release: 2023.4.1

Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 7.47.0 to 7.48.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/7.47.0...7.48.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2023.4.0
+current_version = 2023.4.1
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)

.github/workflows/ci-main.yml

@@ -60,7 +60,7 @@ jobs:
           cp authentik/lib/default.yml local.env.yml
           cp -R .github ..
           cp -R scripts ..
-          git checkout $(git describe --abbrev=0 --match 'version/*')
+          git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
           rm -rf .github/ scripts/
           mv ../.github ../scripts .
       - name: Setup authentik env (ensure stable deps are installed)

authentik/__init__.py

@@ -2,7 +2,7 @@
 from os import environ
 from typing import Optional
 
-__version__ = "2023.4.0"
+__version__ = "2023.4.1"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

docker-compose.yml

@@ -32,7 +32,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.4.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.4.1}
     restart: unless-stopped
     command: server
     environment:
@@ -50,7 +50,7 @@ services:
       - "${AUTHENTIK_PORT_HTTP:-9000}:9000"
       - "${AUTHENTIK_PORT_HTTPS:-9443}:9443"
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.4.0}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2023.4.1}
     restart: unless-stopped
     command: worker
     environment:

go.mod

@@ -25,7 +25,7 @@ require (
 	github.com/prometheus/client_golang v1.15.0
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.2
-	goauthentik.io/api/v3 v3.2023031.17
+	goauthentik.io/api/v3 v3.2023040.1
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.7.0
 	golang.org/x/sync v0.1.0

go.sum

@@ -331,8 +331,8 @@ go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZp
 go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ=
 go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk=
 go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0=
-goauthentik.io/api/v3 v3.2023031.17 h1:FM1kG/1TBy8aCsWZtiuapp7J451Z3xWpj0dTSfjtnaE=
-goauthentik.io/api/v3 v3.2023031.17/go.mod h1:H76Cdv9Nio0vnivoh6u12nlVIrW6x/kkvUwj8udFs4s=
+goauthentik.io/api/v3 v3.2023040.1 h1:WuMkilnvamibI3wMrOdNbMz4q3jbTheq0u3K97ZwYGM=
+goauthentik.io/api/v3 v3.2023040.1/go.mod h1:A2I2iDSEu0pW13mAT6J6wMWVSeV5+F52MWlcIHmERvk=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -412,7 +412,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -420,7 +419,6 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
 golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
 golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -474,13 +472,12 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -490,7 +487,6 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

internal/constants/constants.go

@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2023.4.0"
+const VERSION = "2023.4.1"

lifecycle/ak

@@ -15,7 +15,7 @@ function wait_for_db {
 function check_if_root {
     if [[ $EUID -ne 0 ]]; then
         log "Not running as root, disabling permission fixes"
-        $1
+        exec $1
         return
     fi
     SOCKET="/var/run/docker.sock"
@@ -35,7 +35,7 @@ function check_if_root {
     chown -R authentik:authentik /media /certs
     chmod ug+rwx /media
     chmod ug+rx /certs
-    chpst -u authentik:$GROUP env HOME=/authentik $1
+    exec chpst -u authentik:$GROUP env HOME=/authentik $1
 }
 
 function set_mode {
@@ -57,9 +57,9 @@ if [[ "$1" == "server" ]]; then
         python -m manage bootstrap_tasks
     fi
     if [[ -x "$(command -v authentik)" ]]; then
-        authentik
+        exec authentik
     else
-        go run -v ./cmd/server/
+        exec go run -v ./cmd/server/
     fi
 elif [[ "$1" == "worker" ]]; then
     wait_for_db
@@ -81,7 +81,7 @@ elif [[ "$1" == "healthcheck" ]]; then
     if [[ $mode == "server" ]]; then
         exec curl --user-agent "goauthentik.io lifecycle Healthcheck" -I http://localhost:9000/-/health/ready/
     elif [[ $mode == "worker" ]]; then
-        mtime=$(stat -f %m $WORKER_HEARTBEAT)
+        mtime=$(date -r $WORKER_HEARTBEAT +"%s")
         time=$(date +"%s")
         if [ "$(( $time - $mtime ))" -gt "30" ]; then
             log "Worker hasn't updated heartbeat in 30 seconds"

poetry.lock

@@ -1230,14 +1230,14 @@ ssh = ["paramiko (>=2.4.3)"]
 
 [[package]]
 name = "drf-spectacular"
-version = "0.26.1"
+version = "0.26.2"
 description = "Sane and flexible OpenAPI 3 schema generation for Django REST framework"
 category = "main"
 optional = false
 python-versions = ">=3.6"
 files = [
-    {file = "drf-spectacular-0.26.1.tar.gz", hash = "sha256:1599a204bf9cc6be7ef3e509859885a38d4f871fe287a1f191479868afd9e234"},
-    {file = "drf_spectacular-0.26.1-py3-none-any.whl", hash = "sha256:6df86ff6c2dc663792e5ff618643bf41d2ac9dc6fb5d1b0f273e2778bab951e5"},
+    {file = "drf-spectacular-0.26.2.tar.gz", hash = "sha256:005623d6bb9de37d2d0ec24ccd59c636e4a42f9af252f1470129ac32ccab38cb"},
+    {file = "drf_spectacular-0.26.2-py3-none-any.whl", hash = "sha256:e80eba58d9579bf6c3380ffd6d6a9b466c4bc35b23da0ba76dfcc96de1e907d7"},
 ]
 
