add tests

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2024.8.1
+current_version = 2024.8.2
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?

.github/dependabot.yml

@@ -44,9 +44,11 @@ updates:
           - "babel-*"
       eslint:
         patterns:
+          - "@eslint/*"
           - "@typescript-eslint/*"
-          - "eslint"
           - "eslint-*"
+          - "eslint"
+          - "typescript-eslint"
       storybook:
         patterns:
           - "@storybook/*"
@@ -54,10 +56,12 @@ updates:
       esbuild:
         patterns:
           - "@esbuild/*"
+          - "esbuild*"
       rollup:
         patterns:
           - "@rollup/*"
           - "rollup-*"
+          - "rollup*"
       swc:
         patterns:
           - "@swc/*"

.github/workflows/ci-web.yml

@@ -45,7 +45,6 @@ jobs:
       - working-directory: ${{ matrix.project }}/
         run: |
           npm ci
-          ${{ matrix.extra_setup }}
       - name: Generate API
         run: make gen-client-ts
       - name: Lint

SECURITY.md

@@ -20,8 +20,8 @@ Even if the issue is not a CVE, we still greatly appreciate your help in hardeni
 
 | Version  | Supported |
 | -------- | --------- |
-| 2024.4.x | ✅        |
 | 2024.6.x | ✅        |
+| 2024.8.x | ✅        |
 
 ## Reporting a Vulnerability
 

authentik/__init__.py

@@ -2,7 +2,7 @@
 
 from os import environ
 
-__version__ = "2024.8.1"
+__version__ = "2024.8.2"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/admin/analytics.py

@@ -0,0 +1,20 @@
+"""authentik admin analytics"""
+
+from typing import Any
+
+from django.utils.translation import gettext_lazy as _
+
+from authentik.root.celery import CELERY_APP
+
+
+def get_analytics_description() -> dict[str, str]:
+    return {
+        "worker_count": _("Number of running workers"),
+    }
+
+
+def get_analytics_data() -> dict[str, Any]:
+    worker_count = len(CELERY_APP.control.ping(timeout=0.5))
+    return {
+        "worker_count": worker_count,
+    }

authentik/analytics/api.py

@@ -0,0 +1,54 @@
+"""authentik analytics api"""
+
+from drf_spectacular.utils import extend_schema, inline_serializer
+from rest_framework.fields import CharField, DictField
+from rest_framework.request import Request
+from rest_framework.response import Response
+from rest_framework.viewsets import ViewSet
+
+from authentik.analytics.utils import get_analytics_data, get_analytics_description
+from authentik.core.api.utils import PassiveSerializer
+from authentik.rbac.permissions import HasPermission
+
+
+class AnalyticsDescriptionSerializer(PassiveSerializer):
+    label = CharField()
+    desc = CharField()
+
+
+class AnalyticsDescriptionViewSet(ViewSet):
+    """Read-only view of analytics descriptions"""
+
+    permission_classes = [HasPermission("authentik_rbac.view_system_settings")]
+
+    @extend_schema(responses={200: AnalyticsDescriptionSerializer})
+    def list(self, request: Request) -> Response:
+        """Read-only view of analytics descriptions"""
+        data = []
+        for label, desc in get_analytics_description().items():
+            data.append({"label": label, "desc": desc})
+        return Response(AnalyticsDescriptionSerializer(data, many=True).data)
+
+
+class AnalyticsDataViewSet(ViewSet):
+    """Read-only view of analytics descriptions"""
+
+    permission_classes = [HasPermission("authentik_rbac.edit_system_settings")]
+
+    @extend_schema(
+        responses={
+            200: inline_serializer(
+                name="AnalyticsData",
+                fields={
+                    "data": DictField(),
+                },
+            )
+        }
+    )
+    def list(self, request: Request) -> Response:
+        """Read-only view of analytics descriptions"""
+        return Response(
+            {
+                "data": get_analytics_data(force=True),
+            }
+        )

authentik/analytics/apps.py

@@ -0,0 +1,12 @@
+"""authentik analytics app config"""
+
+from authentik.blueprints.apps import ManagedAppConfig
+
+
+class AuthentikAdminConfig(ManagedAppConfig):
+    """authentik analytics app config"""
+
+    name = "authentik.analytics"
+    label = "authentik_analytics"
+    verbose_name = "authentik Analytics"
+    default = True

authentik/analytics/models.py

@@ -0,0 +1,19 @@
+"""authentik analytics mixins"""
+
+from typing import Any
+
+from django.utils.translation import gettext_lazy as _
+
+
+class AnalyticsMixin:
+    @classmethod
+    def get_analytics_description(cls) -> dict[str, str]:
+        object_name = _(cls._meta.verbose_name)
+        count_desc = _("Number of {object_name} objects".format_map({"object_name": object_name}))
+        return {
+            "count": count_desc,
+        }
+
+    @classmethod
+    def get_analytics_data(cls) -> dict[str, Any]:
+        return {"count": cls.objects.all().count()}

authentik/analytics/settings.py

@@ -0,0 +1,17 @@
+"""authentik admin settings"""
+
+from celery.schedules import crontab
+
+from authentik.lib.utils.time import fqdn_rand
+
+CELERY_BEAT_SCHEDULE = {
+    "analytics_send": {
+        "task": "authentik.analytics.tasks.send_analytics",
+        "schedule": crontab(
+            minute=fqdn_rand("analytics_send"),
+            hour=fqdn_rand("analytics_send", stop=24),
+            day_of_week=fqdn_rand("analytics_send", 7),
+        ),
+        "options": {"queue": "authentik_scheduled"},
+    }
+}

authentik/analytics/tasks.py

@@ -0,0 +1,45 @@
+"""authentik admin tasks"""
+
+import orjson
+from django.utils.translation import gettext_lazy as _
+from requests import RequestException
+from structlog.stdlib import get_logger
+
+from authentik.analytics.utils import get_analytics_data
+from authentik.events.models import Event, EventAction
+from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task
+from authentik.lib.utils.http import get_http_session
+from authentik.root.celery import CELERY_APP
+from authentik.tenants.models import Tenant
+
+LOGGER = get_logger()
+
+
+@CELERY_APP.task(bind=True, base=SystemTask)
+@prefill_task
+def send_analytics(self: SystemTask):
+    """Send analytics"""
+    for tenant in Tenant.objects.filter(ready=True):
+        data = get_analytics_data(current_tenant=tenant)
+        if not tenant.analytics_enabled or not data:
+            self.set_status(TaskStatus.WARNING, "Analytics disabled. Nothing was sent.")
+            return
+        try:
+            response = get_http_session().post(
+                "https://customers.goauthentik.io/api/analytics/post/", json=data
+            )
+            response.raise_for_status()
+            self.set_status(
+                TaskStatus.SUCCESSFUL,
+                "Successfully sent analytics",
+                orjson.dumps(
+                    data, option=orjson.OPT_INDENT_2 | orjson.OPT_NON_STR_KEYS | orjson.OPT_UTC_Z
+                ).decode(),
+            )
+            Event.new(
+                EventAction.ANALYTICS_SENT,
+                message=_("Analytics sent"),
+                analytics_data=data,
+            ).save()
+        except (RequestException, IndexError) as exc:
+            self.set_error(exc)

authentik/analytics/tests.py

@@ -0,0 +1,76 @@
+"""authentik analytics tests"""
+
+from json import loads
+from requests_mock import Mocker
+
+from django.test import TestCase
+from django.urls import reverse
+
+from authentik import __version__
+from authentik.analytics.tasks import send_analytics
+from authentik.analytics.utils import get_analytics_apps_data, get_analytics_apps_description, get_analytics_data, get_analytics_description, get_analytics_models_data, get_analytics_models_description
+from authentik.core.models import Group, User
+from authentik.events.models import Event, EventAction
+from authentik.lib.generators import generate_id
+from authentik.tenants.utils import get_current_tenant
+
+
+class TestAnalytics(TestCase):
+    """test analytics api"""
+
+    def setUp(self) -> None:
+        super().setUp()
+        self.user = User.objects.create(username=generate_id())
+        self.group = Group.objects.create(name=generate_id(), is_superuser=True)
+        self.group.users.add(self.user)
+        self.client.force_login(self.user)
+        self.tenant = get_current_tenant()
+
+    def test_description_api(self):
+        """Test Version API"""
+        response = self.client.get(reverse("authentik_api:analytics-description-list"))
+        self.assertEqual(response.status_code, 200)
+        loads(response.content)
+
+    def test_data_api(self):
+        """Test Version API"""
+        response = self.client.get(reverse("authentik_api:analytics-data-list"))
+        self.assertEqual(response.status_code, 200)
+        body = loads(response.content)
+        self.assertEqual(body["data"]["version"], __version__)
+
+    def test_sending_enabled(self):
+        """Test analytics sending"""
+        self.tenant.analytics_enabled = True
+        self.tenant.save()
+        with Mocker() as mocker:
+            mocker.post("https://customers.goauthentik.io/api/analytics/post/", status_code=200)
+            send_analytics.delay().get()
+            self.assertTrue(
+                Event.objects.filter(
+                    action=EventAction.ANALYTICS_SENT
+                ).exists()
+            )
+
+    def test_sending_disabled(self):
+        """Test analytics sending"""
+        self.tenant.analytics_enabled = False
+        self.tenant.save()
+        send_analytics.delay().get()
+        self.assertFalse(
+            Event.objects.filter(
+                action=EventAction.ANALYTICS_SENT
+            ).exists()
+        )
+
+    def test_description_data_match_apps(self):
+        """Test description and data keys match"""
+        description = get_analytics_apps_description()
+        data = get_analytics_apps_data()
+        self.assertEqual(data.keys(), description.keys())
+
+    def test_description_data_match_models(self):
+        """Test description and data keys match"""
+        description = get_analytics_models_description()
+        data = get_analytics_models_data()
+        self.assertEqual(data.keys(), description.keys())

authentik/analytics/urls.py

@@ -0,0 +1,8 @@
+"""API URLs"""
+
+from authentik.analytics.api import AnalyticsDataViewSet, AnalyticsDescriptionViewSet
+
+api_urlpatterns = [
+    ("analytics/description", AnalyticsDescriptionViewSet, "analytics-description"),
+    ("analytics/data", AnalyticsDataViewSet, "analytics-data"),
+]

authentik/analytics/utils.py

@@ -0,0 +1,112 @@
+"""authentik analytics utils"""
+
+from hashlib import sha256
+from importlib import import_module
+from typing import Any
+
+from structlog import get_logger
+
+from authentik import get_full_version
+from authentik.analytics.models import AnalyticsMixin
+from authentik.lib.utils.reflection import get_apps
+from authentik.root.install_id import get_install_id
+from authentik.tenants.models import Tenant
+from authentik.tenants.utils import get_current_tenant
+
+LOGGER = get_logger()
+
+
+def get_analytics_apps() -> dict:
+    modules = {}
+    for _authentik_app in get_apps():
+        try:
+            module = import_module(f"{_authentik_app.name}.analytics")
+        except ModuleNotFoundError:
+            continue
+        except ImportError as exc:
+            LOGGER.warning(
+                "Could not import app's analytics", app_name=_authentik_app.name, exc=exc
+            )
+            continue
+        if not hasattr(module, "get_analytics_description") or not hasattr(
+            module, "get_analytics_data"
+        ):
+            LOGGER.debug(
+                "App does not define API URLs",
+                app_name=_authentik_app.name,
+            )
+            continue
+        modules[_authentik_app.label] = module
+    return modules
+
+
+def get_analytics_apps_description() -> dict[str, str]:
+    result = {}
+    for app_label, module in get_analytics_apps().items():
+        for k, v in module.get_analytics_description().items():
+            result[f"{app_label}/app/{k}"] = v
+    return result
+
+
+def get_analytics_apps_data() -> dict[str, Any]:
+    result = {}
+    for app_label, module in get_analytics_apps().items():
+        for k, v in module.get_analytics_data().items():
+            result[f"{app_label}/app/{k}"] = v
+    return result
+
+
+def get_analytics_models() -> list[AnalyticsMixin]:
+    def get_subclasses(cls):
+        for subclass in cls.__subclasses__():
+            if subclass.__subclasses__():
+                yield from get_subclasses(subclass)
+            elif not subclass._meta.abstract:
+                yield subclass
+
+    return list(get_subclasses(AnalyticsMixin))
+
+
+def get_analytics_models_description() -> dict[str, str]:
+    result = {}
+    for model in get_analytics_models():
+        for k, v in model.get_analytics_description().items():
+            result[f"{model._meta.app_label}/models/{model._meta.object_name}/{k}"] = v
+    return result
+
+
+def get_analytics_models_data() -> dict[str, Any]:
+    result = {}
+    for model in get_analytics_models():
+        for k, v in model.get_analytics_data().items():
+            result[f"{model._meta.app_label}/models/{model._meta.object_name}/{k}"] = v
+    return result
+
+
+def get_analytics_description() -> dict[str, str]:
+    return {
+        **get_analytics_apps_description(),
+        **get_analytics_models_description(),
+    }
+
+
+def get_analytics_data(current_tenant: Tenant | None = None, force: bool = False) -> dict[str, Any]:
+    current_tenant = current_tenant or get_current_tenant()
+    if not current_tenant.analytics_enabled and not force:
+        return {}
+    data = {
+        **get_analytics_apps_data(),
+        **get_analytics_models_data(),
+    }
+    to_remove = []
+    for key in data.keys():
+        if key not in current_tenant.analytics_sources:
+            to_remove.append(key)
+    for key in to_remove:
+        del data[key]
+    return {
+        **data,
+        "install_id_hash": sha256(get_install_id().encode()).hexdigest(),
+        "tenant_hash": sha256(current_tenant.tenant_uuid.bytes).hexdigest(),
+        "version": get_full_version(),
+    }

authentik/core/models.py

@@ -23,6 +23,7 @@ from model_utils.managers import InheritanceManager
 from rest_framework.serializers import Serializer
 from structlog.stdlib import get_logger
 
+from authentik.analytics.models import AnalyticsMixin
 from authentik.blueprints.models import ManagedModel
 from authentik.core.expression.exceptions import PropertyMappingExpressionException
 from authentik.core.types import UILoginButton, UserSettingSerializer
@@ -168,7 +169,7 @@ class GroupQuerySet(CTEQuerySet):
         return cte.join(Group, group_uuid=cte.col.group_uuid).with_cte(cte)
 
 
-class Group(SerializerModel, AttributesMixin):
+class Group(SerializerModel, AttributesMixin, AnalyticsMixin):
     """Group model which supports a basic hierarchy and has attributes"""
 
     group_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@@ -258,7 +259,7 @@ class UserManager(DjangoUserManager):
         return self.get_queryset().exclude_anonymous()
 
 
-class User(SerializerModel, GuardianUserMixin, AttributesMixin, AbstractUser):
+class User(SerializerModel, GuardianUserMixin, AttributesMixin, AbstractUser, AnalyticsMixin):
     """authentik User model, based on django's contrib auth user model."""
 
     uuid = models.UUIDField(default=uuid4, editable=False, unique=True)
@@ -376,7 +377,7 @@ class User(SerializerModel, GuardianUserMixin, AttributesMixin, AbstractUser):
         return get_avatar(self)
 
 
-class Provider(SerializerModel):
+class Provider(SerializerModel, AnalyticsMixin):
     """Application-independent Provider instance. For example SAML2 Remote, OAuth2 Application"""
 
     name = models.TextField(unique=True)
@@ -470,7 +471,7 @@ class ApplicationQuerySet(QuerySet):
         return qs
 
 
-class Application(SerializerModel, PolicyBindingModel):
+class Application(SerializerModel, PolicyBindingModel, AnalyticsMixin):
     """Every Application which uses authentik for authentication/identification/authorization
     needs an Application record. Other authentication types can subclass this Model to
     add custom fields and other properties"""
@@ -603,7 +604,7 @@ class SourceGroupMatchingModes(models.TextChoices):
     )
 
 
-class Source(ManagedModel, SerializerModel, PolicyBindingModel):
+class Source(ManagedModel, SerializerModel, PolicyBindingModel, AnalyticsMixin):
     """Base Authentication source, i.e. an OAuth Provider, SAML Remote or LDAP Server"""
 
     name = models.TextField(help_text=_("Source's display Name."))
@@ -735,7 +736,7 @@ class Source(ManagedModel, SerializerModel, PolicyBindingModel):
         ]
 
 
-class UserSourceConnection(SerializerModel, CreatedUpdatedModel):
+class UserSourceConnection(SerializerModel, CreatedUpdatedModel, AnalyticsMixin):
     """Connection between User and Source."""
 
     user = models.ForeignKey(User, on_delete=models.CASCADE)
@@ -755,7 +756,7 @@ class UserSourceConnection(SerializerModel, CreatedUpdatedModel):
         unique_together = (("user", "source"),)
 
 
-class GroupSourceConnection(SerializerModel, CreatedUpdatedModel):
+class GroupSourceConnection(SerializerModel, CreatedUpdatedModel, AnalyticsMixin):
     """Connection between Group and Source."""
 
     group = models.ForeignKey(Group, on_delete=models.CASCADE)
@@ -879,7 +880,7 @@ class Token(SerializerModel, ManagedModel, ExpiringModel):
         ).save()
 
 
-class PropertyMapping(SerializerModel, ManagedModel):
+class PropertyMapping(SerializerModel, ManagedModel, AnalyticsMixin):
     """User-defined key -> x mapping which can be used by providers to expose extra data."""
 
     pm_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)

authentik/events/migrations/0008_alter_event_action.py

@@ -0,0 +1,49 @@
+# Generated by Django 5.0.9 on 2024-09-25 11:06
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_events", "0007_event_authentik_e_action_9a9dd9_idx_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="event",
+            name="action",
+            field=models.TextField(
+                choices=[
+                    ("login", "Login"),
+                    ("login_failed", "Login Failed"),
+                    ("logout", "Logout"),
+                    ("user_write", "User Write"),
+                    ("suspicious_request", "Suspicious Request"),
+                    ("password_set", "Password Set"),
+                    ("secret_view", "Secret View"),
+                    ("secret_rotate", "Secret Rotate"),
+                    ("invitation_used", "Invite Used"),
+                    ("authorize_application", "Authorize Application"),
+                    ("source_linked", "Source Linked"),
+                    ("impersonation_started", "Impersonation Started"),
+                    ("impersonation_ended", "Impersonation Ended"),
+                    ("flow_execution", "Flow Execution"),
+                    ("policy_execution", "Policy Execution"),
+                    ("policy_exception", "Policy Exception"),
+                    ("property_mapping_exception", "Property Mapping Exception"),
+                    ("system_task_execution", "System Task Execution"),
+                    ("system_task_exception", "System Task Exception"),
+                    ("system_exception", "System Exception"),
+                    ("configuration_error", "Configuration Error"),
+                    ("model_created", "Model Created"),
+                    ("model_updated", "Model Updated"),
+                    ("model_deleted", "Model Deleted"),
+                    ("email_sent", "Email Sent"),
+                    ("analytics_sent", "Analytics Sent"),
+                    ("update_available", "Update Available"),
+                    ("custom_", "Custom Prefix"),
+                ]
+            ),
+        ),
+    ]

authentik/events/models.py

@@ -49,6 +49,7 @@ from authentik.policies.models import PolicyBindingModel
 from authentik.root.middleware import ClientIPMiddleware
 from authentik.stages.email.utils import TemplateEmailMessage
 from authentik.tenants.models import Tenant
+from authentik.tenants.utils import get_current_tenant
 
 LOGGER = get_logger()
 DISCORD_FIELD_LIMIT = 25
@@ -58,7 +59,11 @@ NOTIFICATION_SUMMARY_LENGTH = 75
 def default_event_duration():
     """Default duration an Event is saved.
     This is used as a fallback when no brand is available"""
-    return now() + timedelta(days=365)
+    try:
+        tenant = get_current_tenant()
+        return now() + timedelta_from_string(tenant.event_retention)
+    except Tenant.DoesNotExist:
+        return now() + timedelta(days=365)
 
 
 def default_brand():
@@ -114,6 +119,7 @@ class EventAction(models.TextChoices):
     MODEL_DELETED = "model_deleted"
     EMAIL_SENT = "email_sent"
 
+    ANALYTICS_SENT = "analytics_sent"
     UPDATE_AVAILABLE = "update_available"
 
     CUSTOM_PREFIX = "custom_"
@@ -245,12 +251,6 @@ class Event(SerializerModel, ExpiringModel):
             if QS_QUERY in self.context["http_request"]["args"]:
                 wrapped = self.context["http_request"]["args"][QS_QUERY]
                 self.context["http_request"]["args"] = cleanse_dict(QueryDict(wrapped))
-        if hasattr(request, "tenant"):
-            tenant: Tenant = request.tenant
-            # Because self.created only gets set on save, we can't use it's value here
-            # hence we set self.created to now and then use it
-            self.created = now()
-            self.expires = self.created + timedelta_from_string(tenant.event_retention)
         if hasattr(request, "brand"):
             brand: Brand = request.brand
             self.brand = sanitize_dict(model_to_dict(brand))

authentik/events/tests/test_models.py

@@ -6,6 +6,7 @@ from django.db.models import Model
 from django.test import TestCase
 
 from authentik.core.models import default_token_key
+from authentik.events.models import default_event_duration
 from authentik.lib.utils.reflection import get_apps
 
