website/docs: re-add gtag (cherry-pick #15334) (#15335)

website/docs: re-add gtag (#15334)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>

.bumpversion.cfg

@@ -1,16 +1,16 @@
 [bumpversion]
-current_version = 2025.6.0
+current_version = 2025.6.3
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?
-serialize =
+serialize = 
 	{major}.{minor}.{patch}-{rc_t}{rc_n}
 	{major}.{minor}.{patch}
 message = release: {new_version}
 tag_name = version/{new_version}
 
 [bumpversion:part:rc_t]
-values =
+values = 
 	rc
 	final
 optional_value = final
@@ -21,6 +21,8 @@ optional_value = final
 
 [bumpversion:file:package.json]
 
+[bumpversion:file:package-lock.json]
+
 [bumpversion:file:docker-compose.yml]
 
 [bumpversion:file:schema.yml]
@@ -31,6 +33,4 @@ optional_value = final
 
 [bumpversion:file:internal/constants/constants.go]
 
-[bumpversion:file:web/src/common/constants.ts]
-
 [bumpversion:file:lifecycle/aws/template.yaml]

.github/workflows/ci-main.yml

@@ -202,7 +202,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: web/dist
-          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
+          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
       - name: prepare web ui
         if: steps.cache-web.outputs.cache-hit != 'true'
         working-directory: web

.github/workflows/ci-website.yml

@@ -49,6 +49,7 @@ jobs:
       matrix:
         job:
           - build
+          - build:integrations
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4

.github/workflows/codeql-analysis.yml

@@ -2,7 +2,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [main, "*", next, version*]
+    branches: [main, next, version*]
   pull_request:
     branches: [main]
   schedule:

Dockerfile

@@ -94,9 +94,9 @@ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \
     /bin/sh -c "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/GEOIPUPDATE_LICENSE_KEY /usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0"
 
 # Stage 5: Download uv
-FROM ghcr.io/astral-sh/uv:0.7.10 AS uv
+FROM ghcr.io/astral-sh/uv:0.7.8 AS uv
 # Stage 6: Base python image
-FROM ghcr.io/goauthentik/fips-python:3.13.3-slim-bookworm-fips AS python-base
+FROM ghcr.io/goauthentik/fips-python:3.13.5-slim-bookworm-fips AS python-base
 
 ENV VENV_PATH="/ak-root/.venv" \
     PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \

Makefile

@@ -86,6 +86,10 @@ dev-create-db:
 
 dev-reset: dev-drop-db dev-create-db migrate  ## Drop and restore the Authentik PostgreSQL instance to a "fresh install" state.
 
+update-test-mmdb:  ## Update test GeoIP and ASN Databases
+	curl -L https://raw.githubusercontent.com/maxmind/MaxMind-DB/refs/heads/main/test-data/GeoLite2-ASN-Test.mmdb -o ${PWD}/tests/GeoLite2-ASN-Test.mmdb
+	curl -L https://raw.githubusercontent.com/maxmind/MaxMind-DB/refs/heads/main/test-data/GeoLite2-City-Test.mmdb -o ${PWD}/tests/GeoLite2-City-Test.mmdb
+
 #########################
 ## API Schema
 #########################

authentik/__init__.py

@@ -2,7 +2,7 @@
 
 from os import environ
 
-__version__ = "2025.6.0"
+__version__ = "2025.6.3"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

authentik/brands/tests.py

@@ -148,3 +148,14 @@ class TestBrands(APITestCase):
                 "default_locale": "",
             },
         )
+
+    def test_custom_css(self):
+        """Test custom_css"""
+        brand = create_test_brand()
+        brand.branding_custom_css = """* {
+            font-family: "Foo bar";
+        }"""
+        brand.save()
+        res = self.client.get(reverse("authentik_core:if-user"))
+        self.assertEqual(res.status_code, 200)
+        self.assertIn(brand.branding_custom_css, res.content.decode())

authentik/brands/utils.py

@@ -5,6 +5,8 @@ from typing import Any
 from django.db.models import F, Q
 from django.db.models import Value as V
 from django.http.request import HttpRequest
+from django.utils.html import _json_script_escapes
+from django.utils.safestring import mark_safe
 
 from authentik import get_full_version
 from authentik.brands.models import Brand
@@ -32,8 +34,13 @@ def context_processor(request: HttpRequest) -> dict[str, Any]:
     """Context Processor that injects brand object into every template"""
     brand = getattr(request, "brand", DEFAULT_BRAND)
     tenant = getattr(request, "tenant", Tenant())
+    # similarly to `json_script` we escape everything HTML-related, however django
+    # only directly exposes this as a function that also wraps it in a <script> tag
+    # which we dont want for CSS
+    brand_css = mark_safe(str(brand.branding_custom_css).translate(_json_script_escapes))  # nosec
     return {
         "brand": brand,
+        "brand_css": brand_css,
         "footer_links": tenant.footer_links,
         "html_meta": {**get_http_meta()},
         "version": get_full_version(),

authentik/core/templates/base/skeleton.html

@@ -16,7 +16,7 @@
         {% block head_before %}
         {% endblock %}
         <link rel="stylesheet" type="text/css" href="{% static 'dist/authentik.css' %}">
-        <style>{{ brand.branding_custom_css }}</style>
+        <style>{{ brand_css }}</style>
         <script src="{% versioned_script 'dist/poly-%v.js' %}" type="module"></script>
         <script src="{% versioned_script 'dist/standalone/loading/index-%v.js' %}" type="module"></script>
         {% block head %}

authentik/events/context_processors/mmdb.py

@@ -15,13 +15,13 @@ class MMDBContextProcessor(EventContextProcessor):
         self.reader: Reader | None = None
         self._last_mtime: float = 0.0
         self.logger = get_logger()
-        self.open()
+        self.load()
 
     def path(self) -> str | None:
         """Get the path to the MMDB file to load"""
         raise NotImplementedError
 
-    def open(self):
+    def load(self):
         """Get GeoIP Reader, if configured, otherwise none"""
         path = self.path()
         if path == "" or not path:
@@ -44,7 +44,7 @@ class MMDBContextProcessor(EventContextProcessor):
             diff = self._last_mtime < mtime
             if diff > 0:
                 self.logger.info("Found new MMDB Database, reopening", diff=diff, path=path)
-                self.open()
+                self.load()
         except OSError as exc:
             self.logger.warning("Failed to check MMDB age", exc=exc)
 

authentik/outposts/tests/test_ws.py

@@ -1,11 +1,9 @@
 """Websocket tests"""
 
 from dataclasses import asdict
-from unittest.mock import patch
 
 from channels.routing import URLRouter
 from channels.testing import WebsocketCommunicator
-from django.contrib.contenttypes.models import ContentType
 from django.test import TransactionTestCase
 
 from authentik import __version__
@@ -16,12 +14,6 @@ from authentik.providers.proxy.models import ProxyProvider
 from authentik.root import websocket
 
 
-def patched__get_ct_cached(app_label, codename):
-    """Caches `ContentType` instances like its `QuerySet` does."""
-    return ContentType.objects.get(app_label=app_label, permission__codename=codename)
-
-
-@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestOutpostWS(TransactionTestCase):
     """Websocket tests"""
 

authentik/providers/oauth2/urls_root.py

@@ -6,7 +6,6 @@ from django.urls import include, path
 from authentik.providers.oauth2.views.authorize import AuthorizationFlowInitView
 from authentik.providers.oauth2.views.device_init import DeviceEntryView
 from authentik.providers.oauth2.views.github import GitHubUserTeamsView, GitHubUserView
-from authentik.providers.oauth2.views.provider import ProviderInfoView
 from authentik.providers.oauth2.views.token import TokenView
 
 github_urlpatterns = [
@@ -41,9 +40,4 @@ urlpatterns = [
         ),
         name="device-login",
     ),
-    path(
-        ".well-known/oauth-authorization-server/application/o/<slug:application_slug>/",
-        ProviderInfoView.as_view(),
-        name="providers-oauth2-authorization-server-metadata",
-    ),
 ]

authentik/providers/rac/consumer_client.py

@@ -66,7 +66,10 @@ class RACClientConsumer(AsyncWebsocketConsumer):
     def init_outpost_connection(self):
         """Initialize guac connection settings"""
         self.token = (
-            ConnectionToken.filter_not_expired(token=self.scope["url_route"]["kwargs"]["token"])
+            ConnectionToken.filter_not_expired(
+                token=self.scope["url_route"]["kwargs"]["token"],
+                session__session__session_key=self.scope["session"].session_key,
+            )
             .select_related("endpoint", "provider", "session", "session__user")
             .first()
         )

authentik/providers/rac/tests/test_views.py

@@ -87,3 +87,22 @@ class TestRACViews(APITestCase):
         )
         body = loads(flow_response.content)
         self.assertEqual(body["component"], "ak-stage-access-denied")
+
+    def test_different_session(self):
+        """Test request"""
+        self.client.force_login(self.user)
+        response = self.client.get(
+            reverse(
+                "authentik_providers_rac:start",
+                kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)},
+            )
+        )
+        self.assertEqual(response.status_code, 302)
+        flow_response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+        body = loads(flow_response.content)
+        next_url = body["to"]
+        self.client.logout()
+        final_response = self.client.get(next_url)
+        self.assertEqual(final_response.url, reverse("authentik_core:if-user"))

authentik/providers/rac/views.py

@@ -20,6 +20,9 @@ from authentik.lib.utils.time import timedelta_from_string
 from authentik.policies.engine import PolicyEngine
 from authentik.policies.views import PolicyAccessView
 from authentik.providers.rac.models import ConnectionToken, Endpoint, RACProvider
+from authentik.stages.prompt.stage import PLAN_CONTEXT_PROMPT
+
+PLAN_CONNECTION_SETTINGS = "connection_settings"
 
 
 class RACStartView(PolicyAccessView):
@@ -65,7 +68,10 @@ class RACInterface(InterfaceView):
 
     def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse:
         # Early sanity check to ensure token still exists
-        token = ConnectionToken.filter_not_expired(token=self.kwargs["token"]).first()
+        token = ConnectionToken.filter_not_expired(
+            token=self.kwargs["token"],
+            session__session__session_key=request.session.session_key,
+        ).first()
         if not token:
             return redirect("authentik_core:if-user")
         self.token = token
@@ -109,10 +115,15 @@ class RACFinalStage(RedirectStage):
         return super().dispatch(request, *args, **kwargs)
 
     def get_challenge(self, *args, **kwargs) -> RedirectChallenge:
+        settings = self.executor.plan.context.get(PLAN_CONNECTION_SETTINGS)
+        if not settings:
+            settings = self.executor.plan.context.get(PLAN_CONTEXT_PROMPT, {}).get(
+                PLAN_CONNECTION_SETTINGS
+            )
         token = ConnectionToken.objects.create(
             provider=self.provider,
             endpoint=self.endpoint,
-            settings=self.executor.plan.context.get("connection_settings", {}),
+            settings=settings or {},
             session=self.request.session["authenticatedsession"],
             expires=now() + timedelta_from_string(self.provider.connection_expiry),
             expiring=True,

authentik/root/test_runner.py

@@ -3,25 +3,46 @@
 import os
 from argparse import ArgumentParser
 from unittest import TestCase
+from unittest.mock import patch
 
 import pytest
 from django.conf import settings
+from django.contrib.contenttypes.models import ContentType
 from django.test.runner import DiscoverRunner
+from structlog.stdlib import get_logger
 
+from authentik.events.context_processors.asn import ASN_CONTEXT_PROCESSOR
+from authentik.events.context_processors.geoip import GEOIP_CONTEXT_PROCESSOR
 from authentik.lib.config import CONFIG
 from authentik.lib.sentry import sentry_init
 from authentik.root.signals import post_startup, pre_startup, startup
-from tests.e2e.utils import get_docker_tag
 
 # globally set maxDiff to none to show full assert error
 TestCase.maxDiff = None
 
 
+def get_docker_tag() -> str:
+    """Get docker-tag based off of CI variables"""
+    env_pr_branch = "GITHUB_HEAD_REF"
+    default_branch = "GITHUB_REF"
+    branch_name = os.environ.get(default_branch, "main")
+    if os.environ.get(env_pr_branch, "") != "":
+        branch_name = os.environ[env_pr_branch]
+    branch_name = branch_name.replace("refs/heads/", "").replace("/", "-")
+    return f"gh-{branch_name}"
+
+
+def patched__get_ct_cached(app_label, codename):
+    """Caches `ContentType` instances like its `QuerySet` does."""
+    return ContentType.objects.get(app_label=app_label, permission__codename=codename)
+
+
 class PytestTestRunner(DiscoverRunner):  # pragma: no cover
     """Runs pytest to discover and run tests."""
 
     def __init__(self, **kwargs):
         super().__init__(**kwargs)
+        self.logger = get_logger().bind(runner="pytest")
 
         self.args = []
         if self.failfast:
@@ -48,6 +69,10 @@ class PytestTestRunner(DiscoverRunner):  # pragma: no cover
         CONFIG.set("error_reporting.sample_rate", 0)
         CONFIG.set("error_reporting.environment", "testing")
         CONFIG.set("error_reporting.send_pii", True)
+
+        ASN_CONTEXT_PROCESSOR.load()
+        GEOIP_CONTEXT_PROCESSOR.load()
+
         sentry_init()
 
         pre_startup.send(sender=self, mode="test")
@@ -113,4 +138,10 @@ class PytestTestRunner(DiscoverRunner):  # pragma: no cover
                     f"path instead."
                 )
 
-        return pytest.main(self.args)
+        self.logger.info("Running tests", test_files=self.args)
+        with patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached):
+            try:
+                return pytest.main(self.args)
+            except Exception as e:
+                self.logger.error("Error running tests", error=str(e), test_files=self.args)
+                return 1

authentik/sources/ldap/tasks.py

@@ -71,37 +71,31 @@ def ldap_sync_single(source_pk: str):
             return
         # Delete all sync tasks from the cache
         DBSystemTask.objects.filter(name="ldap_sync", uid__startswith=source.slug).delete()
-        task = chain(
-            # User and group sync can happen at once, they have no dependencies on each other
-            group(
-                ldap_sync_paginator(source, UserLDAPSynchronizer)
-                + ldap_sync_paginator(source, GroupLDAPSynchronizer),
-            ),
-            # Membership sync needs to run afterwards
-            group(
-                ldap_sync_paginator(source, MembershipLDAPSynchronizer),
-            ),
-            # Finally, deletions. What we'd really like to do here is something like
-            # ```
-            # user_identifiers = <ldap query>
-            # User.objects.exclude(
-            #     usersourceconnection__identifier__in=user_uniqueness_identifiers,
-            # ).delete()
-            # ```
-            # This runs into performance issues in large installations. So instead we spread the
-            # work out into three steps:
-            # 1. Get every object from the LDAP source.
-            # 2. Mark every object as "safe" in the database. This is quick, but any error could
-            #    mean deleting users which should not be deleted, so we do it immediately, in
-            #    large chunks, and only queue the deletion step afterwards.
-            # 3. Delete every unmarked item. This is slow, so we spread it over many tasks in
-            #    small chunks.
-            group(
-                ldap_sync_paginator(source, UserLDAPForwardDeletion)
-                + ldap_sync_paginator(source, GroupLDAPForwardDeletion),
-            ),
+
+        # The order of these operations needs to be preserved as each depends on the previous one(s)
+        # 1. User and group sync can happen simultaneously
+        # 2. Membership sync needs to run afterwards
+        # 3. Finally, user and group deletions can happen simultaneously
+        user_group_sync = ldap_sync_paginator(source, UserLDAPSynchronizer) + ldap_sync_paginator(
+            source, GroupLDAPSynchronizer
         )
-        task()
+        membership_sync = ldap_sync_paginator(source, MembershipLDAPSynchronizer)
+        user_group_deletion = ldap_sync_paginator(
+            source, UserLDAPForwardDeletion
+        ) + ldap_sync_paginator(source, GroupLDAPForwardDeletion)
+
+        # Celery is buggy with empty groups, so we are careful only to add non-empty groups.
+        # See https://github.com/celery/celery/issues/9772
+        task_groups = []
+        if user_group_sync:
+            task_groups.append(group(user_group_sync))
+        if membership_sync:
+            task_groups.append(group(membership_sync))
+        if user_group_deletion:
+            task_groups.append(group(user_group_deletion))
+
+        all_tasks = chain(task_groups)
+        all_tasks()
 
 
 def ldap_sync_paginator(source: LDAPSource, sync: type[BaseLDAPSynchronizer]) -> list:

authentik/stages/email/tasks.py

@@ -100,9 +100,11 @@ def send_mail(
         # Because we use the Message-ID as UID for the task, manually assign it
         message_object.extra_headers["Message-ID"] = message_id
 
-        # Add the logo (we can't add it in the previous message since MIMEImage
-        # can't be converted to json)
-        message_object.attach(logo_data())
+        # Add the logo if it is used in the email body (we can't add it in the
+        # previous message since MIMEImage can't be converted to json)
+        body = get_email_body(message_object)
+        if "cid:logo" in body:
+            message_object.attach(logo_data())
 
         if (
             message_object.to

authentik/stages/email/templates/email/base.html

@@ -96,7 +96,7 @@
                 <table width="100%" style="background-color: #FFFFFF; border-spacing: 0; margin-top: 15px;">
                   <tr height="80">
                     <td align="center" style="padding: 20px 0;">
-                      <img src="{% block logo_url %}cid:logo.png{% endblock %}" border="0=" alt="authentik logo" class="flexibleImage logo">
+                      <img src="{% block logo_url %}cid:logo{% endblock %}" border="0=" alt="authentik logo" class="flexibleImage logo">
                     </td>
                   </tr>
                   {% block content %}

authentik/stages/email/utils.py

@@ -19,7 +19,8 @@ def logo_data() -> MIMEImage:
         path = Path("web/dist/assets/icons/icon_left_brand.png")
     with open(path, "rb") as _logo_file:
         logo = MIMEImage(_logo_file.read())
-    logo.add_header("Content-ID", "logo.png")
+    logo.add_header("Content-ID", "<logo>")
+    logo.add_header("Content-Disposition", "inline", filename="logo.png")
     return logo
 
 

authentik/stages/user_login/middleware.py

@@ -101,9 +101,9 @@ class BoundSessionMiddleware(SessionMiddleware):
             SESSION_KEY_BINDING_GEO, GeoIPBinding.NO_BINDING
         )
         if configured_binding_net != NetworkBinding.NO_BINDING:
-            self.recheck_session_net(configured_binding_net, last_ip, new_ip)
+            BoundSessionMiddleware.recheck_session_net(configured_binding_net, last_ip, new_ip)
         if configured_binding_geo != GeoIPBinding.NO_BINDING:
-            self.recheck_session_geo(configured_binding_geo, last_ip, new_ip)
+            BoundSessionMiddleware.recheck_session_geo(configured_binding_geo, last_ip, new_ip)
         # If we got to this point without any error being raised, we need to
         # update the last saved IP to the current one
         if SESSION_KEY_BINDING_NET in request.session or SESSION_KEY_BINDING_GEO in request.session:
@@ -111,7 +111,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             # (== basically requires the user to be logged in)
             request.session[request.session.model.Keys.LAST_IP] = new_ip
 
-    def recheck_session_net(self, binding: NetworkBinding, last_ip: str, new_ip: str):
+    @staticmethod
+    def recheck_session_net(binding: NetworkBinding, last_ip: str, new_ip: str):
         """Check network/ASN binding"""
         last_asn = ASN_CONTEXT_PROCESSOR.asn(last_ip)
         new_asn = ASN_CONTEXT_PROCESSOR.asn(new_ip)
@@ -158,7 +159,8 @@ class BoundSessionMiddleware(SessionMiddleware):
                     new_ip,
                 )
 
-    def recheck_session_geo(self, binding: GeoIPBinding, last_ip: str, new_ip: str):
+    @staticmethod
+    def recheck_session_geo(binding: GeoIPBinding, last_ip: str, new_ip: str):
         """Check GeoIP binding"""
         last_geo = GEOIP_CONTEXT_PROCESSOR.city(last_ip)
         new_geo = GEOIP_CONTEXT_PROCESSOR.city(new_ip)
@@ -179,8 +181,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             if last_geo.continent != new_geo.continent:
                 raise SessionBindingBroken(
                     "geoip.continent",
-                    last_geo.continent,
-                    new_geo.continent,
+                    last_geo.continent.to_dict(),
+                    new_geo.continent.to_dict(),
                     last_ip,
                     new_ip,
                 )
@@ -192,8 +194,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             if last_geo.country != new_geo.country:
                 raise SessionBindingBroken(
                     "geoip.country",
-                    last_geo.country,
-                    new_geo.country,
+                    last_geo.country.to_dict(),
+                    new_geo.country.to_dict(),
                     last_ip,
                     new_ip,
                 )
@@ -202,8 +204,8 @@ class BoundSessionMiddleware(SessionMiddleware):
             if last_geo.city != new_geo.city:
                 raise SessionBindingBroken(
                     "geoip.city",
-                    last_geo.city,
-                    new_geo.city,
+                    last_geo.city.to_dict(),
+                    new_geo.city.to_dict(),
                     last_ip,
                     new_ip,
                 )

authentik/stages/user_login/tests.py

@@ -3,6 +3,7 @@
 from time import sleep
 from unittest.mock import patch
 
+from django.http import HttpRequest
 from django.urls import reverse
 from django.utils.timezone import now
 
@@ -17,7 +18,12 @@ from authentik.flows.views.executor import SESSION_KEY_PLAN
 from authentik.lib.generators import generate_id
 from authentik.lib.utils.time import timedelta_from_string
 from authentik.root.middleware import ClientIPMiddleware
-from authentik.stages.user_login.models import UserLoginStage
+from authentik.stages.user_login.middleware import (
+    BoundSessionMiddleware,
+    SessionBindingBroken,
+    logout_extra,
+)
+from authentik.stages.user_login.models import GeoIPBinding, NetworkBinding, UserLoginStage
 
 
 class TestUserLoginStage(FlowTestCase):
@@ -192,3 +198,52 @@ class TestUserLoginStage(FlowTestCase):
         self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
         response = self.client.get(reverse("authentik_api:application-list"))
         self.assertEqual(response.status_code, 403)
+
+    def test_binding_net_break_log(self):
+        """Test logout_extra with exception"""
+        # IPs from https://github.com/maxmind/MaxMind-DB/blob/main/source-data/GeoLite2-ASN-Test.json
+        for args, expect in [
+            [[NetworkBinding.BIND_ASN, "8.8.8.8", "8.8.8.8"], ["network.missing"]],
+            [[NetworkBinding.BIND_ASN, "1.0.0.1", "1.128.0.1"], ["network.asn"]],
+            [
+                [NetworkBinding.BIND_ASN_NETWORK, "12.81.96.1", "12.81.128.1"],
+                ["network.asn_network"],
+            ],
+            [[NetworkBinding.BIND_ASN_NETWORK_IP, "1.0.0.1", "1.0.0.2"], ["network.ip"]],
+        ]:
+            with self.subTest(args[0]):
+                with self.assertRaises(SessionBindingBroken) as cm:
+                    BoundSessionMiddleware.recheck_session_net(*args)
+                self.assertEqual(cm.exception.reason, expect[0])
+                # Ensure the request can be logged without throwing errors
+                self.client.force_login(self.user)
+                request = HttpRequest()
+                request.session = self.client.session
+                request.user = self.user
+                logout_extra(request, cm.exception)
+
+    def test_binding_geo_break_log(self):
+        """Test logout_extra with exception"""
+        # IPs from https://github.com/maxmind/MaxMind-DB/blob/main/source-data/GeoLite2-City-Test.json
+        for args, expect in [
+            [[GeoIPBinding.BIND_CONTINENT, "8.8.8.8", "8.8.8.8"], ["geoip.missing"]],
+            [[GeoIPBinding.BIND_CONTINENT, "2.125.160.216", "67.43.156.1"], ["geoip.continent"]],
+            [
+                [GeoIPBinding.BIND_CONTINENT_COUNTRY, "81.2.69.142", "89.160.20.112"],
+                ["geoip.country"],
+            ],
+            [
+                [GeoIPBinding.BIND_CONTINENT_COUNTRY_CITY, "2.125.160.216", "81.2.69.142"],
+                ["geoip.city"],
+            ],
+        ]:
+            with self.subTest(args[0]):
+                with self.assertRaises(SessionBindingBroken) as cm:
+                    BoundSessionMiddleware.recheck_session_geo(*args)
+                self.assertEqual(cm.exception.reason, expect[0])
+                # Ensure the request can be logged without throwing errors
+                self.client.force_login(self.user)
+                request = HttpRequest()
+                request.session = self.client.session
+                request.user = self.user
+                logout_extra(request, cm.exception)

blueprints/schema.json

@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema",
     "$id": "https://goauthentik.io/blueprints/schema.json",
     "type": "object",
-    "title": "authentik 2025.6.0 Blueprint schema",
+    "title": "authentik 2025.6.3 Blueprint schema",
     "required": [
         "version",
         "entries"

docker-compose.yml

@@ -31,7 +31,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
     restart: unless-stopped
     command: server
     environment:
@@ -55,7 +55,7 @@ services:
       redis:
         condition: service_healthy
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.6.3}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.8.1
 	github.com/prometheus/client_golang v1.22.0
-	github.com/redis/go-redis/v9 v9.9.0
+	github.com/redis/go-redis/v9 v9.8.0
 	github.com/sethvargo/go-envconfig v1.3.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1

go.sum

@@ -245,8 +245,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/redis/go-redis/v9 v9.9.0 h1:URbPQ4xVQSQhZ27WMQVmZSo3uT3pL+4IdHVcYq2nVfM=
-github.com/redis/go-redis/v9 v9.9.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
+github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
+github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=

internal/constants/constants.go

@@ -33,4 +33,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2025.6.0"
+const VERSION = "2025.6.3"

internal/outpost/proxyv2/application/application.go

@@ -5,6 +5,7 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"encoding/gob"
+	"encoding/hex"
 	"fmt"
 	"html/template"
 	"net/http"
@@ -118,8 +119,8 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server, old
 	mux := mux.NewRouter()
 
