django.po in it ( #12110 )
...
Translate locale/en/LC_MESSAGES/django.po in it
100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'it'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-21 13:06:46 +01:00
4189981995
internal: add CSP header to files in /media ( #12092 )
...
add CSP header to files in `/media`
This fixes a security issue of stored cross-site scripting via embedding
JavaScript in SVG files by a malicious user with `can_save_media`
capability.
This can be exploited if:
- the uploaded file is served from the same origin as authentik, and
- the user opens the uploaded file directly in their browser
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-11-21 09:16:07 +01:00
3e6ed8d213
core, web: update translations ( #12101 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com >
2024-11-21 01:11:15 +01:00
505b61225a
web: fix bug that prevented error reporting in current wizard. ( #12033 )
...
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* web/bugfix/fix-reporting-in-wizard-submit
# What
- Preserves the errors locally for the Wizard, providing explanation and links to fix the issues
# Why
Just a silly mistake on my part. There shouldn't be two copies of errors (and there isn't in the BIG
PRs), but this is how it's designed right now and making the errors show up is an easy fix. In doing
so, the "hack" to move the "bad provider name" to the provider page is included.
* Updated package.json to use Chromedriver 130
2024-11-20 15:23:55 -08:00
e5caa76276
website/docs: group CVEs by year ( #12099 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 23:03:47 +01:00
d4bf3b7068
root: check remote IP for proxy protocol same as HTTP/etc ( #12094 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 21:33:35 +01:00
14867e3fdd
root: fix activation of locale not being scoped ( #12091 )
...
closes #12088
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 21:31:00 +01:00
a681af0c6e
providers/scim: accept string and int for SCIM IDs ( #12093 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 18:36:29 +01:00
dc9de43399
website: bump the docusaurus group in /website with 9 updates ( #12086 )
...
Bumps the docusaurus group in /website with 9 updates:
| Package | From | To |
| --- | --- | --- |
| [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus ) | `3.6.1` | `3.6.2` |
| [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects ) | `3.6.1` | `3.6.2` |
| [@docusaurus/plugin-content-docs](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-content-docs ) | `3.6.1` | `3.6.2` |
| [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic ) | `3.6.1` | `3.6.2` |
| [@docusaurus/theme-common](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-common ) | `3.6.1` | `3.6.2` |
| [@docusaurus/theme-mermaid](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-mermaid ) | `3.6.1` | `3.6.2` |
| [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases ) | `3.6.1` | `3.6.2` |
| [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig ) | `3.6.1` | `3.6.2` |
| [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types ) | `3.6.1` | `3.6.2` |
Updates `@docusaurus/core` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus )
Updates `@docusaurus/plugin-client-redirects` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-plugin-client-redirects )
Updates `@docusaurus/plugin-content-docs` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-plugin-content-docs )
Updates `@docusaurus/preset-classic` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-preset-classic )
Updates `@docusaurus/theme-common` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-theme-common )
Updates `@docusaurus/theme-mermaid` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-theme-mermaid )
Updates `@docusaurus/module-type-aliases` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-module-type-aliases )
Updates `@docusaurus/tsconfig` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-tsconfig )
Updates `@docusaurus/types` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-types )
---
updated-dependencies:
- dependency-name: "@docusaurus/core"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-client-redirects"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-content-docs"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/preset-classic"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-common"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-mermaid"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/module-type-aliases"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/tsconfig"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/types"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-20 13:53:15 +01:00
01fc5eb4ce
core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link ( #12080 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-19 18:27:04 +01:00
50015c5463
translate: Updates for file locale/en/LC_MESSAGES/django.po in de ( #12079 )
...
Translate locale/en/LC_MESSAGES/django.po in de
100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'de'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-19 17:33:23 +01:00