 
@@ -20,7 +21,7 @@ def model_tester_factory(test_model: type[Model]) -> Callable:
         allowed = 0
         # Token-like objects need to lookup the current tenant to get the default token length
         for field in test_model._meta.fields:
-            if field.default == default_token_key:
+            if field.default in [default_token_key, default_event_duration]:
                 allowed += 1
         with self.assertNumQueries(allowed):
             str(test_model())

authentik/policies/event_matcher/migrations/0024_alter_eventmatcherpolicy_action.py

@@ -0,0 +1,52 @@
+# Generated by Django 5.0.9 on 2024-09-25 11:06
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_policies_event_matcher", "0023_alter_eventmatcherpolicy_action_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="eventmatcherpolicy",
+            name="action",
+            field=models.TextField(
+                choices=[
+                    ("login", "Login"),
+                    ("login_failed", "Login Failed"),
+                    ("logout", "Logout"),
+                    ("user_write", "User Write"),
+                    ("suspicious_request", "Suspicious Request"),
+                    ("password_set", "Password Set"),
+                    ("secret_view", "Secret View"),
+                    ("secret_rotate", "Secret Rotate"),
+                    ("invitation_used", "Invite Used"),
+                    ("authorize_application", "Authorize Application"),
+                    ("source_linked", "Source Linked"),
+                    ("impersonation_started", "Impersonation Started"),
+                    ("impersonation_ended", "Impersonation Ended"),
+                    ("flow_execution", "Flow Execution"),
+                    ("policy_execution", "Policy Execution"),
+                    ("policy_exception", "Policy Exception"),
+                    ("property_mapping_exception", "Property Mapping Exception"),
+                    ("system_task_execution", "System Task Execution"),
+                    ("system_task_exception", "System Task Exception"),
+                    ("system_exception", "System Exception"),
+                    ("configuration_error", "Configuration Error"),
+                    ("model_created", "Model Created"),
+                    ("model_updated", "Model Updated"),
+                    ("model_deleted", "Model Deleted"),
+                    ("email_sent", "Email Sent"),
+                    ("analytics_sent", "Analytics Sent"),
+                    ("update_available", "Update Available"),
+                    ("custom_", "Custom Prefix"),
+                ],
+                default=None,
+                help_text="Match created events with this action type. When left empty, all action types will be matched.",
+                null=True,
+            ),
+        ),
+    ]

authentik/providers/proxy/controllers/docker.py

@@ -28,7 +28,7 @@ class ProxyDockerController(DockerController):
         labels = super()._get_labels()
         labels["traefik.enable"] = "true"
         labels[f"traefik.http.routers.{traefik_name}-router.rule"] = (
-            f"({' || '.join([f'Host(`{host}`)' for host in hosts])})"
+            f"({' || '.join([f'Host({host})' for host in hosts])})"
             f" && PathPrefix(`/outpost.goauthentik.io`)"
         )
         labels[f"traefik.http.routers.{traefik_name}-router.tls"] = "true"

authentik/root/settings.py

@@ -70,6 +70,7 @@ TENANT_APPS = [
     "django.contrib.contenttypes",
     "django.contrib.sessions",
     "authentik.admin",
+    "authentik.analytics",
     "authentik.api",
     "authentik.crypto",
     "authentik.flows",

authentik/tenants/api/settings.py

@@ -1,9 +1,12 @@
 """Serializer for tenants models"""
 
 from django_tenants.utils import get_public_schema_name
+from rest_framework.fields import SerializerMethodField
 from rest_framework.generics import RetrieveUpdateAPIView
 from rest_framework.permissions import SAFE_METHODS
 
+from authentik.analytics.api import AnalyticsDescriptionSerializer
+from authentik.analytics.utils import get_analytics_description
 from authentik.core.api.utils import ModelSerializer
 from authentik.rbac.permissions import HasPermission
 from authentik.tenants.models import Tenant
@@ -12,6 +15,8 @@ from authentik.tenants.models import Tenant
 class SettingsSerializer(ModelSerializer):
     """Settings Serializer"""
 
+    analytics_sources_obj = SerializerMethodField()
+
     class Meta:
         model = Tenant
         fields = [
@@ -25,8 +30,19 @@ class SettingsSerializer(ModelSerializer):
             "impersonation",
             "default_token_duration",
             "default_token_length",
+            "default_token_length",
+            "analytics_enabled",
+            "analytics_sources",
+            "analytics_sources_obj",
         ]
 
+    def get_analytics_sources_obj(self, obj: Tenant) -> list[AnalyticsDescriptionSerializer]:
+        result = []
+        for label, desc in get_analytics_description().items():
+            if label in obj.analytics_sources:
+                result.append((label, desc))
+        return result
+
 
 class SettingsView(RetrieveUpdateAPIView):
     """Settings view"""

authentik/tenants/migrations/0004_tenant_analytics_enabled_tenant_analytics_sources.py

@@ -0,0 +1,26 @@
+# Generated by Django 5.0.9 on 2024-09-24 15:36
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_tenants", "0003_alter_tenant_default_token_duration"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="tenant",
+            name="analytics_enabled",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name="tenant",
+            name="analytics_sources",
+            field=django.contrib.postgres.fields.ArrayField(
+                base_field=models.TextField(), blank=True, default=list, size=None
+            ),
+        ),
+    ]

authentik/tenants/models.py

@@ -4,6 +4,7 @@ import re
 from uuid import uuid4
 
 from django.apps import apps
+from django.contrib.postgres.fields import ArrayField
 from django.core.exceptions import ValidationError
 from django.core.validators import MinValueValidator
 from django.db import models
@@ -96,6 +97,9 @@ class Tenant(TenantMixin, SerializerModel):
         validators=[MinValueValidator(1)],
     )
 
+    analytics_enabled = models.BooleanField(default=False)
+    analytics_sources = ArrayField(models.TextField(), blank=True, default=list)
+
     def save(self, *args, **kwargs):
         if self.schema_name == "template":
             raise IntegrityError("Cannot create schema named template")

blueprints/schema.json

@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema",
     "$id": "https://goauthentik.io/blueprints/schema.json",
     "type": "object",
-    "title": "authentik 2024.8.1 Blueprint schema",
+    "title": "authentik 2024.8.2 Blueprint schema",
     "required": [
         "version",
         "entries"
@@ -4227,6 +4227,7 @@
                         "model_updated",
                         "model_deleted",
                         "email_sent",
+                        "analytics_sent",
                         "update_available",
                         "custom_"
                     ],
@@ -4251,6 +4252,7 @@
                         null,
                         "authentik.tenants",
                         "authentik.admin",
+                        "authentik.analytics",
                         "authentik.api",
                         "authentik.crypto",
                         "authentik.flows",
@@ -13116,6 +13118,7 @@
                         "model_updated",
                         "model_deleted",
                         "email_sent",
+                        "analytics_sent",
                         "update_available",
                         "custom_"
                     ],
@@ -13277,6 +13280,7 @@
                                 "model_updated",
                                 "model_deleted",
                                 "email_sent",
+                                "analytics_sent",
                                 "update_available",
                                 "custom_"
                             ],

docker-compose.yml

@@ -31,7 +31,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.2}
     restart: unless-stopped
     command: server
     environment:
@@ -52,7 +52,7 @@ services:
       - postgresql
       - redis
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.1}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.2}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -22,14 +22,14 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.7.0
-	github.com/prometheus/client_golang v1.20.3
+	github.com/prometheus/client_golang v1.20.4
 	github.com/redis/go-redis/v9 v9.6.1
 	github.com/sethvargo/go-envconfig v1.1.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2024081.1
+	goauthentik.io/api/v3 v3.2024082.1
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.23.0
 	golang.org/x/sync v0.8.0

go.sum

@@ -239,8 +239,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4=
-github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI=
+github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
@@ -299,8 +299,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-goauthentik.io/api/v3 v3.2024081.1 h1:2LgcmicnzGp76xyFPkJiH0KsMFS59bsAYecnMARRkAs=
-goauthentik.io/api/v3 v3.2024081.1/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
+goauthentik.io/api/v3 v3.2024082.1 h1:V/3tq3rGK8Fse6xqnVQ8epzzytjXRI93y+jNHen2zMQ=
+goauthentik.io/api/v3 v3.2024082.1/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

internal/constants/constants.go

@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2024.8.1"
+const VERSION = "2024.8.2"

internal/outpost/proxyv2/application/application.go

@@ -65,8 +65,11 @@ type Server interface {
 	CryptoStore() *ak.CryptoStore
 }
 
-func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server) (*Application, error) {
+func init() {
 	gob.Register(Claims{})
+}
+
+func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server, oldApp *Application) (*Application, error) {
 	muxLogger := log.WithField("logger", "authentik.outpost.proxyv2.application").WithField("name", p.Name)
 
 	externalHost, err := url.Parse(p.ExternalHost)
@@ -137,7 +140,15 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server) (*A
 		isEmbedded:           isEmbedded,
 	}
 	go a.authHeaderCache.Start()
-	a.sessions = a.getStore(p, externalHost)
+	if oldApp != nil && oldApp.sessions != nil {
+		a.sessions = oldApp.sessions
+	} else {
+		sess, err := a.getStore(p, externalHost)
+		if err != nil {
+			return nil, err
+		}
+		a.sessions = sess
+	}
 	mux.Use(web.NewLoggingHandler(muxLogger, func(l *log.Entry, r *http.Request) *log.Entry {
 		c := a.getClaimsFromSession(r)
 		if c == nil {
@@ -235,9 +246,8 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server) (*A
 				// TODO: maybe create event for this?
 				a.log.WithError(err).Warning("failed to compile SkipPathRegex")
 				continue
-			} else {
-				a.UnauthenticatedRegex = append(a.UnauthenticatedRegex, re)
 			}
+			a.UnauthenticatedRegex = append(a.UnauthenticatedRegex, re)
 		}
 	}
 	return a, nil

internal/outpost/proxyv2/application/session.go

@@ -26,7 +26,7 @@ import (
 
 const RedisKeyPrefix = "authentik_proxy_session_"
 
-func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL) sessions.Store {
+func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL) (sessions.Store, error) {
 	maxAge := 0
 	if p.AccessTokenValidity.IsSet() {
 		t := p.AccessTokenValidity.Get()
@@ -73,7 +73,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 		// New default RedisStore
 		rs, err := redisstore.NewRedisStore(context.Background(), client)
 		if err != nil {
-			a.log.WithError(err).Panic("failed to connect to redis")
+			return nil, err
 		}
 
 		rs.KeyPrefix(RedisKeyPrefix)
@@ -87,7 +87,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 		})
 
 		a.log.Trace("using redis session backend")
-		return rs
+		return rs, nil
 	}
 	dir := os.TempDir()
 	cs := sessions.NewFilesystemStore(dir)
@@ -106,7 +106,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL)
 	cs.Options.MaxAge = maxAge
 	cs.Options.Path = "/"
 	a.log.WithField("dir", dir).Trace("using filesystem session backend")
-	return cs
+	return cs, nil
 }
 
 func (a *Application) SessionName() string {

internal/outpost/proxyv2/application/test.go

@@ -66,6 +66,7 @@ func newTestApplication() *Application {
 		},
 		http.DefaultClient,
 		ts,
+		nil,
 	)
 	ts.apps = append(ts.apps, a)
 	return a

internal/outpost/proxyv2/refresh.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"net/url"
 
 	"github.com/getsentry/sentry-go"
 	"goauthentik.io/internal/constants"
@@ -37,16 +38,21 @@ func (ps *ProxyServer) Refresh() error {
 				),
 			),
 		}
-		a, err := application.NewApplication(provider, hc, ps)
-		existing, ok := ps.apps[a.Host]
+		externalHost, err := url.Parse(provider.ExternalHost)
+		if err != nil {
+			ps.log.WithError(err).Warning("failed to parse URL, skipping provider")
+			continue
+		}
+		existing, ok := ps.apps[externalHost.Host]
+		a, err := application.NewApplication(provider, hc, ps, existing)
 		if ok {
 			existing.Stop()
 		}
 		if err != nil {
 			ps.log.WithError(err).Warning("failed to setup application")
-		} else {
-			apps[a.Host] = a
+			continue
 		}
+		apps[externalHost.Host] = a
 	}
 	ps.apps = apps
 	ps.log.Debug("Swapped maps")

package.json

@@ -1,5 +1,5 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2024.8.1",
+    "version": "2024.8.2",
     "private": true
 }

poetry.lock

@@ -366,13 +366,13 @@ typing-extensions = ">=4.0.0"
 
 [[package]]
 name = "bandit"
-version = "1.7.9"
+version = "1.7.10"
 description = "Security oriented static analyser for python code."
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "bandit-1.7.9-py3-none-any.whl", hash = "sha256:52077cb339000f337fb25f7e045995c4ad01511e716e5daac37014b9752de8ec"},
-    {file = "bandit-1.7.9.tar.gz", hash = "sha256:7c395a436743018f7be0a4cbb0a4ea9b902b6d87264ddecf8cfdc73b4f78ff61"},
+    {file = "bandit-1.7.10-py3-none-any.whl", hash = "sha256:665721d7bebbb4485a339c55161ac0eedde27d51e638000d91c8c2d68343ad02"},
+    {file = "bandit-1.7.10.tar.gz", hash = "sha256:59ed5caf5d92b6ada4bf65bc6437feea4a9da1093384445fed4d472acc6cff7b"},
 ]
 
 [package.dependencies]
@@ -1315,13 +1315,13 @@ django = ">=3"
 
 [[package]]
 name = "django-pglock"
-version = "1.6.1"
+version = "1.6.2"
 description = "Postgres locking routines and lock table access."
 optional = false
 python-versions = "<4,>=3.8.0"
 files = [
-    {file = "django_pglock-1.6.1-py3-none-any.whl", hash = "sha256:2ba592c4df1d6c8033c80297fb46252c774e347c3087d34279f1a47d07346dc3"},
-    {file = "django_pglock-1.6.1.tar.gz", hash = "sha256:01c1592dae0affc7d7710a53a03cf22653d870f362ef7ae84312cb7fa9c2cb5e"},
+    {file = "django_pglock-1.6.2-py3-none-any.whl", hash = "sha256:abdb92531bf8cb36471dc9eb33ed163b06bd3323140d132ed4f308b9e5505f50"},
+    {file = "django_pglock-1.6.2.tar.gz", hash = "sha256:05db998cab21556d4a307eac4b5db8e50f874f42b1a581560b3c54610fee6a1b"},
 ]
 
 [package.dependencies]
@@ -1566,6 +1566,16 @@ files = [
 setuptools = "*"
 six = "*"
 
+[[package]]
+name = "durationpy"
+version = "0.7"
+description = "Module for converting between datetime.timedelta and Go's Duration strings."
+optional = false
+python-versions = "*"
+files = [
+    {file = "durationpy-0.7.tar.gz", hash = "sha256:8447c43df4f1a0b434e70c15a38d77f5c9bd17284bfc1ff1d430f233d5083732"},
+]
+
 [[package]]
 name = "email-validator"
 version = "2.2.0"
@@ -1761,13 +1771,13 @@ grpcio-gcp = ["grpcio-gcp (>=0.2.2,<1.0.dev0)"]
 
 [[package]]
 name = "google-api-python-client"
-version = "2.145.0"
+version = "2.146.0"
 description = "Google API Client Library for Python"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "google_api_python_client-2.145.0-py2.py3-none-any.whl", hash = "sha256:d74da1358f3f2d63daf3c6f26bd96d89652051183bc87cf10a56ceb2a70beb50"},
-    {file = "google_api_python_client-2.145.0.tar.gz", hash = "sha256:8b84dde11aaccadc127e4846f5cd932331d804ea324e353131595e3f25376e97"},
+    {file = "google_api_python_client-2.146.0-py2.py3-none-any.whl", hash = "sha256:b1e62c9889c5ef6022f11d30d7ef23dc55100300f0e8aaf8aa09e8e92540acad"},
+    {file = "google_api_python_client-2.146.0.tar.gz", hash = "sha256:41f671be10fa077ee5143ee9f0903c14006d39dc644564f4e044ae96b380bf68"},
 ]
 
 [package.dependencies]
@@ -2243,17 +2253,18 @@ zookeeper = ["kazoo (>=2.8.0)"]
 
 [[package]]
 name = "kubernetes"
-version = "30.1.0"
+version = "31.0.0"
 description = "Kubernetes python client"
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "kubernetes-30.1.0-py2.py3-none-any.whl", hash = "sha256:e212e8b7579031dd2e512168b617373bc1e03888d41ac4e04039240a292d478d"},
-    {file = "kubernetes-30.1.0.tar.gz", hash = "sha256:41e4c77af9f28e7a6c314e3bd06a8c6229ddd787cad684e0ab9f69b498e98ebc"},
+    {file = "kubernetes-31.0.0-py2.py3-none-any.whl", hash = "sha256:bf141e2d380c8520eada8b351f4e319ffee9636328c137aa432bc486ca1200e1"},
+    {file = "kubernetes-31.0.0.tar.gz", hash = "sha256:28945de906c8c259c1ebe62703b56a03b714049372196f854105afe4e6d014c0"},
 ]
 
 [package.dependencies]
 certifi = ">=14.05.14"
+durationpy = ">=0.7"
 google-auth = ">=1.0.1"
 oauthlib = ">=3.2.2"
 python-dateutil = ">=2.5.3"
@@ -2848,13 +2859,13 @@ dev = ["bumpver", "isort", "mypy", "pylint", "pytest", "yapf"]
 
 [[package]]
 name = "msgraph-sdk"
-version = "1.7.0"
+version = "1.8.0"
 description = "The Microsoft Graph Python SDK"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "msgraph_sdk-1.7.0-py3-none-any.whl", hash = "sha256:66683b361eb1230b315e57c75a144e2f93c8a7e70f11c6a8c6c150dd59fa0235"},
-    {file = "msgraph_sdk-1.7.0.tar.gz", hash = "sha256:40b7776e2f02825ddb51d390490858e7d1c065a36e2a21b7655b392c78565b43"},
+    {file = "msgraph_sdk-1.8.0-py3-none-any.whl", hash = "sha256:22a8e4a63f989865228f66a54501bef8105909c7156fe0a079ca9b5296339cc2"},
+    {file = "msgraph_sdk-1.8.0.tar.gz", hash = "sha256:1ac84bd47ea288a84f46f6c6d0c89d164ee3453b917615632652344538098314"},
 ]
 
 [package.dependencies]
@@ -3161,13 +3172,13 @@ files = [
 
 [[package]]
 name = "paramiko"
-version = "3.4.1"
+version = "3.5.0"
 description = "SSH2 protocol library"
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "paramiko-3.4.1-py3-none-any.whl", hash = "sha256:8e49fd2f82f84acf7ffd57c64311aa2b30e575370dc23bdb375b10262f7eac32"},
-    {file = "paramiko-3.4.1.tar.gz", hash = "sha256:8b15302870af7f6652f2e038975c1d2973f06046cb5d7d65355668b3ecbece0c"},
+    {file = "paramiko-3.5.0-py3-none-any.whl", hash = "sha256:1fedf06b085359051cd7d0d270cebe19e755a8a921cc2ddbfa647fb0cd7d68f9"},
+    {file = "paramiko-3.5.0.tar.gz", hash = "sha256:ad11e540da4f55cedda52931f1a3f812a8238a7af7f62a60de538cd80bb28124"},
 ]
 
 [package.dependencies]
@@ -3437,36 +3448,36 @@ files = [
 
 [[package]]
 name = "psycopg"
-version = "3.2.1"
+version = "3.2.2"
 description = "PostgreSQL database adapter for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "psycopg-3.2.1-py3-none-any.whl", hash = "sha256:ece385fb413a37db332f97c49208b36cf030ff02b199d7635ed2fbd378724175"},
-    {file = "psycopg-3.2.1.tar.gz", hash = "sha256:dc8da6dc8729dacacda3cc2f17d2c9397a70a66cf0d2b69c91065d60d5f00cb7"},
+    {file = "psycopg-3.2.2-py3-none-any.whl", hash = "sha256:babf565d459d8f72fb65da5e211dd0b58a52c51e4e1fa9cadecff42d6b7619b2"},
+    {file = "psycopg-3.2.2.tar.gz", hash = "sha256:8bad2e497ce22d556dac1464738cb948f8d6bab450d965cf1d8a8effd52412e0"},
 ]
 
 [package.dependencies]
-psycopg-c = {version = "3.2.1", optional = true, markers = "implementation_name != \"pypy\" and extra == \"c\""}
-typing-extensions = ">=4.4"
+psycopg-c = {version = "3.2.2", optional = true, markers = "implementation_name != \"pypy\" and extra == \"c\""}
+typing-extensions = {version = ">=4.6", markers = "python_version < \"3.13\""}
 tzdata = {version = "*", markers = "sys_platform == \"win32\""}
 
 [package.extras]
-binary = ["psycopg-binary (==3.2.1)"]
-c = ["psycopg-c (==3.2.1)"]
-dev = ["ast-comments (>=1.1.2)", "black (>=24.1.0)", "codespell (>=2.2)", "dnspython (>=2.1)", "flake8 (>=4.0)", "mypy (>=1.6)", "types-setuptools (>=57.4)", "wheel (>=0.37)"]
+binary = ["psycopg-binary (==3.2.2)"]
+c = ["psycopg-c (==3.2.2)"]
+dev = ["ast-comments (>=1.1.2)", "black (>=24.1.0)", "codespell (>=2.2)", "dnspython (>=2.1)", "flake8 (>=4.0)", "mypy (>=1.11)", "types-setuptools (>=57.4)", "wheel (>=0.37)"]
 docs = ["Sphinx (>=5.0)", "furo (==2022.6.21)", "sphinx-autobuild (>=2021.3.14)", "sphinx-autodoc-typehints (>=1.12)"]
 pool = ["psycopg-pool"]
-test = ["anyio (>=4.0)", "mypy (>=1.6)", "pproxy (>=2.7)", "pytest (>=6.2.5)", "pytest-cov (>=3.0)", "pytest-randomly (>=3.5)"]
+test = ["anyio (>=4.0)", "mypy (>=1.11)", "pproxy (>=2.7)", "pytest (>=6.2.5)", "pytest-cov (>=3.0)", "pytest-randomly (>=3.5)"]
 