 	// Save cookie name, based on hashed client ID
-	h := sha256.New()
-	bs := string(h.Sum([]byte(*p.ClientId)))
+	hs := sha256.Sum256([]byte(*p.ClientId))
+	bs := hex.EncodeToString(hs[:])
 	sessionName := fmt.Sprintf("authentik_proxy_%s", bs[:8])
 
 	// When HOST_BROWSER is set, use that as Host header for token requests to make the issuer match

internal/outpost/proxyv2/application/claims.go

@@ -3,6 +3,7 @@ package application
 type ProxyClaims struct {
 	UserAttributes  map[string]interface{} `json:"user_attributes"`
 	BackendOverride string                 `json:"backend_override"`
+	HostHeader      string                 `json:"host_header"`
 	IsSuperuser     bool                   `json:"is_superuser"`
 }
 

internal/outpost/proxyv2/application/mode_proxy.go

@@ -74,13 +74,18 @@ func (a *Application) proxyModifyRequest(ou *url.URL) func(req *http.Request) {
 		r.URL.Scheme = ou.Scheme
 		r.URL.Host = ou.Host
 		claims := a.getClaimsFromSession(r)
-		if claims != nil && claims.Proxy != nil && claims.Proxy.BackendOverride != "" {
-			u, err := url.Parse(claims.Proxy.BackendOverride)
-			if err != nil {
-				a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
-			} else {
-				r.URL.Scheme = u.Scheme
-				r.URL.Host = u.Host
+		if claims != nil && claims.Proxy != nil {
+			if claims.Proxy.BackendOverride != "" {
+				u, err := url.Parse(claims.Proxy.BackendOverride)
+				if err != nil {
+					a.log.WithField("backend_override", claims.Proxy.BackendOverride).WithError(err).Warning("failed parse user backend override")
+				} else {
+					r.URL.Scheme = u.Scheme
+					r.URL.Host = u.Host
+				}
+			}
+			if claims.Proxy.HostHeader != "" {
+				r.Host = claims.Proxy.HostHeader
 			}
 		}
 		a.log.WithField("upstream_url", r.URL.String()).Trace("final upstream url")

internal/outpost/radius/handler.go

@@ -2,6 +2,7 @@ package radius
 
 import (
 	"crypto/sha512"
+	"encoding/hex"
 	"time"
 
 	"github.com/getsentry/sentry-go"
@@ -68,7 +69,9 @@ func (rs *RadiusServer) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
 		}
 	}
 	if pi == nil {
-		nr.Log().WithField("hashed_secret", string(sha512.New().Sum(r.Secret))).Warning("No provider found")
+		hs := sha512.Sum512([]byte(r.Secret))
+		bs := hex.EncodeToString(hs[:])
+		nr.Log().WithField("hashed_secret", bs).Warning("No provider found")
 		_ = w.Write(r.Response(radius.CodeAccessReject))
 		return
 	}

lifecycle/aws/package-lock.json

@@ -9,7 +9,7 @@
             "version": "0.0.0",
             "license": "MIT",
             "devDependencies": {
-                "aws-cdk": "^2.1017.1",
+                "aws-cdk": "^2.1016.1",
                 "cross-env": "^7.0.3"
             },
             "engines": {
@@ -17,9 +17,9 @@
             }
         },
         "node_modules/aws-cdk": {
-            "version": "2.1017.1",
-            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1017.1.tgz",
-            "integrity": "sha512-KtDdkMhfVjDeexjpMrVoSlz2mTYI5BE/KotvJ7iFbZy1G0nkpW1ImZ54TdBefeeFmZ+8DAjU3I6nUFtymyOI1A==",
+            "version": "2.1016.1",
+            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1016.1.tgz",
+            "integrity": "sha512-248TBiluT8jHUjkpzvWJOHv2fS+An9fiII3eji8H7jwfTu5yMBk7on4B/AVNr9A1GXJk9I32qf9Q0A3rLWRYPQ==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {

lifecycle/aws/package.json

@@ -10,7 +10,7 @@
         "node": ">=20"
     },
     "devDependencies": {
-        "aws-cdk": "^2.1017.1",
+        "aws-cdk": "^2.1016.1",
         "cross-env": "^7.0.3"
     }
 }

lifecycle/aws/template.yaml

@@ -26,7 +26,7 @@ Parameters:
     Description: authentik Docker image
   AuthentikVersion:
     Type: String
-    Default: 2025.6.0
+    Default: 2025.6.3
     Description: authentik Docker image tag
   AuthentikServerCPU:
     Type: Number

locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-06-04 00:12+0000\n"
+"POT-Creation-Date: 2025-06-02 00:12+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -970,7 +970,7 @@ msgstr ""
 
 #: authentik/lib/sync/outgoing/tasks.py
 #, python-brace-format
-msgid "Syncing page {page} of {object_type}"
+msgid "Syncing page {page} of groups"
 msgstr ""
 
 #: authentik/lib/sync/outgoing/tasks.py

package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2025.6.0",
+    "version": "2025.6.3",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/authentik",
-            "version": "2025.6.0",
+            "version": "2025.6.3",
             "devDependencies": {
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "prettier": "^3.3.3",

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2025.6.0",
+    "version": "2025.6.3",
     "private": true,
     "type": "module",
     "devDependencies": {

packages/eslint-config/package-lock.json

@@ -274,9 +274,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "9.28.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.28.0.tgz",
-            "integrity": "sha512-fnqSjGWd/CoIp4EXIxWVK/sHA6DOHN4+8Ix2cX5ycOY7LG0UY8nHCU5pIp2eaE1Mc7Qd8kHspYNzYXT2ojPLzg==",
+            "version": "9.27.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.27.0.tgz",
+            "integrity": "sha512-G5JD9Tu5HJEu4z2Uo4aHY2sLV64B7CDMXxFzqzjl3NKd6RVzSXNoE80jk7Y0lJkTTkjiIhBAqmlYwjuBY3tvpA==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -576,17 +576,17 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.33.0.tgz",
-            "integrity": "sha512-CACyQuqSHt7ma3Ns601xykeBK/rDeZa3w6IS6UtMQbixO5DWy+8TilKkviGDH6jtWCo8FGRKEK5cLLkPvEammQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.32.1.tgz",
+            "integrity": "sha512-6u6Plg9nP/J1GRpe/vcjjabo6Uc5YQPAMxsgQyGC/I0RuukiG1wIe3+Vtg3IrSCVJDmqK3j8adrtzXSENRtFgg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.33.0",
-                "@typescript-eslint/type-utils": "8.33.0",
-                "@typescript-eslint/utils": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0",
+                "@typescript-eslint/scope-manager": "8.32.1",
+                "@typescript-eslint/type-utils": "8.32.1",
+                "@typescript-eslint/utils": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -600,15 +600,15 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.33.0",
+                "@typescript-eslint/parser": "^8.0.0 || ^8.0.0-alpha.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <5.9.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
-            "version": "7.0.5",
-            "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
-            "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
+            "version": "7.0.4",
+            "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.4.tgz",
+            "integrity": "sha512-gJzzk+PQNznz8ysRrC0aOkBNVRBDtE1n53IqyqEf3PXrYwomFs5q4pGMizBMJF+ykh03insJ27hB8gSrD2Hn8A==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -616,16 +616,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.33.0.tgz",
-            "integrity": "sha512-JaehZvf6m0yqYp34+RVnihBAChkqeH+tqqhS0GuX1qgPpwLvmTPheKEs6OeCK6hVJgXZHJ2vbjnC9j119auStQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.32.1.tgz",
+            "integrity": "sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.33.0",
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/typescript-estree": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0",
+                "@typescript-eslint/scope-manager": "8.32.1",
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/typescript-estree": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -640,34 +640,15 @@
                 "typescript": ">=4.8.4 <5.9.0"
             }
         },
-        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.33.0.tgz",
-            "integrity": "sha512-d1hz0u9l6N+u/gcrk6s6gYdl7/+pp8yHheRTqP6X5hVDKALEaTn8WfGiit7G511yueBEL3OpOEpD+3/MBdoN+A==",
-            "dev": true,
-            "license": "MIT",
-            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.33.0",
-                "@typescript-eslint/types": "^8.33.0",
-                "debug": "^4.3.4"
-            },
-            "engines": {
-                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-            },
-            "funding": {
-                "type": "opencollective",
-                "url": "https://opencollective.com/typescript-eslint"
-            }
-        },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.33.0.tgz",
-            "integrity": "sha512-LMi/oqrzpqxyO72ltP+dBSP6V0xiUb4saY7WLtxSfiNEBI8m321LLVFU9/QDJxjDQG9/tjSqKz/E3380TEqSTw==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.32.1.tgz",
+            "integrity": "sha512-7IsIaIDeZn7kffk7qXC3o6Z4UblZJKV3UBpkvRNpr5NSyLji7tvTcvmnMNYuYLyh26mN8W723xpo3i4MlD33vA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0"
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -677,32 +658,15 @@
                 "url": "https://opencollective.com/typescript-eslint"
             }
         },
-        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.33.0.tgz",
-            "integrity": "sha512-sTkETlbqhEoiFmGr1gsdq5HyVbSOF0145SYDJ/EQmXHtKViCaGvnyLqWFFHtEXoS0J1yU8Wyou2UGmgW88fEug==",
-            "dev": true,
-            "license": "MIT",
-            "engines": {
-                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-            },
-            "funding": {
-                "type": "opencollective",
-                "url": "https://opencollective.com/typescript-eslint"
-            },
-            "peerDependencies": {
-                "typescript": ">=4.8.4 <5.9.0"
-            }
-        },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.33.0.tgz",
-            "integrity": "sha512-lScnHNCBqL1QayuSrWeqAL5GmqNdVUQAAMTaCwdYEdWfIrSrOGzyLGRCHXcCixa5NK6i5l0AfSO2oBSjCjf4XQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.32.1.tgz",
+            "integrity": "sha512-mv9YpQGA8iIsl5KyUPi+FGLm7+bA4fgXaeRcFKRDRwDMu4iwrSHeDPipwueNXhdIIZltwCJv+NkxftECbIZWfA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "8.33.0",
-                "@typescript-eslint/utils": "8.33.0",
+                "@typescript-eslint/typescript-estree": "8.32.1",
+                "@typescript-eslint/utils": "8.32.1",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -719,9 +683,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.33.0.tgz",
-            "integrity": "sha512-DKuXOKpM5IDT1FA2g9x9x1Ug81YuKrzf4mYX8FAVSNu5Wo/LELHWQyM1pQaDkI42bX15PWl0vNPt1uGiIFUOpg==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.32.1.tgz",
+            "integrity": "sha512-YmybwXUJcgGqgAp6bEsgpPXEg6dcCyPyCSr0CAAueacR/CCBi25G3V8gGQ2kRzQRBNol7VQknxMs9HvVa9Rvfg==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -733,16 +697,14 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.33.0.tgz",
-            "integrity": "sha512-vegY4FQoB6jL97Tu/lWRsAiUUp8qJTqzAmENH2k59SJhw0Th1oszb9Idq/FyyONLuNqT1OADJPXfyUNOR8SzAQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.32.1.tgz",
+            "integrity": "sha512-Y3AP9EIfYwBb4kWGb+simvPaqQoT5oJuzzj9m0i6FCY6SPvlomY2Ei4UEMm7+FXtlNJbor80ximyslzaQF6xhg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.33.0",
-                "@typescript-eslint/tsconfig-utils": "8.33.0",
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0",
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -801,16 +763,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.33.0.tgz",
-            "integrity": "sha512-lPFuQaLA9aSNa7D5u2EpRiqdAUhzShwGg/nhpBlc4GR6kcTABttCuyjFs8BcEZ8VWrjCBof/bePhP3Q3fS+Yrw==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.32.1.tgz",
+            "integrity": "sha512-DsSFNIgLSrc89gpq1LJB7Hm1YpuhK086DRDJSNrewcGvYloWW1vZLHBTIvarKZDcAORIy/uWNx8Gad+4oMpkSA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.33.0",
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/typescript-estree": "8.33.0"
+                "@typescript-eslint/scope-manager": "8.32.1",
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/typescript-estree": "8.32.1"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -825,13 +787,13 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.33.0.tgz",
-            "integrity": "sha512-7RW7CMYoskiz5OOGAWjJFxgb7c5UNjTG292gYhWeOAcFmYCtVCSqjqSBj5zMhxbXo2JOW95YYrUWJfU0zrpaGQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.32.1.tgz",
+            "integrity": "sha512-ar0tjQfObzhSaW3C3QNmTc5ofj0hDoNQ5XWrCy6zDyabdr0TWhCkClp+rywGNj/odAFBVzzJrK4tEq5M4Hmu4w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.33.0",
+                "@typescript-eslint/types": "8.32.1",
                 "eslint-visitor-keys": "^4.2.0"
             },
             "engines": {
@@ -1551,9 +1513,9 @@
             }
         },
         "node_modules/eslint": {
-            "version": "9.28.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.28.0.tgz",
-            "integrity": "sha512-ocgh41VhRlf9+fVpe7QKzwLj9c92fDiqOj8Y3Sd4/ZmVA4Btx4PlUYPq4pp9JDyupkf1upbEXecxL2mwNV7jPQ==",
+            "version": "9.27.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.27.0.tgz",
+            "integrity": "sha512-ixRawFQuMB9DZ7fjU3iGGganFDp3+45bPOdaRurcFHSXO1e/sYwUX/FtQZpLZJR6SjMoJH8hR2pPEAfDyCoU2Q==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.2.0",
@@ -1562,7 +1524,7 @@
                 "@eslint/config-helpers": "^0.2.1",
                 "@eslint/core": "^0.14.0",
                 "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.28.0",
+                "@eslint/js": "9.27.0",
                 "@eslint/plugin-kit": "^0.3.1",
                 "@humanfs/node": "^0.16.6",
                 "@humanwhocodes/module-importer": "^1.0.1",
@@ -4032,15 +3994,15 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.33.0.tgz",
-            "integrity": "sha512-5YmNhF24ylCsvdNW2oJwMzTbaeO4bg90KeGtMjUw0AGtHksgEPLRTUil+coHwCfiu4QjVJFnjp94DmU6zV7DhQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.32.1.tgz",
+            "integrity": "sha512-D7el+eaDHAmXvrZBy1zpzSNIRqnCOrkwTgZxTu3MUqRWk8k0q9m9Ho4+vPf7iHtgUfrK/o8IZaEApsxPlHTFCg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.33.0",
-                "@typescript-eslint/parser": "8.33.0",
-                "@typescript-eslint/utils": "8.33.0"
+                "@typescript-eslint/eslint-plugin": "8.32.1",
+                "@typescript-eslint/parser": "8.32.1",
+                "@typescript-eslint/utils": "8.32.1"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"

pyproject.toml

@@ -1,19 +1,19 @@
 [project]
 name = "authentik"
-version = "2025.6.0"
+version = "2025.6.3"
 description = ""
 authors = [{ name = "authentik Team", email = "hello@goauthentik.io" }]
 requires-python = "==3.13.*"
 dependencies = [
-    "argon2-cffi==25.1.0",
-    "celery==5.5.3",
+    "argon2-cffi==23.1.0",
+    "celery==5.5.2",
     "channels==4.2.2",
     "channels-redis==4.2.1",
     "cryptography==45.0.3",
     "dacite==1.9.2",
     "deepmerge==2.0",
     "defusedxml==0.7.1",
-    "django==5.1.9",
+    "django==5.1.11",
     "django-countries==7.6.1",
     "django-cte==1.3.3",
     "django-filter==25.1",
@@ -35,7 +35,7 @@ dependencies = [
     "flower==2.0.1",
     "geoip2==5.1.0",
     "geopy==2.4.1",
-    "google-api-python-client==2.171.0",
+    "google-api-python-client==2.170.0",
     "gssapi==1.9.0",
     "gunicorn==23.0.0",
     "jsonpatch==1.33",
@@ -43,7 +43,7 @@ dependencies = [
     "kubernetes==32.0.1",
     "ldap3==2.9.1",
     "lxml==5.4.0",
-    "msgraph-sdk==1.32.0",
+    "msgraph-sdk==1.31.0",
     "opencontainers==0.0.14",
     "packaging==25.0",
     "paramiko==3.5.1",
@@ -59,14 +59,14 @@ dependencies = [
     "sentry-sdk==2.29.1",
     "service-identity==24.2.0",
     "setproctitle==1.3.6",
-    "structlog==25.4.0",
+    "structlog==25.3.0",
     "swagger-spec-validator==3.0.4",
-    "tenant-schemas-celery==4.0.1",
-    "twilio==9.6.2",
+    "tenant-schemas-celery==3.0.0",
+    "twilio==9.6.1",
     "ua-parser==1.0.1",
     "unidecode==1.4.0",
     "urllib3<3",
-    "uvicorn[standard]==0.34.3",
+    "uvicorn[standard]==0.34.2",
     "watchdog==6.0.0",
     "webauthn==2.5.2",
     "wsproto==1.2.0",

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2025.6.0
+  version: 2025.6.3
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io

tests/e2e/test_provider_ldap.py

@@ -2,7 +2,6 @@
 
 from dataclasses import asdict
 from time import sleep
-from unittest.mock import patch
 
 from guardian.shortcuts import assign_perm
 from ldap3 import ALL, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, SUBTREE, Connection, Server
@@ -16,12 +15,10 @@ from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.models import Outpost, OutpostConfig, OutpostType
-from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.ldap.models import APIAccessMode, LDAPProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
-@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderLDAP(SeleniumTestCase):
     """LDAP and Outpost e2e tests"""
 

tests/e2e/test_provider_proxy.py

@@ -6,7 +6,6 @@ from json import loads
 from sys import platform
 from time import sleep
 from unittest.case import skip, skipUnless
-from unittest.mock import patch
 
 from channels.testing import ChannelsLiveServerTestCase
 from jwt import decode
@@ -18,12 +17,10 @@ from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostConfig, OutpostType
 from authentik.outposts.tasks import outpost_connection_discovery
-from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.proxy.models import ProxyProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
-@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderProxy(SeleniumTestCase):
     """Proxy and Outpost e2e tests"""
 

tests/e2e/test_provider_proxy_forward.py

@@ -4,7 +4,6 @@ from json import loads
 from pathlib import Path
 from time import sleep
 from unittest import skip
-from unittest.mock import patch
 
 from selenium.webdriver.common.by import By
 
@@ -13,12 +12,10 @@ from authentik.core.models import Application
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id
 from authentik.outposts.models import Outpost, OutpostType
-from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.proxy.models import ProxyMode, ProxyProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
-@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderProxyForward(SeleniumTestCase):
     """Proxy and Outpost e2e tests"""
 

tests/e2e/test_provider_radius.py

@@ -2,7 +2,6 @@
 
 from dataclasses import asdict
 from time import sleep
-from unittest.mock import patch
 
 from pyrad.client import Client
 from pyrad.dictionary import Dictionary
@@ -13,12 +12,10 @@ from authentik.core.models import Application, User
 from authentik.flows.models import Flow
 from authentik.lib.generators import generate_id, generate_key
 from authentik.outposts.models import Outpost, OutpostConfig, OutpostType
-from authentik.outposts.tests.test_ws import patched__get_ct_cached
 from authentik.providers.radius.models import RadiusProvider
 from tests.e2e.utils import SeleniumTestCase, retry
 
 
-@patch("guardian.shortcuts._get_ct_cached", patched__get_ct_cached)
 class TestProviderRadius(SeleniumTestCase):
     """Radius Outpost e2e tests"""
 

tests/e2e/utils.py

@@ -1,7 +1,6 @@
 """authentik e2e testing utilities"""
 
 import json
-import os
 import socket
 from collections.abc import Callable
 from functools import lru_cache, wraps
@@ -37,22 +36,12 @@ from authentik.core.api.users import UserSerializer
 from authentik.core.models import User
 from authentik.core.tests.utils import create_test_admin_user
 from authentik.lib.generators import generate_id
+from authentik.root.test_runner import get_docker_tag
 
 IS_CI = "CI" in environ
 RETRIES = int(environ.get("RETRIES", "3")) if IS_CI else 1
 
 
-def get_docker_tag() -> str:
-    """Get docker-tag based off of CI variables"""
-    env_pr_branch = "GITHUB_HEAD_REF"
-    default_branch = "GITHUB_REF"
-    branch_name = os.environ.get(default_branch, "main")
-    if os.environ.get(env_pr_branch, "") != "":
-        branch_name = os.environ[env_pr_branch]
-    branch_name = branch_name.replace("refs/heads/", "").replace("/", "-")
-    return f"gh-{branch_name}"
-
-
 def get_local_ip() -> str:
     """Get the local machine's IP"""
     hostname = socket.gethostname()

uv.lock

@@ -104,14 +104,14 @@ wheels = [
 
 [[package]]
 name = "argon2-cffi"
-version = "25.1.0"
+version = "23.1.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "argon2-cffi-bindings" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/0e/89/ce5af8a7d472a67cc819d5d998aa8c82c5d860608c4db9f46f1162d7dab9/argon2_cffi-25.1.0.tar.gz", hash = "sha256:694ae5cc8a42f4c4e2bf2ca0e64e51e23a040c6a517a85074683d3959e1346c1", size = 45706, upload-time = "2025-06-03T06:55:32.073Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/31/fa/57ec2c6d16ecd2ba0cf15f3c7d1c3c2e7b5fcb83555ff56d7ab10888ec8f/argon2_cffi-23.1.0.tar.gz", hash = "sha256:879c3e79a2729ce768ebb7d36d4609e3a78a4ca2ec3a9f12286ca057e3d0db08", size = 42798, upload-time = "2023-08-15T14:13:12.711Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/4f/d3/a8b22fa575b297cd6e3e3b0155c7e25db170edf1c74783d6a31a2490b8d9/argon2_cffi-25.1.0-py3-none-any.whl", hash = "sha256:fdc8b074db390fccb6eb4a3604ae7231f219aa669a2652e0f20e16ba513d5741", size = 14657, upload-time = "2025-06-03T06:55:30.804Z" },
+    { url = "https://files.pythonhosted.org/packages/a4/6a/e8a041599e78b6b3752da48000b14c8d1e8a04ded09c88c714ba047f34f5/argon2_cffi-23.1.0-py3-none-any.whl", hash = "sha256:c670642b78ba29641818ab2e68bd4e6a78ba53b7eff7b4c3815ae16abf91c7ea", size = 15124, upload-time = "2023-08-15T14:13:10.752Z" },
 ]
 
 [[package]]
@@ -164,7 +164,7 @@ wheels = [
 
 [[package]]
 name = "authentik"
-version = "2025.6.0"
+version = "2025.6.3"
 source = { editable = "." }
 dependencies = [
     { name = "argon2-cffi" },
@@ -265,15 +265,15 @@ dev = [
 
 [package.metadata]
 requires-dist = [
-    { name = "argon2-cffi", specifier = "==25.1.0" },
-    { name = "celery", specifier = "==5.5.3" },
+    { name = "argon2-cffi", specifier = "==23.1.0" },
+    { name = "celery", specifier = "==5.5.2" },
     { name = "channels", specifier = "==4.2.2" },
     { name = "channels-redis", specifier = "==4.2.1" },
     { name = "cryptography", specifier = "==45.0.3" },
     { name = "dacite", specifier = "==1.9.2" },
     { name = "deepmerge", specifier = "==2.0" },
     { name = "defusedxml", specifier = "==0.7.1" },
-    { name = "django", specifier = "==5.1.9" },
+    { name = "django", specifier = "==5.1.11" },
     { name = "django-countries", specifier = "==7.6.1" },
     { name = "django-cte", specifier = "==1.3.3" },
     { name = "django-filter", specifier = "==25.1" },
@@ -295,7 +295,7 @@ requires-dist = [
     { name = "flower", specifier = "==2.0.1" },
     { name = "geoip2", specifier = "==5.1.0" },
     { name = "geopy", specifier = "==2.4.1" },
-    { name = "google-api-python-client", specifier = "==2.171.0" },
+    { name = "google-api-python-client", specifier = "==2.170.0" },
     { name = "gssapi", specifier = "==1.9.0" },
     { name = "gunicorn", specifier = "==23.0.0" },
     { name = "jsonpatch", specifier = "==1.33" },
@@ -303,7 +303,7 @@ requires-dist = [
     { name = "kubernetes", specifier = "==32.0.1" },
     { name = "ldap3", specifier = "==2.9.1" },
     { name = "lxml", specifier = "==5.4.0" },
-    { name = "msgraph-sdk", specifier = "==1.32.0" },
+    { name = "msgraph-sdk", specifier = "==1.31.0" },
     { name = "opencontainers", git = "https://github.com/vsoch/oci-python?rev=ceb4fcc090851717a3069d78e85ceb1e86c2740c" },
     { name = "packaging", specifier = "==25.0" },
     { name = "paramiko", specifier = "==3.5.1" },
@@ -319,14 +319,14 @@ requires-dist = [
     { name = "sentry-sdk", specifier = "==2.29.1" },
     { name = "service-identity", specifier = "==24.2.0" },
     { name = "setproctitle", specifier = "==1.3.6" },
-    { name = "structlog", specifier = "==25.4.0" },
+    { name = "structlog", specifier = "==25.3.0" },
     { name = "swagger-spec-validator", specifier = "==3.0.4" },
-    { name = "tenant-schemas-celery", specifier = "==4.0.1" },
-    { name = "twilio", specifier = "==9.6.2" },
+    { name = "tenant-schemas-celery", specifier = "==3.0.0" },
+    { name = "twilio", specifier = "==9.6.1" },
     { name = "ua-parser", specifier = "==1.0.1" },
     { name = "unidecode", specifier = "==1.4.0" },
     { name = "urllib3", specifier = "<3" },
-    { name = "uvicorn", extras = ["standard"], specifier = "==0.34.3" },
+    { name = "uvicorn", extras = ["standard"], specifier = "==0.34.2" },
     { name = "watchdog", specifier = "==6.0.0" },
     { name = "webauthn", specifier = "==2.5.2" },
     { name = "wsproto", specifier = "==1.2.0" },
@@ -645,7 +645,7 @@ wheels = [
 
