5ea4580884
security: fix CVE 2024 52307 ( #12115 )
...
* security: fix CVE-2024-52307
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:24:28 +01:00
e9c29e1644
security: fix CVE 2024 52287 ( #12114 )
...
* security: CVE-2024-52287
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-21 14:22:46 +01:00
a9b3a4cf25
website/docs: add CSP to hardening ( #11970 )
...
* add CSP to hardening
* re-word docs
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
* fix typo
* use the correct term "location" instead of "origin" in CSP docs
* reword docs
* add comments to permissive CSP directives
* add warning about overwriting existing CSP headers
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com >
2024-11-21 14:20:04 +01:00
96964d2950
core: bump uvicorn from 0.32.0 to 0.32.1 ( #12103 )
...
Bumps [uvicorn](https://github.com/encode/uvicorn ) from 0.32.0 to 0.32.1.
- [Release notes](https://github.com/encode/uvicorn/releases )
- [Changelog](https://github.com/encode/uvicorn/blob/master/CHANGELOG.md )
- [Commits](https://github.com/encode/uvicorn/compare/0.32.0...0.32.1 )
---
updated-dependencies:
- dependency-name: uvicorn
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-21 13:08:15 +01:00
c89f663ca8
core: bump google-api-python-client from 2.153.0 to 2.154.0 ( #12104 )
...
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client ) from 2.153.0 to 2.154.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases )
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.153.0...v2.154.0 )
---
updated-dependencies:
- dependency-name: google-api-python-client
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-21 13:07:55 +01:00
2ccb21ac87
core: bump pydantic from 2.9.2 to 2.10.0 ( #12105 )
...
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 2.9.2 to 2.10.0.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v2.9.2...v2.10.0 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-21 13:07:25 +01:00
d383cca297
translate: Updates for file locale/en/LC_MESSAGES/django.po in it ( #12110 )
...
Translate locale/en/LC_MESSAGES/django.po in it
100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'it'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-21 13:06:46 +01:00
4189981995
internal: add CSP header to files in /media ( #12092 )
...
add CSP header to files in `/media`
This fixes a security issue of stored cross-site scripting via embedding
JavaScript in SVG files by a malicious user with `can_save_media`
capability.
This can be exploited if:
- the uploaded file is served from the same origin as authentik, and
- the user opens the uploaded file directly in their browser
Co-authored-by: Jens L. <jens@goauthentik.io >
2024-11-21 09:16:07 +01:00
3e6ed8d213
core, web: update translations ( #12101 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com >
2024-11-21 01:11:15 +01:00
505b61225a
web: fix bug that prevented error reporting in current wizard. ( #12033 )
...
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* web/bugfix/fix-reporting-in-wizard-submit
# What
- Preserves the errors locally for the Wizard, providing explanation and links to fix the issues
# Why
Just a silly mistake on my part. There shouldn't be two copies of errors (and there isn't in the BIG
PRs), but this is how it's designed right now and making the errors show up is an easy fix. In doing
so, the "hack" to move the "bad provider name" to the provider page is included.
* Updated package.json to use Chromedriver 130
2024-11-20 15:23:55 -08:00
e5caa76276
website/docs: group CVEs by year ( #12099 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 23:03:47 +01:00
d4bf3b7068
root: check remote IP for proxy protocol same as HTTP/etc ( #12094 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 21:33:35 +01:00
14867e3fdd
root: fix activation of locale not being scoped ( #12091 )
...
closes #12088
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 21:31:00 +01:00
a681af0c6e
providers/scim: accept string and int for SCIM IDs ( #12093 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-20 18:36:29 +01:00
dc9de43399
website: bump the docusaurus group in /website with 9 updates ( #12086 )
...