 [[package]]
 name = "psycopg-c"
-version = "3.2.1"
+version = "3.2.2"
 description = "PostgreSQL database adapter for Python -- C optimisation distribution"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "psycopg_c-3.2.1.tar.gz", hash = "sha256:2d09943cc8a855c42c1e23b4298957b7ce8f27bf3683258c52fd139f601f7cda"},
+    {file = "psycopg_c-3.2.2.tar.gz", hash = "sha256:de8cac75bc6640ef0f54ad9187b81e07c430206a83c566b73d4cca41ecccb7c8"},
 ]
 
 [[package]]
@@ -3507,19 +3518,19 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "2.9.1"
+version = "2.9.2"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic-2.9.1-py3-none-any.whl", hash = "sha256:7aff4db5fdf3cf573d4b3c30926a510a10e19a0774d38fc4967f78beb6deb612"},
-    {file = "pydantic-2.9.1.tar.gz", hash = "sha256:1363c7d975c7036df0db2b4a61f2e062fbc0aa5ab5f2772e0ffc7191a4f4bce2"},
+    {file = "pydantic-2.9.2-py3-none-any.whl", hash = "sha256:f048cec7b26778210e28a0459867920654d48e5e62db0958433636cde4254f12"},
+    {file = "pydantic-2.9.2.tar.gz", hash = "sha256:d155cef71265d1e9807ed1c32b4c8deec042a44a50a4188b25ac67ecd81a9c0f"},
 ]
 
 [package.dependencies]
 annotated-types = ">=0.6.0"
 email-validator = {version = ">=2.0.0", optional = true, markers = "extra == \"email\""}
-pydantic-core = "2.23.3"
+pydantic-core = "2.23.4"
 typing-extensions = {version = ">=4.6.1", markers = "python_version < \"3.13\""}
 
 [package.extras]
@@ -3528,100 +3539,100 @@ timezone = ["tzdata"]
 
 [[package]]
 name = "pydantic-core"
-version = "2.23.3"
+version = "2.23.4"
 description = "Core functionality for Pydantic validation and serialization"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic_core-2.23.3-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:7f10a5d1b9281392f1bf507d16ac720e78285dfd635b05737c3911637601bae6"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3c09a7885dd33ee8c65266e5aa7fb7e2f23d49d8043f089989726391dd7350c5"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6470b5a1ec4d1c2e9afe928c6cb37eb33381cab99292a708b8cb9aa89e62429b"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9172d2088e27d9a185ea0a6c8cebe227a9139fd90295221d7d495944d2367700"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:86fc6c762ca7ac8fbbdff80d61b2c59fb6b7d144aa46e2d54d9e1b7b0e780e01"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f0cb80fd5c2df4898693aa841425ea1727b1b6d2167448253077d2a49003e0ed"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:03667cec5daf43ac4995cefa8aaf58f99de036204a37b889c24a80927b629cec"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:047531242f8e9c2db733599f1c612925de095e93c9cc0e599e96cf536aaf56ba"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:5499798317fff7f25dbef9347f4451b91ac2a4330c6669821c8202fd354c7bee"},
-    {file = "pydantic_core-2.23.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:bbb5e45eab7624440516ee3722a3044b83fff4c0372efe183fd6ba678ff681fe"},
-    {file = "pydantic_core-2.23.3-cp310-none-win32.whl", hash = "sha256:8b5b3ed73abb147704a6e9f556d8c5cb078f8c095be4588e669d315e0d11893b"},
-    {file = "pydantic_core-2.23.3-cp310-none-win_amd64.whl", hash = "sha256:2b603cde285322758a0279995b5796d64b63060bfbe214b50a3ca23b5cee3e83"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:c889fd87e1f1bbeb877c2ee56b63bb297de4636661cc9bbfcf4b34e5e925bc27"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ea85bda3189fb27503af4c45273735bcde3dd31c1ab17d11f37b04877859ef45"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a7f7f72f721223f33d3dc98a791666ebc6a91fa023ce63733709f4894a7dc611"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2b2b55b0448e9da68f56b696f313949cda1039e8ec7b5d294285335b53104b61"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c24574c7e92e2c56379706b9a3f07c1e0c7f2f87a41b6ee86653100c4ce343e5"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f2b05e6ccbee333a8f4b8f4d7c244fdb7a979e90977ad9c51ea31261e2085ce0"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e2c409ce1c219c091e47cb03feb3c4ed8c2b8e004efc940da0166aaee8f9d6c8"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d965e8b325f443ed3196db890d85dfebbb09f7384486a77461347f4adb1fa7f8"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:f56af3a420fb1ffaf43ece3ea09c2d27c444e7c40dcb7c6e7cf57aae764f2b48"},
-    {file = "pydantic_core-2.23.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:5b01a078dd4f9a52494370af21aa52964e0a96d4862ac64ff7cea06e0f12d2c5"},
-    {file = "pydantic_core-2.23.3-cp311-none-win32.whl", hash = "sha256:560e32f0df04ac69b3dd818f71339983f6d1f70eb99d4d1f8e9705fb6c34a5c1"},
-    {file = "pydantic_core-2.23.3-cp311-none-win_amd64.whl", hash = "sha256:c744fa100fdea0d000d8bcddee95213d2de2e95b9c12be083370b2072333a0fa"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:e0ec50663feedf64d21bad0809f5857bac1ce91deded203efc4a84b31b2e4305"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:db6e6afcb95edbe6b357786684b71008499836e91f2a4a1e55b840955b341dbb"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:98ccd69edcf49f0875d86942f4418a4e83eb3047f20eb897bffa62a5d419c8fa"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a678c1ac5c5ec5685af0133262103defb427114e62eafeda12f1357a12140162"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:01491d8b4d8db9f3391d93b0df60701e644ff0894352947f31fff3e52bd5c801"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:fcf31facf2796a2d3b7fe338fe8640aa0166e4e55b4cb108dbfd1058049bf4cb"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7200fd561fb3be06827340da066df4311d0b6b8eb0c2116a110be5245dceb326"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:dc1636770a809dee2bd44dd74b89cc80eb41172bcad8af75dd0bc182c2666d4c"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:67a5def279309f2e23014b608c4150b0c2d323bd7bccd27ff07b001c12c2415c"},
-    {file = "pydantic_core-2.23.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:748bdf985014c6dd3e1e4cc3db90f1c3ecc7246ff5a3cd4ddab20c768b2f1dab"},
-    {file = "pydantic_core-2.23.3-cp312-none-win32.whl", hash = "sha256:255ec6dcb899c115f1e2a64bc9ebc24cc0e3ab097775755244f77360d1f3c06c"},
-    {file = "pydantic_core-2.23.3-cp312-none-win_amd64.whl", hash = "sha256:40b8441be16c1e940abebed83cd006ddb9e3737a279e339dbd6d31578b802f7b"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:6daaf5b1ba1369a22c8b050b643250e3e5efc6a78366d323294aee54953a4d5f"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d015e63b985a78a3d4ccffd3bdf22b7c20b3bbd4b8227809b3e8e75bc37f9cb2"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a3fc572d9b5b5cfe13f8e8a6e26271d5d13f80173724b738557a8c7f3a8a3791"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:f6bd91345b5163ee7448bee201ed7dd601ca24f43f439109b0212e296eb5b423"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fc379c73fd66606628b866f661e8785088afe2adaba78e6bbe80796baf708a63"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:fbdce4b47592f9e296e19ac31667daed8753c8367ebb34b9a9bd89dacaa299c9"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fc3cf31edf405a161a0adad83246568647c54404739b614b1ff43dad2b02e6d5"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:8e22b477bf90db71c156f89a55bfe4d25177b81fce4aa09294d9e805eec13855"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:0a0137ddf462575d9bce863c4c95bac3493ba8e22f8c28ca94634b4a1d3e2bb4"},
-    {file = "pydantic_core-2.23.3-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:203171e48946c3164fe7691fc349c79241ff8f28306abd4cad5f4f75ed80bc8d"},
-    {file = "pydantic_core-2.23.3-cp313-none-win32.whl", hash = "sha256:76bdab0de4acb3f119c2a4bff740e0c7dc2e6de7692774620f7452ce11ca76c8"},
-    {file = "pydantic_core-2.23.3-cp313-none-win_amd64.whl", hash = "sha256:37ba321ac2a46100c578a92e9a6aa33afe9ec99ffa084424291d84e456f490c1"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:d063c6b9fed7d992bcbebfc9133f4c24b7a7f215d6b102f3e082b1117cddb72c"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:6cb968da9a0746a0cf521b2b5ef25fc5a0bee9b9a1a8214e0a1cfaea5be7e8a4"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:edbefe079a520c5984e30e1f1f29325054b59534729c25b874a16a5048028d16"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:cbaaf2ef20d282659093913da9d402108203f7cb5955020bd8d1ae5a2325d1c4"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fb539d7e5dc4aac345846f290cf504d2fd3c1be26ac4e8b5e4c2b688069ff4cf"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7e6f33503c5495059148cc486867e1d24ca35df5fc064686e631e314d959ad5b"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:04b07490bc2f6f2717b10c3969e1b830f5720b632f8ae2f3b8b1542394c47a8e"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:03795b9e8a5d7fda05f3873efc3f59105e2dcff14231680296b87b80bb327295"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:c483dab0f14b8d3f0df0c6c18d70b21b086f74c87ab03c59250dbf6d3c89baba"},
-    {file = "pydantic_core-2.23.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:8b2682038e255e94baf2c473dca914a7460069171ff5cdd4080be18ab8a7fd6e"},
-    {file = "pydantic_core-2.23.3-cp38-none-win32.whl", hash = "sha256:f4a57db8966b3a1d1a350012839c6a0099f0898c56512dfade8a1fe5fb278710"},
-    {file = "pydantic_core-2.23.3-cp38-none-win_amd64.whl", hash = "sha256:13dd45ba2561603681a2676ca56006d6dee94493f03d5cadc055d2055615c3ea"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:82da2f4703894134a9f000e24965df73cc103e31e8c31906cc1ee89fde72cbd8"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:dd9be0a42de08f4b58a3cc73a123f124f65c24698b95a54c1543065baca8cf0e"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:89b731f25c80830c76fdb13705c68fef6a2b6dc494402987c7ea9584fe189f5d"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c6de1ec30c4bb94f3a69c9f5f2182baeda5b809f806676675e9ef6b8dc936f28"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:bb68b41c3fa64587412b104294b9cbb027509dc2f6958446c502638d481525ef"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1c3980f2843de5184656aab58698011b42763ccba11c4a8c35936c8dd6c7068c"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:94f85614f2cba13f62c3c6481716e4adeae48e1eaa7e8bac379b9d177d93947a"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:510b7fb0a86dc8f10a8bb43bd2f97beb63cffad1203071dc434dac26453955cd"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:1eba2f7ce3e30ee2170410e2171867ea73dbd692433b81a93758ab2de6c64835"},
-    {file = "pydantic_core-2.23.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:4b259fd8409ab84b4041b7b3f24dcc41e4696f180b775961ca8142b5b21d0e70"},
-    {file = "pydantic_core-2.23.3-cp39-none-win32.whl", hash = "sha256:40d9bd259538dba2f40963286009bf7caf18b5112b19d2b55b09c14dde6db6a7"},
-    {file = "pydantic_core-2.23.3-cp39-none-win_amd64.whl", hash = "sha256:5a8cd3074a98ee70173a8633ad3c10e00dcb991ecec57263aacb4095c5efb958"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:f399e8657c67313476a121a6944311fab377085ca7f490648c9af97fc732732d"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:6b5547d098c76e1694ba85f05b595720d7c60d342f24d5aad32c3049131fa5c4"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0dda0290a6f608504882d9f7650975b4651ff91c85673341789a476b1159f211"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:65b6e5da855e9c55a0c67f4db8a492bf13d8d3316a59999cfbaf98cc6e401961"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:09e926397f392059ce0afdcac920df29d9c833256354d0c55f1584b0b70cf07e"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:87cfa0ed6b8c5bd6ae8b66de941cece179281239d482f363814d2b986b79cedc"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:e61328920154b6a44d98cabcb709f10e8b74276bc709c9a513a8c37a18786cc4"},
-    {file = "pydantic_core-2.23.3-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:ce3317d155628301d649fe5e16a99528d5680af4ec7aa70b90b8dacd2d725c9b"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:e89513f014c6be0d17b00a9a7c81b1c426f4eb9224b15433f3d98c1a071f8433"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:4f62c1c953d7ee375df5eb2e44ad50ce2f5aff931723b398b8bc6f0ac159791a"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2718443bc671c7ac331de4eef9b673063b10af32a0bb385019ad61dcf2cc8f6c"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a0d90e08b2727c5d01af1b5ef4121d2f0c99fbee692c762f4d9d0409c9da6541"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2b676583fc459c64146debea14ba3af54e540b61762dfc0613dc4e98c3f66eeb"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:50e4661f3337977740fdbfbae084ae5693e505ca2b3130a6d4eb0f2281dc43b8"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:68f4cf373f0de6abfe599a38307f4417c1c867ca381c03df27c873a9069cda25"},
-    {file = "pydantic_core-2.23.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:59d52cf01854cb26c46958552a21acb10dd78a52aa34c86f284e66b209db8cab"},
-    {file = "pydantic_core-2.23.3.tar.gz", hash = "sha256:3cb0f65d8b4121c1b015c60104a685feb929a29d7cf204387c7f2688c7974690"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:b10bd51f823d891193d4717448fab065733958bdb6a6b351967bd349d48d5c9b"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:4fc714bdbfb534f94034efaa6eadd74e5b93c8fa6315565a222f7b6f42ca1166"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63e46b3169866bd62849936de036f901a9356e36376079b05efa83caeaa02ceb"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ed1a53de42fbe34853ba90513cea21673481cd81ed1be739f7f2efb931b24916"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:cfdd16ab5e59fc31b5e906d1a3f666571abc367598e3e02c83403acabc092e07"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:255a8ef062cbf6674450e668482456abac99a5583bbafb73f9ad469540a3a232"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4a7cd62e831afe623fbb7aabbb4fe583212115b3ef38a9f6b71869ba644624a2"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f09e2ff1f17c2b51f2bc76d1cc33da96298f0a036a137f5440ab3ec5360b624f"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:e38e63e6f3d1cec5a27e0afe90a085af8b6806ee208b33030e65b6516353f1a3"},
+    {file = "pydantic_core-2.23.4-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:0dbd8dbed2085ed23b5c04afa29d8fd2771674223135dc9bc937f3c09284d071"},
+    {file = "pydantic_core-2.23.4-cp310-none-win32.whl", hash = "sha256:6531b7ca5f951d663c339002e91aaebda765ec7d61b7d1e3991051906ddde119"},
+    {file = "pydantic_core-2.23.4-cp310-none-win_amd64.whl", hash = "sha256:7c9129eb40958b3d4500fa2467e6a83356b3b61bfff1b414c7361d9220f9ae8f"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:77733e3892bb0a7fa797826361ce8a9184d25c8dffaec60b7ffe928153680ba8"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1b84d168f6c48fabd1f2027a3d1bdfe62f92cade1fb273a5d68e621da0e44e6d"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:df49e7a0861a8c36d089c1ed57d308623d60416dab2647a4a17fe050ba85de0e"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ff02b6d461a6de369f07ec15e465a88895f3223eb75073ffea56b84d9331f607"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:996a38a83508c54c78a5f41456b0103c30508fed9abcad0a59b876d7398f25fd"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d97683ddee4723ae8c95d1eddac7c192e8c552da0c73a925a89fa8649bf13eea"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:216f9b2d7713eb98cb83c80b9c794de1f6b7e3145eef40400c62e86cee5f4e1e"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6f783e0ec4803c787bcea93e13e9932edab72068f68ecffdf86a99fd5918878b"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:d0776dea117cf5272382634bd2a5c1b6eb16767c223c6a5317cd3e2a757c61a0"},
+    {file = "pydantic_core-2.23.4-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:d5f7a395a8cf1621939692dba2a6b6a830efa6b3cee787d82c7de1ad2930de64"},
+    {file = "pydantic_core-2.23.4-cp311-none-win32.whl", hash = "sha256:74b9127ffea03643e998e0c5ad9bd3811d3dac8c676e47db17b0ee7c3c3bf35f"},
+    {file = "pydantic_core-2.23.4-cp311-none-win_amd64.whl", hash = "sha256:98d134c954828488b153d88ba1f34e14259284f256180ce659e8d83e9c05eaa3"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:f3e0da4ebaef65158d4dfd7d3678aad692f7666877df0002b8a522cdf088f231"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:f69a8e0b033b747bb3e36a44e7732f0c99f7edd5cea723d45bc0d6e95377ffee"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:723314c1d51722ab28bfcd5240d858512ffd3116449c557a1336cbe3919beb87"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:bb2802e667b7051a1bebbfe93684841cc9351004e2badbd6411bf357ab8d5ac8"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d18ca8148bebe1b0a382a27a8ee60350091a6ddaf475fa05ef50dc35b5df6327"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:33e3d65a85a2a4a0dc3b092b938a4062b1a05f3a9abde65ea93b233bca0e03f2"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:128585782e5bfa515c590ccee4b727fb76925dd04a98864182b22e89a4e6ed36"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:68665f4c17edcceecc112dfed5dbe6f92261fb9d6054b47d01bf6371a6196126"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:20152074317d9bed6b7a95ade3b7d6054845d70584216160860425f4fbd5ee9e"},
+    {file = "pydantic_core-2.23.4-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:9261d3ce84fa1d38ed649c3638feefeae23d32ba9182963e465d58d62203bd24"},
+    {file = "pydantic_core-2.23.4-cp312-none-win32.whl", hash = "sha256:4ba762ed58e8d68657fc1281e9bb72e1c3e79cc5d464be146e260c541ec12d84"},
+    {file = "pydantic_core-2.23.4-cp312-none-win_amd64.whl", hash = "sha256:97df63000f4fea395b2824da80e169731088656d1818a11b95f3b173747b6cd9"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:7530e201d10d7d14abce4fb54cfe5b94a0aefc87da539d0346a484ead376c3cc"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:df933278128ea1cd77772673c73954e53a1c95a4fdf41eef97c2b779271bd0bd"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0cb3da3fd1b6a5d0279a01877713dbda118a2a4fc6f0d821a57da2e464793f05"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:42c6dcb030aefb668a2b7009c85b27f90e51e6a3b4d5c9bc4c57631292015b0d"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:696dd8d674d6ce621ab9d45b205df149399e4bb9aa34102c970b721554828510"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2971bb5ffe72cc0f555c13e19b23c85b654dd2a8f7ab493c262071377bfce9f6"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8394d940e5d400d04cad4f75c0598665cbb81aecefaca82ca85bd28264af7f9b"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:0dff76e0602ca7d4cdaacc1ac4c005e0ce0dcfe095d5b5259163a80d3a10d327"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:7d32706badfe136888bdea71c0def994644e09fff0bfe47441deaed8e96fdbc6"},
+    {file = "pydantic_core-2.23.4-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:ed541d70698978a20eb63d8c5d72f2cc6d7079d9d90f6b50bad07826f1320f5f"},
+    {file = "pydantic_core-2.23.4-cp313-none-win32.whl", hash = "sha256:3d5639516376dce1940ea36edf408c554475369f5da2abd45d44621cb616f769"},
+    {file = "pydantic_core-2.23.4-cp313-none-win_amd64.whl", hash = "sha256:5a1504ad17ba4210df3a045132a7baeeba5a200e930f57512ee02909fc5c4cb5"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:d4488a93b071c04dc20f5cecc3631fc78b9789dd72483ba15d423b5b3689b555"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:81965a16b675b35e1d09dd14df53f190f9129c0202356ed44ab2728b1c905658"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4ffa2ebd4c8530079140dd2d7f794a9d9a73cbb8e9d59ffe24c63436efa8f271"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:61817945f2fe7d166e75fbfb28004034b48e44878177fc54d81688e7b85a3665"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:29d2c342c4bc01b88402d60189f3df065fb0dda3654744d5a165a5288a657368"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5e11661ce0fd30a6790e8bcdf263b9ec5988e95e63cf901972107efc49218b13"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9d18368b137c6295db49ce7218b1a9ba15c5bc254c96d7c9f9e924a9bc7825ad"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ec4e55f79b1c4ffb2eecd8a0cfba9955a2588497d96851f4c8f99aa4a1d39b12"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:374a5e5049eda9e0a44c696c7ade3ff355f06b1fe0bb945ea3cac2bc336478a2"},
+    {file = "pydantic_core-2.23.4-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:5c364564d17da23db1106787675fc7af45f2f7b58b4173bfdd105564e132e6fb"},
+    {file = "pydantic_core-2.23.4-cp38-none-win32.whl", hash = "sha256:d7a80d21d613eec45e3d41eb22f8f94ddc758a6c4720842dc74c0581f54993d6"},
+    {file = "pydantic_core-2.23.4-cp38-none-win_amd64.whl", hash = "sha256:5f5ff8d839f4566a474a969508fe1c5e59c31c80d9e140566f9a37bba7b8d556"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:a4fa4fc04dff799089689f4fd502ce7d59de529fc2f40a2c8836886c03e0175a"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:0a7df63886be5e270da67e0966cf4afbae86069501d35c8c1b3b6c168f42cb36"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dcedcd19a557e182628afa1d553c3895a9f825b936415d0dbd3cd0bbcfd29b4b"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5f54b118ce5de9ac21c363d9b3caa6c800341e8c47a508787e5868c6b79c9323"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:86d2f57d3e1379a9525c5ab067b27dbb8a0642fb5d454e17a9ac434f9ce523e3"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:de6d1d1b9e5101508cb37ab0d972357cac5235f5c6533d1071964c47139257df"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1278e0d324f6908e872730c9102b0112477a7f7cf88b308e4fc36ce1bdb6d58c"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:9a6b5099eeec78827553827f4c6b8615978bb4b6a88e5d9b93eddf8bb6790f55"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:e55541f756f9b3ee346b840103f32779c695a19826a4c442b7954550a0972040"},
+    {file = "pydantic_core-2.23.4-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:a5c7ba8ffb6d6f8f2ab08743be203654bb1aaa8c9dcb09f82ddd34eadb695605"},
+    {file = "pydantic_core-2.23.4-cp39-none-win32.whl", hash = "sha256:37b0fe330e4a58d3c58b24d91d1eb102aeec675a3db4c292ec3928ecd892a9a6"},
+    {file = "pydantic_core-2.23.4-cp39-none-win_amd64.whl", hash = "sha256:1498bec4c05c9c787bde9125cfdcc63a41004ff167f495063191b863399b1a29"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:f455ee30a9d61d3e1a15abd5068827773d6e4dc513e795f380cdd59932c782d5"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:1e90d2e3bd2c3863d48525d297cd143fe541be8bbf6f579504b9712cb6b643ec"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2e203fdf807ac7e12ab59ca2bfcabb38c7cf0b33c41efeb00f8e5da1d86af480"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e08277a400de01bc72436a0ccd02bdf596631411f592ad985dcee21445bd0068"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f220b0eea5965dec25480b6333c788fb72ce5f9129e8759ef876a1d805d00801"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:d06b0c8da4f16d1d1e352134427cb194a0a6e19ad5db9161bf32b2113409e728"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:ba1a0996f6c2773bd83e63f18914c1de3c9dd26d55f4ac302a7efe93fb8e7433"},
+    {file = "pydantic_core-2.23.4-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:9a5bce9d23aac8f0cf0836ecfc033896aa8443b501c58d0602dbfd5bd5b37753"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:78ddaaa81421a29574a682b3179d4cf9e6d405a09b99d93ddcf7e5239c742e21"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:883a91b5dd7d26492ff2f04f40fbb652de40fcc0afe07e8129e8ae779c2110eb"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:88ad334a15b32a791ea935af224b9de1bf99bcd62fabf745d5f3442199d86d59"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:233710f069d251feb12a56da21e14cca67994eab08362207785cf8c598e74577"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:19442362866a753485ba5e4be408964644dd6a09123d9416c54cd49171f50744"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:624e278a7d29b6445e4e813af92af37820fafb6dcc55c012c834f9e26f9aaaef"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:f5ef8f42bec47f21d07668a043f077d507e5bf4e668d5c6dfe6aaba89de1a5b8"},
+    {file = "pydantic_core-2.23.4-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:aea443fffa9fbe3af1a9ba721a87f926fe548d32cab71d188a6ede77d0ff244e"},
+    {file = "pydantic_core-2.23.4.tar.gz", hash = "sha256:2584f7cf844ac4d970fba483a717dbe10c1c1c96a969bf65d61ffe94df1b2863"},
 ]
 