 [[package]]
 name = "celery"
-version = "5.5.3"
+version = "5.5.2"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "billiard" },
@@ -657,9 +657,9 @@ dependencies = [
     { name = "python-dateutil" },
     { name = "vine" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/bb/7d/6c289f407d219ba36d8b384b42489ebdd0c84ce9c413875a8aae0c85f35b/celery-5.5.3.tar.gz", hash = "sha256:6c972ae7968c2b5281227f01c3a3f984037d21c5129d07bf3550cc2afc6b10a5", size = 1667144, upload-time = "2025-06-01T11:08:12.563Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/bf/03/5d9c6c449248958f1a5870e633a29d7419ff3724c452a98ffd22688a1a6a/celery-5.5.2.tar.gz", hash = "sha256:4d6930f354f9d29295425d7a37261245c74a32807c45d764bedc286afd0e724e", size = 1666892, upload-time = "2025-04-25T20:10:04.695Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/c9/af/0dcccc7fdcdf170f9a1585e5e96b6fb0ba1749ef6be8c89a6202284759bd/celery-5.5.3-py3-none-any.whl", hash = "sha256:0b5761a07057acee94694464ca482416b959568904c9dfa41ce8413a7d65d525", size = 438775, upload-time = "2025-06-01T11:08:09.94Z" },
+    { url = "https://files.pythonhosted.org/packages/04/94/8e825ac1cf59d45d20c4345d4461e6b5263ae475f708d047c3dad0ac6401/celery-5.5.2-py3-none-any.whl", hash = "sha256:54425a067afdc88b57cd8d94ed4af2ffaf13ab8c7680041ac2c4ac44357bdf4c", size = 438626, upload-time = "2025-04-25T20:10:01.383Z" },
 ]
 
 [[package]]
@@ -979,16 +979,16 @@ wheels = [
 
 [[package]]
 name = "django"
-version = "5.1.9"
+version = "5.1.11"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "asgiref" },
     { name = "sqlparse" },
     { name = "tzdata", marker = "sys_platform == 'win32'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/10/08/2e6f05494b3fc0a3c53736846034f882b82ee6351791a7815bbb45715d79/django-5.1.9.tar.gz", hash = "sha256:565881bdd0eb67da36442e9ac788bda90275386b549070d70aee86327781a4fc", size = 10710887, upload-time = "2025-05-07T14:06:45.257Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/83/80/bf0f9b0aa434fca2b46fc6a31c39b08ea714b87a0a72a16566f053fb05a8/django-5.1.11.tar.gz", hash = "sha256:3bcdbd40e4d4623b5e04f59c28834323f3086df583058e65ebce99f9982385ce", size = 10734926, upload-time = "2025-06-10T10:12:48.229Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e1/d1/d8b6b8250b84380d5a123e099ad3298a49407d81598faa13b43a2c6d96d7/django-5.1.9-py3-none-any.whl", hash = "sha256:2fd1d4a0a66a5ba702699eb692e75b0d828b73cc2f4e1fc4b6a854a918967411", size = 8277363, upload-time = "2025-05-07T14:06:37.426Z" },
+    { url = "https://files.pythonhosted.org/packages/59/91/2972ce330c6c0bd5b3200d4c2ad5cbf47eecff5243220c5a56444d3267a0/django-5.1.11-py3-none-any.whl", hash = "sha256:e48091f364007068728aca938e7450fbfe3f2217079bfd2b8af45122585acf64", size = 8277453, upload-time = "2025-06-10T10:12:42.236Z" },
 ]
 
 [[package]]
@@ -1397,7 +1397,7 @@ wheels = [
 
 [[package]]
 name = "google-api-python-client"
-version = "2.171.0"
+version = "2.170.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "google-api-core" },
@@ -1406,7 +1406,10 @@ dependencies = [
     { name = "httplib2" },
     { name = "uritemplate" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/35/99/237cd2510aecca9fabb54007e58553274cc43cb3c18512ee1ea574d11b87/google_api_python_client-2.171.0.tar.gz", hash = "sha256:057a5c08d28463c6b9eb89746355de5f14b7ed27a65c11fdbf1d06c66bb66b23", size = 13028937, upload-time = "2025-06-03T18:57:38.732Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/db/86/1bd09aea2664a46bc65713cb7876381ec8949a4b1e71be97dfc359c79781/google_api_python_client-2.170.0.tar.gz", hash = "sha256:75f3a1856f11418ea3723214e0abc59d9b217fd7ed43dcf743aab7f06ab9e2b1", size = 12971933, upload-time = "2025-05-22T20:39:52.802Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/ca/ab/928fb4551ce9c791de96b0681924d46de9a5b50931394fd19850383a08a1/google_api_python_client-2.170.0-py3-none-any.whl", hash = "sha256:7bf518a0527ad23322f070fa69f4f24053170d5c766821dc970ff0571ec22748", size = 13490660, upload-time = "2025-05-22T20:39:49.834Z" },
+]
 
 [[package]]
 name = "google-auth"
@@ -2063,7 +2066,7 @@ wheels = [
 
 [[package]]
 name = "msgraph-sdk"
-version = "1.32.0"
+version = "1.31.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "azure-identity" },
@@ -2073,9 +2076,9 @@ dependencies = [
     { name = "microsoft-kiota-serialization-text" },
     { name = "msgraph-core" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/e0/2a/a5d67f631f8a0a9daa9059eed0f6703002efdf75f1d7575a289e23aceb5e/msgraph_sdk-1.32.0.tar.gz", hash = "sha256:485b25420ec4b3bf9c9d7abea166f9c51da99d9aad1bd57c191f84569af35143", size = 6628831, upload-time = "2025-06-03T18:22:21.526Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/d3/1c/5afdf21f92840c7029f0fdb6c2ead7373b1fcdc3c4279fe556a2fc3702a2/msgraph_sdk-1.31.0.tar.gz", hash = "sha256:7ae5f29152251f61c1fc19cca6389dd03b0120b179ddf39d8ab8cdfed7952dba", size = 6626610, upload-time = "2025-05-20T13:15:08.062Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/b9/59/7e0f170611eb1a213940816703522ecca47ddffc149ef8e001e4789ddf13/msgraph_sdk-1.32.0-py3-none-any.whl", hash = "sha256:d1256f1669706c2703963ef0103470ce7a1b8a06f555506fc6b5f1069847877b", size = 27190465, upload-time = "2025-06-03T18:22:18.944Z" },
+    { url = "https://files.pythonhosted.org/packages/d9/b9/099b28478575126ec26bd61ff0931fb291263ac813afb8baf4b4cc30c6fc/msgraph_sdk-1.31.0-py3-none-any.whl", hash = "sha256:bb2edfe17c377f37bbf2e155fc915171763d49e1cf93b665bafd721a85220dc5", size = 27185846, upload-time = "2025-05-20T13:15:05.307Z" },
 ]
 
 [[package]]
@@ -2380,16 +2383,16 @@ wheels = [
 
 [[package]]
 name = "protobuf"
-version = "6.30.2"
+version = "6.31.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/c8/8c/cf2ac658216eebe49eaedf1e06bc06cbf6a143469236294a1171a51357c3/protobuf-6.30.2.tar.gz", hash = "sha256:35c859ae076d8c56054c25b59e5e59638d86545ed6e2b6efac6be0b6ea3ba048", size = 429315, upload-time = "2025-03-26T19:12:57.394Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/52/f3/b9655a711b32c19720253f6f06326faf90580834e2e83f840472d752bc8b/protobuf-6.31.1.tar.gz", hash = "sha256:d8cac4c982f0b957a4dc73a80e2ea24fab08e679c0de9deb835f4a12d69aca9a", size = 441797, upload-time = "2025-05-28T19:25:54.947Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/be/85/cd53abe6a6cbf2e0029243d6ae5fb4335da2996f6c177bb2ce685068e43d/protobuf-6.30.2-cp310-abi3-win32.whl", hash = "sha256:b12ef7df7b9329886e66404bef5e9ce6a26b54069d7f7436a0853ccdeb91c103", size = 419148, upload-time = "2025-03-26T19:12:41.359Z" },
-    { url = "https://files.pythonhosted.org/packages/97/e9/7b9f1b259d509aef2b833c29a1f3c39185e2bf21c9c1be1cd11c22cb2149/protobuf-6.30.2-cp310-abi3-win_amd64.whl", hash = "sha256:7653c99774f73fe6b9301b87da52af0e69783a2e371e8b599b3e9cb4da4b12b9", size = 431003, upload-time = "2025-03-26T19:12:44.156Z" },
-    { url = "https://files.pythonhosted.org/packages/8e/66/7f3b121f59097c93267e7f497f10e52ced7161b38295137a12a266b6c149/protobuf-6.30.2-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:0eb523c550a66a09a0c20f86dd554afbf4d32b02af34ae53d93268c1f73bc65b", size = 417579, upload-time = "2025-03-26T19:12:45.447Z" },
-    { url = "https://files.pythonhosted.org/packages/d0/89/bbb1bff09600e662ad5b384420ad92de61cab2ed0f12ace1fd081fd4c295/protobuf-6.30.2-cp39-abi3-manylinux2014_aarch64.whl", hash = "sha256:50f32cc9fd9cb09c783ebc275611b4f19dfdfb68d1ee55d2f0c7fa040df96815", size = 317319, upload-time = "2025-03-26T19:12:46.999Z" },
-    { url = "https://files.pythonhosted.org/packages/28/50/1925de813499546bc8ab3ae857e3ec84efe7d2f19b34529d0c7c3d02d11d/protobuf-6.30.2-cp39-abi3-manylinux2014_x86_64.whl", hash = "sha256:4f6c687ae8efae6cf6093389a596548214467778146b7245e886f35e1485315d", size = 316212, upload-time = "2025-03-26T19:12:48.458Z" },
-    { url = "https://files.pythonhosted.org/packages/e5/a1/93c2acf4ade3c5b557d02d500b06798f4ed2c176fa03e3c34973ca92df7f/protobuf-6.30.2-py3-none-any.whl", hash = "sha256:ae86b030e69a98e08c77beab574cbcb9fff6d031d57209f574a5aea1445f4b51", size = 167062, upload-time = "2025-03-26T19:12:55.892Z" },
+    { url = "https://files.pythonhosted.org/packages/f3/6f/6ab8e4bf962fd5570d3deaa2d5c38f0a363f57b4501047b5ebeb83ab1125/protobuf-6.31.1-cp310-abi3-win32.whl", hash = "sha256:7fa17d5a29c2e04b7d90e5e32388b8bfd0e7107cd8e616feef7ed3fa6bdab5c9", size = 423603, upload-time = "2025-05-28T19:25:41.198Z" },
+    { url = "https://files.pythonhosted.org/packages/44/3a/b15c4347dd4bf3a1b0ee882f384623e2063bb5cf9fa9d57990a4f7df2fb6/protobuf-6.31.1-cp310-abi3-win_amd64.whl", hash = "sha256:426f59d2964864a1a366254fa703b8632dcec0790d8862d30034d8245e1cd447", size = 435283, upload-time = "2025-05-28T19:25:44.275Z" },
+    { url = "https://files.pythonhosted.org/packages/6a/c9/b9689a2a250264a84e66c46d8862ba788ee7a641cdca39bccf64f59284b7/protobuf-6.31.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:6f1227473dc43d44ed644425268eb7c2e488ae245d51c6866d19fe158e207402", size = 425604, upload-time = "2025-05-28T19:25:45.702Z" },
+    { url = "https://files.pythonhosted.org/packages/76/a1/7a5a94032c83375e4fe7e7f56e3976ea6ac90c5e85fac8576409e25c39c3/protobuf-6.31.1-cp39-abi3-manylinux2014_aarch64.whl", hash = "sha256:a40fc12b84c154884d7d4c4ebd675d5b3b5283e155f324049ae396b95ddebc39", size = 322115, upload-time = "2025-05-28T19:25:47.128Z" },
+    { url = "https://files.pythonhosted.org/packages/fa/b1/b59d405d64d31999244643d88c45c8241c58f17cc887e73bcb90602327f8/protobuf-6.31.1-cp39-abi3-manylinux2014_x86_64.whl", hash = "sha256:4ee898bf66f7a8b0bd21bce523814e6fbd8c6add948045ce958b73af7e8878c6", size = 321070, upload-time = "2025-05-28T19:25:50.036Z" },
+    { url = "https://files.pythonhosted.org/packages/f7/af/ab3c51ab7507a7325e98ffe691d9495ee3d3aa5f589afad65ec920d39821/protobuf-6.31.1-py3-none-any.whl", hash = "sha256:720a6c7e6b77288b85063569baae8536671b39f15cc22037ec7045658d80489e", size = 168724, upload-time = "2025-05-28T19:25:53.926Z" },
 ]
 
 [[package]]
@@ -2773,7 +2776,7 @@ wheels = [
 
 [[package]]
 name = "requests"
-version = "2.32.3"
+version = "2.32.4"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "certifi" },
@@ -2781,9 +2784,9 @@ dependencies = [
     { name = "idna" },
     { name = "urllib3" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/63/70/2bf7780ad2d390a8d301ad0b550f1581eadbd9a20f896afe06353c2a2913/requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", size = 131218, upload-time = "2024-05-29T15:37:49.536Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/e1/0a/929373653770d8a0d7ea76c37de6e41f11eb07559b103b1c02cafb3f7cf8/requests-2.32.4.tar.gz", hash = "sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422", size = 135258, upload-time = "2025-06-09T16:43:07.34Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", size = 64928, upload-time = "2024-05-29T15:37:47.027Z" },
+    { url = "https://files.pythonhosted.org/packages/7c/e4/56027c4a6b4ae70ca9de302488c5ca95ad4a39e190093d6c1a8ace08341b/requests-2.32.4-py3-none-any.whl", hash = "sha256:27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c", size = 64847, upload-time = "2025-06-09T16:43:05.728Z" },
 ]
 
 [[package]]
@@ -3073,11 +3076,11 @@ wheels = [
 
 [[package]]
 name = "structlog"
-version = "25.4.0"
+version = "25.3.0"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/79/b9/6e672db4fec07349e7a8a8172c1a6ae235c58679ca29c3f86a61b5e59ff3/structlog-25.4.0.tar.gz", hash = "sha256:186cd1b0a8ae762e29417095664adf1d6a31702160a46dacb7796ea82f7409e4", size = 1369138, upload-time = "2025-06-02T08:21:12.971Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/ff/6a/b0b6d440e429d2267076c4819300d9929563b1da959cf1f68afbcd69fe45/structlog-25.3.0.tar.gz", hash = "sha256:8dab497e6f6ca962abad0c283c46744185e0c9ba900db52a423cb6db99f7abeb", size = 1367514, upload-time = "2025-04-25T16:00:39.167Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/a0/4a/97ee6973e3a73c74c8120d59829c3861ea52210667ec3e7a16045c62b64d/structlog-25.4.0-py3-none-any.whl", hash = "sha256:fe809ff5c27e557d14e613f45ca441aabda051d119ee5a0102aaba6ce40eed2c", size = 68720, upload-time = "2025-06-02T08:21:11.43Z" },
+    { url = "https://files.pythonhosted.org/packages/f5/52/7a2c7a317b254af857464da3d60a0d3730c44f912f8c510c76a738a207fd/structlog-25.3.0-py3-none-any.whl", hash = "sha256:a341f5524004c158498c3127eecded091eb67d3a611e7a3093deca30db06e172", size = 68240, upload-time = "2025-04-25T16:00:37.295Z" },
 ]
 
 [[package]]
@@ -3097,32 +3100,33 @@ wheels = [
 
 [[package]]
 name = "tenant-schemas-celery"
-version = "4.0.1"
+version = "3.0.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "celery" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/19/f8/cf055bf171b5d83d6fe96f1840fba90d3d274be2b5c35cd21b873302b128/tenant_schemas_celery-4.0.1.tar.gz", hash = "sha256:8b8f055fcd82aa53274c09faf88653a935241518d93b86ab2d43a3df3b70c7f8", size = 18870, upload-time = "2025-04-22T18:23:51.061Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/d0/fe/cfe19eb7cc3ad8e39d7df7b7c44414bf665b6ac6660c998eb498f89d16c6/tenant_schemas_celery-3.0.0.tar.gz", hash = "sha256:6be3ae1a5826f262f0f3dd343c6a85a34a1c59b89e04ae37de018f36562fed55", size = 15954, upload-time = "2024-05-19T11:16:41.837Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e9/a8/fd663c461550d6fedfb24e987acc1557ae5b6615ca08fc6c70dbaaa88aa5/tenant_schemas_celery-4.0.1-py3-none-any.whl", hash = "sha256:d06a3ff6956db3a95168ce2051b7bff2765f9ce0d070e14df92f07a2b60ae0a0", size = 21364, upload-time = "2025-04-22T18:23:49.899Z" },
+    { url = "https://files.pythonhosted.org/packages/db/2c/376e1e641ad08b374c75d896468a7be2e6906ce3621fd0c9f9dc09ff1963/tenant_schemas_celery-3.0.0-py3-none-any.whl", hash = "sha256:ca0f69e78ef698eb4813468231df5a0ab6a660c08e657b65f5ac92e16887eec8", size = 18108, upload-time = "2024-05-19T11:16:39.92Z" },
 ]
 
 [[package]]
 name = "tornado"
-version = "6.4.2"
+version = "6.5.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/59/45/a0daf161f7d6f36c3ea5fc0c2de619746cc3dd4c76402e9db545bd920f63/tornado-6.4.2.tar.gz", hash = "sha256:92bad5b4746e9879fd7bf1eb21dce4e3fc5128d71601f80005afa39237ad620b", size = 501135, upload-time = "2024-11-22T03:06:38.036Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/51/89/c72771c81d25d53fe33e3dca61c233b665b2780f21820ba6fd2c6793c12b/tornado-6.5.1.tar.gz", hash = "sha256:84ceece391e8eb9b2b95578db65e920d2a61070260594819589609ba9bc6308c", size = 509934, upload-time = "2025-05-22T18:15:38.788Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/26/7e/71f604d8cea1b58f82ba3590290b66da1e72d840aeb37e0d5f7291bd30db/tornado-6.4.2-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:e828cce1123e9e44ae2a50a9de3055497ab1d0aeb440c5ac23064d9e44880da1", size = 436299, upload-time = "2024-11-22T03:06:20.162Z" },
-    { url = "https://files.pythonhosted.org/packages/96/44/87543a3b99016d0bf54fdaab30d24bf0af2e848f1d13d34a3a5380aabe16/tornado-6.4.2-cp38-abi3-macosx_10_9_x86_64.whl", hash = "sha256:072ce12ada169c5b00b7d92a99ba089447ccc993ea2143c9ede887e0937aa803", size = 434253, upload-time = "2024-11-22T03:06:22.39Z" },
-    { url = "https://files.pythonhosted.org/packages/cb/fb/fdf679b4ce51bcb7210801ef4f11fdac96e9885daa402861751353beea6e/tornado-6.4.2-cp38-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1a017d239bd1bb0919f72af256a970624241f070496635784d9bf0db640d3fec", size = 437602, upload-time = "2024-11-22T03:06:24.214Z" },
-    { url = "https://files.pythonhosted.org/packages/4f/3b/e31aeffffc22b475a64dbeb273026a21b5b566f74dee48742817626c47dc/tornado-6.4.2-cp38-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c36e62ce8f63409301537222faffcef7dfc5284f27eec227389f2ad11b09d946", size = 436972, upload-time = "2024-11-22T03:06:25.559Z" },
-    { url = "https://files.pythonhosted.org/packages/22/55/b78a464de78051a30599ceb6983b01d8f732e6f69bf37b4ed07f642ac0fc/tornado-6.4.2-cp38-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bca9eb02196e789c9cb5c3c7c0f04fb447dc2adffd95265b2c7223a8a615ccbf", size = 437173, upload-time = "2024-11-22T03:06:27.584Z" },
-    { url = "https://files.pythonhosted.org/packages/79/5e/be4fb0d1684eb822c9a62fb18a3e44a06188f78aa466b2ad991d2ee31104/tornado-6.4.2-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:304463bd0772442ff4d0f5149c6f1c2135a1fae045adf070821c6cdc76980634", size = 437892, upload-time = "2024-11-22T03:06:28.933Z" },
-    { url = "https://files.pythonhosted.org/packages/f5/33/4f91fdd94ea36e1d796147003b490fe60a0215ac5737b6f9c65e160d4fe0/tornado-6.4.2-cp38-abi3-musllinux_1_2_i686.whl", hash = "sha256:c82c46813ba483a385ab2a99caeaedf92585a1f90defb5693351fa7e4ea0bf73", size = 437334, upload-time = "2024-11-22T03:06:30.428Z" },
-    { url = "https://files.pythonhosted.org/packages/2b/ae/c1b22d4524b0e10da2f29a176fb2890386f7bd1f63aacf186444873a88a0/tornado-6.4.2-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:932d195ca9015956fa502c6b56af9eb06106140d844a335590c1ec7f5277d10c", size = 437261, upload-time = "2024-11-22T03:06:32.458Z" },
-    { url = "https://files.pythonhosted.org/packages/b5/25/36dbd49ab6d179bcfc4c6c093a51795a4f3bed380543a8242ac3517a1751/tornado-6.4.2-cp38-abi3-win32.whl", hash = "sha256:2876cef82e6c5978fde1e0d5b1f919d756968d5b4282418f3146b79b58556482", size = 438463, upload-time = "2024-11-22T03:06:34.71Z" },
-    { url = "https://files.pythonhosted.org/packages/61/cc/58b1adeb1bb46228442081e746fcdbc4540905c87e8add7c277540934edb/tornado-6.4.2-cp38-abi3-win_amd64.whl", hash = "sha256:908b71bf3ff37d81073356a5fadcc660eb10c1476ee6e2725588626ce7e5ca38", size = 438907, upload-time = "2024-11-22T03:06:36.71Z" },
+    { url = "https://files.pythonhosted.org/packages/77/89/f4532dee6843c9e0ebc4e28d4be04c67f54f60813e4bf73d595fe7567452/tornado-6.5.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:d50065ba7fd11d3bd41bcad0825227cc9a95154bad83239357094c36708001f7", size = 441948, upload-time = "2025-05-22T18:15:20.862Z" },
+    { url = "https://files.pythonhosted.org/packages/15/9a/557406b62cffa395d18772e0cdcf03bed2fff03b374677348eef9f6a3792/tornado-6.5.1-cp39-abi3-macosx_10_9_x86_64.whl", hash = "sha256:9e9ca370f717997cb85606d074b0e5b247282cf5e2e1611568b8821afe0342d6", size = 440112, upload-time = "2025-05-22T18:15:22.591Z" },
+    { url = "https://files.pythonhosted.org/packages/55/82/7721b7319013a3cf881f4dffa4f60ceff07b31b394e459984e7a36dc99ec/tornado-6.5.1-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b77e9dfa7ed69754a54c89d82ef746398be82f749df69c4d3abe75c4d1ff4888", size = 443672, upload-time = "2025-05-22T18:15:24.027Z" },
+    { url = "https://files.pythonhosted.org/packages/7d/42/d11c4376e7d101171b94e03cef0cbce43e823ed6567ceda571f54cf6e3ce/tornado-6.5.1-cp39-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:253b76040ee3bab8bcf7ba9feb136436a3787208717a1fb9f2c16b744fba7331", size = 443019, upload-time = "2025-05-22T18:15:25.735Z" },
+    { url = "https://files.pythonhosted.org/packages/7d/f7/0c48ba992d875521ac761e6e04b0a1750f8150ae42ea26df1852d6a98942/tornado-6.5.1-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:308473f4cc5a76227157cdf904de33ac268af770b2c5f05ca6c1161d82fdd95e", size = 443252, upload-time = "2025-05-22T18:15:27.499Z" },
+    { url = "https://files.pythonhosted.org/packages/89/46/d8d7413d11987e316df4ad42e16023cd62666a3c0dfa1518ffa30b8df06c/tornado-6.5.1-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:caec6314ce8a81cf69bd89909f4b633b9f523834dc1a352021775d45e51d9401", size = 443930, upload-time = "2025-05-22T18:15:29.299Z" },
+    { url = "https://files.pythonhosted.org/packages/78/b2/f8049221c96a06df89bed68260e8ca94beca5ea532ffc63b1175ad31f9cc/tornado-6.5.1-cp39-abi3-musllinux_1_2_i686.whl", hash = "sha256:13ce6e3396c24e2808774741331638ee6c2f50b114b97a55c5b442df65fd9692", size = 443351, upload-time = "2025-05-22T18:15:31.038Z" },
+    { url = "https://files.pythonhosted.org/packages/76/ff/6a0079e65b326cc222a54720a748e04a4db246870c4da54ece4577bfa702/tornado-6.5.1-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:5cae6145f4cdf5ab24744526cc0f55a17d76f02c98f4cff9daa08ae9a217448a", size = 443328, upload-time = "2025-05-22T18:15:32.426Z" },
+    { url = "https://files.pythonhosted.org/packages/49/18/e3f902a1d21f14035b5bc6246a8c0f51e0eef562ace3a2cea403c1fb7021/tornado-6.5.1-cp39-abi3-win32.whl", hash = "sha256:e0a36e1bc684dca10b1aa75a31df8bdfed656831489bc1e6a6ebed05dc1ec365", size = 444396, upload-time = "2025-05-22T18:15:34.205Z" },
+    { url = "https://files.pythonhosted.org/packages/7b/09/6526e32bf1049ee7de3bebba81572673b19a2a8541f795d887e92af1a8bc/tornado-6.5.1-cp39-abi3-win_amd64.whl", hash = "sha256:908e7d64567cecd4c2b458075589a775063453aeb1d2a1853eedb806922f568b", size = 444840, upload-time = "2025-05-22T18:15:36.1Z" },
+    { url = "https://files.pythonhosted.org/packages/55/a7/535c44c7bea4578e48281d83c615219f3ab19e6abc67625ef637c73987be/tornado-6.5.1-cp39-abi3-win_arm64.whl", hash = "sha256:02420a0eb7bf617257b9935e2b754d1b63897525d8a289c9d65690d580b4dcf7", size = 443596, upload-time = "2025-05-22T18:15:37.433Z" },
 ]
 