Bumps the docusaurus group in /website with 9 updates:
| Package | From | To |
| --- | --- | --- |
| [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus ) | `3.6.1` | `3.6.2` |
| [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects ) | `3.6.1` | `3.6.2` |
| [@docusaurus/plugin-content-docs](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-content-docs ) | `3.6.1` | `3.6.2` |
| [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic ) | `3.6.1` | `3.6.2` |
| [@docusaurus/theme-common](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-common ) | `3.6.1` | `3.6.2` |
| [@docusaurus/theme-mermaid](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-theme-mermaid ) | `3.6.1` | `3.6.2` |
| [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases ) | `3.6.1` | `3.6.2` |
| [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig ) | `3.6.1` | `3.6.2` |
| [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types ) | `3.6.1` | `3.6.2` |
Updates `@docusaurus/core` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus )
Updates `@docusaurus/plugin-client-redirects` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-plugin-client-redirects )
Updates `@docusaurus/plugin-content-docs` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-plugin-content-docs )
Updates `@docusaurus/preset-classic` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-preset-classic )
Updates `@docusaurus/theme-common` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-theme-common )
Updates `@docusaurus/theme-mermaid` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-theme-mermaid )
Updates `@docusaurus/module-type-aliases` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-module-type-aliases )
Updates `@docusaurus/tsconfig` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-tsconfig )
Updates `@docusaurus/types` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/facebook/docusaurus/releases )
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md )
- [Commits](https://github.com/facebook/docusaurus/commits/v3.6.2/packages/docusaurus-types )
---
updated-dependencies:
- dependency-name: "@docusaurus/core"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-client-redirects"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/plugin-content-docs"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/preset-classic"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-common"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/theme-mermaid"
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/module-type-aliases"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/tsconfig"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
- dependency-name: "@docusaurus/types"
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: docusaurus
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-20 13:53:15 +01:00
01fc5eb4ce
core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link ( #12080 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-19 18:27:04 +01:00
50015c5463
translate: Updates for file locale/en/LC_MESSAGES/django.po in de ( #12079 )
...
Translate locale/en/LC_MESSAGES/django.po in de
100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'de'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-19 17:33:23 +01:00
83d281eae5
scripts: remove read_replicas from generated dev config ( #12078 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-19 17:33:02 +01:00
9e96f19cb9
core: bump geoip2 from 4.8.0 to 4.8.1 ( #12071 )
...
Bumps [geoip2](https://github.com/maxmind/GeoIP2-python ) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/maxmind/GeoIP2-python/releases )
- [Changelog](https://github.com/maxmind/GeoIP2-python/blob/main/HISTORY.rst )
- [Commits](https://github.com/maxmind/GeoIP2-python/compare/v4.8.0...v4.8.1 )
---
updated-dependencies:
- dependency-name: geoip2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 14:23:30 +01:00
3cec4d23e8
core: bump goauthentik.io/api/v3 from 3.2024100.2 to 3.2024102.2 ( #12072 )
...
Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go ) from 3.2024100.2 to 3.2024102.2.
- [Release notes](https://github.com/goauthentik/client-go/releases )
- [Changelog](https://github.com/goauthentik/client-go/blob/main/model_version_history.go )
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024100.2...v3.2024102.2 )
---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 14:22:57 +01:00
a70be016d9
core: bump maxmind/geoipupdate from v7.0.1 to v7.1.0 ( #12073 )
...
Bumps maxmind/geoipupdate from v7.0.1 to v7.1.0.
---
updated-dependencies:
- dependency-name: maxmind/geoipupdate
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 14:22:49 +01:00
c957a5016d
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN ( #12074 )
...
Translate locale/en/LC_MESSAGES/django.po in zh_CN
100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-19 14:22:31 +01:00
f4d9b2e6bd
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans ( #12075 )
...
Translate django.po in zh-Hans
100% translated source file: 'django.po'
on 'zh-Hans'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-19 14:22:10 +01:00
0e033d1f61
translate: Updates for file web/xliff/en.xlf in zh-Hans ( #12076 )
...
Translate web/xliff/en.xlf in zh-Hans
100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-19 14:21:53 +01:00
c8e6e60f70
translate: Updates for file web/xliff/en.xlf in zh_CN ( #12077 )
...
Translate web/xliff/en.xlf in zh_CN
100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-19 14:21:34 +01:00
ce997f4473
web/admin: auto-prefill user path for new users based on selected path ( #12070 )
...
web/admin: auto-select user path based on selected path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-19 14:20:02 +01:00
be30cb4553
core: bump aiohttp from 3.10.2 to 3.10.11 ( #12069 )
...
Bumps [aiohttp](https://github.com/aio-libs/aiohttp ) from 3.10.2 to 3.10.11.