 [package.dependencies]
@@ -4199,29 +4210,29 @@ pyasn1 = ">=0.1.3"
 
 [[package]]
 name = "ruff"
-version = "0.6.4"
+version = "0.6.7"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.6.4-py3-none-linux_armv6l.whl", hash = "sha256:c4b153fc152af51855458e79e835fb6b933032921756cec9af7d0ba2aa01a258"},
-    {file = "ruff-0.6.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:bedff9e4f004dad5f7f76a9d39c4ca98af526c9b1695068198b3bda8c085ef60"},
-    {file = "ruff-0.6.4-py3-none-macosx_11_0_arm64.whl", hash = "sha256:d02a4127a86de23002e694d7ff19f905c51e338c72d8e09b56bfb60e1681724f"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7862f42fc1a4aca1ea3ffe8a11f67819d183a5693b228f0bb3a531f5e40336fc"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:eebe4ff1967c838a1a9618a5a59a3b0a00406f8d7eefee97c70411fefc353617"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:932063a03bac394866683e15710c25b8690ccdca1cf192b9a98260332ca93408"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:50e30b437cebef547bd5c3edf9ce81343e5dd7c737cb36ccb4fe83573f3d392e"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c44536df7b93a587de690e124b89bd47306fddd59398a0fb12afd6133c7b3818"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0ea086601b22dc5e7693a78f3fcfc460cceabfdf3bdc36dc898792aba48fbad6"},
-    {file = "ruff-0.6.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b52387d3289ccd227b62102c24714ed75fbba0b16ecc69a923a37e3b5e0aaaa"},
-    {file = "ruff-0.6.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:0308610470fcc82969082fc83c76c0d362f562e2f0cdab0586516f03a4e06ec6"},
-    {file = "ruff-0.6.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:803b96dea21795a6c9d5bfa9e96127cc9c31a1987802ca68f35e5c95aed3fc0d"},
-    {file = "ruff-0.6.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:66dbfea86b663baab8fcae56c59f190caba9398df1488164e2df53e216248baa"},
-    {file = "ruff-0.6.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:34d5efad480193c046c86608dbba2bccdc1c5fd11950fb271f8086e0c763a5d1"},
-    {file = "ruff-0.6.4-py3-none-win32.whl", hash = "sha256:f0f8968feea5ce3777c0d8365653d5e91c40c31a81d95824ba61d871a11b8523"},
-    {file = "ruff-0.6.4-py3-none-win_amd64.whl", hash = "sha256:549daccee5227282289390b0222d0fbee0275d1db6d514550d65420053021a58"},
-    {file = "ruff-0.6.4-py3-none-win_arm64.whl", hash = "sha256:ac4b75e898ed189b3708c9ab3fc70b79a433219e1e87193b4f2b77251d058d14"},
-    {file = "ruff-0.6.4.tar.gz", hash = "sha256:ac3b5bfbee99973f80aa1b7cbd1c9cbce200883bdd067300c22a6cc1c7fba212"},
+    {file = "ruff-0.6.7-py3-none-linux_armv6l.whl", hash = "sha256:08277b217534bfdcc2e1377f7f933e1c7957453e8a79764d004e44c40db923f2"},
+    {file = "ruff-0.6.7-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:c6707a32e03b791f4448dc0dce24b636cbcdee4dd5607adc24e5ee73fd86c00a"},
+    {file = "ruff-0.6.7-py3-none-macosx_11_0_arm64.whl", hash = "sha256:533d66b7774ef224e7cf91506a7dafcc9e8ec7c059263ec46629e54e7b1f90ab"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:17a86aac6f915932d259f7bec79173e356165518859f94649d8c50b81ff087e9"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b3f8822defd260ae2460ea3832b24d37d203c3577f48b055590a426a722d50ef"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9ba4efe5c6dbbb58be58dd83feedb83b5e95c00091bf09987b4baf510fee5c99"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:525201b77f94d2b54868f0cbe5edc018e64c22563da6c5c2e5c107a4e85c1c0d"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:8854450839f339e1049fdbe15d875384242b8e85d5c6947bb2faad33c651020b"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2f0b62056246234d59cbf2ea66e84812dc9ec4540518e37553513392c171cb18"},
+    {file = "ruff-0.6.7-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6b1462fa56c832dc0cea5b4041cfc9c97813505d11cce74ebc6d1aae068de36b"},
+    {file = "ruff-0.6.7-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:02b083770e4cdb1495ed313f5694c62808e71764ec6ee5db84eedd82fd32d8f5"},
+    {file = "ruff-0.6.7-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:0c05fd37013de36dfa883a3854fae57b3113aaa8abf5dea79202675991d48624"},
+    {file = "ruff-0.6.7-py3-none-musllinux_1_2_i686.whl", hash = "sha256:f49c9caa28d9bbfac4a637ae10327b3db00f47d038f3fbb2195c4d682e925b14"},
+    {file = "ruff-0.6.7-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:a0e1655868164e114ba43a908fd2d64a271a23660195017c17691fb6355d59bb"},
+    {file = "ruff-0.6.7-py3-none-win32.whl", hash = "sha256:a939ca435b49f6966a7dd64b765c9df16f1faed0ca3b6f16acdf7731969deb35"},
+    {file = "ruff-0.6.7-py3-none-win_amd64.whl", hash = "sha256:590445eec5653f36248584579c06252ad2e110a5d1f32db5420de35fb0e1c977"},
+    {file = "ruff-0.6.7-py3-none-win_arm64.whl", hash = "sha256:b28f0d5e2f771c1fe3c7a45d3f53916fc74a480698c4b5731f0bea61e52137c8"},
+    {file = "ruff-0.6.7.tar.gz", hash = "sha256:44e52129d82266fa59b587e2cd74def5637b730a69c4542525dfdecfaae38bd5"},
 ]
 
 [[package]]
@@ -4260,13 +4271,13 @@ django-query = ["django (>=3.2)"]
 
 [[package]]
 name = "selenium"
-version = "4.24.0"
+version = "4.25.0"
 description = "Official Python bindings for Selenium WebDriver"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "selenium-4.24.0-py3-none-any.whl", hash = "sha256:42c23f60753d5415b261b236cecbd69bd4eb5271e1563915f546b443cb6b71c6"},
-    {file = "selenium-4.24.0.tar.gz", hash = "sha256:88281e5b5b90fe231868905d5ea745b9ee5e30db280b33498cc73fb0fa06d571"},
+    {file = "selenium-4.25.0-py3-none-any.whl", hash = "sha256:3798d2d12b4a570bc5790163ba57fef10b2afee958bf1d80f2a3cf07c4141f33"},
+    {file = "selenium-4.25.0.tar.gz", hash = "sha256:95d08d3b82fb353f3c474895154516604c7f0e6a9a565ae6498ef36c9bac6921"},
 ]
 
 [package.dependencies]
@@ -4656,13 +4667,13 @@ wsproto = ">=0.14"
 
 [[package]]
 name = "twilio"
-version = "9.3.0"
+version = "9.3.1"
 description = "Twilio API client and TwiML generator"
 optional = false
 python-versions = ">=3.7.0"
 files = [
-    {file = "twilio-9.3.0-py2.py3-none-any.whl", hash = "sha256:01e6cbc6d7eaf02918250918140cc764866d62b048a5732c097b12ab5ed4560e"},
-    {file = "twilio-9.3.0.tar.gz", hash = "sha256:538b260ab464cdfd8e7dc890337ef581fd59ceac92de9f58a678db93474323f4"},
+    {file = "twilio-9.3.1-py2.py3-none-any.whl", hash = "sha256:48c714e5a1340a3d9001d6c9ccd107434c340ff94a5bc1bfb2473d3dc33f5051"},
+    {file = "twilio-9.3.1.tar.gz", hash = "sha256:bd754371353855438a8cf0c38f54580d474afe9655af2d81edb6dbabd8d785c4"},
 ]
 
 [package.dependencies]

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "authentik"
-version = "2024.8.1"
+version = "2024.8.2"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2024.8.1
+  version: 2024.8.2
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io
@@ -290,6 +290,64 @@ paths:
               schema:
                 $ref: '#/components/schemas/GenericError'
           description: ''
+  /analytics/data/:
+    get:
+      operationId: analytics_data_list
+      description: Read-only view of analytics descriptions
+      tags:
+      - analytics
+      security:
+      - authentik: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AnalyticsData'
+          description: ''
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ValidationError'
+          description: ''
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GenericError'
+          description: ''
+  /analytics/description/:
+    get:
+      operationId: analytics_description_list
+      description: Read-only view of analytics descriptions
+      tags:
+      - analytics
+      security:
+      - authentik: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/AnalyticsDescription'
+          description: ''
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ValidationError'
+          description: ''
+        '403':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GenericError'
+          description: ''
   /authenticators/admin/all/:
     get:
       operationId: authenticators_admin_all_list
@@ -11502,6 +11560,7 @@ paths:
           type: string
           nullable: true
           enum:
+          - analytics_sent
           - authorize_application
           - configuration_error
           - custom_
@@ -35758,6 +35817,25 @@ components:
       - rsa
       - ecdsa
       type: string
+    AnalyticsData:
+      type: object
+      properties:
+        data:
+          type: object
+          additionalProperties: {}
+      required:
+      - data
+    AnalyticsDescription:
+      type: object
+      description: Base serializer class which doesn't implement create/update methods
+      properties:
+        label:
+          type: string
+        desc:
+          type: string
+      required:
+      - desc
+      - label
     App:
       type: object
       description: Serialize Application info
@@ -35773,6 +35851,7 @@ components:
       enum:
       - authentik.tenants
       - authentik.admin
+      - authentik.analytics
       - authentik.api
       - authentik.crypto
       - authentik.flows
@@ -38960,6 +39039,7 @@ components:
       - model_updated
       - model_deleted
       - email_sent
+      - analytics_sent
       - update_available
       - custom_
       type: string
@@ -47361,6 +47441,13 @@ components:
           maximum: 2147483647
           minimum: 1
           description: Default token length
+        analytics_enabled:
+          type: boolean
+        analytics_sources:
+          type: array
+          items:
+            type: string
+            minLength: 1
     PatchedSourceStageRequest:
       type: object
       description: SourceStage Serializer
@@ -51001,6 +51088,23 @@ components:
           maximum: 2147483647
           minimum: 1
           description: Default token length
+        analytics_enabled:
+          type: boolean
+        analytics_sources:
+          type: array
+          items:
+            type: string
+        analytics_sources_obj:
+          type: array
+          items:
+            type: array
+            items:
+              type: string
+            minLength: 2
+            maxLength: 2
+          readOnly: true
+      required:
+      - analytics_sources_obj
     SettingsRequest:
       type: object
       description: Settings Serializer
@@ -51041,6 +51145,13 @@ components:
           maximum: 2147483647
           minimum: 1
           description: Default token length
+        analytics_enabled:
+          type: boolean
+        analytics_sources:
+          type: array
+          items:
+            type: string
+            minLength: 1
     SeverityEnum:
       enum:
       - notice

tests/wdio/.eslintignore

@@ -1,4 +0,0 @@
-# don't ever lint node_modules
-node_modules
-# don't lint nyc coverage output
-coverage

tests/wdio/.eslintrc.json

@@ -1,29 +0,0 @@
-{
-    "env": {
-        "browser": true,
-        "es2021": true
-    },
-    "extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-        "ecmaVersion": 12,
-        "sourceType": "module"
-    },
-    "plugins": ["@typescript-eslint"],
-    "rules": {
-        "indent": "off",
-        "linebreak-style": ["error", "unix"],
-        "quotes": ["error", "double", { "avoidEscape": true }],
-        "semi": ["error", "always"],
-        "@typescript-eslint/ban-ts-comment": "off",
-        "no-unused-vars": "off",
-        "@typescript-eslint/no-unused-vars": [
-            "error",
-            {
-                "argsIgnorePattern": "^_",
-                "varsIgnorePattern": "^_",
-                "caughtErrorsIgnorePattern": "^_"
-            }
-        ]
-    }
-}

tests/wdio/.eslintrc.precommit.json

@@ -1,26 +0,0 @@
-{
-    "env": {
-        "browser": true,
-        "es2021": true
-    },
-    "extends": [
-        "eslint:recommended",
-        "plugin:@typescript-eslint/recommended",
-        "plugin:sonarjs/recommended"
-    ],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-        "ecmaVersion": 12,
-        "sourceType": "module"
-    },
-    "plugins": ["@typescript-eslint", "sonarjs"],
-    "rules": {
-        "indent": "off",
-        "linebreak-style": ["error", "unix"],
-        "quotes": ["error", "double", { "avoidEscape": true }],
-        "semi": ["error", "always"],
-        "@typescript-eslint/ban-ts-comment": "off",
-        "sonarjs/cognitive-complexity": ["error", 9],
-        "sonarjs/no-nested-template-literals": "off"
-    }
-}

tests/wdio/eslint.config.mjs

@@ -0,0 +1,84 @@
+import eslint from "@eslint/js";
+import tsparser from "@typescript-eslint/parser";
+import litconf from "eslint-plugin-lit";
+import wcconf from "eslint-plugin-wc";
+import globals from "globals";
+import tseslint from "typescript-eslint";
+
+export default [
+    // You would not believe how much this change has frustrated users: ["if an ignores key is used
+    // without any other keys in the configuration object, then the patterns act as global
+    // ignores"](https://eslint.org/docs/latest/use/configure/ignore)
+    {
+        ignores: [
+            "dist/",
+            // don't lint the cache
+            ".wireit/",
+            // let packages have their own configurations
+            "packages/",
+            // don't ever lint node_modules
+            "node_modules/",
+            ".storybook/*",
+            // don't lint build output (make sure it's set to your correct build folder name)
+            // don't lint nyc coverage output
+            "coverage/",
+            "src/locale-codes.ts",
+            "storybook-static/",
+            "src/locales/",
+        ],
+    },
+    eslint.configs.recommended,
+    wcconf.configs["flat/recommended"],
+    litconf.configs["flat/recommended"],
+    ...tseslint.configs.recommended,
+    {
+        languageOptions: {
+            parser: tsparser,
+            parserOptions: {
+                ecmaVersion: 12,
+                sourceType: "module",
+            },
+        },
+        files: ["src/**"],
+        rules: {
+            "no-unused-vars": "off",
+            "no-console": ["error", { allow: ["debug", "warn", "error"] }],
+            "@typescript-eslint/ban-ts-comment": "off",
+            "@typescript-eslint/no-unused-vars": [
+                "error",
+                {
+                    argsIgnorePattern: "^_",
+                    varsIgnorePattern: "^_",
+                    caughtErrorsIgnorePattern: "^_",
+                },
+            ],
+        },
+    },
+    {
+        languageOptions: {
+            parser: tsparser,
+            parserOptions: {
+                ecmaVersion: 12,
+                sourceType: "module",
+            },
+            globals: {
+                ...globals.nodeBuiltin,
+            },
+        },
+        files: ["scripts/*.mjs", "*.ts", "*.mjs"],
+        rules: {
+            "no-unused-vars": "off",
+            // We WANT our scripts to output to the console!
+            "no-console": "off",
+            "@typescript-eslint/ban-ts-comment": "off",
+            "@typescript-eslint/no-unused-vars": [
+                "error",
+                {
+                    argsIgnorePattern: "^_",
+                    varsIgnorePattern: "^_",
+                    caughtErrorsIgnorePattern: "^_",
+                },
+            ],
+        },
+    },
+];

tests/wdio/package.json

@@ -1,25 +1,27 @@
 {
     "name": "@goauthentik/web-tests",
     "dependencies": {
-        "chromedriver": "^128.0.3",
+        "chromedriver": "^129.0.0",
         "lockfile-lint": "^4.14.0",
         "syncpack": "^13.0.0"
     },
     "devDependencies": {
+        "@eslint/js": "^9.11.1",
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
         "@types/mocha": "^10.0.8",
-        "@typescript-eslint/eslint-plugin": "^7.17.0",
-        "@typescript-eslint/parser": "^7.17.0",
+        "@typescript-eslint/eslint-plugin": "^8.7.0",
+        "@typescript-eslint/parser": "^8.7.0",
         "@wdio/cli": "^9.0.3",
         "@wdio/local-runner": "^9.0.1",
-        "@wdio/mocha-framework": "^8.40.2",
-        "@wdio/spec-reporter": "^8.39.0",
-        "eslint": "^8.57.0",
-        "eslint-config-google": "^0.14.0",
-        "eslint-plugin-sonarjs": "^1.0.3",
+        "@wdio/mocha-framework": "^9.0.8",
+        "@wdio/spec-reporter": "^9.0.8",
+        "eslint-plugin-lit": "^1.14.0",
+        "eslint-plugin-sonarjs": "^2.0.2",
+        "eslint-plugin-wc": "^2.1.0",
+        "eslint": "^9.11.1",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.3.3",
-        "ts-node": "^10.9.2",
+        "typescript-eslint": "^8.7.0",
         "typescript": "^5.6.2",
         "wdio-wait-for": "^3.0.11"
     },

tests/wdio/test/pageobjects/forms/ldap.form.ts

@@ -1,7 +1,7 @@
 import Page from "../page.js";
 
 export class LdapForm extends Page {
-    async setBindFlow(_selector: string) {
+    async setBindFlow() {
         await this.searchSelect(
             'ak-search-select-view[name="authorizationFlow"]',
             "authorizationFlow",

tests/wdio/wdio.conf.ts

@@ -1,19 +1,11 @@
-import type { Options } from "@wdio/types";
-
-export const config: Options.Testrunner = {
+export const config: WebdriverIO.Config = {
     //
     // ====================
     // Runner Configuration
     // ====================
     // WebdriverIO supports running e2e tests as well as unit and component tests.
     runner: "local",
-    autoCompileOpts: {
-        autoCompile: true,
-        tsNodeOpts: {
-            project: "./tsconfig.json",
-            transpileOnly: true,
-        },
-    },
+    tsConfigPath: "./tsconfig.json",
 