 [[package]]
@@ -3158,7 +3162,7 @@ wheels = [
 
 [[package]]
 name = "twilio"
-version = "9.6.2"
+version = "9.6.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "aiohttp" },
@@ -3166,9 +3170,9 @@ dependencies = [
     { name = "pyjwt" },
     { name = "requests" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/fa/c9/441a07f6552f2b504812501d56c41bd85b02afeef6c23ab8baf41ed6c70e/twilio-9.6.2.tar.gz", hash = "sha256:5da13bb497e39ece34cb9f2b3bc911f3288928612748f7688b3bda262c2767a1", size = 1041300, upload-time = "2025-05-29T12:25:04.59Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/95/78/453ff0d35442c53490c22d077f580684a2352846c721d3e01f4c6dfa85bd/twilio-9.6.1.tar.gz", hash = "sha256:bb80b31d4d9e55c33872efef7fb99373149ed4093f21c56cf582797da45862f5", size = 987002, upload-time = "2025-05-13T09:56:55.183Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/67/91/382e83e5d205a7ae4325b66d40cd2fa6ce85526f2ed8fc553265e19abbe4/twilio-9.6.2-py2.py3-none-any.whl", hash = "sha256:8d4af6f42850734a921857df42940f7fed84e3e4a508d0d6bef5b9fb7dc08357", size = 1909253, upload-time = "2025-05-29T12:25:02.521Z" },
+    { url = "https://files.pythonhosted.org/packages/02/f4/36fe2566a3ad7f71a89fd28ea2ebb6b2aa05c3a4d5a55b3ca6c358768c6b/twilio-9.6.1-py2.py3-none-any.whl", hash = "sha256:441fdab61b9a204eef770368380b962cbf08dc0fe9f757fe4b1d63ced37ddeed", size = 1859407, upload-time = "2025-05-13T09:56:53.094Z" },
 ]
 
 [[package]]
@@ -3284,11 +3288,11 @@ wheels = [
 
 [[package]]
 name = "urllib3"
-version = "2.4.0"
+version = "2.5.0"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/8a/78/16493d9c386d8e60e442a35feac5e00f0913c0f4b7c217c11e8ec2ff53e0/urllib3-2.4.0.tar.gz", hash = "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466", size = 390672, upload-time = "2025-04-10T15:23:39.232Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc/urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760", size = 393185, upload-time = "2025-06-18T14:07:41.644Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/6b/11/cc635220681e93a0183390e26485430ca2c7b5f9d33b15c74c2861cb8091/urllib3-2.4.0-py3-none-any.whl", hash = "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813", size = 128680, upload-time = "2025-04-10T15:23:37.377Z" },
+    { url = "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", size = 129795, upload-time = "2025-06-18T14:07:40.39Z" },
 ]
 
 [package.optional-dependencies]
@@ -3298,15 +3302,15 @@ socks = [
 
 [[package]]
 name = "uvicorn"
-version = "0.34.3"
+version = "0.34.2"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "click" },
     { name = "h11" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/de/ad/713be230bcda622eaa35c28f0d328c3675c371238470abdea52417f17a8e/uvicorn-0.34.3.tar.gz", hash = "sha256:35919a9a979d7a59334b6b10e05d77c1d0d574c50e0fc98b8b1a0f165708b55a", size = 76631, upload-time = "2025-06-01T07:48:17.531Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/a6/ae/9bbb19b9e1c450cf9ecaef06463e40234d98d95bf572fab11b4f19ae5ded/uvicorn-0.34.2.tar.gz", hash = "sha256:0e929828f6186353a80b58ea719861d2629d766293b6d19baf086ba31d4f3328", size = 76815, upload-time = "2025-04-19T06:02:50.101Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/6d/0d/8adfeaa62945f90d19ddc461c55f4a50c258af7662d34b6a3d5d1f8646f6/uvicorn-0.34.3-py3-none-any.whl", hash = "sha256:16246631db62bdfbf069b0645177d6e8a77ba950cfedbfd093acef9444e4d885", size = 62431, upload-time = "2025-06-01T07:48:15.664Z" },
+    { url = "https://files.pythonhosted.org/packages/b1/4b/4cef6ce21a2aaca9d852a6e84ef4f135d99fcd74fa75105e2fc0c8308acd/uvicorn-0.34.2-py3-none-any.whl", hash = "sha256:deb49af569084536d269fe0a6d67e3754f104cf03aba7c11c40f01aadf33c403", size = 62483, upload-time = "2025-04-19T06:02:48.42Z" },
 ]
 
 [package.optional-dependencies]

web/package-lock.json

@@ -31,7 +31,7 @@
                 "@open-wc/lit-helpers": "^0.7.0",
                 "@patternfly/elements": "^4.1.0",
                 "@patternfly/patternfly": "^4.224.2",
-                "@sentry/browser": "^9.24.0",
+                "@sentry/browser": "^9.22.0",
                 "@spotlightjs/spotlight": "^2.13.3",
                 "@webcomponents/webcomponentsjs": "^2.8.0",
                 "base64-js": "^1.5.1",
@@ -104,11 +104,11 @@
                 "@wdio/spec-reporter": "^9.1.2",
                 "@web/test-runner": "^0.20.2",
                 "chromedriver": "^136.0.3",
-                "esbuild": "^0.25.5",
+                "esbuild": "^0.25.4",
                 "esbuild-plugin-copy": "^2.1.1",
                 "esbuild-plugin-polyfill-node": "^0.3.0",
                 "esbuild-plugins-node-modules-polyfill": "^1.7.0",
-                "eslint": "^9.28.0",
+                "eslint": "^9.11.1",
                 "eslint-plugin-lit": "^2.1.1",
                 "eslint-plugin-wc": "^3.0.1",
                 "github-slugger": "^2.0.0",
@@ -123,7 +123,7 @@
                 "storybook-addon-mock": "^5.0.0",
                 "turnstile-types": "^1.2.3",
                 "typescript": "^5.8.3",
-                "typescript-eslint": "^8.33.0",
+                "typescript-eslint": "^8.32.1",
                 "vite-plugin-lit-css": "^2.0.0",
                 "vite-tsconfig-paths": "^5.0.1",
                 "wireit": "^0.14.12"
@@ -1025,9 +1025,9 @@
             }
         },
         "node_modules/@esbuild/aix-ppc64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.5.tgz",
-            "integrity": "sha512-9o3TMmpmftaCMepOdA5k/yDw8SfInyzWWTjYTFCX3kPSDJMROQTb8jg+h9Cnwnmm1vOzvxN7gIfB5V2ewpjtGA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.4.tgz",
+            "integrity": "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q==",
             "cpu": [
                 "ppc64"
             ],
@@ -1042,9 +1042,9 @@
             }
         },
         "node_modules/@esbuild/android-arm": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.5.tgz",
-            "integrity": "sha512-AdJKSPeEHgi7/ZhuIPtcQKr5RQdo6OO2IL87JkianiMYMPbCtot9fxPbrMiBADOWWm3T2si9stAiVsGbTQFkbA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.4.tgz",
+            "integrity": "sha512-QNdQEps7DfFwE3hXiU4BZeOV68HHzYwGd0Nthhd3uCkkEKK7/R6MTgM0P7H7FAs5pU/DIWsviMmEGxEoxIZ+ZQ==",
             "cpu": [
                 "arm"
             ],
@@ -1059,9 +1059,9 @@
             }
         },
         "node_modules/@esbuild/android-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.5.tgz",
-            "integrity": "sha512-VGzGhj4lJO+TVGV1v8ntCZWJktV7SGCs3Pn1GRWI1SBFtRALoomm8k5E9Pmwg3HOAal2VDc2F9+PM/rEY6oIDg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.4.tgz",
+            "integrity": "sha512-bBy69pgfhMGtCnwpC/x5QhfxAz/cBgQ9enbtwjf6V9lnPI/hMyT9iWpR1arm0l3kttTr4L0KSLpKmLp/ilKS9A==",
             "cpu": [
                 "arm64"
             ],
@@ -1076,9 +1076,9 @@
             }
         },
         "node_modules/@esbuild/android-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.5.tgz",
-            "integrity": "sha512-D2GyJT1kjvO//drbRT3Hib9XPwQeWd9vZoBJn+bu/lVsOZ13cqNdDeqIF/xQ5/VmWvMduP6AmXvylO/PIc2isw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.4.tgz",
+            "integrity": "sha512-TVhdVtQIFuVpIIR282btcGC2oGQoSfZfmBdTip2anCaVYcqWlZXGcdcKIUklfX2wj0JklNYgz39OBqh2cqXvcQ==",
             "cpu": [
                 "x64"
             ],
@@ -1093,9 +1093,9 @@
             }
         },
         "node_modules/@esbuild/darwin-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.5.tgz",
-            "integrity": "sha512-GtaBgammVvdF7aPIgH2jxMDdivezgFu6iKpmT+48+F8Hhg5J/sfnDieg0aeG/jfSvkYQU2/pceFPDKlqZzwnfQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.4.tgz",
+            "integrity": "sha512-Y1giCfM4nlHDWEfSckMzeWNdQS31BQGs9/rouw6Ub91tkK79aIMTH3q9xHvzH8d0wDru5Ci0kWB8b3up/nl16g==",
             "cpu": [
                 "arm64"
             ],
@@ -1109,9 +1109,9 @@
             }
         },
         "node_modules/@esbuild/darwin-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.5.tgz",
-            "integrity": "sha512-1iT4FVL0dJ76/q1wd7XDsXrSW+oLoquptvh4CLR4kITDtqi2e/xwXwdCVH8hVHU43wgJdsq7Gxuzcs6Iq/7bxQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.4.tgz",
+            "integrity": "sha512-CJsry8ZGM5VFVeyUYB3cdKpd/H69PYez4eJh1W/t38vzutdjEjtP7hB6eLKBoOdxcAlCtEYHzQ/PJ/oU9I4u0A==",
             "cpu": [
                 "x64"
             ],
@@ -1126,9 +1126,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.5.tgz",
-            "integrity": "sha512-nk4tGP3JThz4La38Uy/gzyXtpkPW8zSAmoUhK9xKKXdBCzKODMc2adkB2+8om9BDYugz+uGV7sLmpTYzvmz6Sw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.4.tgz",
+            "integrity": "sha512-yYq+39NlTRzU2XmoPW4l5Ifpl9fqSk0nAJYM/V/WUGPEFfek1epLHJIkTQM6bBs1swApjO5nWgvr843g6TjxuQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1143,9 +1143,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.5.tgz",
-            "integrity": "sha512-PrikaNjiXdR2laW6OIjlbeuCPrPaAl0IwPIaRv+SMV8CiM8i2LqVUHFC1+8eORgWyY7yhQY+2U2fA55mBzReaw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.4.tgz",
+            "integrity": "sha512-0FgvOJ6UUMflsHSPLzdfDnnBBVoCDtBTVyn/MrWloUNvq/5SFmh13l3dvgRPkDihRxb77Y17MbqbCAa2strMQQ==",
             "cpu": [
                 "x64"
             ],
@@ -1160,9 +1160,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.5.tgz",
-            "integrity": "sha512-cPzojwW2okgh7ZlRpcBEtsX7WBuqbLrNXqLU89GxWbNt6uIg78ET82qifUy3W6OVww6ZWobWub5oqZOVtwolfw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.4.tgz",
+            "integrity": "sha512-kro4c0P85GMfFYqW4TWOpvmF8rFShbWGnrLqlzp4X1TNWjRY3JMYUfDCtOxPKOIY8B0WC8HN51hGP4I4hz4AaQ==",
             "cpu": [
                 "arm"
             ],
@@ -1177,9 +1177,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.5.tgz",
-            "integrity": "sha512-Z9kfb1v6ZlGbWj8EJk9T6czVEjjq2ntSYLY2cw6pAZl4oKtfgQuS4HOq41M/BcoLPzrUbNd+R4BXFyH//nHxVg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.4.tgz",
+            "integrity": "sha512-+89UsQTfXdmjIvZS6nUnOOLoXnkUTB9hR5QAeLrQdzOSWZvNSAXAtcRDHWtqAUtAmv7ZM1WPOOeSxDzzzMogiQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1193,9 +1193,9 @@
             }
         },
         "node_modules/@esbuild/linux-ia32": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.5.tgz",
-            "integrity": "sha512-sQ7l00M8bSv36GLV95BVAdhJ2QsIbCuCjh/uYrWiMQSUuV+LpXwIqhgJDcvMTj+VsQmqAHL2yYaasENvJ7CDKA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.4.tgz",
+            "integrity": "sha512-yTEjoapy8UP3rv8dB0ip3AfMpRbyhSN3+hY8mo/i4QXFeDxmiYbEKp3ZRjBKcOP862Ua4b1PDfwlvbuwY7hIGQ==",
             "cpu": [
                 "ia32"
             ],
@@ -1210,9 +1210,9 @@
             }
         },
         "node_modules/@esbuild/linux-loong64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.5.tgz",
-            "integrity": "sha512-0ur7ae16hDUC4OL5iEnDb0tZHDxYmuQyhKhsPBV8f99f6Z9KQM02g33f93rNH5A30agMS46u2HP6qTdEt6Q1kg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.4.tgz",
+            "integrity": "sha512-NeqqYkrcGzFwi6CGRGNMOjWGGSYOpqwCjS9fvaUlX5s3zwOtn1qwg1s2iE2svBe4Q/YOG1q6875lcAoQK/F4VA==",
             "cpu": [
                 "loong64"
             ],
@@ -1227,9 +1227,9 @@
             }
         },
         "node_modules/@esbuild/linux-mips64el": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.5.tgz",
-            "integrity": "sha512-kB/66P1OsHO5zLz0i6X0RxlQ+3cu0mkxS3TKFvkb5lin6uwZ/ttOkP3Z8lfR9mJOBk14ZwZ9182SIIWFGNmqmg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.4.tgz",
+            "integrity": "sha512-IcvTlF9dtLrfL/M8WgNI/qJYBENP3ekgsHbYUIzEzq5XJzzVEV/fXY9WFPfEEXmu3ck2qJP8LG/p3Q8f7Zc2Xg==",
             "cpu": [
                 "mips64el"
             ],
@@ -1244,9 +1244,9 @@
             }
         },
         "node_modules/@esbuild/linux-ppc64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.5.tgz",
-            "integrity": "sha512-UZCmJ7r9X2fe2D6jBmkLBMQetXPXIsZjQJCjgwpVDz+YMcS6oFR27alkgGv3Oqkv07bxdvw7fyB71/olceJhkQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.4.tgz",
+            "integrity": "sha512-HOy0aLTJTVtoTeGZh4HSXaO6M95qu4k5lJcH4gxv56iaycfz1S8GO/5Jh6X4Y1YiI0h7cRyLi+HixMR+88swag==",
             "cpu": [
                 "ppc64"
             ],
@@ -1261,9 +1261,9 @@
             }
         },
         "node_modules/@esbuild/linux-riscv64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.5.tgz",
-            "integrity": "sha512-kTxwu4mLyeOlsVIFPfQo+fQJAV9mh24xL+y+Bm6ej067sYANjyEw1dNHmvoqxJUCMnkBdKpvOn0Ahql6+4VyeA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.4.tgz",
+            "integrity": "sha512-i8JUDAufpz9jOzo4yIShCTcXzS07vEgWzyX3NH2G7LEFVgrLEhjwL3ajFE4fZI3I4ZgiM7JH3GQ7ReObROvSUA==",
             "cpu": [
                 "riscv64"
             ],
@@ -1278,9 +1278,9 @@
             }
         },
         "node_modules/@esbuild/linux-s390x": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.5.tgz",
-            "integrity": "sha512-K2dSKTKfmdh78uJ3NcWFiqyRrimfdinS5ErLSn3vluHNeHVnBAFWC8a4X5N+7FgVE1EjXS1QDZbpqZBjfrqMTQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.4.tgz",
+            "integrity": "sha512-jFnu+6UbLlzIjPQpWCNh5QtrcNfMLjgIavnwPQAfoGx4q17ocOU9MsQ2QVvFxwQoWpZT8DvTLooTvmOQXkO51g==",
             "cpu": [
                 "s390x"
             ],
@@ -1295,9 +1295,9 @@
             }
         },
         "node_modules/@esbuild/linux-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.5.tgz",
-            "integrity": "sha512-uhj8N2obKTE6pSZ+aMUbqq+1nXxNjZIIjCjGLfsWvVpy7gKCOL6rsY1MhRh9zLtUtAI7vpgLMK6DxjO8Qm9lJw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.4.tgz",
+            "integrity": "sha512-6e0cvXwzOnVWJHq+mskP8DNSrKBr1bULBvnFLpc1KY+d+irZSgZ02TGse5FsafKS5jg2e4pbvK6TPXaF/A6+CA==",
             "cpu": [
                 "x64"
             ],
@@ -1311,9 +1311,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.5.tgz",
-            "integrity": "sha512-pwHtMP9viAy1oHPvgxtOv+OkduK5ugofNTVDilIzBLpoWAM16r7b/mxBvfpuQDpRQFMfuVr5aLcn4yveGvBZvw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.4.tgz",
+            "integrity": "sha512-vUnkBYxZW4hL/ie91hSqaSNjulOnYXE1VSLusnvHg2u3jewJBz3YzB9+oCw8DABeVqZGg94t9tyZFoHma8gWZQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1328,9 +1328,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.5.tgz",
-            "integrity": "sha512-WOb5fKrvVTRMfWFNCroYWWklbnXH0Q5rZppjq0vQIdlsQKuw6mdSihwSo4RV/YdQ5UCKKvBy7/0ZZYLBZKIbwQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.4.tgz",
+            "integrity": "sha512-XAg8pIQn5CzhOB8odIcAm42QsOfa98SBeKUdo4xa8OvX8LbMZqEtgeWE9P/Wxt7MlG2QqvjGths+nq48TrUiKw==",
             "cpu": [
                 "x64"
             ],
@@ -1345,9 +1345,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.5.tgz",
-            "integrity": "sha512-7A208+uQKgTxHd0G0uqZO8UjK2R0DDb4fDmERtARjSHWxqMTye4Erz4zZafx7Di9Cv+lNHYuncAkiGFySoD+Mw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.4.tgz",
+            "integrity": "sha512-Ct2WcFEANlFDtp1nVAXSNBPDxyU+j7+tId//iHXU2f/lN5AmO4zLyhDcpR5Cz1r08mVxzt3Jpyt4PmXQ1O6+7A==",
             "cpu": [
                 "arm64"
             ],
@@ -1362,9 +1362,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.5.tgz",
-            "integrity": "sha512-G4hE405ErTWraiZ8UiSoesH8DaCsMm0Cay4fsFWOOUcz8b8rC6uCvnagr+gnioEjWn0wC+o1/TAHt+It+MpIMg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.4.tgz",
+            "integrity": "sha512-xAGGhyOQ9Otm1Xu8NT1ifGLnA6M3sJxZ6ixylb+vIUVzvvd6GOALpwQrYrtlPouMqd/vSbgehz6HaVk4+7Afhw==",
             "cpu": [
                 "x64"
             ],
@@ -1379,9 +1379,9 @@
             }
         },
         "node_modules/@esbuild/sunos-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.5.tgz",
-            "integrity": "sha512-l+azKShMy7FxzY0Rj4RCt5VD/q8mG/e+mDivgspo+yL8zW7qEwctQ6YqKX34DTEleFAvCIUviCFX1SDZRSyMQA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.4.tgz",
+            "integrity": "sha512-Mw+tzy4pp6wZEK0+Lwr76pWLjrtjmJyUB23tHKqEDP74R3q95luY/bXqXZeYl4NYlvwOqoRKlInQialgCKy67Q==",
             "cpu": [
                 "x64"
             ],
@@ -1396,9 +1396,9 @@
             }
         },
         "node_modules/@esbuild/win32-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.5.tgz",
-            "integrity": "sha512-O2S7SNZzdcFG7eFKgvwUEZ2VG9D/sn/eIiz8XRZ1Q/DO5a3s76Xv0mdBzVM5j5R639lXQmPmSo0iRpHqUUrsxw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.4.tgz",
+            "integrity": "sha512-AVUP428VQTSddguz9dO9ngb+E5aScyg7nOeJDrF1HPYu555gmza3bDGMPhmVXL8svDSoqPCsCPjb265yG/kLKQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1413,9 +1413,9 @@
             }
         },
         "node_modules/@esbuild/win32-ia32": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.5.tgz",
-            "integrity": "sha512-onOJ02pqs9h1iMJ1PQphR+VZv8qBMQ77Klcsqv9CNW2w6yLqoURLcgERAIurY6QE63bbLuqgP9ATqajFLK5AMQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.4.tgz",
+            "integrity": "sha512-i1sW+1i+oWvQzSgfRcxxG2k4I9n3O9NRqy8U+uugaT2Dy7kLO9Y7wI72haOahxceMX8hZAzgGou1FhndRldxRg==",
             "cpu": [
                 "ia32"
             ],
@@ -1430,9 +1430,9 @@
             }
         },
         "node_modules/@esbuild/win32-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.5.tgz",
-            "integrity": "sha512-TXv6YnJ8ZMVdX+SXWVBo/0p8LTcrUYngpWjvm91TMjjBQii7Oz11Lw5lbDV5Y0TzuhSJHwiH4hEtC1I42mMS0g==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.4.tgz",
+            "integrity": "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ==",
             "cpu": [
                 "x64"
             ],
@@ -1599,9 +1599,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "9.28.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.28.0.tgz",
-            "integrity": "sha512-fnqSjGWd/CoIp4EXIxWVK/sHA6DOHN4+8Ix2cX5ycOY7LG0UY8nHCU5pIp2eaE1Mc7Qd8kHspYNzYXT2ojPLzg==",
+            "version": "9.27.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.27.0.tgz",
+            "integrity": "sha512-G5JD9Tu5HJEu4z2Uo4aHY2sLV64B7CDMXxFzqzjl3NKd6RVzSXNoE80jk7Y0lJkTTkjiIhBAqmlYwjuBY3tvpA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -4470,75 +4470,75 @@
             "dev": true
         },
         "node_modules/@sentry-internal/browser-utils": {
-            "version": "9.24.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-9.24.0.tgz",
-            "integrity": "sha512-fWIrHyui8KKufnbqhGyDvvr+u9wiOEEzxXEjs/CKp+6fa+jej6Mk8K+su1f/mz7R3HVzhxvht/gZ+y193uK4qw==",
+            "version": "9.22.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-9.22.0.tgz",
+            "integrity": "sha512-Ou1tBnVxFAIn8i9gvrWzRotNJQYiu3awNXpsFCw6qFwmiKAVPa6b13vCdolhXnrIiuR77jY1LQnKh9hXpoRzsg==",
             "license": "MIT",
             "dependencies": {
-                "@sentry/core": "9.24.0"
+                "@sentry/core": "9.22.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry-internal/feedback": {
-            "version": "9.24.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-9.24.0.tgz",
-            "integrity": "sha512-Z9jQqKzRppwAEqiytLWNV8JOo52vlxcSGz52FjKx3KXG75PXwk0M3sBXh762WoGLisUIRLTp8LOk6304L/O8dg==",
+            "version": "9.22.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-9.22.0.tgz",
+            "integrity": "sha512-zgMVkoC61fgi41zLcSZA59vOtKxcLrKBo1ECYhPD1hxEaneNqY5fhXDwlQBw96P5l2yqkgfX6YZtSdU4ejI9yA==",
             "license": "MIT",
             "dependencies": {
-                "@sentry/core": "9.24.0"
+                "@sentry/core": "9.22.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry-internal/replay": {
-            "version": "9.24.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-9.24.0.tgz",
-            "integrity": "sha512-312wMPeQI8K2vO/lA/CF6Uv5UReoZC7RarsNUJEoOKa9Bq1BXWUq929oTHzu/2NDv194H2u3eqSGsSp6xiuKTw==",
+            "version": "9.22.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-9.22.0.tgz",
+            "integrity": "sha512-9GOycoKbrclcRXfcbNV8svbmAsOS5R4wXBQmKF4pFLkmFA/lJv9kdZSNYkRvkrxdNfbMIJXP+DV9EqTZcryXig==",
             "license": "MIT",
             "dependencies": {
-                "@sentry-internal/browser-utils": "9.24.0",
-                "@sentry/core": "9.24.0"
+                "@sentry-internal/browser-utils": "9.22.0",
+                "@sentry/core": "9.22.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry-internal/replay-canvas": {
-            "version": "9.24.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-9.24.0.tgz",
-            "integrity": "sha512-506RdDF6iE8hMyzpzp9Vc0GM7kELxxs7UCoi/6KpvXFftcydWI3S2bru8dEZsxVoKh2hdle6SpbNgl+iPI0DSQ==",
+            "version": "9.22.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-9.22.0.tgz",
+            "integrity": "sha512-EcG9IMSEalFe49kowBTJObWjof/iHteDwpyuAszsFDdQUYATrVUtwpwN7o52vDYWJud4arhjrQnMamIGxa79eQ==",
             "license": "MIT",
             "dependencies": {
-                "@sentry-internal/replay": "9.24.0",
-                "@sentry/core": "9.24.0"
+                "@sentry-internal/replay": "9.22.0",
+                "@sentry/core": "9.22.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry/browser": {
-            "version": "9.24.0",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-9.24.0.tgz",
-            "integrity": "sha512-RP+27/owvIqD4J0TibIHK1UcA7iObxLOXBEilDKjaJOZMLhv3JkpU8A+UI9pFzEYqeIGVDDaBzYgbCHrLWcoCA==",
+            "version": "9.22.0",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-9.22.0.tgz",
+            "integrity": "sha512-3TeRm74dvX0JdjX0AgkQa+22iUHwHnY+Q6M05NZ+tDeCNHGK/mEBTeqquS1oQX67jWyuvYmG3VV6RJUxtG9Paw==",
             "license": "MIT",
             "dependencies": {
-                "@sentry-internal/browser-utils": "9.24.0",
-                "@sentry-internal/feedback": "9.24.0",
-                "@sentry-internal/replay": "9.24.0",
-                "@sentry-internal/replay-canvas": "9.24.0",
-                "@sentry/core": "9.24.0"
+                "@sentry-internal/browser-utils": "9.22.0",
+                "@sentry-internal/feedback": "9.22.0",
+                "@sentry-internal/replay": "9.22.0",
+                "@sentry-internal/replay-canvas": "9.22.0",
+                "@sentry/core": "9.22.0"
             },
             "engines": {
                 "node": ">=18"
             }
         },
         "node_modules/@sentry/core": {
-            "version": "9.24.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-9.24.0.tgz",
-            "integrity": "sha512-uRWrB4Y49ZOWcDLCXqdjd2Fs6Onill0GQI+JgXMw7wa+i03+QRiQvUAUyde8O62jR4dvP3GDo9PDWnDNhi3z5A==",
+            "version": "9.22.0",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-9.22.0.tgz",
+            "integrity": "sha512-ixvtKmPF42Y6ckGUbFlB54OWI75H2gO5UYHojO6eXFpS7xO3ZGgV/QH6wb40mWK+0w5XZ0233FuU9VpsuE6mKA==",
             "license": "MIT",
             "engines": {
                 "node": ">=18"
@@ -7328,17 +7328,17 @@
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.33.0.tgz",
-            "integrity": "sha512-CACyQuqSHt7ma3Ns601xykeBK/rDeZa3w6IS6UtMQbixO5DWy+8TilKkviGDH6jtWCo8FGRKEK5cLLkPvEammQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.32.1.tgz",
+            "integrity": "sha512-6u6Plg9nP/J1GRpe/vcjjabo6Uc5YQPAMxsgQyGC/I0RuukiG1wIe3+Vtg3IrSCVJDmqK3j8adrtzXSENRtFgg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.33.0",
-                "@typescript-eslint/type-utils": "8.33.0",
-                "@typescript-eslint/utils": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0",
+                "@typescript-eslint/scope-manager": "8.32.1",
+                "@typescript-eslint/type-utils": "8.32.1",
+                "@typescript-eslint/utils": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -7352,7 +7352,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.33.0",
+                "@typescript-eslint/parser": "^8.0.0 || ^8.0.0-alpha.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <5.9.0"
             }
@@ -7368,16 +7368,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.33.0.tgz",
-            "integrity": "sha512-JaehZvf6m0yqYp34+RVnihBAChkqeH+tqqhS0GuX1qgPpwLvmTPheKEs6OeCK6hVJgXZHJ2vbjnC9j119auStQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.32.1.tgz",
+            "integrity": "sha512-LKMrmwCPoLhM45Z00O1ulb6jwyVr2kr3XJp+G+tSEZcbauNnScewcQwtJqXDhXeYPDEjZ8C1SjXm015CirEmGg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.33.0",
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/typescript-estree": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0",
+                "@typescript-eslint/scope-manager": "8.32.1",
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/typescript-estree": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -7392,34 +7392,15 @@
                 "typescript": ">=4.8.4 <5.9.0"
             }
         },
-        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.33.0.tgz",
-            "integrity": "sha512-d1hz0u9l6N+u/gcrk6s6gYdl7/+pp8yHheRTqP6X5hVDKALEaTn8WfGiit7G511yueBEL3OpOEpD+3/MBdoN+A==",
-            "dev": true,
-            "license": "MIT",
-            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.33.0",
-                "@typescript-eslint/types": "^8.33.0",
-                "debug": "^4.3.4"
-            },
-            "engines": {
-                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-            },
-            "funding": {
-                "type": "opencollective",
-                "url": "https://opencollective.com/typescript-eslint"
-            }
-        },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.33.0.tgz",
-            "integrity": "sha512-LMi/oqrzpqxyO72ltP+dBSP6V0xiUb4saY7WLtxSfiNEBI8m321LLVFU9/QDJxjDQG9/tjSqKz/E3380TEqSTw==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.32.1.tgz",
+            "integrity": "sha512-7IsIaIDeZn7kffk7qXC3o6Z4UblZJKV3UBpkvRNpr5NSyLji7tvTcvmnMNYuYLyh26mN8W723xpo3i4MlD33vA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0"
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -7429,32 +7410,15 @@
                 "url": "https://opencollective.com/typescript-eslint"
             }
         },
-        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.33.0.tgz",
-            "integrity": "sha512-sTkETlbqhEoiFmGr1gsdq5HyVbSOF0145SYDJ/EQmXHtKViCaGvnyLqWFFHtEXoS0J1yU8Wyou2UGmgW88fEug==",
-            "dev": true,
-            "license": "MIT",
-            "engines": {
-                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-            },
-            "funding": {
-                "type": "opencollective",
-                "url": "https://opencollective.com/typescript-eslint"
-            },
-            "peerDependencies": {
-                "typescript": ">=4.8.4 <5.9.0"
-            }
-        },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.33.0.tgz",
-            "integrity": "sha512-lScnHNCBqL1QayuSrWeqAL5GmqNdVUQAAMTaCwdYEdWfIrSrOGzyLGRCHXcCixa5NK6i5l0AfSO2oBSjCjf4XQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.32.1.tgz",
+            "integrity": "sha512-mv9YpQGA8iIsl5KyUPi+FGLm7+bA4fgXaeRcFKRDRwDMu4iwrSHeDPipwueNXhdIIZltwCJv+NkxftECbIZWfA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "8.33.0",
-                "@typescript-eslint/utils": "8.33.0",
+                "@typescript-eslint/typescript-estree": "8.32.1",
+                "@typescript-eslint/utils": "8.32.1",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -7471,9 +7435,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.33.0.tgz",
-            "integrity": "sha512-DKuXOKpM5IDT1FA2g9x9x1Ug81YuKrzf4mYX8FAVSNu5Wo/LELHWQyM1pQaDkI42bX15PWl0vNPt1uGiIFUOpg==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.32.1.tgz",
+            "integrity": "sha512-YmybwXUJcgGqgAp6bEsgpPXEg6dcCyPyCSr0CAAueacR/CCBi25G3V8gGQ2kRzQRBNol7VQknxMs9HvVa9Rvfg==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -7485,16 +7449,14 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.33.0.tgz",
-            "integrity": "sha512-vegY4FQoB6jL97Tu/lWRsAiUUp8qJTqzAmENH2k59SJhw0Th1oszb9Idq/FyyONLuNqT1OADJPXfyUNOR8SzAQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.32.1.tgz",
+            "integrity": "sha512-Y3AP9EIfYwBb4kWGb+simvPaqQoT5oJuzzj9m0i6FCY6SPvlomY2Ei4UEMm7+FXtlNJbor80ximyslzaQF6xhg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.33.0",
-                "@typescript-eslint/tsconfig-utils": "8.33.0",
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/visitor-keys": "8.33.0",
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/visitor-keys": "8.32.1",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -7514,16 +7476,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.33.0.tgz",
-            "integrity": "sha512-lPFuQaLA9aSNa7D5u2EpRiqdAUhzShwGg/nhpBlc4GR6kcTABttCuyjFs8BcEZ8VWrjCBof/bePhP3Q3fS+Yrw==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.32.1.tgz",
+            "integrity": "sha512-DsSFNIgLSrc89gpq1LJB7Hm1YpuhK086DRDJSNrewcGvYloWW1vZLHBTIvarKZDcAORIy/uWNx8Gad+4oMpkSA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.33.0",
-                "@typescript-eslint/types": "8.33.0",
-                "@typescript-eslint/typescript-estree": "8.33.0"
+                "@typescript-eslint/scope-manager": "8.32.1",
+                "@typescript-eslint/types": "8.32.1",
+                "@typescript-eslint/typescript-estree": "8.32.1"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -7538,13 +7500,13 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.33.0.tgz",
-            "integrity": "sha512-7RW7CMYoskiz5OOGAWjJFxgb7c5UNjTG292gYhWeOAcFmYCtVCSqjqSBj5zMhxbXo2JOW95YYrUWJfU0zrpaGQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.32.1.tgz",
+            "integrity": "sha512-ar0tjQfObzhSaW3C3QNmTc5ofj0hDoNQ5XWrCy6zDyabdr0TWhCkClp+rywGNj/odAFBVzzJrK4tEq5M4Hmu4w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.33.0",
+                "@typescript-eslint/types": "8.32.1",
                 "eslint-visitor-keys": "^4.2.0"
             },
             "engines": {
@@ -14061,9 +14023,9 @@
             }
         },
         "node_modules/esbuild": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.5.tgz",
-            "integrity": "sha512-P8OtKZRv/5J5hhz0cUAdu/cLuPIKXpQl1R9pZtvmHWQvrAUVd0UNIPT4IB4W3rNOqVO0rlqHmCIbSwxh/c9yUQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.4.tgz",
+            "integrity": "sha512-8pgjLUcUjcgDg+2Q4NYXnPbo/vncAY4UmyaCm0jZevERqCHZIaWwdJHkf8XQtu4AxSKCdvrUbT0XUr1IdZzI8Q==",
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
@@ -14074,31 +14036,31 @@
                 "node": ">=18"
             },
             "optionalDependencies": {
-                "@esbuild/aix-ppc64": "0.25.5",
-                "@esbuild/android-arm": "0.25.5",
-                "@esbuild/android-arm64": "0.25.5",
-                "@esbuild/android-x64": "0.25.5",
-                "@esbuild/darwin-arm64": "0.25.5",
-                "@esbuild/darwin-x64": "0.25.5",
-                "@esbuild/freebsd-arm64": "0.25.5",
-                "@esbuild/freebsd-x64": "0.25.5",
-                "@esbuild/linux-arm": "0.25.5",
-                "@esbuild/linux-arm64": "0.25.5",
-                "@esbuild/linux-ia32": "0.25.5",
-                "@esbuild/linux-loong64": "0.25.5",
-                "@esbuild/linux-mips64el": "0.25.5",
-                "@esbuild/linux-ppc64": "0.25.5",
-                "@esbuild/linux-riscv64": "0.25.5",
-                "@esbuild/linux-s390x": "0.25.5",
-                "@esbuild/linux-x64": "0.25.5",
-                "@esbuild/netbsd-arm64": "0.25.5",
-                "@esbuild/netbsd-x64": "0.25.5",
-                "@esbuild/openbsd-arm64": "0.25.5",
-                "@esbuild/openbsd-x64": "0.25.5",
-                "@esbuild/sunos-x64": "0.25.5",
-                "@esbuild/win32-arm64": "0.25.5",
-                "@esbuild/win32-ia32": "0.25.5",
-                "@esbuild/win32-x64": "0.25.5"
+                "@esbuild/aix-ppc64": "0.25.4",
+                "@esbuild/android-arm": "0.25.4",
+                "@esbuild/android-arm64": "0.25.4",
+                "@esbuild/android-x64": "0.25.4",
+                "@esbuild/darwin-arm64": "0.25.4",
+                "@esbuild/darwin-x64": "0.25.4",
+                "@esbuild/freebsd-arm64": "0.25.4",
+                "@esbuild/freebsd-x64": "0.25.4",
+                "@esbuild/linux-arm": "0.25.4",
+                "@esbuild/linux-arm64": "0.25.4",
+                "@esbuild/linux-ia32": "0.25.4",
+                "@esbuild/linux-loong64": "0.25.4",
+                "@esbuild/linux-mips64el": "0.25.4",
+                "@esbuild/linux-ppc64": "0.25.4",
+                "@esbuild/linux-riscv64": "0.25.4",
+                "@esbuild/linux-s390x": "0.25.4",
+                "@esbuild/linux-x64": "0.25.4",
+                "@esbuild/netbsd-arm64": "0.25.4",
+                "@esbuild/netbsd-x64": "0.25.4",
+                "@esbuild/openbsd-arm64": "0.25.4",
+                "@esbuild/openbsd-x64": "0.25.4",
+                "@esbuild/sunos-x64": "0.25.4",
+                "@esbuild/win32-arm64": "0.25.4",
+                "@esbuild/win32-ia32": "0.25.4",
+                "@esbuild/win32-x64": "0.25.4"
             }
         },
         "node_modules/esbuild-android-64": {
@@ -14747,9 +14709,9 @@
             }
         },
         "node_modules/eslint": {
-            "version": "9.28.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.28.0.tgz",
-            "integrity": "sha512-ocgh41VhRlf9+fVpe7QKzwLj9c92fDiqOj8Y3Sd4/ZmVA4Btx4PlUYPq4pp9JDyupkf1upbEXecxL2mwNV7jPQ==",
+            "version": "9.27.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.27.0.tgz",
+            "integrity": "sha512-ixRawFQuMB9DZ7fjU3iGGganFDp3+45bPOdaRurcFHSXO1e/sYwUX/FtQZpLZJR6SjMoJH8hR2pPEAfDyCoU2Q==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -14759,7 +14721,7 @@
                 "@eslint/config-helpers": "^0.2.1",
                 "@eslint/core": "^0.14.0",
                 "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.28.0",
+                "@eslint/js": "9.27.0",
                 "@eslint/plugin-kit": "^0.3.1",
                 "@humanfs/node": "^0.16.6",
                 "@humanwhocodes/module-importer": "^1.0.1",
@@ -25968,9 +25930,9 @@
             }
         },
         "node_modules/tar-fs": {
-            "version": "3.0.9",
-            "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.9.tgz",
-            "integrity": "sha512-XF4w9Xp+ZQgifKakjZYmFdkLoSWd34VGKcsTCwlNWM7QG3ZbaxnTsaBwnjFZqHRf/rROxaR8rXnbtwdvaDI+lA==",
+            "version": "3.0.8",
+            "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-3.0.8.tgz",
+            "integrity": "sha512-ZoROL70jptorGAlgAYiLoBLItEKw/fUxg9BSYK/dF/GAGYFJOJJJMvjPAKDJraCXFwadD456FCuvLWgfhMsPwg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -27054,15 +27016,15 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.33.0",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.33.0.tgz",
-            "integrity": "sha512-5YmNhF24ylCsvdNW2oJwMzTbaeO4bg90KeGtMjUw0AGtHksgEPLRTUil+coHwCfiu4QjVJFnjp94DmU6zV7DhQ==",
+            "version": "8.32.1",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.32.1.tgz",
+            "integrity": "sha512-D7el+eaDHAmXvrZBy1zpzSNIRqnCOrkwTgZxTu3MUqRWk8k0q9m9Ho4+vPf7iHtgUfrK/o8IZaEApsxPlHTFCg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.33.0",
-                "@typescript-eslint/parser": "8.33.0",
-                "@typescript-eslint/utils": "8.33.0"
+                "@typescript-eslint/eslint-plugin": "8.32.1",
+                "@typescript-eslint/parser": "8.32.1",
+                "@typescript-eslint/utils": "8.32.1"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -29365,7 +29327,7 @@
                 "@goauthentik/tsconfig": "^1.0.4",
                 "@trivago/prettier-plugin-sort-imports": "^5.2.2",
                 "@types/node": "^22.15.21",
-                "esbuild": "^0.25.5",
+                "esbuild": "^0.25.4",
                 "prettier": "^3.5.3",
                 "prettier-plugin-packagejson": "^2.5.14",
                 "typedoc": "^0.28.5",
@@ -29376,7 +29338,7 @@
                 "node": ">=22"
             },
             "peerDependencies": {
-                "esbuild": "^0.25.5"
+                "esbuild": "^0.25.4"
             }
         },
         "packages/esbuild-plugin-live-reload/node_modules/@types/node": {