- [Release notes](https://github.com/aio-libs/aiohttp/releases )
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst )
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.10.2...v3.10.11 )
---
updated-dependencies:
- dependency-name: aiohttp
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-19 01:48:55 +01:00
88b6076161
web/admin: fix brand title not respected in application list ( #12068 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-18 22:39:05 +01:00
fbba672161
core: bump pyjwt from 2.9.0 to 2.10.0 ( #12063 )
...
Bumps [pyjwt](https://github.com/jpadilla/pyjwt ) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases )
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.9.0...2.10.0 )
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 14:57:56 +01:00
b4e41de8ba
web: add italian locale ( #11958 )
...
* Update lit-localize.json add italian
Signed-off-by: tmassimi <tmassimi@users.noreply.github.com >
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: tmassimi <tmassimi@users.noreply.github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2024-11-18 14:57:25 +01:00
ac00386a29
web/admin: better footer links ( #12004 )
...
* web: Add InvalidationFlow to Radius Provider dialogues
## What
- Bugfix: adds the InvalidationFlow to the Radius Provider dialogues
- Repairs: `{"invalidation_flow":["This field is required."]}` message, which was *not* propagated
to the Notification.
- Nitpick: Pretties `?foo=${true}` expressions: `s/\?([^=]+)=\$\{true\}/\1/`
## Note
Yes, I know I'm going to have to do more magic when we harmonize the forms, and no, I didn't add the
Property Mappings to the wizard, and yes, I know I'm going to have pain with the *new* version of
the wizard. But this is a serious bug; you can't make Radius servers with *either* of the current
dialogues at the moment.
* First things first: save the blueprint that initializes the test runner.
* Committing to having the PKs be a string, and streamlining an event handler. Type solidity needed for the footer control.
* web/admin/better-footer-links
# What
- A data control that takes two string fields and returns the JSON object for a FooterLink
- A data control that takes a control like the one above and assists the user in entering a
collection of such objects.
# Why
We're trying to move away from CodeMirror for the simple things, like tables of what is essentially
data entry. Jens proposed this ArrayInput thing, and I've simplified it so you define what "a row"
is as a small, lightweight custom Component that returns and validates the datatype for that row,
and ArrayInput creates a table of rows, and that's that.
We're still working out the details, but the demo is to replace the "Name & URL" table in
AdminSettingsForm with this, since it was silly to ask the customer to hand-write JSON or YAML,
getting the keys right every time, for an `Array<Record<{ name: string, href: string }>>`. And some
client-side validation can't hurt.
Storybook included. Tests to come.
* Not ready for prime time.
* One lint. Other lints are still in progress.
* web: lots of 'as unknown as Foo'
I know this is considered bad practice, but we use Lit and Lit.spread
to send initialization arguments to functions that create DOM
objects, and Lit's prefix convention of '.' for object, '?' for
boolean, and '@' for event handler doesn't map at all to the Interface
declarations of Typescript. So we have to cast these types when
sending them via functions to constructors.
* web/admin/better-footer-links
# What
- Remove the "JSON or YAML" language from the AdminSettings page for describing FooterLinks inputs.
- Add unit tests for ArrayInput and AdminSettingsFooterLinks.
- Provide a property for accessing a component's value
# Why
Providing a property by which the JSONified version of the value can be accessed enhances the
ability of tests to independently check that the value is in a state we desire, since properties can
easily be accessed across the wire protocol used by browser-based testing environments.
* Ensure the UI is built from _current_ before running tests.
2024-11-18 13:17:21 +01:00
10a473eb90
core, web: update translations ( #12052 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <18313093+rissson@users.noreply.github.com >
2024-11-18 13:16:59 +01:00
4744550a3c
core: bump twilio from 9.3.6 to 9.3.7 ( #12061 )
...
Bumps [twilio](https://github.com/twilio/twilio-python ) from 9.3.6 to 9.3.7.
- [Release notes](https://github.com/twilio/twilio-python/releases )
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md )
- [Commits](https://github.com/twilio/twilio-python/compare/9.3.6...9.3.7 )
---
updated-dependencies:
- dependency-name: twilio
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 13:13:44 +01:00
2b8121f765
core: bump ruff from 0.7.3 to 0.7.4 ( #12062 )
...