     //
     // ==================

web/.eslintrc.precommit.json

@@ -1,30 +0,0 @@
-{
-    "env": {
-        "browser": true,
-        "es2021": true
-    },
-    "extends": [
-        "eslint:recommended",
-        "plugin:@typescript-eslint/recommended",
-        "plugin:lit/recommended",
-        "plugin:custom-elements/recommended",
-        "plugin:storybook/recommended",
-        "plugin:sonarjs/recommended"
-    ],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-        "ecmaVersion": 12,
-        "sourceType": "module"
-    },
-    "plugins": ["@typescript-eslint", "lit", "custom-elements", "sonarjs"],
-    "rules": {
-        "indent": "off",
-        "linebreak-style": ["error", "unix"],
-        "quotes": ["error", "double", { "avoidEscape": true }],
-        "semi": ["error", "always"],
-        "@typescript-eslint/ban-ts-comment": "off",
-        "sonarjs/cognitive-complexity": ["warn", 9],
-        "sonarjs/no-duplicate-string": "off",
-        "sonarjs/no-nested-template-literals": "off"
-    }
-}

web/package.json

@@ -8,10 +8,10 @@
         "@codemirror/lang-xml": "^6.1.0",
         "@codemirror/legacy-modes": "^6.4.1",
         "@codemirror/theme-one-dark": "^6.1.2",
-        "@floating-ui/dom": "^1.6.9",
+        "@floating-ui/dom": "^1.6.11",
         "@formatjs/intl-listformat": "^7.5.7",
         "@fortawesome/fontawesome-free": "^6.6.0",
-        "@goauthentik/api": "^2024.8.1-1725752132",
+        "@goauthentik/api": "^2024.8.2-1726491792",
         "@lit/context": "^1.1.2",
         "@lit/localize": "^0.12.2",
         "@lit/reactive-element": "^2.0.4",
@@ -19,7 +19,7 @@
         "@open-wc/lit-helpers": "^0.7.0",
         "@patternfly/elements": "^4.0.1",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^8.30.0",
+        "@sentry/browser": "^8.31.0",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
         "chart.js": "^4.4.4",
@@ -32,8 +32,8 @@
         "guacamole-common-js": "^1.5.0",
         "lit": "^3.2.0",
         "md-front-matter": "^1.0.4",
-        "mermaid": "^11.2.0",
-        "rapidoc": "^9.3.4",
+        "mermaid": "^11.2.1",
+        "rapidoc": "^9.3.6",
         "showdown": "^2.1.0",
         "style-mod": "^4.1.2",
         "ts-pattern": "^5.3.1",
@@ -51,49 +51,48 @@
         "@babel/preset-typescript": "^7.24.7",
         "@changesets/cli": "^2.27.8",
         "@custom-elements-manifest/analyzer": "^0.10.2",
-        "@eslint/js": "^9.10.0",
+        "@eslint/js": "^9.11.1",
         "@genesiscommunitysuccess/custom-elements-lsp": "^5.0.3",
         "@hcaptcha/types": "^1.0.4",
         "@jeysal/storybook-addon-css-user-preferences": "^0.2.0",
         "@lit/localize-tools": "^0.8.0",
-        "@rollup/plugin-replace": "^5.0.7",
+        "@rollup/plugin-replace": "^6.0.1",
         "@spotlightjs/spotlight": "^2.4.1",
-        "@storybook/addon-essentials": "^8.3.0",
-        "@storybook/addon-links": "^8.3.0",
+        "@storybook/addon-essentials": "^8.3.3",
+        "@storybook/addon-links": "^8.3.3",
         "@storybook/api": "^7.6.17",
         "@storybook/blocks": "^8.0.8",
-        "@storybook/manager-api": "^8.3.0",
-        "@storybook/web-components": "^8.3.0",
-        "@storybook/web-components-vite": "^8.3.0",
+        "@storybook/manager-api": "^8.3.3",
+        "@storybook/web-components": "^8.3.3",
+        "@storybook/web-components-vite": "^8.3.3",
         "@trivago/prettier-plugin-sort-imports": "^4.3.0",
         "@types/chart.js": "^2.9.41",
         "@types/codemirror": "5.60.15",
         "@types/eslint__js": "^8.42.3",
         "@types/grecaptcha": "^3.0.9",
         "@types/guacamole-common-js": "1.5.2",
-        "@types/node": "^22.5.4",
+        "@types/node": "^22.6.1",
         "@types/showdown": "^2.0.6",
-        "@typescript-eslint/eslint-plugin": "^8.0.1",
-        "@typescript-eslint/parser": "^8.0.1",
-        "@wdio/browser-runner": "^8.40.2",
-        "@wdio/cli": "^8.40.2",
-        "@wdio/mocha-framework": "^8.40.2",
-        "@wdio/spec-reporter": "^8.36.1",
+        "@typescript-eslint/eslint-plugin": "^8.7.0",
+        "@typescript-eslint/parser": "^8.7.0",
+        "@wdio/browser-runner": "^9.0.9",
+        "@wdio/cli": "^9.0.9",
+        "@wdio/mocha-framework": "^9.0.8",
+        "@wdio/spec-reporter": "^9.0.8",
         "babel-plugin-macros": "^3.1.0",
         "babel-plugin-tsconfig-paths": "^1.0.3",
-        "chokidar": "^4.0.0",
+        "chokidar": "^4.0.1",
         "cross-env": "^7.0.3",
-        "esbuild": "^0.23.1",
-        "eslint": "^9.8.0",
+        "esbuild": "^0.24.0",
+        "eslint": "^9.11.1",
         "eslint-plugin-lit": "^1.14.0",
-        "eslint-plugin-sonarjs": "^1.0.4",
+        "eslint-plugin-sonarjs": "^2.0.2",
         "eslint-plugin-wc": "^2.1.0",
         "github-slugger": "^2.0.0",
         "glob": "^11.0.0",
         "globals": "^15.9.0",
-        "knip": "^5.30.1",
+        "knip": "^5.30.5",
         "lit-analyzer": "^2.0.3",
-        "lockfile-lint": "^4.14.0",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.3.3",
         "pseudolocale": "^2.1.0",
@@ -109,7 +108,7 @@
         "tslib": "^2.7.0",
         "turnstile-types": "^1.2.2",
         "typescript": "^5.6.2",
-        "typescript-eslint": "^8.5.0",
+        "typescript-eslint": "^8.7.0",
         "vite-tsconfig-paths": "^5.0.1",
         "wdio-wait-for": "^3.0.11",
         "wireit": "^0.14.9"
@@ -119,12 +118,12 @@
     },
     "license": "MIT",
     "optionalDependencies": {
-        "@esbuild/darwin-arm64": "^0.23.0",
+        "@esbuild/darwin-arm64": "^0.24.0",
         "@esbuild/linux-amd64": "^0.18.11",
-        "@esbuild/linux-arm64": "^0.23.0",
-        "@rollup/rollup-darwin-arm64": "4.21.3",
-        "@rollup/rollup-linux-arm64-gnu": "4.21.3",
-        "@rollup/rollup-linux-x64-gnu": "4.21.3"
+        "@esbuild/linux-arm64": "^0.24.0",
+        "@rollup/rollup-darwin-arm64": "4.22.4",
+        "@rollup/rollup-linux-arm64-gnu": "4.22.4",
+        "@rollup/rollup-linux-x64-gnu": "4.22.4"
     },
     "private": true,
     "scripts": {
@@ -262,7 +261,9 @@
             ]
         },
         "lint:lockfile": {
-            "command": "lockfile-lint --path package.json --type npm --allowed-hosts npm --validate-https"
+            "__comment": "The lockfile-lint package does not have an option to ensure resolved hashes are set everywhere",
+            "shell": true,
+            "command": "[ -z \"$(jq -r '.packages | to_entries[] | select((.key | startswith(\"node_modules\")) and (.value | has(\"resolved\") | not)) | .key' < package-lock.json)\" ]"
         },
         "lint:lockfiles": {
             "dependencies": [

web/packages/sfe/package.json

@@ -10,8 +10,8 @@
         "weakmap-polyfill": "^2.0.4"
     },
     "devDependencies": {
-        "@rollup/plugin-commonjs": "^26.0.1",
-        "@rollup/plugin-node-resolve": "^15.2.3",
+        "@rollup/plugin-commonjs": "^28.0.0",
+        "@rollup/plugin-node-resolve": "^15.3.0",
         "@rollup/plugin-swc": "^0.4.0",
         "@swc/cli": "^0.4.0",
         "@swc/core": "^1.7.26",
@@ -19,7 +19,7 @@
         "@types/jquery": "^3.5.30",
         "lockfile-lint": "^4.14.0",
         "prettier": "^3.3.2",
-        "rollup": "^4.21.3",
+        "rollup": "^4.22.4",
         "rollup-plugin-copy": "^3.5.0",
         "wireit": "^0.14.9"
     },