web/package.json

@@ -102,7 +102,7 @@
         "@open-wc/lit-helpers": "^0.7.0",
         "@patternfly/elements": "^4.1.0",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^9.24.0",
+        "@sentry/browser": "^9.22.0",
         "@spotlightjs/spotlight": "^2.13.3",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
@@ -175,11 +175,11 @@
         "@wdio/spec-reporter": "^9.1.2",
         "@web/test-runner": "^0.20.2",
         "chromedriver": "^136.0.3",
-        "esbuild": "^0.25.5",
+        "esbuild": "^0.25.4",
         "esbuild-plugin-copy": "^2.1.1",
         "esbuild-plugin-polyfill-node": "^0.3.0",
         "esbuild-plugins-node-modules-polyfill": "^1.7.0",
-        "eslint": "^9.28.0",
+        "eslint": "^9.11.1",
         "eslint-plugin-lit": "^2.1.1",
         "eslint-plugin-wc": "^3.0.1",
         "github-slugger": "^2.0.0",
@@ -194,7 +194,7 @@
         "storybook-addon-mock": "^5.0.0",
         "turnstile-types": "^1.2.3",
         "typescript": "^5.8.3",
-        "typescript-eslint": "^8.33.0",
+        "typescript-eslint": "^8.32.1",
         "vite-plugin-lit-css": "^2.0.0",
         "vite-tsconfig-paths": "^5.0.1",
         "wireit": "^0.14.12"