Bumps [ruff](https://github.com/astral-sh/ruff ) from 0.7.3 to 0.7.4.
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.3...0.7.4 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 13:13:38 +01:00
e900df358d
core: bump setproctitle from 1.3.3 to 1.3.4 ( #12064 )
...
Bumps [setproctitle](https://github.com/dvarrazzo/py-setproctitle ) from 1.3.3 to 1.3.4.
- [Changelog](https://github.com/dvarrazzo/py-setproctitle/blob/master/HISTORY.rst )
- [Commits](https://github.com/dvarrazzo/py-setproctitle/compare/version-1.3.3...version-1.3.4 )
---
updated-dependencies:
- dependency-name: setproctitle
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 13:13:29 +01:00
75df0ab154
core: bump channels from 4.1.0 to 4.2.0 ( #12065 )
...
Bumps [channels](https://github.com/django/channels ) from 4.1.0 to 4.2.0.
- [Changelog](https://github.com/django/channels/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels/compare/4.1.0...4.2.0 )
---
updated-dependencies:
- dependency-name: channels
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 13:13:18 +01:00
826d2eec7a
core: bump coverage from 7.6.5 to 7.6.7 ( #12066 )
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.6.5 to 7.6.7.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.5...7.6.7 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 13:13:08 +01:00
bb5e7628b9
core: bump channels-redis from 4.2.0 to 4.2.1 ( #12067 )
...
Bumps [channels-redis](https://github.com/django/channels_redis ) from 4.2.0 to 4.2.1.
- [Changelog](https://github.com/django/channels_redis/blob/main/CHANGELOG.txt )
- [Commits](https://github.com/django/channels_redis/compare/4.2.0...4.2.1 )
---
updated-dependencies:
- dependency-name: channels-redis
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 13:12:58 +01:00
57e9474658
website: bump cross-spawn from 7.0.3 to 7.0.5 in /website ( #12060 )
...
Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn ) from 7.0.3 to 7.0.5.
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md )
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.5 )
---
updated-dependencies:
- dependency-name: cross-spawn
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-18 03:07:09 +01:00
89b6b7a29a
web: bump API Client version ( #12059 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-11-18 02:37:44 +01:00
4859dc7e68
core: add support to set policy bindings in transactional endpoint ( #10399 )
...
* core: add support to set policy bindings in transactional endpoint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* improve permission checks
especially since we'll be using the wizard as default in the future, it shouldn't be superuser only
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* rebase, fix error response when using duplicate name in provider
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add permission test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-18 00:55:25 +01:00
550e24edde
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans ( #12045 )
...
Translate django.po in zh-Hans
100% translated source file: 'django.po'
on 'zh-Hans'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-15 18:52:24 +01:00
39371bb3a6
translate: Updates for file web/xliff/en.xlf in zh_CN ( #12047 )
...
Translate web/xliff/en.xlf in zh_CN
100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-15 18:52:02 +01:00
cea49c475e
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN ( #12044 )
...
Translate locale/en/LC_MESSAGES/django.po in zh_CN
100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'zh_CN'.
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-15 18:51:48 +01:00
282946c156
translate: Updates for file web/xliff/en.xlf in zh-Hans ( #12046 )
...
* Translate web/xliff/en.xlf in zh-Hans
100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.
* Translate web/xliff/en.xlf in zh-Hans
100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.
---------
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
2024-11-15 18:51:27 +01:00
9c27b81e4b
web/flows: fix invisible captcha call ( #12048 )
...
* fix invisible captcha call
* fix invisible captcha DOM removal
2024-11-15 18:49:57 +01:00
0bdef2a0f4
rbac: fix incorrect object_description for object-level permissions ( #12029 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2024-11-15 14:21:22 +01:00
fcbee2edaa
stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs ( #12036 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2024-11-15 13:53:25 +01:00
6b4c0bcb4b
core: bump coverage from 7.6.4 to 7.6.5 ( #12037 )
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.6.4 to 7.6.5.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.5 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 13:53:14 +01:00
1e19ba6cb0
ci: bump codecov/codecov-action from 4 to 5 ( #12038 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 13:53:06 +01:00