web/sfe/package-lock.json

@@ -17,13 +17,13 @@
                 "weakmap-polyfill": "^2.0.4"
             },
             "devDependencies": {
-                "@rollup/plugin-commonjs": "^26.0.1",
-                "@rollup/plugin-node-resolve": "^15.2.3",
+                "@rollup/plugin-commonjs": "^28.0.0",
+                "@rollup/plugin-node-resolve": "^15.3.0",
                 "@rollup/plugin-swc": "^0.4.0",
                 "@swc/cli": "^0.4.0",
                 "@swc/core": "^1.7.26",
                 "@types/jquery": "^3.5.30",
-                "rollup": "^4.21.3",
+                "rollup": "^4.22.4",
                 "rollup-plugin-copy": "^3.5.0"
             }
         },
@@ -32,23 +32,6 @@
             "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.6.3-1724414734.tgz",
             "integrity": "sha512-2fLKwOh2Znc/unD8Q2U4G0g5QFM4jVqC95e5VRWWVnzp3xB7JWfEDBcRdwyv5PxCdmjBUkvbiul0kiuRwqBf4w=="
         },
-        "node_modules/@isaacs/cliui": {
-            "version": "8.0.2",
-            "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
-            "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
-            "dev": true,
-            "dependencies": {
-                "string-width": "^5.1.2",
-                "string-width-cjs": "npm:string-width@^4.2.0",
-                "strip-ansi": "^7.0.1",
-                "strip-ansi-cjs": "npm:strip-ansi@^6.0.1",
-                "wrap-ansi": "^8.1.0",
-                "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0"
-            },
-            "engines": {
-                "node": ">=12"
-            }
-        },
         "node_modules/@jridgewell/sourcemap-codec": {
             "version": "1.4.15",
             "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
@@ -109,28 +92,19 @@
                 "node": ">= 8"
             }
         },
-        "node_modules/@pkgjs/parseargs": {
-            "version": "0.11.0",
-            "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
-            "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
-            "dev": true,
-            "optional": true,
-            "engines": {
-                "node": ">=14"
-            }
-        },
         "node_modules/@rollup/plugin-commonjs": {
-            "version": "26.0.1",
-            "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-26.0.1.tgz",
-            "integrity": "sha512-UnsKoZK6/aGIH6AdkptXhNvhaqftcjq3zZdT+LY5Ftms6JR06nADcDsYp5hTU9E2lbJUEOhdlY5J4DNTneM+jQ==",
+            "version": "28.0.0",
+            "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-28.0.0.tgz",
+            "integrity": "sha512-BJcu+a+Mpq476DMXG+hevgPSl56bkUoi88dKT8t3RyUp8kGuOh+2bU8Gs7zXDlu+fyZggnJ+iOBGrb/O1SorYg==",
             "dev": true,
             "dependencies": {
                 "@rollup/pluginutils": "^5.0.1",
                 "commondir": "^1.0.1",
                 "estree-walker": "^2.0.2",
-                "glob": "^10.4.1",
+                "fdir": "^6.1.1",
                 "is-reference": "1.2.1",
-                "magic-string": "^0.30.3"
+                "magic-string": "^0.30.3",
+                "picomatch": "^2.3.1"
             },
             "engines": {
                 "node": ">=16.0.0 || 14 >= 14.17"
@@ -144,39 +118,27 @@
                 }
             }
         },
-        "node_modules/@rollup/plugin-commonjs/node_modules/glob": {
-            "version": "10.4.2",
-            "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.2.tgz",
-            "integrity": "sha512-GwMlUF6PkPo3Gk21UxkCohOv0PLcIXVtKyLlpEI28R/cO/4eNOdmLk3CMW1wROV/WR/EsZOWAfBbBOqYvs88/w==",
+        "node_modules/@rollup/plugin-commonjs/node_modules/picomatch": {
+            "version": "2.3.1",
+            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+            "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
             "dev": true,
-            "dependencies": {
-                "foreground-child": "^3.1.0",
-                "jackspeak": "^3.1.2",
-                "minimatch": "^9.0.4",
-                "minipass": "^7.1.2",
-                "package-json-from-dist": "^1.0.0",
-                "path-scurry": "^1.11.1"
-            },
-            "bin": {
-                "glob": "dist/esm/bin.mjs"
-            },
             "engines": {
-                "node": ">=16 || 14 >=14.18"
+                "node": ">=8.6"
             },
             "funding": {
-                "url": "https://github.com/sponsors/isaacs"
+                "url": "https://github.com/sponsors/jonschlinkert"
             }
         },
         "node_modules/@rollup/plugin-node-resolve": {
-            "version": "15.2.3",
-            "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-15.2.3.tgz",
-            "integrity": "sha512-j/lym8nf5E21LwBT4Df1VD6hRO2L2iwUeUmP7litikRsVp1H6NWx20NEp0Y7su+7XGc476GnXXc4kFeZNGmaSQ==",
+            "version": "15.3.0",
+            "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-15.3.0.tgz",
+            "integrity": "sha512-9eO5McEICxMzJpDW9OnMYSv4Sta3hmt7VtBFz5zR9273suNOydOyq/FrGeGy+KsTRFm8w0SLVhzig2ILFT63Ag==",
             "dev": true,
             "dependencies": {
                 "@rollup/pluginutils": "^5.0.1",
                 "@types/resolve": "1.20.2",
                 "deepmerge": "^4.2.2",
-                "is-builtin-module": "^3.2.1",
                 "is-module": "^1.0.0",
                 "resolve": "^1.22.1"
             },
@@ -236,10 +198,22 @@
                 }
             }
         },
+        "node_modules/@rollup/pluginutils/node_modules/picomatch": {
+            "version": "2.3.1",
+            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+            "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+            "dev": true,
+            "engines": {
+                "node": ">=8.6"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/jonschlinkert"
+            }
+        },
         "node_modules/@rollup/rollup-android-arm-eabi": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.21.3.tgz",
-            "integrity": "sha512-MmKSfaB9GX+zXl6E8z4koOr/xU63AMVleLEa64v7R0QF/ZloMs5vcD1sHgM64GXXS1csaJutG+ddtzcueI/BLg==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.22.4.tgz",
+            "integrity": "sha512-Fxamp4aEZnfPOcGA8KSNEohV8hX7zVHOemC8jVBoBUHu5zpJK/Eu3uJwt6BMgy9fkvzxDaurgj96F/NiLukF2w==",
             "cpu": [
                 "arm"
             ],
@@ -250,9 +224,9 @@
             ]
         },
         "node_modules/@rollup/rollup-android-arm64": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.21.3.tgz",
-            "integrity": "sha512-zrt8ecH07PE3sB4jPOggweBjJMzI1JG5xI2DIsUbkA+7K+Gkjys6eV7i9pOenNSDJH3eOr/jLb/PzqtmdwDq5g==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.22.4.tgz",
+            "integrity": "sha512-VXoK5UMrgECLYaMuGuVTOx5kcuap1Jm8g/M83RnCHBKOqvPPmROFJGQaZhGccnsFtfXQ3XYa4/jMCJvZnbJBdA==",
             "cpu": [
                 "arm64"
             ],
@@ -263,9 +237,9 @@
             ]
         },
         "node_modules/@rollup/rollup-darwin-arm64": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.21.3.tgz",
-            "integrity": "sha512-P0UxIOrKNBFTQaXTxOH4RxuEBVCgEA5UTNV6Yz7z9QHnUJ7eLX9reOd/NYMO3+XZO2cco19mXTxDMXxit4R/eQ==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.22.4.tgz",
+            "integrity": "sha512-xMM9ORBqu81jyMKCDP+SZDhnX2QEVQzTcC6G18KlTQEzWK8r/oNZtKuZaCcHhnsa6fEeOBionoyl5JsAbE/36Q==",
             "cpu": [
                 "arm64"
             ],
@@ -276,9 +250,9 @@
             ]
         },
         "node_modules/@rollup/rollup-darwin-x64": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.21.3.tgz",
-            "integrity": "sha512-L1M0vKGO5ASKntqtsFEjTq/fD91vAqnzeaF6sfNAy55aD+Hi2pBI5DKwCO+UNDQHWsDViJLqshxOahXyLSh3EA==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.22.4.tgz",
+            "integrity": "sha512-aJJyYKQwbHuhTUrjWjxEvGnNNBCnmpHDvrb8JFDbeSH3m2XdHcxDd3jthAzvmoI8w/kSjd2y0udT+4okADsZIw==",
             "cpu": [
                 "x64"
             ],
@@ -289,9 +263,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.21.3.tgz",
-            "integrity": "sha512-btVgIsCjuYFKUjopPoWiDqmoUXQDiW2A4C3Mtmp5vACm7/GnyuprqIDPNczeyR5W8rTXEbkmrJux7cJmD99D2g==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.22.4.tgz",
+            "integrity": "sha512-j63YtCIRAzbO+gC2L9dWXRh5BFetsv0j0va0Wi9epXDgU/XUi5dJKo4USTttVyK7fGw2nPWK0PbAvyliz50SCQ==",
             "cpu": [
                 "arm"
             ],
@@ -302,9 +276,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.21.3.tgz",
-            "integrity": "sha512-zmjbSphplZlau6ZTkxd3+NMtE4UKVy7U4aVFMmHcgO5CUbw17ZP6QCgyxhzGaU/wFFdTfiojjbLG3/0p9HhAqA==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.22.4.tgz",
+            "integrity": "sha512-dJnWUgwWBX1YBRsuKKMOlXCzh2Wu1mlHzv20TpqEsfdZLb3WoJW2kIEsGwLkroYf24IrPAvOT/ZQ2OYMV6vlrg==",
             "cpu": [
                 "arm"
             ],
@@ -315,9 +289,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-arm64-gnu": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.21.3.tgz",
-            "integrity": "sha512-nSZfcZtAnQPRZmUkUQwZq2OjQciR6tEoJaZVFvLHsj0MF6QhNMg0fQ6mUOsiCUpTqxTx0/O6gX0V/nYc7LrgPw==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.22.4.tgz",
+            "integrity": "sha512-AdPRoNi3NKVLolCN/Sp4F4N1d98c4SBnHMKoLuiG6RXgoZ4sllseuGioszumnPGmPM2O7qaAX/IJdeDU8f26Aw==",
             "cpu": [
                 "arm64"
             ],
@@ -328,9 +302,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-arm64-musl": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.21.3.tgz",
-            "integrity": "sha512-MnvSPGO8KJXIMGlQDYfvYS3IosFN2rKsvxRpPO2l2cum+Z3exiExLwVU+GExL96pn8IP+GdH8Tz70EpBhO0sIQ==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.22.4.tgz",
+            "integrity": "sha512-Gl0AxBtDg8uoAn5CCqQDMqAx22Wx22pjDOjBdmG0VIWX3qUBHzYmOKh8KXHL4UpogfJ14G4wk16EQogF+v8hmA==",
             "cpu": [
                 "arm64"
             ],
@@ -341,9 +315,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-powerpc64le-gnu": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.21.3.tgz",
-            "integrity": "sha512-+W+p/9QNDr2vE2AXU0qIy0qQE75E8RTwTwgqS2G5CRQ11vzq0tbnfBd6brWhS9bCRjAjepJe2fvvkvS3dno+iw==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.22.4.tgz",
+            "integrity": "sha512-3aVCK9xfWW1oGQpTsYJJPF6bfpWfhbRnhdlyhak2ZiyFLDaayz0EP5j9V1RVLAAxlmWKTDfS9wyRyY3hvhPoOg==",
             "cpu": [
                 "ppc64"
             ],
@@ -354,9 +328,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.21.3.tgz",
-            "integrity": "sha512-yXH6K6KfqGXaxHrtr+Uoy+JpNlUlI46BKVyonGiaD74ravdnF9BUNC+vV+SIuB96hUMGShhKV693rF9QDfO6nQ==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.22.4.tgz",
+            "integrity": "sha512-ePYIir6VYnhgv2C5Xe9u+ico4t8sZWXschR6fMgoPUK31yQu7hTEJb7bCqivHECwIClJfKgE7zYsh1qTP3WHUA==",
             "cpu": [
                 "riscv64"
             ],
@@ -367,9 +341,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-s390x-gnu": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.21.3.tgz",
-            "integrity": "sha512-R8cwY9wcnApN/KDYWTH4gV/ypvy9yZUHlbJvfaiXSB48JO3KpwSpjOGqO4jnGkLDSk1hgjYkTbTt6Q7uvPf8eg==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.22.4.tgz",
+            "integrity": "sha512-GqFJ9wLlbB9daxhVlrTe61vJtEY99/xB3C8e4ULVsVfflcpmR6c8UZXjtkMA6FhNONhj2eA5Tk9uAVw5orEs4Q==",
             "cpu": [
                 "s390x"
             ],
@@ -380,9 +354,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-x64-gnu": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.21.3.tgz",
-            "integrity": "sha512-kZPbX/NOPh0vhS5sI+dR8L1bU2cSO9FgxwM8r7wHzGydzfSjLRCFAT87GR5U9scj2rhzN3JPYVC7NoBbl4FZ0g==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.22.4.tgz",
+            "integrity": "sha512-87v0ol2sH9GE3cLQLNEy0K/R0pz1nvg76o8M5nhMR0+Q+BBGLnb35P0fVz4CQxHYXaAOhE8HhlkaZfsdUOlHwg==",
             "cpu": [
                 "x64"
             ],
@@ -393,9 +367,9 @@
             ]
         },
         "node_modules/@rollup/rollup-linux-x64-musl": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.21.3.tgz",
-            "integrity": "sha512-S0Yq+xA1VEH66uiMNhijsWAafffydd2X5b77eLHfRmfLsRSpbiAWiRHV6DEpz6aOToPsgid7TI9rGd6zB1rhbg==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.22.4.tgz",
+            "integrity": "sha512-UV6FZMUgePDZrFjrNGIWzDo/vABebuXBhJEqrHxrGiU6HikPy0Z3LfdtciIttEUQfuDdCn8fqh7wiFJjCNwO+g==",
             "cpu": [
                 "x64"
             ],
@@ -406,9 +380,9 @@
             ]
         },
         "node_modules/@rollup/rollup-win32-arm64-msvc": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.21.3.tgz",
-            "integrity": "sha512-9isNzeL34yquCPyerog+IMCNxKR8XYmGd0tHSV+OVx0TmE0aJOo9uw4fZfUuk2qxobP5sug6vNdZR6u7Mw7Q+Q==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.22.4.tgz",
+            "integrity": "sha512-BjI+NVVEGAXjGWYHz/vv0pBqfGoUH0IGZ0cICTn7kB9PyjrATSkX+8WkguNjWoj2qSr1im/+tTGRaY+4/PdcQw==",
             "cpu": [
                 "arm64"
             ],
@@ -419,9 +393,9 @@
             ]
         },
         "node_modules/@rollup/rollup-win32-ia32-msvc": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.21.3.tgz",
-            "integrity": "sha512-nMIdKnfZfzn1Vsk+RuOvl43ONTZXoAPUUxgcU0tXooqg4YrAqzfKzVenqqk2g5efWh46/D28cKFrOzDSW28gTA==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.22.4.tgz",
+            "integrity": "sha512-SiWG/1TuUdPvYmzmYnmd3IEifzR61Tragkbx9D3+R8mzQqDBz8v+BvZNDlkiTtI9T15KYZhP0ehn3Dld4n9J5g==",
             "cpu": [
                 "ia32"
             ],
@@ -432,9 +406,9 @@
             ]
         },
         "node_modules/@rollup/rollup-win32-x64-msvc": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.21.3.tgz",
-            "integrity": "sha512-fOvu7PCQjAj4eWDEuD8Xz5gpzFqXzGlxHZozHP4b9Jxv9APtdxL6STqztDzMLuRXEc4UpXGGhx029Xgm91QBeA==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.22.4.tgz",
+            "integrity": "sha512-j8pPKp53/lq9lMXN57S8cFz0MynJk8OWNuUnXct/9KCpKU7DgU3bYMJhwWmcqC0UU29p8Lr0/7KEVcaM6bf47Q==",
             "cpu": [
                 "x64"
             ],
@@ -818,30 +792,6 @@
             "integrity": "sha512-0vWLNK2D5MT9dg0iOo8GlKguPAU02QjmZitPEsXRuJXU/OGIOt9vT9Fc26wtYuavLxtO45v9PGleoL9Z0k1LHg==",
             "dev": true
         },
-        "node_modules/ansi-regex": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
-            "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
-            "dev": true,
-            "engines": {
-                "node": ">=12"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-            }
-        },
-        "node_modules/ansi-styles": {
-            "version": "6.2.1",
-            "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
-            "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
-            "dev": true,
-            "engines": {
-                "node": ">=12"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-            }
-        },
         "node_modules/arch": {
             "version": "2.2.0",
             "resolved": "https://registry.npmjs.org/arch/-/arch-2.2.0.tgz",
@@ -1100,18 +1050,6 @@
                 "node": ">=8"
             }
         },
-        "node_modules/builtin-modules": {
-            "version": "3.3.0",
-            "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz",
-            "integrity": "sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==",
-            "dev": true,
-            "engines": {
-                "node": ">=6"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/sindresorhus"
-            }
-        },
         "node_modules/cacheable-lookup": {
             "version": "5.0.4",
             "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz",
@@ -1166,24 +1104,6 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
-        "node_modules/color-convert": {
-            "version": "2.0.1",
-            "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
-            "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
-            "dev": true,
-            "dependencies": {
-                "color-name": "~1.1.4"
-            },
-            "engines": {
-                "node": ">=7.0.0"
-            }
-        },
-        "node_modules/color-name": {
-            "version": "1.1.4",
-            "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-            "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-            "dev": true
-        },
         "node_modules/colorette": {
             "version": "1.4.0",
             "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz",
@@ -1291,18 +1211,6 @@
                 "node": ">=8"
             }
         },
-        "node_modules/eastasianwidth": {
-            "version": "0.2.0",
-            "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-            "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
-            "dev": true
-        },
-        "node_modules/emoji-regex": {
-            "version": "9.2.2",
-            "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-            "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
-            "dev": true
-        },
         "node_modules/end-of-stream": {
             "version": "1.4.4",
             "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz",
@@ -1410,6 +1318,20 @@
                 "reusify": "^1.0.4"
             }
         },
+        "node_modules/fdir": {
+            "version": "6.3.0",
+            "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.3.0.tgz",
+            "integrity": "sha512-QOnuT+BOtivR77wYvCWHfGt9s4Pz1VIMbD463vegT5MLqNXy8rYFT/lPVEqf/bhYeT6qmqrNHhsX+rWwe3rOCQ==",
+            "dev": true,
+            "peerDependencies": {
+                "picomatch": "^3 || ^4"
+            },
+            "peerDependenciesMeta": {
+                "picomatch": {
+                    "optional": true
+                }
+            }
+        },
         "node_modules/fetch-blob": {
             "version": "3.2.0",
             "resolved": "https://registry.npmjs.org/fetch-blob/-/fetch-blob-3.2.0.tgz",
@@ -1505,93 +1427,6 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
-        "node_modules/foreground-child": {
-            "version": "3.2.1",
-            "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.2.1.tgz",
-            "integrity": "sha512-PXUUyLqrR2XCWICfv6ukppP96sdFwWbNEnfEMt7jNsISjMsvaLNinAHNDYyvkyU+SZG2BTSbT5NjG+vZslfGTA==",
-            "dev": true,
-            "dependencies": {
-                "cross-spawn": "^7.0.0",
-                "signal-exit": "^4.0.1"
-            },
-            "engines": {
-                "node": ">=14"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/isaacs"
-            }
-        },
-        "node_modules/foreground-child/node_modules/cross-spawn": {
-            "version": "7.0.3",
-            "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-            "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
-            "dev": true,
-            "dependencies": {
-                "path-key": "^3.1.0",
-                "shebang-command": "^2.0.0",
-                "which": "^2.0.1"
-            },
-            "engines": {
-                "node": ">= 8"
-            }
-        },
-        "node_modules/foreground-child/node_modules/path-key": {
-            "version": "3.1.1",
-            "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
-            "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
-            "dev": true,
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/foreground-child/node_modules/shebang-command": {
-            "version": "2.0.0",
-            "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
-            "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
-            "dev": true,
-            "dependencies": {
-                "shebang-regex": "^3.0.0"
-            },
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/foreground-child/node_modules/shebang-regex": {
-            "version": "3.0.0",
-            "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
-            "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
-            "dev": true,
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/foreground-child/node_modules/signal-exit": {
-            "version": "4.1.0",
-            "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-            "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
-            "dev": true,
-            "engines": {
-                "node": ">=14"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/isaacs"
-            }
-        },
-        "node_modules/foreground-child/node_modules/which": {
-            "version": "2.0.2",
-            "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
-            "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
-            "dev": true,
-            "dependencies": {
-                "isexe": "^2.0.0"
-            },
-            "bin": {
-                "node-which": "bin/node-which"
-            },
-            "engines": {
-                "node": ">= 8"
-            }
-        },
         "node_modules/formdata-polyfill": {
             "version": "4.0.10",
             "resolved": "https://registry.npmjs.org/formdata-polyfill/-/formdata-polyfill-4.0.10.tgz",
@@ -1846,21 +1681,6 @@
             "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
             "dev": true
         },
-        "node_modules/is-builtin-module": {
-            "version": "3.2.1",
-            "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz",
-            "integrity": "sha512-BSLE3HnV2syZ0FK0iMA/yUGplUeMmNz4AW5fnTunbCIqZi4vG3WjJT9FHMy5D69xmAYBHXQhJdALdpwVxV501A==",
-            "dev": true,
-            "dependencies": {
-                "builtin-modules": "^3.3.0"
-            },
-            "engines": {
-                "node": ">=6"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/sindresorhus"
-            }
-        },
         "node_modules/is-core-module": {
             "version": "2.14.0",
             "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.14.0.tgz",
@@ -1885,15 +1705,6 @@
                 "node": ">=0.10.0"
             }
         },
-        "node_modules/is-fullwidth-code-point": {
-            "version": "3.0.0",
-            "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
-            "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
-            "dev": true,
-            "engines": {
-                "node": ">=8"
-            }
-        },
         "node_modules/is-glob": {
             "version": "4.0.3",
             "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
@@ -1963,24 +1774,6 @@
             "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
             "dev": true
         },
-        "node_modules/jackspeak": {
-            "version": "3.4.0",
-            "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.0.tgz",
-            "integrity": "sha512-JVYhQnN59LVPFCEcVa2C3CrEKYacvjRfqIQl+h8oi91aLYQVWRYbxjPcv1bUiUy/kLmQaANrYfNMCO3kuEDHfw==",
-            "dev": true,
-            "dependencies": {
-                "@isaacs/cliui": "^8.0.2"
-            },
-            "engines": {
-                "node": ">=14"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/isaacs"
-            },
-            "optionalDependencies": {
-                "@pkgjs/parseargs": "^0.11.0"
-            }
-        },
         "node_modules/jquery": {
             "version": "3.7.1",
             "resolved": "https://registry.npmjs.org/jquery/-/jquery-3.7.1.tgz",
@@ -2066,6 +1859,18 @@
                 "node": ">=8.6"
             }
         },
+        "node_modules/micromatch/node_modules/picomatch": {
+            "version": "2.3.1",
+            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+            "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+            "dev": true,
+            "engines": {
+                "node": ">=8.6"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/jonschlinkert"
+            }
+        },
         "node_modules/mime-db": {
             "version": "1.52.0",
             "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -2108,15 +1913,6 @@
                 "url": "https://github.com/sponsors/isaacs"
             }
         },
-        "node_modules/minipass": {
-            "version": "7.1.2",
-            "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
-            "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
-            "dev": true,
-            "engines": {
-                "node": ">=16 || 14 >=14.17"
-            }
-        },
         "node_modules/nice-napi": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/nice-napi/-/nice-napi-1.0.2.tgz",
@@ -2247,12 +2043,6 @@
                 "node": ">=4"
             }
         },
-        "node_modules/package-json-from-dist": {
-            "version": "1.0.0",
-            "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.0.tgz",
-            "integrity": "sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==",
-            "dev": true
-        },
         "node_modules/path-is-absolute": {
             "version": "1.0.1",
             "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
@@ -2277,31 +2067,6 @@
             "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
             "dev": true
         },
-        "node_modules/path-scurry": {
-            "version": "1.11.1",
-            "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
-            "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
-            "dev": true,
-            "dependencies": {
-                "lru-cache": "^10.2.0",
-                "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
-            },
-            "engines": {
-                "node": ">=16 || 14 >=14.18"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/isaacs"
-            }
-        },
-        "node_modules/path-scurry/node_modules/lru-cache": {
-            "version": "10.3.0",
-            "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.3.0.tgz",
-            "integrity": "sha512-CQl19J/g+Hbjbv4Y3mFNNXFEL/5t/KCg8POCuUqd4rMKjGG+j1ybER83hxV58zL+dFI1PTkt3GNFSHRt+d8qEQ==",
-            "dev": true,
-            "engines": {
-                "node": "14 || >=16.14"
-            }
-        },
         "node_modules/path-type": {
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -2325,12 +2090,14 @@
             }
         },
         "node_modules/picomatch": {
-            "version": "2.3.1",
-            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-            "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+            "version": "4.0.2",
+            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
+            "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
             "dev": true,
+            "optional": true,
+            "peer": true,
             "engines": {
-                "node": ">=8.6"
+                "node": ">=12"
             },
             "funding": {
                 "url": "https://github.com/sponsors/jonschlinkert"
@@ -2489,9 +2256,9 @@
             }
         },
         "node_modules/rollup": {
-            "version": "4.21.3",
-            "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.21.3.tgz",
-            "integrity": "sha512-7sqRtBNnEbcBtMeRVc6VRsJMmpI+JU1z9VTvW8D4gXIYQFz0aLcsE6rRkyghZkLfEgUZgVvOG7A5CVz/VW5GIA==",
+            "version": "4.22.4",
+            "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.22.4.tgz",
+            "integrity": "sha512-vD8HJ5raRcWOyymsR6Z3o6+RzfEPCnVLMFJ6vRslO1jt4LO6dUo5Qnpg7y4RkZFM2DMe3WUirkI5c16onjrc6A==",
             "dev": true,
             "dependencies": {
                 "@types/estree": "1.0.5"
@@ -2504,22 +2271,22 @@
                 "npm": ">=8.0.0"
             },
             "optionalDependencies": {
-                "@rollup/rollup-android-arm-eabi": "4.21.3",
-                "@rollup/rollup-android-arm64": "4.21.3",
-                "@rollup/rollup-darwin-arm64": "4.21.3",
-                "@rollup/rollup-darwin-x64": "4.21.3",
-                "@rollup/rollup-linux-arm-gnueabihf": "4.21.3",
-                "@rollup/rollup-linux-arm-musleabihf": "4.21.3",
-                "@rollup/rollup-linux-arm64-gnu": "4.21.3",
-                "@rollup/rollup-linux-arm64-musl": "4.21.3",
-                "@rollup/rollup-linux-powerpc64le-gnu": "4.21.3",
-                "@rollup/rollup-linux-riscv64-gnu": "4.21.3",
-                "@rollup/rollup-linux-s390x-gnu": "4.21.3",
-                "@rollup/rollup-linux-x64-gnu": "4.21.3",
-                "@rollup/rollup-linux-x64-musl": "4.21.3",
-                "@rollup/rollup-win32-arm64-msvc": "4.21.3",
-                "@rollup/rollup-win32-ia32-msvc": "4.21.3",
-                "@rollup/rollup-win32-x64-msvc": "4.21.3",
+                "@rollup/rollup-android-arm-eabi": "4.22.4",
+                "@rollup/rollup-android-arm64": "4.22.4",
+                "@rollup/rollup-darwin-arm64": "4.22.4",
+                "@rollup/rollup-darwin-x64": "4.22.4",
+                "@rollup/rollup-linux-arm-gnueabihf": "4.22.4",
+                "@rollup/rollup-linux-arm-musleabihf": "4.22.4",
+                "@rollup/rollup-linux-arm64-gnu": "4.22.4",
+                "@rollup/rollup-linux-arm64-musl": "4.22.4",
+                "@rollup/rollup-linux-powerpc64le-gnu": "4.22.4",
+                "@rollup/rollup-linux-riscv64-gnu": "4.22.4",
+                "@rollup/rollup-linux-s390x-gnu": "4.22.4",
+                "@rollup/rollup-linux-x64-gnu": "4.22.4",
+                "@rollup/rollup-linux-x64-musl": "4.22.4",
+                "@rollup/rollup-win32-arm64-msvc": "4.22.4",
+                "@rollup/rollup-win32-ia32-msvc": "4.22.4",
+                "@rollup/rollup-win32-x64-msvc": "4.22.4",
                 "fsevents": "~2.3.2"
             }
         },
@@ -2705,102 +2472,6 @@
                 "safe-buffer": "~5.2.0"
             }
         },
-        "node_modules/string-width": {
-            "version": "5.1.2",
-            "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-            "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
-            "dev": true,
-            "dependencies": {
-                "eastasianwidth": "^0.2.0",
-                "emoji-regex": "^9.2.2",
-                "strip-ansi": "^7.0.1"
-            },
-            "engines": {
-                "node": ">=12"
-            },
-            "funding": {
-                "url": "https://github.com/sponsors/sindresorhus"
-            }
-        },
-        "node_modules/string-width-cjs": {
-            "name": "string-width",
-            "version": "4.2.3",
-            "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-            "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-            "dev": true,
-            "dependencies": {
-                "emoji-regex": "^8.0.0",
-                "is-fullwidth-code-point": "^3.0.0",
-                "strip-ansi": "^6.0.1"
-            },
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/string-width-cjs/node_modules/ansi-regex": {
-            "version": "5.0.1",
-            "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-            "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
-            "dev": true,
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/string-width-cjs/node_modules/emoji-regex": {
-            "version": "8.0.0",
-            "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-            "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-            "dev": true
-        },
-        "node_modules/string-width-cjs/node_modules/strip-ansi": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-            "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-            "dev": true,
-            "dependencies": {
-                "ansi-regex": "^5.0.1"
-            },
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/strip-ansi": {
-            "version": "7.1.0",
-            "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
-            "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
-            "dev": true,
-            "dependencies": {
-                "ansi-regex": "^6.0.1"
-            },
-            "engines": {
-                "node": ">=12"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/strip-ansi?sponsor=1"
-            }
-        },
-        "node_modules/strip-ansi-cjs": {
-            "name": "strip-ansi",
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-            "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-            "dev": true,
-            "dependencies": {
-                "ansi-regex": "^5.0.1"
-            },
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/strip-ansi-cjs/node_modules/ansi-regex": {
-            "version": "5.0.1",
-            "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-            "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
-            "dev": true,
-            "engines": {
-                "node": ">=8"
-            }
-        },
         "node_modules/strip-eof": {
             "version": "1.0.0",
             "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz",
@@ -2950,97 +2621,6 @@
                 "which": "bin/which"
             }
         },
-        "node_modules/wrap-ansi": {
-            "version": "8.1.0",
-            "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-            "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
-            "dev": true,
-            "dependencies": {
-                "ansi-styles": "^6.1.0",
-                "string-width": "^5.0.1",
-                "strip-ansi": "^7.0.1"
-            },
-            "engines": {
-                "node": ">=12"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
-            }
-        },
-        "node_modules/wrap-ansi-cjs": {
-            "name": "wrap-ansi",
-            "version": "7.0.0",
-            "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-            "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
-            "dev": true,
-            "dependencies": {
-                "ansi-styles": "^4.0.0",
-                "string-width": "^4.1.0",
-                "strip-ansi": "^6.0.0"
-            },
-            "engines": {
-                "node": ">=10"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
-            }
-        },
-        "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": {
-            "version": "5.0.1",
-            "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
-            "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
-            "dev": true,
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/wrap-ansi-cjs/node_modules/ansi-styles": {
-            "version": "4.3.0",
-            "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
-            "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
-            "dev": true,
-            "dependencies": {
-                "color-convert": "^2.0.1"
-            },
-            "engines": {
-                "node": ">=8"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-            }
-        },
-        "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": {
-            "version": "8.0.0",
-            "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-            "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-            "dev": true
-        },
-        "node_modules/wrap-ansi-cjs/node_modules/string-width": {
-            "version": "4.2.3",
-            "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
-            "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
-            "dev": true,
-            "dependencies": {
-                "emoji-regex": "^8.0.0",
-                "is-fullwidth-code-point": "^3.0.0",
-                "strip-ansi": "^6.0.1"
-            },
-            "engines": {
-                "node": ">=8"
-            }
-        },
-        "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
-            "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
-            "dev": true,
-            "dependencies": {
-                "ansi-regex": "^5.0.1"
-            },
-            "engines": {
-                "node": ">=8"
-            }
-        },
         "node_modules/wrappy": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",

web/sfe/package.json

@@ -16,13 +16,13 @@
         "watch": "rollup -w -c rollup.config.js --bundleConfigAsCjs"
     },
     "devDependencies": {
-        "@rollup/plugin-commonjs": "^26.0.1",
-        "@rollup/plugin-node-resolve": "^15.2.3",
+        "@rollup/plugin-commonjs": "^28.0.0",
+        "@rollup/plugin-node-resolve": "^15.3.0",
         "@rollup/plugin-swc": "^0.4.0",
         "@swc/cli": "^0.4.0",
         "@swc/core": "^1.7.26",
         "@types/jquery": "^3.5.30",
-        "rollup": "^4.21.3",
+        "rollup": "^4.22.4",
         "rollup-plugin-copy": "^3.5.0"
     }
 }

web/src/admin/admin-settings/AdminSettingsForm.ts

@@ -5,6 +5,8 @@ import "@goauthentik/components/ak-switch-input";
 import "@goauthentik/components/ak-text-input";
 import "@goauthentik/elements/CodeMirror";
 import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror";
+import "@goauthentik/elements/ak-dual-select/ak-dual-select-dynamic-selected-provider.js";
+import { DataProvision, DualSelectPair } from "@goauthentik/elements/ak-dual-select/types";
 import { Form } from "@goauthentik/elements/forms/Form";
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
@@ -19,7 +21,17 @@ import { ifDefined } from "lit/directives/if-defined.js";
 
 import PFList from "@patternfly/patternfly/components/List/list.css";
 