web/packages/esbuild-plugin-live-reload/package-lock.json

@@ -147,9 +147,9 @@
             }
         },
         "node_modules/@esbuild/aix-ppc64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.5.tgz",
-            "integrity": "sha512-9o3TMmpmftaCMepOdA5k/yDw8SfInyzWWTjYTFCX3kPSDJMROQTb8jg+h9Cnwnmm1vOzvxN7gIfB5V2ewpjtGA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.4.tgz",
+            "integrity": "sha512-1VCICWypeQKhVbE9oW/sJaAmjLxhVqacdkvPLEjwlttjfwENRSClS8EjBz0KzRyFSCPDIkuXW34Je/vk7zdB7Q==",
             "cpu": [
                 "ppc64"
             ],
@@ -164,9 +164,9 @@
             }
         },
         "node_modules/@esbuild/android-arm": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.5.tgz",
-            "integrity": "sha512-AdJKSPeEHgi7/ZhuIPtcQKr5RQdo6OO2IL87JkianiMYMPbCtot9fxPbrMiBADOWWm3T2si9stAiVsGbTQFkbA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.4.tgz",
+            "integrity": "sha512-QNdQEps7DfFwE3hXiU4BZeOV68HHzYwGd0Nthhd3uCkkEKK7/R6MTgM0P7H7FAs5pU/DIWsviMmEGxEoxIZ+ZQ==",
             "cpu": [
                 "arm"
             ],
@@ -181,9 +181,9 @@
             }
         },
         "node_modules/@esbuild/android-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.5.tgz",
-            "integrity": "sha512-VGzGhj4lJO+TVGV1v8ntCZWJktV7SGCs3Pn1GRWI1SBFtRALoomm8k5E9Pmwg3HOAal2VDc2F9+PM/rEY6oIDg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.4.tgz",
+            "integrity": "sha512-bBy69pgfhMGtCnwpC/x5QhfxAz/cBgQ9enbtwjf6V9lnPI/hMyT9iWpR1arm0l3kttTr4L0KSLpKmLp/ilKS9A==",
             "cpu": [
                 "arm64"
             ],
@@ -198,9 +198,9 @@
             }
         },
         "node_modules/@esbuild/android-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.5.tgz",
-            "integrity": "sha512-D2GyJT1kjvO//drbRT3Hib9XPwQeWd9vZoBJn+bu/lVsOZ13cqNdDeqIF/xQ5/VmWvMduP6AmXvylO/PIc2isw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.4.tgz",
+            "integrity": "sha512-TVhdVtQIFuVpIIR282btcGC2oGQoSfZfmBdTip2anCaVYcqWlZXGcdcKIUklfX2wj0JklNYgz39OBqh2cqXvcQ==",
             "cpu": [
                 "x64"
             ],
@@ -215,9 +215,9 @@
             }
         },
         "node_modules/@esbuild/darwin-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.5.tgz",
-            "integrity": "sha512-GtaBgammVvdF7aPIgH2jxMDdivezgFu6iKpmT+48+F8Hhg5J/sfnDieg0aeG/jfSvkYQU2/pceFPDKlqZzwnfQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.4.tgz",
+            "integrity": "sha512-Y1giCfM4nlHDWEfSckMzeWNdQS31BQGs9/rouw6Ub91tkK79aIMTH3q9xHvzH8d0wDru5Ci0kWB8b3up/nl16g==",
             "cpu": [
                 "arm64"
             ],
@@ -232,9 +232,9 @@
             }
         },
         "node_modules/@esbuild/darwin-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.5.tgz",
-            "integrity": "sha512-1iT4FVL0dJ76/q1wd7XDsXrSW+oLoquptvh4CLR4kITDtqi2e/xwXwdCVH8hVHU43wgJdsq7Gxuzcs6Iq/7bxQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.4.tgz",
+            "integrity": "sha512-CJsry8ZGM5VFVeyUYB3cdKpd/H69PYez4eJh1W/t38vzutdjEjtP7hB6eLKBoOdxcAlCtEYHzQ/PJ/oU9I4u0A==",
             "cpu": [
                 "x64"
             ],
@@ -249,9 +249,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.5.tgz",
-            "integrity": "sha512-nk4tGP3JThz4La38Uy/gzyXtpkPW8zSAmoUhK9xKKXdBCzKODMc2adkB2+8om9BDYugz+uGV7sLmpTYzvmz6Sw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.4.tgz",
+            "integrity": "sha512-yYq+39NlTRzU2XmoPW4l5Ifpl9fqSk0nAJYM/V/WUGPEFfek1epLHJIkTQM6bBs1swApjO5nWgvr843g6TjxuQ==",
             "cpu": [
                 "arm64"
             ],
@@ -266,9 +266,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.5.tgz",
-            "integrity": "sha512-PrikaNjiXdR2laW6OIjlbeuCPrPaAl0IwPIaRv+SMV8CiM8i2LqVUHFC1+8eORgWyY7yhQY+2U2fA55mBzReaw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.4.tgz",
+            "integrity": "sha512-0FgvOJ6UUMflsHSPLzdfDnnBBVoCDtBTVyn/MrWloUNvq/5SFmh13l3dvgRPkDihRxb77Y17MbqbCAa2strMQQ==",
             "cpu": [
                 "x64"
             ],
@@ -283,9 +283,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.5.tgz",
-            "integrity": "sha512-cPzojwW2okgh7ZlRpcBEtsX7WBuqbLrNXqLU89GxWbNt6uIg78ET82qifUy3W6OVww6ZWobWub5oqZOVtwolfw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.4.tgz",
+            "integrity": "sha512-kro4c0P85GMfFYqW4TWOpvmF8rFShbWGnrLqlzp4X1TNWjRY3JMYUfDCtOxPKOIY8B0WC8HN51hGP4I4hz4AaQ==",
             "cpu": [
                 "arm"
             ],
@@ -300,9 +300,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.5.tgz",
-            "integrity": "sha512-Z9kfb1v6ZlGbWj8EJk9T6czVEjjq2ntSYLY2cw6pAZl4oKtfgQuS4HOq41M/BcoLPzrUbNd+R4BXFyH//nHxVg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.4.tgz",
+            "integrity": "sha512-+89UsQTfXdmjIvZS6nUnOOLoXnkUTB9hR5QAeLrQdzOSWZvNSAXAtcRDHWtqAUtAmv7ZM1WPOOeSxDzzzMogiQ==",
             "cpu": [
                 "arm64"
             ],
@@ -317,9 +317,9 @@
             }
         },
         "node_modules/@esbuild/linux-ia32": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.5.tgz",
-            "integrity": "sha512-sQ7l00M8bSv36GLV95BVAdhJ2QsIbCuCjh/uYrWiMQSUuV+LpXwIqhgJDcvMTj+VsQmqAHL2yYaasENvJ7CDKA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.4.tgz",
+            "integrity": "sha512-yTEjoapy8UP3rv8dB0ip3AfMpRbyhSN3+hY8mo/i4QXFeDxmiYbEKp3ZRjBKcOP862Ua4b1PDfwlvbuwY7hIGQ==",
             "cpu": [
                 "ia32"
             ],
@@ -334,9 +334,9 @@
             }
         },
         "node_modules/@esbuild/linux-loong64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.5.tgz",
-            "integrity": "sha512-0ur7ae16hDUC4OL5iEnDb0tZHDxYmuQyhKhsPBV8f99f6Z9KQM02g33f93rNH5A30agMS46u2HP6qTdEt6Q1kg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.4.tgz",
+            "integrity": "sha512-NeqqYkrcGzFwi6CGRGNMOjWGGSYOpqwCjS9fvaUlX5s3zwOtn1qwg1s2iE2svBe4Q/YOG1q6875lcAoQK/F4VA==",
             "cpu": [
                 "loong64"
             ],
@@ -351,9 +351,9 @@
             }
         },
         "node_modules/@esbuild/linux-mips64el": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.5.tgz",
-            "integrity": "sha512-kB/66P1OsHO5zLz0i6X0RxlQ+3cu0mkxS3TKFvkb5lin6uwZ/ttOkP3Z8lfR9mJOBk14ZwZ9182SIIWFGNmqmg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.4.tgz",
+            "integrity": "sha512-IcvTlF9dtLrfL/M8WgNI/qJYBENP3ekgsHbYUIzEzq5XJzzVEV/fXY9WFPfEEXmu3ck2qJP8LG/p3Q8f7Zc2Xg==",
             "cpu": [
                 "mips64el"
             ],
@@ -368,9 +368,9 @@
             }
         },
         "node_modules/@esbuild/linux-ppc64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.5.tgz",
-            "integrity": "sha512-UZCmJ7r9X2fe2D6jBmkLBMQetXPXIsZjQJCjgwpVDz+YMcS6oFR27alkgGv3Oqkv07bxdvw7fyB71/olceJhkQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.4.tgz",
+            "integrity": "sha512-HOy0aLTJTVtoTeGZh4HSXaO6M95qu4k5lJcH4gxv56iaycfz1S8GO/5Jh6X4Y1YiI0h7cRyLi+HixMR+88swag==",
             "cpu": [
                 "ppc64"
             ],
@@ -385,9 +385,9 @@
             }
         },
         "node_modules/@esbuild/linux-riscv64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.5.tgz",
-            "integrity": "sha512-kTxwu4mLyeOlsVIFPfQo+fQJAV9mh24xL+y+Bm6ej067sYANjyEw1dNHmvoqxJUCMnkBdKpvOn0Ahql6+4VyeA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.4.tgz",
+            "integrity": "sha512-i8JUDAufpz9jOzo4yIShCTcXzS07vEgWzyX3NH2G7LEFVgrLEhjwL3ajFE4fZI3I4ZgiM7JH3GQ7ReObROvSUA==",
             "cpu": [
                 "riscv64"
             ],
@@ -402,9 +402,9 @@
             }
         },
         "node_modules/@esbuild/linux-s390x": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.5.tgz",
-            "integrity": "sha512-K2dSKTKfmdh78uJ3NcWFiqyRrimfdinS5ErLSn3vluHNeHVnBAFWC8a4X5N+7FgVE1EjXS1QDZbpqZBjfrqMTQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.4.tgz",
+            "integrity": "sha512-jFnu+6UbLlzIjPQpWCNh5QtrcNfMLjgIavnwPQAfoGx4q17ocOU9MsQ2QVvFxwQoWpZT8DvTLooTvmOQXkO51g==",
             "cpu": [
                 "s390x"
             ],
@@ -419,9 +419,9 @@
             }
         },
         "node_modules/@esbuild/linux-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.5.tgz",
-            "integrity": "sha512-uhj8N2obKTE6pSZ+aMUbqq+1nXxNjZIIjCjGLfsWvVpy7gKCOL6rsY1MhRh9zLtUtAI7vpgLMK6DxjO8Qm9lJw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.4.tgz",
+            "integrity": "sha512-6e0cvXwzOnVWJHq+mskP8DNSrKBr1bULBvnFLpc1KY+d+irZSgZ02TGse5FsafKS5jg2e4pbvK6TPXaF/A6+CA==",
             "cpu": [
                 "x64"
             ],
@@ -436,9 +436,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.5.tgz",
-            "integrity": "sha512-pwHtMP9viAy1oHPvgxtOv+OkduK5ugofNTVDilIzBLpoWAM16r7b/mxBvfpuQDpRQFMfuVr5aLcn4yveGvBZvw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.4.tgz",
+            "integrity": "sha512-vUnkBYxZW4hL/ie91hSqaSNjulOnYXE1VSLusnvHg2u3jewJBz3YzB9+oCw8DABeVqZGg94t9tyZFoHma8gWZQ==",
             "cpu": [
                 "arm64"
             ],
@@ -453,9 +453,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.5.tgz",
-            "integrity": "sha512-WOb5fKrvVTRMfWFNCroYWWklbnXH0Q5rZppjq0vQIdlsQKuw6mdSihwSo4RV/YdQ5UCKKvBy7/0ZZYLBZKIbwQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.4.tgz",
+            "integrity": "sha512-XAg8pIQn5CzhOB8odIcAm42QsOfa98SBeKUdo4xa8OvX8LbMZqEtgeWE9P/Wxt7MlG2QqvjGths+nq48TrUiKw==",
             "cpu": [
                 "x64"
             ],
@@ -470,9 +470,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.5.tgz",
-            "integrity": "sha512-7A208+uQKgTxHd0G0uqZO8UjK2R0DDb4fDmERtARjSHWxqMTye4Erz4zZafx7Di9Cv+lNHYuncAkiGFySoD+Mw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.4.tgz",
+            "integrity": "sha512-Ct2WcFEANlFDtp1nVAXSNBPDxyU+j7+tId//iHXU2f/lN5AmO4zLyhDcpR5Cz1r08mVxzt3Jpyt4PmXQ1O6+7A==",
             "cpu": [
                 "arm64"
             ],
@@ -487,9 +487,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.5.tgz",
-            "integrity": "sha512-G4hE405ErTWraiZ8UiSoesH8DaCsMm0Cay4fsFWOOUcz8b8rC6uCvnagr+gnioEjWn0wC+o1/TAHt+It+MpIMg==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.4.tgz",
+            "integrity": "sha512-xAGGhyOQ9Otm1Xu8NT1ifGLnA6M3sJxZ6ixylb+vIUVzvvd6GOALpwQrYrtlPouMqd/vSbgehz6HaVk4+7Afhw==",
             "cpu": [
                 "x64"
             ],
@@ -504,9 +504,9 @@
             }
         },
         "node_modules/@esbuild/sunos-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.5.tgz",
-            "integrity": "sha512-l+azKShMy7FxzY0Rj4RCt5VD/q8mG/e+mDivgspo+yL8zW7qEwctQ6YqKX34DTEleFAvCIUviCFX1SDZRSyMQA==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.4.tgz",
+            "integrity": "sha512-Mw+tzy4pp6wZEK0+Lwr76pWLjrtjmJyUB23tHKqEDP74R3q95luY/bXqXZeYl4NYlvwOqoRKlInQialgCKy67Q==",
             "cpu": [
                 "x64"
             ],
@@ -521,9 +521,9 @@
             }
         },
         "node_modules/@esbuild/win32-arm64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.5.tgz",
-            "integrity": "sha512-O2S7SNZzdcFG7eFKgvwUEZ2VG9D/sn/eIiz8XRZ1Q/DO5a3s76Xv0mdBzVM5j5R639lXQmPmSo0iRpHqUUrsxw==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.4.tgz",
+            "integrity": "sha512-AVUP428VQTSddguz9dO9ngb+E5aScyg7nOeJDrF1HPYu555gmza3bDGMPhmVXL8svDSoqPCsCPjb265yG/kLKQ==",
             "cpu": [
                 "arm64"
             ],
@@ -538,9 +538,9 @@
             }
         },
         "node_modules/@esbuild/win32-ia32": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.5.tgz",
-            "integrity": "sha512-onOJ02pqs9h1iMJ1PQphR+VZv8qBMQ77Klcsqv9CNW2w6yLqoURLcgERAIurY6QE63bbLuqgP9ATqajFLK5AMQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.4.tgz",
+            "integrity": "sha512-i1sW+1i+oWvQzSgfRcxxG2k4I9n3O9NRqy8U+uugaT2Dy7kLO9Y7wI72haOahxceMX8hZAzgGou1FhndRldxRg==",
             "cpu": [
                 "ia32"
             ],
@@ -555,9 +555,9 @@
             }
         },
         "node_modules/@esbuild/win32-x64": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.5.tgz",
-            "integrity": "sha512-TXv6YnJ8ZMVdX+SXWVBo/0p8LTcrUYngpWjvm91TMjjBQii7Oz11Lw5lbDV5Y0TzuhSJHwiH4hEtC1I42mMS0g==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.4.tgz",
+            "integrity": "sha512-nOT2vZNw6hJ+z43oP1SPea/G/6AbN6X+bGNhNuq8NtRHy4wsMhw765IKLNmnjek7GvjWBYQ8Q5VBoYTFg9y1UQ==",
             "cpu": [
                 "x64"
             ],
@@ -865,9 +865,9 @@
             }
         },
         "node_modules/esbuild": {
-            "version": "0.25.5",
-            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.5.tgz",
-            "integrity": "sha512-P8OtKZRv/5J5hhz0cUAdu/cLuPIKXpQl1R9pZtvmHWQvrAUVd0UNIPT4IB4W3rNOqVO0rlqHmCIbSwxh/c9yUQ==",
+            "version": "0.25.4",
+            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.4.tgz",
+            "integrity": "sha512-8pgjLUcUjcgDg+2Q4NYXnPbo/vncAY4UmyaCm0jZevERqCHZIaWwdJHkf8XQtu4AxSKCdvrUbT0XUr1IdZzI8Q==",
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
@@ -878,31 +878,31 @@
                 "node": ">=18"
             },
             "optionalDependencies": {
-                "@esbuild/aix-ppc64": "0.25.5",
-                "@esbuild/android-arm": "0.25.5",
-                "@esbuild/android-arm64": "0.25.5",
-                "@esbuild/android-x64": "0.25.5",
-                "@esbuild/darwin-arm64": "0.25.5",
-                "@esbuild/darwin-x64": "0.25.5",
-                "@esbuild/freebsd-arm64": "0.25.5",
-                "@esbuild/freebsd-x64": "0.25.5",
-                "@esbuild/linux-arm": "0.25.5",
-                "@esbuild/linux-arm64": "0.25.5",
-                "@esbuild/linux-ia32": "0.25.5",
-                "@esbuild/linux-loong64": "0.25.5",
-                "@esbuild/linux-mips64el": "0.25.5",
-                "@esbuild/linux-ppc64": "0.25.5",
-                "@esbuild/linux-riscv64": "0.25.5",
-                "@esbuild/linux-s390x": "0.25.5",
-                "@esbuild/linux-x64": "0.25.5",
-                "@esbuild/netbsd-arm64": "0.25.5",
-                "@esbuild/netbsd-x64": "0.25.5",
-                "@esbuild/openbsd-arm64": "0.25.5",
-                "@esbuild/openbsd-x64": "0.25.5",
-                "@esbuild/sunos-x64": "0.25.5",
-                "@esbuild/win32-arm64": "0.25.5",
-                "@esbuild/win32-ia32": "0.25.5",
-                "@esbuild/win32-x64": "0.25.5"
+                "@esbuild/aix-ppc64": "0.25.4",
+                "@esbuild/android-arm": "0.25.4",
+                "@esbuild/android-arm64": "0.25.4",
+                "@esbuild/android-x64": "0.25.4",
+                "@esbuild/darwin-arm64": "0.25.4",
+                "@esbuild/darwin-x64": "0.25.4",
+                "@esbuild/freebsd-arm64": "0.25.4",
+                "@esbuild/freebsd-x64": "0.25.4",
+                "@esbuild/linux-arm": "0.25.4",
+                "@esbuild/linux-arm64": "0.25.4",
+                "@esbuild/linux-ia32": "0.25.4",
+                "@esbuild/linux-loong64": "0.25.4",
+                "@esbuild/linux-mips64el": "0.25.4",
+                "@esbuild/linux-ppc64": "0.25.4",
+                "@esbuild/linux-riscv64": "0.25.4",
+                "@esbuild/linux-s390x": "0.25.4",
+                "@esbuild/linux-x64": "0.25.4",
+                "@esbuild/netbsd-arm64": "0.25.4",
+                "@esbuild/netbsd-x64": "0.25.4",
+                "@esbuild/openbsd-arm64": "0.25.4",
+                "@esbuild/openbsd-x64": "0.25.4",
+                "@esbuild/sunos-x64": "0.25.4",
+                "@esbuild/win32-arm64": "0.25.4",
+                "@esbuild/win32-ia32": "0.25.4",
+                "@esbuild/win32-x64": "0.25.4"
             }
         },
         "node_modules/fdir": {

web/packages/esbuild-plugin-live-reload/package.json

@@ -35,7 +35,7 @@
         "@goauthentik/tsconfig": "^1.0.4",
         "@trivago/prettier-plugin-sort-imports": "^5.2.2",
         "@types/node": "^22.15.21",
-        "esbuild": "^0.25.5",
+        "esbuild": "^0.25.4",
         "prettier": "^3.5.3",
         "prettier-plugin-packagejson": "^2.5.14",
         "typedoc": "^0.28.5",
@@ -43,7 +43,7 @@
         "typescript": "^5.8.3"
     },
     "peerDependencies": {
-        "esbuild": "^0.25.5"
+        "esbuild": "^0.25.4"
     },
     "engines": {
         "node": ">=22"

web/src/common/styles/theme-dark.css

@@ -201,6 +201,10 @@ select[multiple] option:checked {
     --pf-c-input-group--BackgroundColor: transparent;
 }
 
+select.pf-c-form-control {
+    --pf-c-form-control__select--BackgroundUrl: url("data:image/svg+xml;charset=utf8,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 320 512'%3E%3Cpath fill='%23fafafa' d='M31.3 192h257.3c17.8 0 26.7 21.5 14.1 34.1L174.1 354.8c-7.8 7.8-20.5 7.8-28.3 0L17.2 226.1C4.6 213.5 13.5 192 31.3 192z'/%3E%3C/svg%3E");
+}
+
 .pf-c-form-control {
     --pf-c-form-control--BorderTopColor: transparent !important;
     --pf-c-form-control--BorderRightColor: transparent !important;

web/src/components/ak-event-info.ts

@@ -374,7 +374,7 @@ ${JSON.stringify(value.new_value, null, 4)}</pre
 
     renderEmailSent() {
         let body = this.event.context.body as string;
-        body = body.replace("cid:logo.png", "/static/dist/assets/icons/icon_left_brand.png");
+        body = body.replace("cid:logo", "/static/dist/assets/icons/icon_left_brand.png");
         return html`<div class="pf-c-card__title">${msg("Email info:")}</div>
             <div class="pf-c-card__body">${this.getEmailInfo(this.event.context)}</div>
             <ak-expand>

web/src/elements/Base.ts

@@ -123,6 +123,9 @@ export class AKElement extends LitElement {
             applyUITheme(nextStyleRoot, UiThemeEnum.Dark, this.#customCSSStyleSheet);
 
             this.activeTheme = UiThemeEnum.Dark;
+        } else if (this.preferredColorScheme === "light") {
+            applyUITheme(nextStyleRoot, UiThemeEnum.Light, this.#customCSSStyleSheet);
+            this.activeTheme = UiThemeEnum.Light;
         } else if (this.preferredColorScheme === "auto") {
             createUIThemeEffect(
                 (nextUITheme) => {

web/src/elements/ak-dual-select/ak-dual-select.ts

@@ -32,8 +32,8 @@ import {
 } from "./types.js";
 
 function localeComparator(a: DualSelectPair, b: DualSelectPair) {
-    const aSortBy = a[2];
-    const bSortBy = b[2];
+    const aSortBy = String(a[2] || a[0]);
+    const bSortBy = String(b[2] || b[0]);
 
     return aSortBy.localeCompare(bSortBy);
 }

web/src/elements/ak-dual-select/types.ts

@@ -34,7 +34,7 @@ export type DualSelectPair<T = unknown> = [
     /**
      * A string to sort by. If not provided, the key will be used.
      */
-    sortBy: string,
+    sortBy?: string,
     /**
      * A local mapping of the key to the object. This is used by some specific apps.
      *

web/src/elements/table/Table.ts

@@ -465,8 +465,10 @@ export abstract class Table<T> extends AKElement implements TableLike {
     renderSearch(): TemplateResult {
         const runSearch = (value: string) => {
             this.search = value;
+            this.page = 1;
             updateURLParams({
                 search: value,
+                tablePage: 1,
             });
             this.fetch();
         };

web/src/elements/table/TablePage.ts

@@ -3,7 +3,7 @@ import { updateURLParams } from "#elements/router/RouteMatch";
 import { Table } from "#elements/table/Table";
 
 import { msg } from "@lit/localize";
-import { CSSResult } from "lit";
+import { CSSResult, nothing } from "lit";
 import { TemplateResult, html } from "lit";
 import { ifDefined } from "lit/directives/if-defined.js";
 
@@ -44,7 +44,7 @@ export abstract class TablePage<T> extends Table<T> {
                 ? inner
                 : html`<ak-empty-state icon=${this.pageIcon()} header="${msg("No objects found.")}">
                       <div slot="body">
-                          ${this.searchEnabled() ? this.renderEmptyClearSearch() : html``}
+                          ${this.searchEnabled() ? this.renderEmptyClearSearch() : nothing}
                       </div>
                       <div slot="primary">${this.renderObjectCreate()}</div>
                   </ak-empty-state>`}
@@ -60,8 +60,10 @@ export abstract class TablePage<T> extends Table<T> {
                 this.search = "";
                 this.requestUpdate();
                 this.fetch();
+                this.page = 1;
                 updateURLParams({
                     search: "",
+                    tablePage: 1,
                 });
             }}
             class="pf-c-button pf-m-link"

web/src/user/user-settings/details/UserSettingsFlowExecutor.ts

@@ -11,7 +11,7 @@ import { StageHost } from "#flow/stages/base";
 import "#user/user-settings/details/stages/prompt/PromptStage";
 
 import { msg } from "@lit/localize";
-import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
+import { CSSResult, TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import { unsafeHTML } from "lit/directives/unsafe-html.js";
 
@@ -36,7 +36,7 @@ export class UserSettingsFlowExecutor
     implements StageHost
 {
     @property()
-    flowSlug?: string;
+    flowSlug = this.brand?.flowUserSettings;
 
     private _challenge?: ChallengeTypes;
 
@@ -86,12 +86,15 @@ export class UserSettingsFlowExecutor
             });
     }
 
-    updated(changedProperties: PropertyValues<this>): void {
-        if (changedProperties.has("brand") && this.brand) {
+    firstUpdated() {
+        if (this.flowSlug) {
+            this.nextChallenge();
+        }
+    }
+
+    updated(): void {
+        if (!this.flowSlug && this.brand?.flowUserSettings) {
             this.flowSlug = this.brand.flowUserSettings;
-
-            if (!this.flowSlug) return;
-
             this.nextChallenge();
         }
     }

web/xliff/de.xlf

@@ -2812,11 +2812,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>Nutzerpfad</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Zusatz Benutzer-DN</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>Zusätzlicher Benutzer-DN, dem Basis-DN vorangestellt.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Zusatz Gruppen-DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9245,12 +9255,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/en.xlf

@@ -2259,10 +2259,18 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>User path</target>
       </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Addition User DN</target>
+      </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>Additional user DN, prepended to the Base DN.</target>
       </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Addition Group DN</target>
+      </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
         <target>Additional group DN, prepended to the Base DN.</target>
@@ -7749,12 +7757,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/es.xlf

@@ -2792,11 +2792,21 @@ no se aprueba cuando una o ambas de las opciones seleccionadas son iguales o sup
         <source>User path</source>
         <target>Ruta de usuario</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>DN de usuario adicional</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>DN de usuario adicional, antepuesto al DN base.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>DN de grupo de adición</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9306,12 +9316,6 @@ Las vinculaciones a grupos o usuarios se comparan con el usuario del evento.</ta
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/fr.xlf

@@ -2816,11 +2816,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>Chemin utilisateur</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Préfixe DN utilisateurs</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>DN à préfixer au DN de base pour les utilisateurs</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Préfixe DN groupes</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9875,12 +9885,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/it.xlf

@@ -2817,11 +2817,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>Percorso utente</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Aggiunta DN utente</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>DN utente aggiuntivo, anteposto al DN di base.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Aggiunta DN gruppo</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9858,12 +9868,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/ko.xlf

@@ -2779,11 +2779,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>사용자 경로</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>사용자 DN 추가</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>기본 DN 앞에 추가 사용자 DN을 추가합니다.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>추가 그룹 DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9214,12 +9224,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/nl.xlf

@@ -2792,11 +2792,21 @@ slaagt niet wanneer een of beide geselecteerde opties gelijk zijn aan of boven d
         <source>User path</source>
         <target>Gebruikerspad</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Aanvullende gebruikers-DN</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>Aanvullende gebruikers-DN, toegevoegd aan de basale DN.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Aanvullende groeps-DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9116,12 +9126,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/pl.xlf

@@ -2818,11 +2818,21 @@ nie przechodzi, gdy jedna lub obie wybrane opcje są równe lub wyższe od progu
         <source>User path</source>
         <target>Ścieżka użytkownika</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Dodatkowa nazwa wyróżniająca użytkownika</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>Dodatkowa nazwa wyróżniająca użytkownika poprzedzona podstawową nazwą wyróżniającą.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>DN grupy dodawania</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9541,12 +9551,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/pseudo-LOCALE.xlf

@@ -2795,11 +2795,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
   <target>Ũśēŕ ƥàţĥ</target>
 
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+  <target>Àďďĩţĩōń Ũśēŕ ĎŃ</target>
+
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
   <target>Àďďĩţĩōńàĺ ũśēŕ ĎŃ, ƥŕēƥēńďēď ţō ţĥē ßàśē ĎŃ.</target>
 
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+  <target>Àďďĩţĩōń Ĝŕōũƥ ĎŃ</target>
+
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9549,10 +9559,4 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
 </trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
-</trans-unit>
 </body></file></xliff>

web/xliff/ru.xlf

@@ -2817,11 +2817,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>Путь пользователя</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Дополнение User DN</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>Дополнительный DN пользователя, добавляемый к базовому DN.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Дополнение Group DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9633,12 +9643,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/tr.xlf

@@ -2795,11 +2795,21 @@ Belirlenen seçeneklerden biri veya her ikisi de eşiğe eşit veya eşiğin üz
         <source>User path</source>
         <target>Kullanıcı yolu</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>Ekleme Kullanıcı DN</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>Ek kullanıcı DN, temel DN'ye eklenmiş.</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>Toplama Grubu DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9604,12 +9614,6 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh-CN.xlf

@@ -2008,9 +2008,15 @@ doesn't pass when either or both of the selected options are equal or above the
 <trans-unit id="sfbc59ff17a73503d">
   <source>User path</source>
 </trans-unit>
+<trans-unit id="sd18170637295bace">
+  <source>Addition User DN</source>
+</trans-unit>
 <trans-unit id="s9ae089fd248e72db">
   <source>Additional user DN, prepended to the Base DN.</source>
 </trans-unit>
+<trans-unit id="s5944355d69db1fb8">
+  <source>Addition Group DN</source>
+</trans-unit>
 <trans-unit id="sfae9f4ea5749a36b">
   <source>Additional group DN, prepended to the Base DN.</source>
 </trans-unit>
@@ -6359,12 +6365,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
 </trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
-</trans-unit>
 </body>
 </file>
 </xliff>

web/xliff/zh-Hans.xlf

@@ -2817,11 +2817,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>用户路径</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>额外的用户 DN</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>额外的用户 DN，添加到 Base DN 起始处。</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>额外的组 DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9876,12 +9886,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh-Hant.xlf

@@ -2146,10 +2146,18 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="sfbc59ff17a73503d">
         <source>User path</source>
       </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>额外的用户 DN</target>
+      </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>额外的User DN，优先于Base DN。</target>
       </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>额外的 Group DN</target>
+      </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
         <target>额外的Group DN，优先于Base DN。</target>
@@ -7449,12 +7457,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh_TW.xlf

@@ -2777,11 +2777,21 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>User path</source>
         <target>使用者路徑</target>
         
+      </trans-unit>
+      <trans-unit id="sd18170637295bace">
+        <source>Addition User DN</source>
+        <target>額外的使用者 DN</target>
+        
       </trans-unit>
       <trans-unit id="s9ae089fd248e72db">
         <source>Additional user DN, prepended to the Base DN.</source>
         <target>額外的使用者 DN，將優先於 Base DN。</target>
         
+      </trans-unit>
+      <trans-unit id="s5944355d69db1fb8">
+        <source>Addition Group DN</source>
+        <target>額外的群組 DN</target>
+        
       </trans-unit>
       <trans-unit id="sfae9f4ea5749a36b">
         <source>Additional group DN, prepended to the Base DN.</source>
@@ -9191,12 +9201,6 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s344be99cf5d36407">
   <source>Attribute which matches the value of Group membership field.</source>
-</trans-unit>
-<trans-unit id="sfa6b7b105640e457">
-  <source>Additional User DN</source>
-</trans-unit>
-<trans-unit id="s04bb32ec9f359507">
-  <source>Additional Group DN</source>
 </trans-unit>
     </body>
   </file>

website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx

@@ -1,12 +1,8 @@
 ---
-title: WebAuthn / FIDO2 / Passkeys Authenticator setup stage
+title: WebAuthn / Passkeys Authenticator setup stage
 ---
 
-This stage configures an authenticator stage for using WebAuthn, FIDO2, Passkeys. This stage supports:
-
-- **Security Keys**: Physical devices like YubiKey, Google Titan, etc.
-- **Platform Authenticators**: Built-in authenticators like Windows Hello, Touch ID, Face ID
-- **Mobile Devices**: Using device biometrics or security keys via mobile browsers
+This stage configures a WebAuthn-based Authenticator. This can either be a browser, biometrics or a Security stick like a YubiKey.
 
 ### Options
 

website/docs/add-secure-apps/providers/gws/add-gws-provider.md

@@ -10,7 +10,7 @@ For more information about using a Google Workspace provider, see the [Overview]
 To create a Google Workspace provider in authentik, you must have already [configured Google Workspace](./setup-gws.md) to integrate with authentik.
 