-import { AdminApi, Settings, SettingsRequest } from "@goauthentik/api";
+import {
+    AdminApi,
+    AnalyticsApi,
+    AnalyticsDescription,
+    Settings,
+    SettingsRequest,
+} from "@goauthentik/api";
+
+function analyticsSourceToPair(analyticsSource: AnalyticsDescription): DualSelectPair {
+    return [analyticsSource.label, analyticsSource.desc];
+}
 
 @customElement("ak-admin-settings-form")
 export class AdminSettingsForm extends Form<SettingsRequest> {
@@ -211,6 +223,42 @@ export class AdminSettingsForm extends Form<SettingsRequest> {
                 value="${first(this._settings?.defaultTokenLength, 60)}"
                 help=${msg("Default length of generated tokens")}
             ></ak-number-input>
+            <ak-form-group ?expanded=${false}>
+                <span slot="header"> ${msg("Analytics")} </span>
+                <div slot="body" class="pf-c-form">
+                    <ak-switch-input
+                        name="analyticsEnabled"
+                        label=${msg("Enable analytics")}
+                        ?checked="${this._settings?.analyticsEnabled}"
+                        help=${msg("Enable sending analytics to the authentik team")}
+                    >
+                    </ak-switch-input>
+                    <ak-form-element-horizontal
+                        label=${msg("Analytics sources")}
+                        name="analyticsSources"
+                    >
+                        <ak-dual-select-provider
+                            .provider=${async (
+                                _page: number,
+                                _search?: string,
+                            ): Promise<DataProvision> => {
+                                return new AnalyticsApi(DEFAULT_CONFIG)
+                                    .analyticsDescriptionList()
+                                    .then((results) => {
+                                        return {
+                                            options: results.map(analyticsSourceToPair),
+                                        };
+                                    });
+                            }}
+                            .selected=${this._settings?.analyticsSourcesObj ?? []}
+                            available-label="${msg("Available sources")}"
+                            selected-label="${msg("Selected sources")}"
+                        >
+                        </ak-dual-select-provider>
+                        <p class="pf-c-form__helper-text">${msg("Choose what data to send")}</p>
+                    </ak-form-element-horizontal>
+                </div>
+            </ak-form-group>
         `;
     }
 }

web/src/common/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2024.8.1";
+export const VERSION = "2024.8.2";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

web/src/elements/cards/tests/QuickActionCard.test.ts

@@ -35,7 +35,7 @@ describe("ak-quick-actions-card", () => {
             ></ak-quick-actions-card>`,
         );
         const component = await $("ak-quick-actions-card");
-        const items = await component.$$(">>>.pf-c-list li");
+        const items = await component.$$(">>>.pf-c-list li").getElements();
         await expect(Array.from(items).length).toEqual(5);
         await expect(await component.$(">>>.pf-c-list li:nth-of-type(4)")).toHaveText(
             "Manage users",

web/src/elements/forms/SearchSelect/tests/ak-search-select-view.comp.ts

@@ -39,7 +39,7 @@ export class AkSearchSelectViewDriver {
             );
         }
         const id = await element.getAttribute("data-ouia-component-id");
-        const menu = await $(`[data-ouia-component-id="menu-${id}"]`);
+        const menu = await $(`[data-ouia-component-id="menu-${id}"]`).getElement();
         return new AkSearchSelectViewDriver(element, menu);
     }
 
@@ -52,7 +52,7 @@ export class AkSearchSelectViewDriver {
     }
 
     async listElements() {
-        return await this.menu.$$(">>>li");
+        return await this.menu.$$(">>>li").getElements();
     }
 
     async focusOnInput() {

web/src/elements/forms/SearchSelect/tests/ak-search-select-view.test.ts

@@ -1,4 +1,4 @@
-import { $, browser } from "@wdio/globals";
+import { $, browser, expect } from "@wdio/globals";
 import { slug } from "github-slugger";
 import { Key } from "webdriverio";
 
@@ -21,7 +21,9 @@ describe("Search select: Test Input Field", () => {
             html`<ak-search-select-view .options=${longGoodForYouPairs}> </ak-search-select-view>`,
             document.body,
         );
-        select = await AkSearchSelectViewDriver.build(await $("ak-search-select-view"));
+        select = await AkSearchSelectViewDriver.build(
+            await $("ak-search-select-view").getElement(),
+        );
     });
 
     it("should open the menu when the input is clicked", async () => {
@@ -56,7 +58,9 @@ describe("Search select: Test Input Field", () => {
         expect(await select.open).toBe(false);
         expect(await select.menuIsVisible()).toBe(false);
         await browser.keys("A");
-        select = await AkSearchSelectViewDriver.build(await $("ak-search-select-view"));
+        select = await AkSearchSelectViewDriver.build(
+            await $("ak-search-select-view").getElement(),
+        );
         expect(await select.open).toBe(true);
         expect(await select.menuIsVisible()).toBe(true);
     });

web/src/elements/forms/SearchSelect/tests/ak-search-select.test.ts

@@ -2,7 +2,7 @@
 import { AKElement } from "@goauthentik/elements/Base";
 import { bound } from "@goauthentik/elements/decorators/bound.js";
 import { CustomListenerElement } from "@goauthentik/elements/utils/eventEmitter";
-import { $, browser } from "@wdio/globals";
+import { $, browser, expect } from "@wdio/globals";
 import { slug } from "github-slugger";
 
 import { html, render } from "lit";
@@ -97,7 +97,9 @@ describe("Search select: event driven startup", () => {
             mock?.dispatchEvent(new Event("resolve"));
         });
         expect(await $(">>>ak-search-select-loading-indicator")).not.toBeDisplayed();
-        select = await AkSearchSelectViewDriver.build(await $(">>>ak-search-select-view"));
+        select = await AkSearchSelectViewDriver.build(
+            await $(">>>ak-search-select-view").getElement(),
+        );
         expect(await select).toBeExisting();
     });
 

web/wdio.conf.ts

@@ -1,5 +1,4 @@
 import replace from "@rollup/plugin-replace";
-import type { Options } from "@wdio/types";
 import { cwd } from "process";
 import postcssLit from "rollup-plugin-postcss-lit";
 import type { UserConfig } from "vite";
@@ -15,7 +14,7 @@ const maxInstances =
           ? 10
           : 1;
 
-export const config: Options.Testrunner = {
+export const config: WebdriverIO.Config = {
     //
     // ====================
     // Runner Configuration
@@ -43,13 +42,7 @@ export const config: Options.Testrunner = {
         },
     ],
 
-    autoCompileOpts: {
-        autoCompile: true,
-        tsNodeOpts: {
-            project: "./tsconfig.json",
-            transpileOnly: true,
-        },
-    },
+    tsConfigPath: "./tsconfig.json",
 
     //
     // ==================

web/xliff/zh-Hans.xlf

@@ -1,4 +1,4 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
+<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
   <file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
     <body>
       <trans-unit id="s4caed5b7a7e5d89b">
@@ -596,9 +596,9 @@
         
       </trans-unit>
       <trans-unit id="saa0e2675da69651b">
-        <source>The URL &quot;<x id="0" equiv-text="${this.url}"/>&quot; was not found.</source>
-        <target>未找到 URL &quot;
-        <x id="0" equiv-text="${this.url}"/>&quot;。</target>
+        <source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
+        <target>未找到 URL "
+        <x id="0" equiv-text="${this.url}"/>"。</target>
         
       </trans-unit>
       <trans-unit id="s58cd9c2fe836d9c6">
@@ -1030,8 +1030,8 @@
         
       </trans-unit>
       <trans-unit id="sa8384c9c26731f83">
-        <source>To allow any redirect URI, set this value to &quot;.*&quot;. Be aware of the possible security implications this can have.</source>
-        <target>要允许任何重定向 URI，请将此值设置为 &quot;.*&quot;。请注意这可能带来的安全影响。</target>
+        <source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
+        <target>要允许任何重定向 URI，请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
         
       </trans-unit>
       <trans-unit id="s55787f4dfcdce52b">
@@ -1752,8 +1752,8 @@
         
       </trans-unit>
       <trans-unit id="sa90b7809586c35ce">
-        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon &quot;fa-test&quot;.</source>
-        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 &quot;fa-test&quot;。</target>
+        <source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
+        <target>输入完整 URL、相对路径，或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
         
       </trans-unit>
       <trans-unit id="s0410779cb47de312">
@@ -2916,8 +2916,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s76768bebabb7d543">
-        <source>Field which contains members of a group. Note that if using the &quot;memberUid&quot; field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
-        <target>包含组成员的字段。请注意，如果使用 &quot;memberUid&quot; 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
+        <source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
+        <target>包含组成员的字段。请注意，如果使用 "memberUid" 字段，则假定该值包含相对可分辨名称。例如，'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
         
       </trans-unit>
       <trans-unit id="s026555347e589f0e">
@@ -3663,8 +3663,8 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s7b1fba26d245cb1c">
-        <source>When using an external logging solution for archiving, this can be set to &quot;minutes=5&quot;.</source>
-        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 &quot;minutes=5&quot;。</target>
+        <source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
+        <target>使用外部日志记录解决方案进行存档时，可以将其设置为 "minutes=5"。</target>
         
       </trans-unit>
       <trans-unit id="s44536d20bb5c8257">
@@ -3840,10 +3840,10 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sa95a538bfbb86111">
-        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> &quot;<x id="1" equiv-text="${this.obj?.name}"/>&quot;?</source>
+        <source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
         <target>您确定要更新
-        <x id="0" equiv-text="${this.objectLabel}"/>&quot;
-        <x id="1" equiv-text="${this.obj?.name}"/>&quot; 吗？</target>
+        <x id="0" equiv-text="${this.objectLabel}"/>"
+        <x id="1" equiv-text="${this.obj?.name}"/>" 吗？</target>
         
       </trans-unit>
       <trans-unit id="sc92d7cfb6ee1fec6">
@@ -4919,7 +4919,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="sdf1d8edef27236f0">
-        <source>A &quot;roaming&quot; authenticator, like a YubiKey</source>
+        <source>A "roaming" authenticator, like a YubiKey</source>
         <target>像 YubiKey 这样的“漫游”身份验证器</target>
         
       </trans-unit>
@@ -5298,7 +5298,7 @@ doesn't pass when either or both of the selected options are equal or above the
         
       </trans-unit>
       <trans-unit id="s1608b2f94fa0dbd4">
-        <source>If set to a duration above 0, the user will have the option to choose to &quot;stay signed in&quot;, which will extend their session by the time specified here.</source>
+        <source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
         <target>如果设置时长大于 0，用户可以选择“保持登录”选项，这将使用户的会话延长此处设置的时间。</target>
         
       </trans-unit>
@@ -7722,7 +7722,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
 </trans-unit>
 <trans-unit id="s824e0943a7104668">
-  <source>This user will be added to the group &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;.</source>
+  <source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
   <target>此用户将会被添加到组 &amp;quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&amp;quot;。</target>
 </trans-unit>
 <trans-unit id="s62e7f6ed7d9cb3ca">
@@ -9084,7 +9084,7 @@ Bindings to groups/users are checked against the user of the event.</source>
   <target>同步组</target>
 </trans-unit>
 <trans-unit id="s2d5f69929bb7221d">
-  <source><x id="0" equiv-text="${prompt.name}"/> (&quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&quot;, of type <x id="2" equiv-text="${prompt.type}"/>)</source>
+  <source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
   <target><x id="0" equiv-text="${prompt.name}"/>（&amp;quot;<x id="1" equiv-text="${prompt.fieldKey}"/>&amp;quot;，类型为 <x id="2" equiv-text="${prompt.type}"/>）</target>
 </trans-unit>
 <trans-unit id="sa38c5a2731be3a46">
@@ -9093,4 +9093,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
     </body>
   </file>
-</xliff>
+</xliff>

website/developer-docs/api/api.md

@@ -2,9 +2,11 @@
 title: API
 ---
 
-Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at https://authentik.company/api/v3/.
+Our API reference documentation is generated, and is included [here](../api/reference/authentik.info.mdx) in our regular documentation Table of Contents, under **API -> Reference**.
 
-To generate an API client, you can use the OpenAPI v3 schema at https://authentik.company/api/v3/schema/.
+You can also access your installation's own, instance-specific API Browser. Starting with 2021.3.5, every authentik instance has a built-in API browser, which can be accessed at <code>https://<em>authentik.company</em>/api/v3/</code>.
+
+To generate an API client you can use the OpenAPI v3 schema at <code>https://<em>authentik.company</em>/api/v3/schema/</code>.
 
 While testing, the API requests are authenticated by your browser session.
 

website/developer-docs/blueprints/export.md

@@ -2,11 +2,7 @@
 title: Export
 ---
 
-## Global export
-
-:::info
-Requires authentik 2022.8.2
-:::
+## Global export <span class="badge badge--version">authentik 2022.8.2+</span>
 
 To migrate existing configurations to blueprints, run `ak export_blueprint` within any authentik Worker container. This will output a blueprint for most currently created objects. Some objects will not be exported as they might have dependencies on other things.
 

website/developer-docs/blueprints/index.md

@@ -2,9 +2,9 @@
 title: Blueprints
 ---
 
-:::info
-Requires authentik 2022.8
-:::
+<span class="badge badge--version">authentik 2022.8+</span>
+
+---
 
 Blueprints offer a new way to template, automate and distribute authentik configuration. Blueprints can be used to automatically configure instances, manage config as code without any external tools, and to distribute application configs.
 
@@ -58,11 +58,7 @@ To push a blueprint to an OCI-compatible registry, [ORAS](https://oras.land/) ca
 oras push ghcr.io/<username>/blueprint/<blueprint name>:latest <yaml file>:application/vnd.goauthentik.blueprint.v1+yaml
 ```
 
-## Storage - Internal
-
-:::info
-Requires authentik 2023.1
-:::
+## Storage - Internal <span class="badge badge--version">authentik 2023.1+</span>
 
 Blueprints can be stored in authentik's database, which allows blueprints to be managed via external configuration management tools like Terraform.
 

website/developer-docs/blueprints/v1/models.md

@@ -4,11 +4,7 @@ Some models behave differently and allow for access to different API fields when
 
 ## `authentik_core.token`
 
-### `key`
-
-:::info
-Requires authentik 2023.4
-:::
+### `key` <span class="badge badge--version">authentik 2023.4+</span>
 
 Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value.
 
@@ -30,11 +26,7 @@ For example:
 
 ## `authentik_core.user`
 
-### `password`
-
-:::info
-Requires authentik 2023.6
-:::
+### `password` <span class="badge badge--version">authentik 2023.6+</span>
 
 Via the standard API, a user's password can only be set via the separate `/api/v3/core/users/<id>/set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field.
 
@@ -53,11 +45,7 @@ For example:
       password: this-should-be-a-long-value
 ```
 
-### `permissions`
-
-:::info
-Requires authentik 2024.8
-:::
+### `permissions` <span class="badge badge--version">authentik 2024.8+</span>
 
 The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints.
 
@@ -75,11 +63,7 @@ For example:
 
 ## `authentik_core.application`
 
-### `icon`
-
-:::info
-Requires authentik 2023.5
-:::
+### `icon` <span class="badge badge--version">authentik 2023.5+</span>
 
 Application icons can be directly set to URLs with the `icon` field.
 
@@ -97,11 +81,7 @@ For example:
 
 ## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource`
 
-### `icon`
-
-:::info
-Requires authentik 2023.5
-:::
+### `icon` <span class="badge badge--version">authentik 2023.5+</span>
 
 Source icons can be directly set to URLs with the `icon` field.
 
@@ -119,11 +99,7 @@ For example:
 
 ## `authentik_flows.flow`
 
-### `icon`
-
-:::info
-Requires authentik 2023.5
-:::
+### `icon` <span class="badge badge--version">authentik 2023.5+</span>
 
 Flow backgrounds can be directly set to URLs with the `background` field.
 
@@ -143,11 +119,7 @@ For example:
 
 ## `authentik_rbac.role`
 
-### `permissions`
-
-:::info
-Requires authentik 2024.8
-:::
+### `permissions` <span class="badge badge--version">authentik 2024.8+</span>
 
 The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints.
 

website/developer-docs/setup/full-dev-environment.md

@@ -6,9 +6,9 @@ title: Full development environment
 
 -   Python 3.12
 -   Poetry, which is used to manage dependencies
--   Go 1.20
--   Node.js 20
--   PostgreSQL (any recent version will do)
+-   Go 1.23 or newer
+-   Node.js 21 or newer
+-   PostgreSQL 14 or newer
 -   Redis (any recent version will do)
 
 ## Services Setup

website/docs/expressions/_functions.md

@@ -29,11 +29,7 @@ user = list_flatten(["foo"])
 # user = "foo"
 ```
 
-### `ak_call_policy(name: str, **kwargs) -> PolicyResult`
-
-:::info
-Requires authentik 2021.12
-:::
+### `ak_call_policy(name: str, **kwargs) -> PolicyResult` <span class="badge badge--version">authentik 2021.12+</span>
 
 Call another policy with the name _name_. Current request is passed to policy. Key-word arguments
 can be used to modify the request's context.
@@ -74,11 +70,7 @@ Example:
 other_user = ak_user_by(username="other_user")
 ```
 
-### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` (2021.9+)
-
-:::info
-Only available in property mappings with authentik 2022.9 and newer
-:::
+### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` <span class="badge badge--version">authentik 2022.9+</span>
 
 Check if a user has any authenticator devices. Only fully validated devices are counted.
 
@@ -95,11 +87,7 @@ Example:
 return ak_user_has_authenticator(request.user)
 ```
 
-### `ak_create_event(action: str, **kwargs) -> None`
-
-:::info
-Requires authentik 2022.9
-:::
+### `ak_create_event(action: str, **kwargs) -> None` <span class="badge badge--version">authentik 2022.9+</span>
 
 Create a new event with the action set to `action`. Any additional key-word parameters will be saved in the event context. Additionally, `context` will be set to the context in which this function is called.
 
@@ -124,11 +112,7 @@ ip_address('192.0.2.1') in ip_network('192.0.2.0/24')
 # evaluates to True
 ```
 
-## DNS resolution and reverse DNS lookups
-
-:::note
-Requires authentik 2023.3 or higher
-:::
+## DNS resolution and reverse DNS lookups <span class="badge badge--version">authentik 2023.3+</span>
 
 To resolve a hostname to a list of IP addresses, use the functions `resolve_dns(hostname)` and `resolve_dns(hostname, ip_version)`.
 

website/docs/flow/context/index.md

@@ -60,7 +60,7 @@ When an unauthenticated user attempts to access a secured resource, they are red
 
 When a user authenticates/enrolls via an external source, this will be set to the source they are using.
 
-#### `outpost` (dictionary) <span class="badge badge--info">authentik 2024.10+</span>
+#### `outpost` (dictionary) <span class="badge badge--version">authentik 2024.10+</span>
 
 When a flow is executed by an Outpost (for example the [LDAP](../../providers/ldap/index.md) or [RADIUS](../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`.
 
@@ -92,11 +92,7 @@ URL that the form will be submitted to.
 
 Key-value pairs of the data that is included in the form and will be submitted to `url`.
 
-#### Captcha stage
-
-:::info
-Requires authentik 2024.6
-:::
+#### Captcha stage <span class="badge badge--version">authentik 2024.6+</span>
 
 ##### `captcha` (dictionary)
 
@@ -116,11 +112,7 @@ An optional list of all permissions that will be given to the application by gra
 
 #### Deny stage
 
-##### `deny_message` (string)
-
-:::info
-Requires authentik 2023.10
-:::
+##### `deny_message` (string) <span class="badge badge--version">authentik 2023.10+</span>
 
 Optionally overwrite the deny message shown, has a higher priority than the message configured in the stage.
 
@@ -136,11 +128,7 @@ If set, this must be a list of group objects and not group names.
 
 Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path.
 
-##### `user_type` (string)
-
-:::info
-Requires authentik 2023.10
-:::
+##### `user_type` (string) <span class="badge badge--version">authentik 2023.10+</span>
 
 Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`.
 

website/docs/flow/examples/snippets.md

@@ -2,11 +2,7 @@
 title: Example policy snippets for flows
 ---
 
-### Redirect current flow to another URL
-
-:::info
-Requires authentik 2022.7
-:::
+### Redirect current flow to another URL <span class="badge badge--version">authentik 2022.7+</span>
 
 ```python
 plan = request.context.get("flow_plan")

website/docs/flow/executors/sfe.md

@@ -2,7 +2,7 @@
 title: Simplified flow executor
 ---
 
-<span class="badge badge--info">authentik 2024.6.1+</span>
+<span class="badge badge--version">authentik 2024.6.1+</span>
 
 A simplified web-based flow executor that authentik automatically uses for older browsers that do not support modern web technologies.
 

website/docs/flow/executors/user-settings.md

@@ -2,9 +2,9 @@
 title: User settings
 ---
 
-:::info
-Requires authentik 2022.3
-:::
+<span class="badge badge--version">authentik 2023.3+</span>
+
+---
 
 The user interface (/if/user/) uses a specialized flow executor to allow individual users to customize their profile. A user's profile consists of key/value fields, so this executor only supports Prompt or User Write stages. If the configured flow contains another stage, a button will be shown to open the default executor.
 

website/docs/flow/stages/authenticator_duo/index.md

@@ -10,25 +10,17 @@ Copy all of the integration key, secret key and API hostname, and paste them in
 
 Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed.
 
-## Importing users
+## Importing users <span class="badge badge--version">authentik 2022.9+</span>
 
 :::info
 Due to the way the Duo API works, authentik can only automatically import existing Duo users when a Duo MFA or higher license is active.
 :::
 
-:::info
-This requires authentik 2022.9
-:::
-
 To import a device, open the Stages list in the authentik Admin interface. On the right next to the import button you'll see an import button, with which you can import Duo devices to authentik users.
 
 The Duo username can be found by navigating to your Duo Admin dashboard and selecting _Users_ in the sidebar. Optionally if you have multiple users with the same username, you can click on a User and copy their ID from the URL, and use that to import the device.
 
-### Older versions
-
-:::info
-This API requires authentik 2021.9.1 or later
-:::
+### Older versions <span class="badge badge--version">authentik 2021.9.1+</span>
 
 You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters:
 

website/docs/flow/stages/authenticator_sms/index.md

@@ -46,11 +46,7 @@ return {
 }
 ```
 
-## Verify only
-
-:::info
-Requires authentik 2022.6
-:::
+## Verify only <span class="badge badge--version">authentik 2022.6+</span>
 
 To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/) stage.
 

website/docs/flow/stages/authenticator_validate/index.md

@@ -23,19 +23,11 @@ Keep in mind that when using Code-based devices (TOTP, Static and SMS), values l
 
 ### Options
 
-#### Less-frequent validation
-
-:::info
-Requires authentik 2022.5.1
-:::
+#### Less-frequent validation <span class="badge badge--version">authentik 2022.5.1+</span>
 
 You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked.
 
-#### Passwordless authentication
-
-:::info
-Requires authentik 2021.12.4
-:::
+#### Passwordless authentication <span class="badge badge--version">authentik 2021.12.4+</span>
 
 :::caution
 Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482)
@@ -76,11 +68,7 @@ Logins which used Passwordless authentication have the _auth_method_ context var
 }
 ```
 
-#### WebAuthn Device type restrictions
-
-:::info
-Requires authentik 2024.4
-:::
+#### WebAuthn Device type restrictions <span class="badge badge--version">authentik 2024.4+</span>
 
 Optionally restrict which WebAuthn device types can be used to authenticate.
 

website/docs/flow/stages/authenticator_webauthn/index.md

@@ -18,11 +18,7 @@ Configure if the created authenticator is stored in the encrypted memory on the
 
 Configure if authentik will require either a removable device (like a YubiKey, Google Titan, etc) or a non-removable device (like Windows Hello, TouchID or password managers), or not send a requirement.
 
-#### Device type restrictions
-
-:::info
-Requires authentik 2024.4
-:::
+#### Device type restrictions <span class="badge badge--version">authentik 2024.4+</span>
 
 Optionally restrict the types of devices allowed to be enrolled. This option can be used to ensure users are only able to enroll FIPS-compliant devices for example.
 

website/docs/flow/stages/identification/index.md

@@ -22,11 +22,7 @@ To prompt users for their password on the same step as identifying themselves, a
 
 These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`.
 
-## Pretend user exists
-
-:::info
-Requires authentik 2024.2
-:::
+## Pretend user exists <span class="badge badge--version">authentik 2024.2+</span>
 
 When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist.
 
@@ -46,7 +42,7 @@ Starting with authentik 2023.5, when no user fields are selected and only one so
 
 ### Passwordless flow
 
-See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication).
+See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124).
 
 ### Enrollment flow
 

website/docs/flow/stages/password/index.md

@@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user`
 
 ## Passwordless login
 
-There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
+There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
 
 Depending on what kind of device you want to require the user to have:
 

website/docs/flow/stages/source/index.md

@@ -3,7 +3,7 @@ title: Source stage
 ---
 
 <span class="badge badge--primary">Enterprise</span>
-<span class="badge badge--info">authentik 2024.4+</span>
+<span class="badge badge--version">authentik 2024.4+</span>
 
 ---
 

website/docs/installation/automated-install.md

@@ -8,19 +8,11 @@ To install authentik automatically (skipping the Out-of-box experience), you can
 
 Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor.
 
-### `AUTHENTIK_BOOTSTRAP_TOKEN`
-
-:::note
-Requires authentik 2021.8
-:::
+### `AUTHENTIK_BOOTSTRAP_TOKEN` <span class="badge badge--version">authentik 2021.8+</span>
 
 Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API.
 
-### `AUTHENTIK_BOOTSTRAP_EMAIL`
-
-:::note
-Requires authentik 2023.3
-:::
+### `AUTHENTIK_BOOTSTRAP_EMAIL` <span class="badge badge--version">authentik 2023.3+</span>
 
 Set the email address for the default `akadmin` user.
 

website/docs/installation/configuration.mdx

@@ -123,7 +123,7 @@ Note that `USE_PGBOUNCER` and `USE_PGPOOL` are inherited from the main database
 -   `AUTHENTIK_CACHE__TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300
 
     :::info
-    `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for.
+    `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for.
     :::
 
 ## Channel Layer Settings (inter-instance communication)
@@ -136,7 +136,7 @@ Note that `USE_PGBOUNCER` and `USE_PGPOOL` are inherited from the main database
 -   `AUTHENTIK_BROKER__TRANSPORT_OPTIONS`: Base64-encoded broker transport options
 
     :::info
-    `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for.
+    `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for.
     :::
 
 ## Listen Settings
@@ -299,89 +299,53 @@ Disable the inbuilt update-checker. Defaults to `false`.
     -   Kubeconfig
     -   Existence of a docker socket
 
-### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS`
-
-:::info
-Requires authentik 2023.1
-:::
+### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` <span class="badge badge--version">authentik 2023.1+</span>
 
 Timeout in hours for LDAP synchronization tasks.
 
 Defaults to `2`.
 
-### `AUTHENTIK_LDAP__PAGE_SIZE`
-
-:::info
-Requires authentik 2023.6.1
-:::
+### `AUTHENTIK_LDAP__PAGE_SIZE` <span class="badge badge--version">authentik 2023.6.1+</span>
 
 Page size for LDAP synchronization. Controls the number of objects created in a single task.
 
 Defaults to `50`.
 
-### `AUTHENTIK_LDAP__TLS__CIPHERS`
-
-:::info
-Requires authentik 2022.7
-:::
+### `AUTHENTIK_LDAP__TLS__CIPHERS` <span class="badge badge--version">authentik 2022.7+</span>
 
 Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Setting applies to all sources.
 
 Defaults to `null`.
 
-### `AUTHENTIK_REPUTATION__EXPIRY`
-
-:::info
-Requires authentik 2023.8.2
-:::
+### `AUTHENTIK_REPUTATION__EXPIRY` <span class="badge badge--version">authentik 2023.8.2+</span>
 
 Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes.
 
 Defaults to `86400`.
 
-### `AUTHENTIK_SESSION_STORAGE`
-
-:::info
-Requires authentik 2024.4
-:::
+### `AUTHENTIK_SESSION_STORAGE` <span class="badge badge--version">authentik 2024.4+</span>
 
 Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions.
 
-### `AUTHENTIK_WEB__WORKERS`
-
-:::info
-Requires authentik 2022.9
-:::
+### `AUTHENTIK_WEB__WORKERS` <span class="badge badge--version">authentik 2022.9+</span>
 
 Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html).
 
 Defaults to 2. A value below 2 workers is not recommended. In environments where scaling with multiple replicas of the authentik server is not possible, this number can be increased to handle higher loads.
 
-### `AUTHENTIK_WEB__THREADS`
-
-:::info
-Requires authentik 2022.9
-:::
+### `AUTHENTIK_WEB__THREADS` <span class="badge badge--version">authentik 2022.9+</span>
 
 Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html).
 
 Defaults to 4.
 
-### `AUTHENTIK_WORKER__CONCURRENCY`
-
-:::info
-Requires authentik 2023.9.0
-:::
+### `AUTHENTIK_WORKER__CONCURRENCY` <span class="badge badge--version">authentik 2023.9+</span>
 
 Configure Celery worker concurrency for authentik worker (see https://docs.celeryq.dev/en/latest/userguide/configuration.html#worker-concurrency). This essentially defines the number of worker processes spawned for a single worker.
 
 Defaults to 2.
 
-## System settings
-
-:::info
-Requires authentik 2024.2
-:::
+## System settings <span class="badge badge--version">authentik 2024.2+</span>
 
 Additional settings are configurable using the Admin interface, under **System** -> **Settings** or using the API.
 

website/docs/installation/upgrade.mdx

@@ -40,7 +40,7 @@ import TabItem from "@theme/TabItem";
 
     ```
     helm repo update
-    helm install --upgrade authentik authentik/authentik -f values.yaml
+    helm upgrade --install authentik authentik/authentik -f values.yaml
     ```
 
   </TabItem>

website/docs/providers/oauth2/index.md

@@ -77,11 +77,7 @@ return True
 
 -   `goauthentik.io/api`: This scope grants the refresh token access to the authentik API on behalf of the user
 
-## Default scopes
-
-:::info
-Requires authentik 2022.7
-:::
+## Default scopes <span class="badge badge--version">authentik 2022.7+</span>
 
 When a client does not request any scopes, authentik will treat the request as if all configured scopes were requested. Depending on the configured authorization flow, consent still needs to be given, and all scopes are listed there.
 

website/docs/providers/proxy/header_authentication.md

@@ -25,11 +25,7 @@ By default, when _Intercept header authentication_ is enabled, authentik will in
 
 If the proxied application requires usage of the "Authorization" header, the setting should be disabled. When this setting is disabled, authentik will still attempt to interpret the "Authorization" header, and fall back to the default behaviour if it can't.
 
-### Receiving HTTP Basic authentication
-
-:::info
-Requires authentik 2023.1
-:::
+### Receiving HTTP Basic authentication <span class="badge badge--version">authentik 2023.1+</span>
 
 Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.md).
 
@@ -43,11 +39,7 @@ It is **strongly** recommended that the client sending requests with HTTP-Basic
 
 Starting with authentik 2023.2, logging in with the reserved username `goauthentik.io/token` will behave as if a bearer token was used. All the same options as below apply. This is to allow token-based authentication for applications which might only support basic authentication.
 
-### Receiving HTTP Bearer authentication
-
-:::info
-Requires authentik 2023.1
-:::
+### Receiving HTTP Bearer authentication <span class="badge badge--version">authentik 2023.1+</span>
 
 Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.md), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported.
 

website/docs/providers/proxy/server_caddy.mdx

@@ -1,14 +1,10 @@
 import Tabs from "@theme/Tabs";
 import TabItem from "@theme/TabItem";
 
-# Caddy
+# Caddy <span class="badge badge--version">authentik 2022.8+</span>
 
 The configuration template shown below apply to both single-application and domain-level forward auth.
 
-:::info
-Requires authentik 2022.8
-:::
-
 import Placeholders from "./__placeholders.md";
 
 <Placeholders />

website/docs/providers/proxy/server_envoy.mdx

@@ -1,14 +1,10 @@
 import Tabs from "@theme/Tabs";
 import TabItem from "@theme/TabItem";
 
-# Envoy
+# Envoy <span class="badge badge--version">authentik 2022.6+</span>
 
 The configuration template shown below apply to both single-application and domain-level forward auth.
 
-:::info
-Requires authentik 2022.6
-:::
-
 :::info
 If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
 :::

website/docs/releases/2022/v2022.9.md

@@ -5,7 +5,7 @@ slug: "/releases/2022.9"
 
 ## Breaking changes
 
--   `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers)
+-   `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../installation/configuration.mdx#authentik_web__workers-authentik-20229)
 
 ## New features
 

website/docs/releases/2024/v2024.8.md

@@ -261,6 +261,20 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8
 -   web/admin: improve error handling (cherry-pick #11212) (#11219)
 -   web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257)
 
+## Fixed on 2024.8.2
+
+-   core: ensure all providers have correct priority (cherry-pick #11280) (#11281)
+-   core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269)
+-   core: fix permission check for scoped impersonation (cherry-pick #11315) (#11316)
+-   enterprise: fix API mixin license validity check (cherry-pick #11331) (#11342)
+-   enterprise: show specific error if Install ID is invalid in license (cherry-pick #11317) (#11319)
+-   events: optimise marking events as seen (cherry-pick #11297) (#11299)
+-   providers/proxy: fix URL path getting lost when partial URL is given to rd= (cherry-pick #11354) (#11355)
+-   root: fix ensure `outpost_connection_discovery` runs on worker startup (cherry-pick #11260) (#11270)
+-   sources/ldap: fix missing search attribute (cherry-pick #11125) (#11340)
+-   web: revert lockfile lint, re-add integrity (#11380)
+-   web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300)
+
 ## API Changes
 
 #### What's New

website/docs/sources/github/index.md

@@ -50,11 +50,7 @@ Save, and you now have Github as a source.
 For more details on how-to have the new source display on the Login Page see [here](../index.md#add-sources-to-default-login-page).
 :::
 
-### Checking for membership of a GitHub Organisation
-
-:::info
-Requires authentik 2021.12.5.
-:::
+### Checking for membership of a GitHub Organisation <span class="badge badge--version">authentik 2021.12.5.+</span>
 
 To check if the user is member of an organisation, you can use the following policy on your flows:
 

website/docs/sources/oauth/index.md

@@ -14,11 +14,7 @@ This source allows users to enroll themselves with an external OAuth-based Ident
 
     Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`.
 
-### OpenID Connect
-
-:::info
-Requires authentik 2022.6
-:::
+### OpenID Connect <span class="badge badge--version">authentik 2022.6+</span>
 
 #### Well-known
 

website/docs/user-group-role/groups/manage_groups.md

@@ -43,11 +43,7 @@ To delete a group, follow these steps:
 
 You can assign a role to a group, and then all users in the group inherit the permissions assigned to that role. For instructions and more information, see ["Assign a role to a group"](../roles/manage_roles.md#assign-a-role-to-a-group).
 
-## Delegating group member management
-
-:::info
-Requires authentik 2024.4
-:::
+## Delegating group member management <span class="badge badge--version">authentik 2024.4+</span>
 
 To give a specific Role or User the ability to manage group members, the following permissions need to be granted on the matching Group object:
 

website/docs/user-group-role/user/user_ref.md

@@ -14,7 +14,7 @@ The User object has the following properties:
 -   `is_active` Boolean field if user is active.
 -   `date_joined` Date user joined/was created.
 -   `password_change_date` Date password was last changed.
--   `path` User's path, see [Path](#path)
+-   `path` User's path, see [Path](#path-authentik-20227)
 -   `attributes` Dynamic attributes, see [Attributes](#attributes)
 -   `group_attributes()` Merged attributes of all groups the user is member of and the user's own attributes.
 -   `ak_groups` This is a queryset of all the user's groups.
@@ -42,11 +42,7 @@ for group in user.ak_groups.all():
     yield group.name
 ```
 
-## Path
-
-:::info
-Requires authentik 2022.7
-:::
+## Path <span class="badge badge--version">authentik 2022.7+</span>
 
 Paths can be used to organize users into folders depending on which source created them or organizational structure. Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.
 

website/integrations/services/glitchtip/index.md

@@ -25,7 +25,7 @@ The following placeholders will be used:
 Create an OAuth2/OpenID provider with the following parameters:
 
 -   Client Type: `Confidential`
--   Redirect URIs: `https://glitchtip.company/auth/authentik`
+-   Redirect URIs: `https://glitchtip.company/accounts/oidc/authentik/login/callback/`
 
 Note the Client ID and Client Secret values.
 

website/integrations/services/sssd/index.md

@@ -78,7 +78,6 @@ reconnection_retries = 3
 [sssd]
 config_file_version = 2
 reconnection_retries = 3
-sbus_timeout = 30
 domains = ${ldap.domain}
 services = nss, pam, ssh
 

website/package-lock.json

@@ -20,7 +20,7 @@
                 "disqus-react": "^1.1.5",
                 "docusaurus-plugin-openapi-docs": "^4.0.0",
                 "docusaurus-theme-openapi-docs": "^4.0.1",
-                "postcss": "^8.4.45",
+                "postcss": "^8.4.47",
                 "prism-react-renderer": "^2.4.0",
                 "react": "^18.3.1",
                 "react-before-after-slider-component": "^1.1.8",
@@ -34,7 +34,7 @@
                 "@docusaurus/module-type-aliases": "^3.3.2",
                 "@docusaurus/tsconfig": "^3.5.2",
                 "@docusaurus/types": "^3.3.2",
-                "@types/react": "^18.3.5",
+                "@types/react": "^18.3.8",
                 "cross-env": "^7.0.3",
                 "lockfile-lint": "^4.14.0",
                 "prettier": "3.3.3",
@@ -3763,9 +3763,9 @@
             "license": "MIT"
         },
         "node_modules/@types/react": {
-            "version": "18.3.5",
-            "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.5.tgz",
-            "integrity": "sha512-WeqMfGJLGuLCqHGYRGHxnKrXcTitc6L/nBUWfWPcTarG3t9PsquqUMuVeXZeca+mglY4Vo5GZjCi0A3Or2lnxA==",
+            "version": "18.3.8",
+            "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.8.tgz",
+            "integrity": "sha512-syBUrW3/XpnW4WJ41Pft+I+aPoDVbrBVQGEnbD7NijDGlVC+8gV/XKRY+7vMDlfPpbwYt0l1vd/Sj8bJGMbs9Q==",
             "dependencies": {
                 "@types/prop-types": "*",
                 "csstype": "^3.0.2"
@@ -7154,8 +7154,9 @@
             }
         },
         "node_modules/dompurify": {
-            "version": "3.0.6",
-            "license": "(MPL-2.0 OR Apache-2.0)"
+            "version": "3.1.6",
+            "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz",
+            "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ=="
         },
         "node_modules/domutils": {
             "version": "3.1.0",
@@ -13335,8 +13336,9 @@
             }
         },
         "node_modules/picocolors": {
-            "version": "1.0.1",
-            "license": "ISC"
+            "version": "1.1.0",
+            "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.0.tgz",
+            "integrity": "sha512-TQ92mBOW0l3LeMeyLV6mzy/kWr8lkd/hp3mTg7wYK7zJhuBStmGMBG0BdeDZS/dZx1IukaX6Bk11zcln25o1Aw=="
         },
         "node_modules/picomatch": {
             "version": "2.3.1",
@@ -13444,9 +13446,9 @@
             }
         },
         "node_modules/postcss": {
-            "version": "8.4.45",
-            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.45.tgz",
-            "integrity": "sha512-7KTLTdzdZZYscUc65XmjFiB73vBhBfbPztCYdUNvlaso9PrzjzcmjqBPR0lNGkcVlcO4BjiO5rK/qNz+XAen1Q==",
+            "version": "8.4.47",
+            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.47.tgz",
+            "integrity": "sha512-56rxCq7G/XfB4EkXq9Egn5GCqugWvDFjafDOThIdMBsI15iqPqR5r15TfSr1YPYeEI19YeaXMCbY6u88Y76GLQ==",
             "funding": [
                 {
                     "type": "opencollective",
@@ -13463,8 +13465,8 @@
             ],
             "dependencies": {
                 "nanoid": "^3.3.7",
-                "picocolors": "^1.0.1",
-                "source-map-js": "^1.2.0"
+                "picocolors": "^1.1.0",
+                "source-map-js": "^1.2.1"
             },
             "engines": {
                 "node": "^10 || ^12 || >=14"
@@ -16535,8 +16537,9 @@
             }
         },
         "node_modules/source-map-js": {
-            "version": "1.2.0",
-            "license": "BSD-3-Clause",
+            "version": "1.2.1",
+            "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+            "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
             "engines": {
                 "node": ">=0.10.0"
             }

website/package.json

@@ -28,7 +28,7 @@
         "disqus-react": "^1.1.5",
         "docusaurus-plugin-openapi-docs": "^4.0.0",
         "docusaurus-theme-openapi-docs": "^4.0.1",
-        "postcss": "^8.4.45",
+        "postcss": "^8.4.47",
         "prism-react-renderer": "^2.4.0",
         "react": "^18.3.1",
         "react-before-after-slider-component": "^1.1.8",
@@ -54,7 +54,7 @@
         "@docusaurus/module-type-aliases": "^3.3.2",
         "@docusaurus/tsconfig": "^3.5.2",
         "@docusaurus/types": "^3.3.2",
-        "@types/react": "^18.3.5",
+        "@types/react": "^18.3.8",
         "cross-env": "^7.0.3",
         "lockfile-lint": "^4.14.0",
         "prettier": "3.3.3",

website/src/css/custom.css

@@ -117,3 +117,11 @@ body {
 .navbar-sidebar__items {
     background-color: var(--ifm-color-primary);
 }
+
+.badge--version {
+    --ifm-badge-background-color: var(--ifm-color-primary-contrast-background);
+    color: var(--ifm-color-primary-contrast-foreground);
+    --ifm-badge-border-color: var(--ifm-badge-background-color);
+    font-size: 0.75rem;
+    vertical-align: middle;
+}