 :::info
-When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](../../../../integrations/services/google/), then this configuration can be done on the same app.
+When adding the Google Workspace provider in authentik, you must define the **Backchannel provider** using the name of the Google Workspace provider that you created in authentik. If you have also configured Google Workspace to log in using authentik following [these](/integrations/services/google/), then this configuration can be done on the same app.
 :::
 
 ### Create the Google Workspace provider in authentik

website/docs/add-secure-apps/providers/proxy/index.md

@@ -152,3 +152,17 @@ return {
 ```
 
 Afterwards, edit the _Proxy provider_ and add this new mapping. The expression is only evaluated when the user logs into the application.
+
+## Host header:ak-version[2025.6.1]
+
+By default, the proxy provider will use forwarded Host header received from the client. Starting with authentik 2025.6.1, it is possible to dynamically adjust the Host header with a property mapping.
+
+```python
+return {
+    "ak_proxy": {
+        "host_header": "my-internal-host-header"
+    }
+}
+```
+
+Afterwards, edit the _Proxy provider_ and add this new mapping. The expression is only evaluated when the user logs into the application.

website/docs/add-secure-apps/providers/rac/rac_credentials_prompt.md

@@ -0,0 +1,94 @@
+---
+title: RAC Credentials Prompt
+---
+
+## About the RAC credentials prompt
+
+You can configure the RAC provider to prompt users for their credentials when connecting to RAC endpoints. This is particulalry useful for establishing RDP connections to modern Windows systems that often require credentials to establish a connection.
+
+After implementing this configuration, when connecting to an RAC endpoint users are prompted to enter their credentials which are then passed to the RAC endpoint. This means that static credentials do not need to be set in the RAC provider, property mapping, or endpoint.
+
+This configurations requires:
+
+1. Creating an authorization flow.
+2. Creating two prompts.
+3. Creating and binding a prompt stage.
+4. Updating the RAC provider.
+
+## Create a new authorization flow
+
+1. Log in to authentik as an administrator, and open the authentik Admin interface.
+2. Navigate to **Flows and Stages** > **Flows**, click **Create**, and enter the following required settings:
+    - **Name**: Enter a descriptive name for the flow.
+    - **Title**: Enter a title for the flow. This will be displayed to users when they're prompted for their credentials.
+    - **Slug**: Enter a slug for the flow. This will be displayed in the flow URL.
+    - **Designation**: `Authorization`
+    - **Authentication**: `Require authentication`
+3. Click **Create**.
+
+## Create prompts
+
+1. Log in to authentik as an administrator, and open the authentik Admin interface.
+2. Navigate to **Flows and Stages** > **Prompts**, click **Create**, and enter the following required settings:
+    - **Name**: Enter a descriptive name for the prompt (e.g. `username`).
+    - **Field Key**: `connection_settings.username`
+    - **Label**: Enter a label for the field which will be displayed above it.
+    - **Type**: `Text`
+    - **Required**: Toggled on.
+    - **Order**: `0`
+3. Click **Create** to save the prompt.
+4. On the **Prompts** page, click **Create** again, and enter the following required settings:
+    - **Name**: Enter a descriptive name for the prompt (e.g. `password`).
+    - **Field Key**: `connection_settings.password`
+    - **Label**: Enter a label for the field which will be displayed above it.
+    - **Type**: `Password`
+    - **Required**: Toggled.
+    - **Order**: `1`
+5. Click **Create** to save the prompt.
+
+:::note
+You can optionally add other prompt fields such as `domain` (e.g. `connection_settings.domain`), which can be useful for Windows based RDP. There is also the option of adding a `Text (read-only)` type prompt field that includes explanatory text for the user (e.g. `please enter your RDP credentials`).
+:::
+
+## Create and bind a prompt stage
+
+1. Log in to authentik as an administrator, and open the authentik Admin interface.
+2. Navigate to **Flows and Stages** > **Flows**.
+3. Click the name of the newly created authorization flow.
+4. Click on **Stage bindings**, click **Create and bind stage**, and enter the following required settings:
+    - **Select Type**: Select `Prompt stage` as the prompt type.
+    - **Create Prompt Stage**:
+        - **Name**: Enter a name for the prompt stage.
+        - Under **Fields**:
+            - Click the **x** icon to remove all selected fields.
+            - Add the two newly created prompt fields (e.g.`username` and `password`) to selected fields.
+        - Under **Validation Policies**:
+            - Click the **x** icon to remove all selected validation policies.
+    - **Create binding**:
+        - Click **Finish**.
+
+## Update the RAC provider
+
+1. Log in to authentik as an administrator, and open the authentik Admin interface.
+2. Navigate to **Applications** > **Providers**.
+3. Click the **Edit** icon of the RAC provider that you wish to add a credentials prompt to.
+4. Change **Authorization flow** to the newly created authorization flow.
+5. Click **Update** to save the change.
+
+## Update the RAC endpoint _(sometimes required)_
+
+Depending on the configuration of the RDP server that's being connected to, it is sometimes necessary to set the security type that's used for the connection. For many modern windows RDP servers, this often needs to be set to `tls`.
+
+1. Log in to authentik as an administrator, and open the authentik Admin interface.
+2. Navigate to **Applications** > **Providers** and click the name of the RAC provider that you're using.
+3. Under **Endpoints**, click the **Edit** icon of the endpoint that you're using.
+4. Under **Advanced Settings** in the **Settings** box, enter `security: tls`
+5. Click **Update** to save the change.
+
+:::note
+Other options for the connection security type are: `any`, `nla`, `nla-ext`, `vmconnect`, and `rdp`. For more information see the [Guacamole RDP Authentication and Security Documentation](https://guacamole.apache.org/doc/gug/configuring-guacamole.html#authentication-and-security).
+:::
+
+## Configuration verification
+
+Log in to authentik with a user account that has the required privileges to access the RAC application. Open the User interface, and on the **My applications** page click the RAC application. You should then be redirected to the prompt stage and prompted for a username and password. Enter the credentials for the RAC endpoint and if the credentials are valid the RDP/SSH/VNC connection should be established.

website/docs/developer-docs/docs/style-guide.mdx

@@ -15,9 +15,6 @@ We appreciate all contributions to our documentation — whether it's fixing a t
 - [Error Message Formatting and Troubleshooting](#error-message-formatting-and-troubleshooting)
 - [Accessibility Best Practices](#accessibility-best-practices)
 - [Notes and Warnings](#notes-and-warnings)
-- [Inclusive Language](#inclusive-language)
-- [Images and Media](#images-and-media)
-- [Document Structure and Metadata](#document-structure-and-metadata)
 
 ---
 
@@ -35,7 +32,7 @@ Use headings (sub-titles) to break up large blocks of text, making it easier for
 
 ### Look and feel of the docs
 
-In general, the visual, aesthetics of the technical documentation is intended to be lean and clean. Both the content (shorter sentences, concise instructions, etc) and the layout strive to have a clean, uncluttered look, with restrained use of colors and large callouts or announcements. Relatedly, the colors used for our Info and Warning callouts, light blue and light yellow respectively, are reserved for those purposes only.
+In general, the visual, aesthetics of the technical documentation is intended to be lean and clean. Both the content (shorter sentences, concise instructions, etc) and the layout strive to have a clean, uncluttered look, with restrained use of colors and large call0outs or announcements. Relatedly, the colors used for our Info and Warning callouts, light blue and light yellow respectively, are reserved for those purposes only.
 
 ### Cross-references
 
@@ -53,13 +50,11 @@ The standard file type for documentation is `.md`. Use `.mdx` only if React comp
 
 Try to write procedural (How To) docs generically enough that it does not endorse or force a specific operating system. If it is necessary to specify a specific OS be sure to label it clearly. Consider using tabs (with MDX) to show the different OSes.
 
----
-
 ## Terminology
 
 ### authentik product name and terms
 
-- The product name **authentik** should always be written with a lowercase "a" and a "k" at the end, even if it begins a sentence.
+- The product name **authentik** should always be written with a lowercase "a" and a "k" at the end, even if it begins a sentence. This consistent style should be followed throughout the documentation.
 
 - The company name is **Authentik Security, Inc.**, but for non-legal documentation, you may shorten it to **Authentik Security**.
 
@@ -69,15 +64,7 @@ Try to write procedural (How To) docs generically enough that it does not endors
 
 - When referring to external tools or industry terms, always use the exact capitalization and naming conventions that the product or company uses. Refer to their website or official documentation for the proper formatting. For example, use "OAuth", "SAML", or "Docker" as per the official conventions.
 - Avoid abbreviations unless they are well-known and widely recognized (e.g., SSO, MFA, RBAC).
-- If an acronym is used less frequently, spell out its full meaning when first mentioned on the page, followed by the acronym in parentheses. In some cases the acronym can come first, followed by the full term in parentheses.
-
-### Trademarks and Legal Terms
-
-- Respect third-party trademarks. Use the correct symbols (™, ®) where applicable (e.g., "GitHub®", "Okta™") in the _first_ instance of the name.
-- When mentioning third-party products, follow their branding guidelines (e.g., "GitHub", not "Github").
-- Where appropriate, include required legal disclaimers when referencing external services or integrations.
-
----
+- If an acronym is used less frequently, spell out its full meaning when first mentioned, followed by the acronym in parentheses. For instance, "Security Assertion Markup Language (SAML)". In some cases the acronym can come first, followed by the full term in parentheses.
 
 ## Writing style
 
@@ -105,7 +92,7 @@ Avoid phrasing that blames the user. Be subjective and polite when providing ins
 
 ### Punctuation
 
-For Ken's sake, and many others, try to not use too many commas (avoid commaitis). Use a comma when needed to separate clauses, or for "slowing the pace" or clarity. Please **do** use the [Serial comma](https://en.wikipedia.org/wiki/Serial_comma) (also known as the Oxford comma).
+For Ken's sake, and many others, try to not use too many commas (avoid commaitis). Use a comma when needed to separate clauses, or for "slowing the pace" or clarity. Please **do** use the Oxford comma.
 
 In [lists](#lists), add a period at the end of a bulleted item if it is a complete sentence. Try not to mix incomplete and complete sentences in the same list.
 
@@ -113,14 +100,12 @@ In [lists](#lists), add a period at the end of a bulleted item if it is a comple
 
 #### Titles and headers
 
-Titles and headers (H1, H2, H3, etc.) should follow **sentence case capitalization**, meaning only the first word is capitalized, except for proper nouns or product names. For more information, see [below](#titles-and-headers).
+Titles and headers (H1, H2, H3, etc.) should follow **sentence case capitalization**, meaning only the first word is capitalized, except for proper nouns or product names.For more information, see [below](#titles-and-headers)
 
 #### Following a colon
 
 Whether to capitalize after a colon depends on the context. Typically, we do not capitalize the first word after a colon _unless_ it's a proper noun or if it is the start of a complete sentence. If the colon introduces a list, do not capitalize the first word unless it's a proper noun. In headings and titles, capitalize the first word after the colon.
 
----
-
 ## Word choices
 
 ### "May" versus "Might" versus "Can"
@@ -147,22 +132,20 @@ It's important to use "that" as a conjunction to introduce a dependent clause, o
 
 ### "which" vs "that"
 
-The easiest way to remember when to use "which" versus "that" is:
+Th easiest way to remember when to use "which" versus "that" is:
 
-- If the second part (clause) of the sentence is required to understand the first part, use "that." If the second clause is only additional info, use "which".
+- if the second part (clause) of the sentence is required to understand the first part, use "that." If the second clause is only additional info, then you should use "which".
 
-For more information, see [this guide](https://www.grammarly.com/blog/which-vs-that/).
+For more information, see https://www.grammarly.com/blog/which-vs-that/.
 
-### "since" (time-based) vs "because" (causal)
+### “since” (time-based) vs “because” (causal)
 
 When writing about a status or anything that is causal ("this happened because of that"), use the word "because". Use the word "since" for time-based topics (this will be rare in technical writing).
 
-### Avoid using "once" (numeric) to mean "after" (time-based).
+### Avoid using “once” (numeric) to mean “after” (time-based).
 
 When writing out steps in a procedural topic, avoid starting with "Once...". Instead, you can say "After you have created the scope mapping...".
 
----
-
 ## Formatting guidelines
 
 ### Fonts and font styling
@@ -182,7 +165,7 @@ When writing out steps in a procedural topic, avoid starting with "Once...". Ins
 
 - Use `code formatting` for:
 
-    - Commands (e.g., `kubectl get nodes`).
+    - Commands (e.g., `docker run`).
     - File paths, file names, and directory names (e.g., `/usr/local/bin/`).
     - Inline code snippets (e.g., `.env`).
 
@@ -216,7 +199,7 @@ To clearly indicate terms or values that are placeholders and require user input
     - **DON'T:** "CONFIGURE THE GOOGLE WORKSPACE PROVIDER"
     - **DON'T:** "Configure The Google Workspace Provider"
 
-- Ensure that titles and headers are descriptive and clearly convey the purpose of the section. Avoid vague titles like "Overview." Instead, opt for something more specific, like "About authentik policies."
+- Ensure titles and headers are descriptive and clearly convey the purpose of the section. Avoid vague titles like "Overview." Instead, opt for something more specific, like "About authentik policies."
 
 - Use the **imperative verb form** in procedural topics, not gerunds. For example, use "Configure your instance" instead of "Configuring your instance."
 
@@ -224,16 +207,16 @@ To clearly indicate terms or values that are placeholders and require user input
 
 When you want to show an example (say, a code snippet), start on a new line, use bold text for the word "Example", and a colon, like this:
 
-**Example**:
+    **Example**:
 
     This expression policy uses an expression based on the user's name:
-    ```python
-    if request.context["pending_user"].username == "marie":
-        return True
-    return False
-    ```
+        ```
+        if request.context["pending_user"].username == "marie":
+            return True
+            return False
+        ```
 
-### Code blocks
+## Code blocks
 
 When you want to show sections of code use **Code blocks** to provide syntax highlighting, a copy button, line numbering and line highlighting:
 
@@ -267,35 +250,25 @@ and_backend_roles: []
 description: "Maps admin to all_access"
 ```
 
-- ` ` ` `yaml `defines the language used for syntax highlighting. Other languages can be used such as`jsx`, `python`, `bash`, and `text`.
+- `` ` ` ` yaml `` defines the language used for syntax highlighting. Other languages can be used such as; `jsx`, `python`, `bash` and `text`.
 
 Optional configurations:
 
-- `showLineNumbers`: enables line numbering.
-- `title=" "`: defines the title displayed at the top (e.g., filenames).
-- `{5}`: highlights specific lines. Ranges and lists are allowed (e.g., `{5, 7, 9-11}`).
-- `// highlight-next-line`: highlights the next line within a code block.
-- `// highlight-start` and `// highlight-end`: highlight multiple lines.
+- `showLineNumbers`: enables the line numbering on the left-hand side of the code block.
+- `title=" "`: defines the title displayed at the top of the code block. This is useful for defining filenames and paths.
+- `{5}`: defines the line number that will be highlighted. Ranges and lists can also be used (e.g. `{5, 7, 9-11}`).
+- `// highlight-next-line`: is used within a code block to highlight the next line.
+- `// highlight-start` and `// highlight-end`: are used within a code block to highlight one or more lines.
 
-For more details, see the [Docusaurus code block documentation](https://docusaurus.io/docs/markdown-features/code-blocks).
-
-### Tables
-
-Use tables to compare options, list parameters, or summarize information. Ensure tables are concise and avoid nesting complex content. Only use a table when there are 4 or more items. For only 2 or 3 items, use a bullet list.
-
-### Lists
-
-- Use bullet points for unordered lists.
-- Use numbered lists for sequential steps.
-- Keep list items parallel in structure.
-
----
+More information on codeblocks can be found in the [Docusaurus code block documentation](https://docusaurus.io/docs/markdown-features/code-blocks).
 
 ## Component-based formatting
 
+This section covers the usage of React components within our documentation. Files that use component-based formatting must use the `.mdx` extension.
+
 ### Tabs for multiple configurations
 
-Use **Tabs** to display different configurations (e.g., setting up authentication with OIDC vs. SAML) to help users navigate between options. Default to the easier or more common option. For example:
+Use **Tabs** to display different configurations (e.g., setting up authentication with OIDC vs. SAML) to help users navigate between options. Default to the easier or more common option. Insert the following lines wherever you want the code block to appear:
 
 ```jsx
 import TabItem from "@theme/TabItem";
@@ -313,126 +286,60 @@ import Tabs from "@theme/Tabs";
 </Tabs>;
 ```
 
----
+Tabs improve readability when presenting different configurations or setup options.
 
 ## Error message formatting and troubleshooting
 
-When documenting errors, follow this structure:
+When documenting error messages:
 
-1. **Error Message**: Display the error in a code block.
-2. **Possible Causes**: List common reasons for the error.
-3. **Solutions**: Provide step-by-step fixes or a work-around if there is one.
+- Display the error message
+- Explain possible causes
+- Offer solutions
 
-**Example**:
+Example:
 
-- **Error message**:
+- **Error message:**
 
     ```sh
     Error: Authentication failed. Invalid credentials.
     ```
 
-- **Possible causes**:
+- **Possible causes:**
 
-    - Incorrect username or password.
-    - Account locked due to multiple failed attempts.
+    - Incorrect username or password
+    - Account is locked due to too many failed login attempts
 
-- **Solutions**:
-    - Verify your credentials.
-    - Reset your password using the **Forgot Password** link.
-    - Contact your administrator if the account is locked.
+- **Solution:**
 
----
+    - Verify your username and password
+    - Reset your password if necessary
+    - Contact an administrator if your account is locked
 
 ## Accessibility best practices
 
-- **Alt text for images**: Describe the purpose of the image, not just its appearance. For example, use "Screenshot of the login form" instead of "Image of a form."
-- **Heading hierarchy**: Use headings in order (H1 → H2 → H3) to support screen readers.
-- **Color usage**: Avoid using color as the sole method of conveying information (e.g., "Click the red button"). Instead, use descriptive labels to ensure accessibility.
-- **Descriptive link text**: Provide descriptive link text. Avoid using generic terms like "Click here". Be specific about where the link will take the user.
+- Avoid using color as the sole method of conveying information (e.g., "Click the red button"). Instead, use descriptive labels to ensure accessibility.
+- Provide **descriptive link text**. Avoid using generic terms like "Click here". Be specific about where the link will take the user.
     - **DON'T:** "Click here."
     - **DO:** "See the [Authentication Settings](/) for more details."
 
----
-
 ## Notes and warnings
 
-Use the following components to highlight important information:
+For notes and important information:
 
-**Info notes**:
+**Notes** are formatted using:
 
-```md
+```
 :::info
-This is a tip or general note.
+Write your note here.
 :::
 ```
 
-**Warnings**:
+**Warnings** are formatted using:
 
-```md
+```
 :::warning
-This level is for more serious situations: an action cannot be undone, a process might be canceled, etc..
+Write your warning here.
 :::
 ```
 
-**Critical warnings** (for irreversible actions):
-
-```md
-:::danger
-This level is for extremely serious situations, such as an action permanently removing data.
-:::
-```
-
----
-
-## Inclusive Language
-
-- Use **gender-neutral pronouns** like "they/them" instead of "he/she" (e.g., "The user should check their settings").
-- Avoid **ableist terms** such as "dumb" or "lame"; use "non-functional" or "unavailable" instead.
-- **Avoid idioms** that may not translate well (e.g., instead of "hit a home run" use "achieve success").
-
----
-
-## Images and Media
-
-- **Screenshots**:
-    - Use screenshots very sparingly, only for very complex UIs. If there are screenshots, update any existing ones if the UI changes.
-    - Crop to focus on relevant elements, use red arrows or circles to call out the important element.
-    - Add descriptive alt text (e.g., "Screenshot of the Provider configuration page").
-- **Diagrams**:
-    - Use [Mermaid](https://mermaid.js.org/) for creating diagrams directly in markdown. Mermaid is our preferred tool for documentation diagrams as it allows for version control and easy updates.
-    - For more complex diagrams, you can use tools like [Draw.io](https://draw.io). Ensure high contrast and text descriptions.
-
----
-
-## Document Structure and Metadata
-
-- **Front matter**: Include a title and optional summary. You can also add badge metadata in the front matter:
-
-    ```md
-    ---
-    title: Getting Started
-    description: Install and configure authentik in 5 minutes.
-    authentik_version: "2025.4" # Semantic version when feature was introduced (Optional)
-    authentik_preview: true # For preview features (Optional)
-    authentik_enterprise: true # For enterprise features (Optional)
-    support_level: "authentik" # For integrations: Support level: "authentik" (tested by team) or "community" (community maintained)
-    ---
-    ```
-
-    Note: Badges should be defined in the front matter, not in the markdown content. The system will automatically display the appropriate badges based on the front matter metadata.
-
-- **Directives**: You can also use directives in your markdown content to add badges inline:
-
-    - `:ak-version[2025.4]` - Shows when a feature was introduced (requires semantic version)
-    - `:ak-preview` - Indicates preview features
-    - `:ak-enterprise` - Indicates features in our Enterprise offering
-
-    Example usage in a heading:
-
-    ```md
-    # New Feature :ak-version[2025.4] :ak-preview
-    ```
-
-    Note: When using directives, they should be placed at the end of the heading or paragraph where they apply.
-
-- **SEO**: Use keywords in titles and headings to improve searchability. Include relevant terms that users might search for, but avoid keyword stuffing. Focus on natural, descriptive language that accurately represents the content.
+Use these conventions to ensure that the reader's attention is drawn to crucial information.

website/docs/install-config/configuration/configuration.mdx

@@ -70,9 +70,6 @@ To check if your config has been applied correctly, you can run the following co
 - `AUTHENTIK_POSTGRESQL__USER`: Database user
 - `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
 - `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
-  {/* TODO: Temporarily deactivated feature, see https://github.com/goauthentik/authentik/issues/14320 */}
-  {/* - `AUTHENTIK_POSTGRESQL__USE_POOL`: Use a [connection pool](https://docs.djangoproject.com/en/stable/ref/databases/#connection-pool) for PostgreSQL connections. Defaults to `false`. :ak-version[2025.4] */}
-- `AUTHENTIK_POSTGRESQL__POOL_OPTIONS`: Extra configuration to pass to the [ConnectionPool object](https://www.psycopg.org/psycopg3/docs/api/pool.html#psycopg_pool.ConnectionPool) when it is created. Must be a base64-encoded JSON dictionary. Ignored when `USE_POOL` is set to `false`. :ak-version[2025.4]
 - `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer. Deprecated, see below
 - `AUTHENTIK_POSTGRESQL__USE_PGPOOL`: Adjust configuration to support connection to Pgpool. Deprecated, see below
 - `AUTHENTIK_POSTGRESQL__SSLMODE`: Strictness of ssl verification. Defaults to `"verify-ca"`
@@ -85,7 +82,7 @@ To check if your config has been applied correctly, you can run the following co
 
 The PostgreSQL settings `HOST`, `PORT`, `USER`, and `PASSWORD` support hot-reloading. Adding and removing read replicas doesn't support hot-reloading.
 
-- `AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA`:ak-version[2024.12]
+- `AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA` :ak-version[2024.12]
 
     The name of the schema used by default in the database. Defaults to `public`.
 

website/docs/releases/2025/v2025.4.md

@@ -81,20 +81,20 @@ Previously, sessions were stored by default in the cache. Now, they are stored i
 
 An integration is a how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added.
 
-- [Apple Business Manager](../../../integrations/services/apple/)
-- [FleetDM](../../../integrations/services/fleet/)
-- [Gravity](../../../integrations/services/gravity/)
-- [Homarr](../../../integrations/services/homarr/)
-- [KnocKnoc](../../../integrations/services/knocknoc)
-- [Mautic](../../../integrations/services/mautic/)
-- [Mailcow](../../../integrations/services/mailcow/)
-- [Mealie](../../../integrations/services/mealie/)
-- [OpenProject](../../../integrations/services/openproject)
-- [Sidero Omni](../../../integrations/services/omni)
-- [Tandoor](../../../integrations/services/tandoor/)
-- [Wazuh](../../../integrations/services/wazuh)
-- [XCreds](../../../integrations/services/xcreds)
-- [Zipline](../../../integrations/services/zipline/)
+- [Apple Business Manager](/integrations/services/apple/)
+- [FleetDM](/integrations/services/fleet/)
+- [Gravity](/integrations/services/gravity/)
+- [Homarr](/integrations/services/homarr/)
+- [KnocKnoc](/integrations/services/knocknoc)
+- [Mautic](/integrations/services/mautic/)
+- [Mailcow](/integrations/services/mailcow/)
+- [Mealie](/integrations/services/mealie/)
+- [OpenProject](/integrations/services/openproject)
+- [Sidero Omni](/integrations/services/omni)
+- [Tandoor](/integrations/services/tandoor/)
+- [Wazuh](/integrations/services/wazuh)
+- [XCreds](/integrations/services/xcreds)
+- [Zipline](/integrations/services/zipline/)
 
 ## Upgrading
 
@@ -291,6 +291,10 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.4
 - lifecycle: fix arguments not being passed to worker command (cherry-pick #14574) (#14620)
 - sources/scim: fix all users being added to group when no members are given (cherry-pick #14645) (#14666)
 
+## Fixed in 2025.4.3
+
+- security: fix CVE-2025-52553 (#15289)
+
 ## API Changes
 
 #### What's New

website/docs/releases/2025/v2025.6.md

@@ -37,15 +37,15 @@ slug: "/releases/2025.6"
 
 An integration is how authentik connects to third-party applications, directories, and other identity providers. The following integration guides were recently added to our documentation:
 
-- [Atlassian Cloud (Jira, Confluence, etc)](../../../integrations/services/atlassian/)
-- [Coder](../../../integrations/services/coder/)
-- [FileRise](../../../integrations/services/filerise/)
-- [Komodo](../../../integrations/services/komodo/)
-- [Pangolin](../../../integrations/services/pangolin/)
-- [Push Security](../../../integrations/services/push-security/)
-- [Stripe](../../../integrations/services/stripe/)
-- [Tailscale](../../../integrations/services/tailscale/)
-- [YouTrack](../../../integrations/services/youtrack/)
+- [Atlassian Cloud (Jira, Confluence, etc)](/integrations/services/atlassian/)
+- [Coder](/integrations/services/coder/)
+- [FileRise](/integrations/services/filerise/)
+- [Komodo](/integrations/services/komodo/)
+- [Pangolin](/integrations/services/pangolin/)
+- [Push Security](/integrations/services/push-security/)
+- [Stripe](/integrations/services/stripe/)
+- [Tailscale](/integrations/services/tailscale/)
+- [YouTrack](/integrations/services/youtrack/)
 
 ## Upgrading
 
@@ -136,6 +136,39 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2025.6
 - web/flows: update default flow background (#14769)
 - web/flows/sfe: fix global background image not being loaded (#14442)
 
+## Fixed in 2025.6.1
+
+- providers/proxy: add option to override host header with property mappings (cherry-pick #14927) (#14945)
+- tenants: fix tenant aware celery scheduler (cherry-pick #14921)
+- web/user: fix user settings flow not loading (cherry-pick #14911) (#14930)
+
+## Fixed in 2025.6.2
+
+- brands: fix custom_css being escaped (cherry-pick #14994) (#14996)
+- core: bump django from 5.1.10 to 5.1.11 (cherry-pick #14997) (#15010)
+- core: bump django from 5.1.9 to 5.1.10 (cherry-pick #14951) (#15008)
+- internal/outpost: fix incorrect usage of golang SHA API (cherry-pick #14981) (#14982)
+- providers/rac: fixes prompt data not being merged with connection_settings (cherry-pick #15037) (#15038)
+- stages/email: Only attach logo to email if used (cherry-pick #14835) (#14969)
+- web/elements: fix dual select without sortBy (cherry-pick #14977) (#14979)
+- web/elements: fix typo in localeComparator (cherry-pick #15054) (#15055)
+
+## Fixed in 2025.6.3
+
+- ci: fix CodeQL failing on cherry-pick PRs (cherry-pick #15205) (#15206)
+- ci: fix post-release e2e builds failing (cherry-pick #15082) (#15092)
+- core: bump goauthentik/fips-python from 3.13.3-slim-bookworm-fips to 3.13.5-slim-bookworm-fips in 2025.6 (#15274)
+- core: bump protobuf from 6.30.2 to v6.31.1 (cherry-pick #14894) (#15173)
+- core: bump requests from 2.32.3 to v2.32.4 (cherry-pick #15129) (#15135)
+- core: bump tornado from 6.4.2 to v6.5.1 (cherry-pick #15100) (#15116)
+- core: bump urllib3 from 2.4.0 to v2.5.0 (cherry-pick #15131) (#15174)
+- security: fix CVE-2025-52553 (cherry-pick #15289) (#15290)
+- sources/ldap: fix sync on empty groups (cherry-pick #15158) (#15171)
+- stages/user_login: fix session binding logging (#15175)
+- web/elements: Add light mode custom css handling (cherry-pick #14944) (#15096)
+- web/elements: typing error when variables are not converted to string (cherry-pick #15169) (#15222)
+- web/user: fix infinite loop when no user settings flow is set (cherry-pick #15188) (#15192)
+
 ## API Changes
 
 #### What's New

website/docs/security/cves/CVE-2025-52553.md

@@ -0,0 +1,27 @@
+# CVE-2025-52553
+
+_Reported by [SPIEGEL-Verlag](https://gruppe.spiegel.de)_
+
+## Insufficient Session verification for Remote Access Control endpoint access
+
+### Summary
+
+After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to the client in the URL. This token is intended to only be valid for the session of the user who authorized the connection, however this check is currently missing.
+
+### Patches
+
+authentik 2025.4.3 and 2025.6.3 fix this issue.
+
+### Impact
+
+When for example using RAC during a screenshare, a malicious user could access the same session by copying the URL from the shown browser.
+
+### Workarounds
+
+As a workaround it is recommended to decrease the duration a token is valid for (in the RAC Provider settings, set **Connection expiry** to `minutes=5` for example). We also recommend enabling the option **Delete authorization on disconnect**.
+
+### For more information
+
+If you have any questions or comments about this advisory:
+
+- Email us at [security@goauthentik.io](mailto:security@goauthentik.io).

website/docs/sys-mgmt/events/index.md

@@ -2,18 +2,22 @@
 title: Events
 ---
 
-Events are authentik's built-in logging system. Whenever any of the following actions occur, an event is created:
+Events are authentik's built-in logging system. Every event is logged, whether it is initiated by a user or by authentik.
+
+Events can be used to define [notification rules](notifications.md), with specified [transport options](transports.md) of local (in the authentik UI), email or webhook.
 
 Certain information is stripped from events, to ensure no passwords or other credentials are saved in the log.
 
 ## Event retention
 
-The event retention is configured in the system settings interface, with the default being set to 365 days.
+The event retention is configured in the **System > Settings** area of the Admin interface, with the default being set to 365 days.
 
 If you want to forward these events to another application, forward the log output of all authentik containers. Every event creation is logged with the log level "info". For this configuration, it is also recommended to set the internal retention pretty low (for example, `days=1`).
 
 ## Event actions
 
+Whenever any of the following actions occur, an event is created.
+
 ### `login`
 
 A user logs in (including the source, if available)

website/docs/sys-mgmt/events/notifications.md

@@ -8,9 +8,7 @@ To prevent infinite loops (events created by policies which are attached to a No
 
 ## Filtering Events
 
-Starting with authentik 0.15, you can create notification rules, which can alert you based on the creation of certain events.
-
-Filtering is done by using the Policy Engine. You can do simple filtering using the "Event Matcher Policy" type.
+An authentik administrator can create notification rules based on the creation of specified events. Filtering is done by using the Policy Engine. You can do simple filtering using the "Event Matcher Policy" type.
 
 ![](./event_matcher.png)
 

website/docs/troubleshooting/login.md

@@ -27,3 +27,29 @@ uv run ak create_recovery_key 10 akadmin
 ```
 
 This will output a link, that can be used to instantly gain access to authentik as the user specified above. The link is valid for amount of years specified above, in this case, 10 years.
+
+## Can't access initial setup flow during installation steps
+
+If you're unable to access the initial setup flow (`/if/flow/initial-setup/`) immediately after installing authentik, first try restarting the containers because this often resolves temporary issues.
+
+However, if the issue persists after restarting, you can directly set the admin password using the following commands:
+
+Docker Compose deployments:
+
+    ```bash
+    docker compose exec server ak changepassword akadmin
+    ```
+
+Kubernetes deployments:
+
+    ```bash
+    kubectl exec -it deployment/authentik-server -c server -- ak changepassword akadmin
+    ```
+
+After following the prompts to set a new password, you can then login via: `https://authentik.company/if/flow/default-authentication-flow/?next=%2F`
+
+After logging in, you can set the email address and other settings for the account by navigating to **Directory** > **Users** and editing the user account.
+
+:::note
+This method bypasses the initial setup flow and should only be used as a last resort. The initial setup flow is the recommended method to configure the administrator user.
+:::

website/docs/users-sources/sources/social-logins/google/index.mdx

@@ -10,7 +10,7 @@ This page provides an overview of how to configure each protocol as a federated
 :::info{title="authentik as a third-party IdP"}
 authentik can also be configuration to authenticate users into Google services.
 
-For more information, see the [Google Workspace Integration](../../../../../integrations/services/google/) guide.
+For more information, see the [Google Workspace Integration](/integrations/services/google/) guide.
 
 ## Google Cloud (OAuth)
 

website/docusaurus.config.esm.mjs

@@ -11,6 +11,7 @@ import remarkDirective from "remark-directive";
 import remarkGithub, { defaultBuildUrl } from "remark-github";
 
 import remarkEnterpriseDirective from "./remark/enterprise-directive.mjs";
+import remarkLinkRewrite from "./remark/link-rewrite-directive.mjs";
 import remarkPreviewDirective from "./remark/preview-directive.mjs";
 import remarkSupportDirective from "./remark/support-directive.mjs";
 import remarkVersionDirective from "./remark/version-directive.mjs";
@@ -43,9 +44,10 @@ const config = createDocusaurusConfig({
                     target: "_self",
                 },
                 {
-                    to: "integrations/",
+                    to: "https://integrations.goauthentik.io",
                     label: "Integrations",
                     position: "left",
+                    target: "_self",
                 },
                 {
                     to: "docs/",
@@ -86,6 +88,7 @@ const config = createDocusaurusConfig({
             appId: "36ROD0O0FV",
             apiKey: "727db511300ca9aec5425645bbbddfb5",
             indexName: "goauthentik",
+            externalUrlRegex: /(:\/\/goauthentik\.io|integrations\.goauthentik\.io)/.toString(),
         },
     },
     presets: [
@@ -94,6 +97,7 @@ const config = createDocusaurusConfig({
             /** @type {Preset.Options} */ ({
                 docs: {
                     id: "docs",
+                    routeBasePath: "docs",
                     sidebarPath: "./sidebars/docs.mjs",
                     showLastUpdateTime: false,
                     editUrl: "https://github.com/goauthentik/authentik/edit/main/website/",
@@ -101,6 +105,9 @@ const config = createDocusaurusConfig({
 
                     beforeDefaultRemarkPlugins: [
                         remarkDirective,
+                        remarkLinkRewrite(
+                            new Map([["/integrations", "https://integrations.goauthentik.io"]]),
+                        ),
                         remarkVersionDirective,
                         remarkEnterpriseDirective,
                         remarkPreviewDirective,
@@ -124,6 +131,10 @@ const config = createDocusaurusConfig({
                         ],
                     ],
                 },
+                gtag: {
+                    trackingID: ["G-9MVR9WZFZH"],
+                    anonymizeIP: true,
+                },
                 theme: {
                     customCss: require.resolve("@goauthentik/docusaurus-config/css/index.css"),
                 },
@@ -131,16 +142,6 @@ const config = createDocusaurusConfig({
         ],
     ],
     plugins: [
-        [
-            "@docusaurus/plugin-content-docs",
-            {
-                id: "docsIntegrations",
-                path: "integrations",
-                routeBasePath: "integrations",
-                sidebarPath: "./sidebars/integrations.mjs",
-                editUrl: "https://github.com/goauthentik/authentik/edit/main/website/",
-            },
-        ],
         [
             "docusaurus-plugin-openapi-docs",
             {

website/integrations/docusaurus.config.cjs

@@ -0,0 +1,12 @@
+/**
+ * @file CommonJS Docusaurus config adapter.
+ *
+ * This exists to allow an ESM Docusaurus configuration to be imported in a CommonJS.
+ *
+ * @import Config from "./docusaurus.config.esm.mjs"
+ */
+
+/**
+ * @see {@linkcode Config} for the Docusaurus configuration type.
+ */
+module.exports = import("./docusaurus.config.esm.mjs").then(($) => $.default);

website/integrations/docusaurus.config.esm.mjs

@@ -0,0 +1,143 @@
+/**
+ * @file Docusaurus config.
+ *
+ * @import * as Preset from "@docusaurus/preset-classic";
+ * @import { BuildUrlValues } from "remark-github";
+ */
+import { createDocusaurusConfig } from "@goauthentik/docusaurus-config";
+import { createRequire } from "node:module";
+import remarkDirective from "remark-directive";
+import remarkGithub, { defaultBuildUrl } from "remark-github";
+
+import remarkEnterpriseDirective from "../remark/enterprise-directive.mjs";
+import remarkLinkRewrite from "../remark/link-rewrite-directive.mjs";
+import remarkPreviewDirective from "../remark/preview-directive.mjs";
+import remarkSupportDirective from "../remark/support-directive.mjs";
+import remarkVersionDirective from "../remark/version-directive.mjs";
+
+const require = createRequire(import.meta.url);
+
+/**
+ * Documentation site configuration for Docusaurus.
+ */
+const config = createDocusaurusConfig({
+    url: "https://integrations.goauthentik.io",
+    future: {
+        experimental_faster: true,
+    },
+    themes: ["@docusaurus/theme-mermaid"],
+    themeConfig: {
+        image: "img/social.png",
+        navbar: {
+            logo: {
+                alt: "authentik logo",
+                src: "img/icon_left_brand.svg",
+                href: "https://goauthentik.io/",
+                target: "_self",
+            },
+            items: [
+                {
+                    to: "https://goauthentik.io/features",
+                    label: "Features",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    to: "integrations/",
+                    label: "Integrations",
+                    position: "left",
+                },
+                {
+                    to: "https://docs.goauthentik.io",
+                    label: "Documentation",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    to: "https://goauthentik.io/pricing/",
+                    label: "Pricing",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    to: "https://goauthentik.io/blog",
+                    label: "Blog",
+                    position: "left",
+                    target: "_self",
+                },
+                {
+                    "href": "https://github.com/goauthentik/authentik",
+                    "data-icon": "github",
+                    "aria-label": "GitHub",
+                    "position": "right",
+                },
+                {
+                    "href": "https://goauthentik.io/discord",
+                    "data-icon": "discord",
+                    "aria-label": "Discord",
+                    "position": "right",
+                },
+            ],
+        },
+        footer: {
+            links: [],
+            copyright: `Copyright © ${new Date().getFullYear()} Authentik Security Inc. Built with Docusaurus.`,
+        },
+        algolia: {
+            appId: "36ROD0O0FV",
+            apiKey: "727db511300ca9aec5425645bbbddfb5",
+            indexName: "goauthentik",
+            externalUrlRegex: /(:\/\/goauthentik\.io|docs\.goauthentik\.io)/.toString(),
+        },
+    },
+    presets: [
+        [
+            "@docusaurus/preset-classic",
+            /** @type {Preset.Options} */ ({
+                docs: {
+                    id: "docsIntegrations",
+                    path: "integrations",
+                    routeBasePath: "integrations",
+                    sidebarPath: "./sidebars/integrations.mjs",
+                    editUrl: "https://github.com/goauthentik/authentik/edit/main/website/",
+                    showLastUpdateTime: false,
+
+                    beforeDefaultRemarkPlugins: [
+                        remarkDirective,
+                        remarkLinkRewrite(new Map([["/docs", "https://docs.goauthentik.io"]])),
+                        remarkVersionDirective,
+                        remarkEnterpriseDirective,
+                        remarkPreviewDirective,
+                        remarkSupportDirective,
+                    ],
+                    remarkPlugins: [
+                        [
+                            remarkGithub,
+                            {
+                                repository: "goauthentik/authentik",
+                                /**
+                                 * @param {BuildUrlValues} values
+                                 */
+                                buildUrl: (values) => {
+                                    // Only replace issues and PR links
+                                    return values.type === "issue" || values.type === "mention"
+                                        ? defaultBuildUrl(values)
+                                        : false;
+                                },
+                            },
+                        ],
+                    ],
+                },
+                gtag: {
+                    trackingID: ["G-9MVR9WZFZH"],
+                    anonymizeIP: true,
+                },
+                theme: {
+                    customCss: require.resolve("@goauthentik/docusaurus-config/css/index.css"),
+                },
+            }),
+        ],
+    ],
+});
+
+export default config;

website/integrations/index.mdx

@@ -12,12 +12,12 @@ Integrations are categorized into two categories: **Applications** and **Sources
 
 Applications include vendor tools such as Google Workspace, GitHub, Slack, or AWS. These applications can be integrated with authentik to provide single sign-on capabilities to securely authenticate users.
 
-If you want to integrate an application that isn't listed, authentik can be configured to work with most applications that support authentication protocols such as [SAML](../docs/add-secure-apps/providers/saml), [OAuth and OpenID Connect](../docs/add-secure-apps/providers/oauth2).
+If you want to integrate an application that isn't listed, authentik can be configured to work with most applications that support authentication protocols such as [SAML](/docs/add-secure-apps/providers/saml), [OAuth and OpenID Connect](/docs/add-secure-apps/providers/oauth2).
 
 To learn more, refer to the [Applications](../integrations/services) page.
 
 ### Federated and social sources
 
-Sources are a way for authentik to use external user credentials for authentication. Supported integrations with external sources via authentik include federated directories like Active Directory and social logins such as Facebook, Twitter, etc. These integrations support all major protocols, including [LDAP](../docs/users-sources/sources/protocols/ldap), [SCIM](../docs/users-sources/sources/protocols/scim), [SAML](../docs/users-sources/sources/protocols/saml), and [OAuth and OpenID Connect](../docs/users-sources/sources/protocols/oauth)
+Sources are a way for authentik to use external user credentials for authentication. Supported integrations with external sources via authentik include federated directories like Active Directory and social logins such as Facebook, Twitter, etc. These integrations support all major protocols, including [LDAP](/docs/users-sources/sources/protocols/ldap), [SCIM](/docs/users-sources/sources/protocols/scim), [SAML](/docs/users-sources/sources/protocols/saml), and [OAuth and OpenID Connect](/docs/users-sources/sources/protocols/oauth)
 
-To learn more, refer to the [Sources](../docs/users-sources/sources) page.
+To learn more, refer to the [Sources](/docs/users-sources/sources) page.

website/integrations/services/apple/index.md

@@ -209,7 +209,7 @@ You can always find your provider's generated values by navigating to **Provider
 
 ### 4. Create Shared Signals Framework provider
 
-While the OIDC provider handles the authentication flow, you'll need to create a [Shared Signals Framework provider](../../../docs/add-secure-apps/providers/ssf/) to handle the backchannel communication between authentik and Apple Business Manager.
+While the OIDC provider handles the authentication flow, you'll need to create a [Shared Signals Framework provider](/docs/add-secure-apps/providers/ssf/) to handle the backchannel communication between authentik and Apple Business Manager.
 
 1. From the authentik Admin interface, navigate to **Applications -> Providers** and click **Create**.
 2. Select **Shared Signals Framework Provider** and use the following values.

website/integrations/services/mautic/index.md

@@ -16,7 +16,7 @@ The following placeholders are used in this guide:
 
 - `mautic.company` is the FQDN of the Mautic installation.
 - `authentik.company` is the FQDN of the authentik installation.
-- `mautic-provider` is the [SAML provider](../../../docs/add-secure-apps/providers/saml) whose settings will be imported into Mautic.
+- `mautic-provider` is the [SAML provider](/docs/add-secure-apps/providers/saml) whose settings will be imported into Mautic.
 
 :::info
 This documentation lists only the settings that you need to change from their default values.
@@ -39,7 +39,7 @@ To support the integration of Mautic with authentik, you need to create property
 
 ### Create property mappings
 
-Because Mautic requires a first name and last name attribute, create two [SAML provider property mappings](../../../docs/users-sources/sources/property-mappings):
+Because Mautic requires a first name and last name attribute, create two [SAML provider property mappings](/docs/users-sources/sources/property-mappings):
 
 1. Log in to authentik as an administrator and open the authentik Admin interface.
 2. Navigate to **Customization** > **Property Mappings** and click **Create**:

website/integrations/services/nextcloud/index.mdx

@@ -103,16 +103,16 @@ To connect to an existing Nextcloud user, set the `nextcloud_user_id` attribute
 
 ### Provider and Application
 
-1. **Create a provider:**  
+1. **Create a provider:**
    In the authentik Admin Interface, navigate to **Applications > Providers**. Create an **OAuth2/OpenID Provider** with the following settings:
 
     - **Name:** Nextcloud
     - **Client type:** Confidential
-    - **Redirect URIs/Origins (RegEx):**  
+    - **Redirect URIs/Origins (RegEx):**
       `https://nextcloud.company/apps/user_oidc/code`
     - **Signing key:** Any valid certificate
 
-2. **Configure advanced settings:**  
+2. **Configure advanced settings:**
    Under advanced settings, set:
 
     - **Scopes:**
@@ -121,7 +121,7 @@ To connect to an existing Nextcloud user, set the `nextcloud_user_id` attribute
     - **Subject mode:** Based on the User's UUID
 
         :::danger
-        Mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. If you choose to map to usernames, [disable username changing](../../../docs/sys-mgmt/settings#allow-users-to-change-username) in authentik and set it to `Based on the User's username`.
+        Mapping the subject mode to authentik usernames is **not recommended** due to their mutable nature. If you choose to map to usernames, [disable username changing](/docs/sys-mgmt/settings#allow-users-to-change-username) in authentik and set it to `Based on the User's username`.
         :::
 
     - **Include claims in ID token:** Enabled
@@ -136,15 +136,15 @@ An issue with the Nextcloud OIDC app limited the secret ID size to 64 characters
 Depending on your Nextcloud configuration, you might need to use `https://nextcloud.company/index.php/` instead of `https://nextcloud.company/`.
 :::
 
-3. **Link the provider to an application:**  
+3. **Link the provider to an application:**
    In **Applications > Applications**, create an application and select the provider you just created. Note the _application slug_ for later use.
 
 ### Nextcloud configuration
 
-1. **Install the app:**  
+1. **Install the app:**
    In Nextcloud, ensure the **OpenID Connect user backend** app is installed. Then navigate to **Settings > OpenID Connect**.
 
-2. **Add a provider:**  
+2. **Add a provider:**
    Click the **+** button and enter the following:
 
     - **Identifier:** Authentik
@@ -167,7 +167,7 @@ Depending on your Nextcloud configuration, you might need to use `https://nextcl
             Enable **Use group provisioning** to allow writing to this field.
             :::
 
-    - **Use unique user ID:**  
+    - **Use unique user ID:**
       If deselected, Nextcloud uses the mapped user ID in the Federated Cloud ID.
       :::tip
       To avoid a hashed Federated Cloud ID, deselect **Use unique user ID** and use `user_id` for the User ID mapping.
@@ -177,7 +177,7 @@ Depending on your Nextcloud configuration, you might need to use `https://nextcl
         If you are using a custom profile scope and want administrators to be able to log in, ensure that **Use unique user ID** is deselected. Otherwise, this setting will remove Administrator users from the internal admin group and replace them with a hashed group ID named "admin", which lacks actual admin access rights.
         :::
 
-3. **Log in:**  
+3. **Log in:**
    Once configured, single sign-on (SSO) login via authentik becomes available.
 
 #### Making OIDC the default login method
@@ -204,19 +204,19 @@ The following placeholders are used in this guide:
 This documentation lists only the settings you need to change from their default values. Other changes might cause issues accessing your application.
 :::
 
-1. **Create an application in authentik:**  
+1. **Create an application in authentik:**
    Note the chosen slug as it will be used later.
 
-2. **Create a SAML provider:**  
+2. **Create a SAML provider:**
    In authentik, navigate to **Applications > Providers** and create a **SAML provider** with the following settings:
 
-    - **ACS URL:**  
+    - **ACS URL:**
       `https://nextcloud.company/apps/user_saml/saml/acs`
-    - **Issuer:**  
+    - **Issuer:**
       `https://authentik.company`
-    - **Service Provider Binding:**  
+    - **Service Provider Binding:**
       Post
-    - **Audience:**  
+    - **Audience:**
       `https://nextcloud.company/apps/user_saml/saml/metadata`
     - **Signing certificate:** Select any valid certificate.
     - **Property mappings:** Select all managed mappings.
@@ -227,12 +227,12 @@ Depending on your Nextcloud configuration, you might need to use `https://nextcl
 
 #### Nextcloud configuration
 
-1. **Install the app:**  
+1. **Install the app:**
    In Nextcloud, ensure the **SSO & SAML Authentication** app is installed. Then navigate to **Settings > SSO & SAML Authentication**.
 
 2. **Configure the following settings:**
 
-    - **Attribute to map the UID to:**  
+    - **Attribute to map the UID to:**
       `http://schemas.goauthentik.io/2021/02/saml/uid`
 
         :::danger
@@ -240,23 +240,23 @@ Depending on your Nextcloud configuration, you might need to use `https://nextcl
         :::
 
     - **Optional display name:** `authentik`
-    - **Identifier of the IdP entity:**  
+    - **Identifier of the IdP entity:**
       `https://authentik.company`
-    - **URL target for authentication requests:**  
+    - **URL target for authentication requests:**
       `https://authentik.company/application/saml/<application-slug>/sso/binding/redirect/`
-    - **URL for SLO requests:**  
+    - **URL for SLO requests:**
       `https://authentik.company/application/saml/<application-slug>/slo/binding/redirect/`
-    - **Public X.509 certificate of the IdP:**  
+    - **Public X.509 certificate of the IdP:**
       Paste the PEM from your selected certificate.
 
-3. **Set attribute mapping:**  
+3. **Set attribute mapping:**
    Configure the following mappings:
 
-    - **Display name:**  
+    - **Display name:**
       `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`
-    - **Email:**  
+    - **Email:**
       `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`
-    - **User groups:**  
+    - **User groups:**
       `http://schemas.xmlsoap.org/claims/Group`
 
 :::note
@@ -265,10 +265,10 @@ If Nextcloud is behind a reverse proxy, force HTTPS by adding `'overwriteprotoco
 
 #### Group quotas
 
-1. **Set up groups:**  
+1. **Set up groups:**
    Create a group for each storage quota level and assign a custom attribute (e.g., `nextcloud_quota`) with values like `15 GB`.
 
-2. **Create a custom SAML property mapping:**  
+2. **Create a custom SAML property mapping:**
    Name the mapping **SAML Nextcloud Quota** with:
 
     - **SAML Attribute Name:** `nextcloud_quota`
@@ -280,14 +280,14 @@ If Nextcloud is behind a reverse proxy, force HTTPS by adding `'overwriteprotoco
 
         (Here, `"1 GB"` is the default if no quota is set.)
 
-3. **Configure Nextcloud:**  
+3. **Configure Nextcloud:**
    In Nextcloud under **Settings > SSO & SAML Authentication**, set the **Attribute to map the quota to** as `nextcloud_quota`.
 
 #### Admin group
 
 To grant admin access to authentik users:
 
-1. **Create a custom SAML property mapping for admins:**  
+1. **Create a custom SAML property mapping for admins:**
    Configure a mapping with:
 
     - **SAML Attribute Name:** `http://schemas.xmlsoap.org/claims/Group`
@@ -300,7 +300,7 @@ To grant admin access to authentik users:
             yield "admin"
         ```
 
-2. **Update the Nextcloud provider:**  
+2. **Update the Nextcloud provider:**
    Replace the default Groups mapping with this custom mapping.
 
   </TabItem>

website/integrations/services/push-security/index.mdx

@@ -93,7 +93,7 @@ Push Security requires separate first and last names for each user, but authenti
 5. Click **Next**.
 6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml/<application-slug>/sso/binding/post/`
 7. Click **Upload signing certificate**, and upload the certificate downloaded from authentik.
-8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. You’ll need to import this into authentik. Refer to the [authentik certificate documentation](../../../docs/sys-mgmt/certificates#external-certificates) for guidance.
+8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. You’ll need to import this into authentik. Refer to the [authentik certificate documentation](/docs/sys-mgmt/certificates#external-certificates) for guidance.
 9. Click **Next**.
 10. On the **Attribute Mapping** page, click **Next** without making changes.
 11. Leave the **Test SSO** page open. You’ll return to it after completing the next section.

website/integrations/services/sssd/index.md

@@ -36,12 +36,12 @@ This documentation lists only the settings that you need to change from their de
 :::
 
 :::warning
-The provider configuration assumes that connections to the outpost use LDAPS, with properly configured certificates on both authentik and the host running sssd. LDAPS is the recommended protocol for secure communication. For details on setting up SSL and StartTLS on the outpost, refer to [authentik’s LDAP provider documentation](../../../docs/add-secure-apps/providers/ldap#ssl--starttls).
+The provider configuration assumes that connections to the outpost use LDAPS, with properly configured certificates on both authentik and the host running sssd. LDAPS is the recommended protocol for secure communication. For details on setting up SSL and StartTLS on the outpost, refer to [authentik’s LDAP provider documentation](/docs/add-secure-apps/providers/ldap#ssl--starttls).
 :::
 
 ## authentik configuration
 
-Follow [official documentation](../../../docs/add-secure-apps/outposts/#create-and-configure-an-outpost) to create an **LDAP outpost**. If you already have an LDAP outpost configured, you can use it without additional setup. No further configuration in authentik is needed.
+Follow [official documentation](/docs/add-secure-apps/outposts/#create-and-configure-an-outpost) to create an **LDAP outpost**. If you already have an LDAP outpost configured, you can use it without additional setup. No further configuration in authentik is needed.
 
 ## sssd configuration