 [package.dependencies]
@@ -1632,14 +1632,14 @@ files = [
 
 [[package]]
 name = "importlib-metadata"
-version = "6.3.0"
+version = "6.4.1"
 description = "Read metadata from Python packages"
 category = "dev"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "importlib_metadata-6.3.0-py3-none-any.whl", hash = "sha256:8f8bd2af397cf33bd344d35cfe7f489219b7d14fc79a3f854b75b8417e9226b0"},
-    {file = "importlib_metadata-6.3.0.tar.gz", hash = "sha256:23c2bcae4762dfb0bbe072d358faec24957901d75b6c4ab11172c0c982532402"},
+    {file = "importlib_metadata-6.4.1-py3-none-any.whl", hash = "sha256:63ace321e24167d12fbb176b6015f4dbe06868c54a2af4f15849586afb9027fd"},
+    {file = "importlib_metadata-6.4.1.tar.gz", hash = "sha256:eb1a7933041f0f85c94cd130258df3fb0dec060ad8c1c9318892ef4192c47ce1"},
 ]
 
 [package.dependencies]
@@ -2742,14 +2742,14 @@ files = [
 
 [[package]]
 name = "pytest"
-version = "7.3.0"
+version = "7.3.1"
 description = "pytest: simple powerful testing with Python"
 category = "dev"
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "pytest-7.3.0-py3-none-any.whl", hash = "sha256:933051fa1bfbd38a21e73c3960cebdad4cf59483ddba7696c48509727e17f201"},
-    {file = "pytest-7.3.0.tar.gz", hash = "sha256:58ecc27ebf0ea643ebfdf7fb1249335da761a00c9f955bcd922349bcb68ee57d"},
+    {file = "pytest-7.3.1-py3-none-any.whl", hash = "sha256:3799fa815351fea3a5e96ac7e503a96fa51cc9942c3753cda7651b93c1cfa362"},
+    {file = "pytest-7.3.1.tar.gz", hash = "sha256:434afafd78b1d78ed0addf160ad2b77a30d35d4bdf8af234fe621919d9ed15e3"},
 ]
 
 [package.dependencies]

pyproject.toml

@@ -105,7 +105,7 @@ filterwarnings = [
 
 [tool.poetry]
 name = "authentik"
-version = "2023.4.0"
+version = "2023.4.1"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2023.4.0
+  version: 2023.4.1
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io

web/package-lock.json

@@ -22,7 +22,7 @@
                 "@codemirror/theme-one-dark": "^6.1.1",
                 "@formatjs/intl-listformat": "^7.1.9",
                 "@fortawesome/fontawesome-free": "^6.4.0",
-                "@goauthentik/api": "^2023.3.1-1680447184",
+                "@goauthentik/api": "^2023.4.0-1681471246",
                 "@hcaptcha/types": "^1.0.3",
                 "@jackfranklin/rollup-plugin-markdown": "^0.4.0",
                 "@lingui/cli": "^3.17.2",
@@ -35,8 +35,8 @@
                 "@rollup/plugin-node-resolve": "^15.0.2",
                 "@rollup/plugin-replace": "^5.0.2",
                 "@rollup/plugin-typescript": "^11.1.0",
-                "@sentry/browser": "^7.47.0",
-                "@sentry/tracing": "^7.47.0",
+                "@sentry/browser": "^7.48.0",
+                "@sentry/tracing": "^7.48.0",
                 "@squoosh/cli": "^0.7.3",
                 "@trivago/prettier-plugin-sort-imports": "^4.1.1",
                 "@types/chart.js": "^2.9.37",
@@ -2026,9 +2026,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2023.3.1-1680447184",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.3.1-1680447184.tgz",
-            "integrity": "sha512-b4L7TUb8vkEDnPGpDTicdzEBB6O47KjOVHMWTmn3QzNLj2BCIVx/AF+nM58LvM3eXyrtB203pMX1I1W5Hv9o1g=="
+            "version": "2023.4.0-1681471246",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.4.0-1681471246.tgz",
+            "integrity": "sha512-/P9CfSHM4qEe1eaphC5MTYb/4yVrXBqME2amrj9JtK8dItGM/qSGDMIS8v18zZUsbO5fM+RQ/AtL/Izj1COZWA=="
         },
         "node_modules/@hcaptcha/types": {
             "version": "1.0.3",
@@ -2949,13 +2949,13 @@
             }
         },
         "node_modules/@sentry-internal/tracing": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.47.0.tgz",
-            "integrity": "sha512-udpHnCzF8DQsWf0gQwd0XFGp6Y8MOiwnl8vGt2ohqZGS3m1+IxoRLXsSkD8qmvN6KKDnwbaAvYnK0z0L+AW95g==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.48.0.tgz",
+            "integrity": "sha512-MFAPDTrvCtfSm0/Zbmx7HA0Q5uCfRadOUpN8Y8rP1ndz+329h2kA3mZRCuC+3/aXL11zs2CHUhcAkGjwH2vogg==",
             "dependencies": {
-                "@sentry/core": "7.47.0",
-                "@sentry/types": "7.47.0",
-                "@sentry/utils": "7.47.0",
+                "@sentry/core": "7.48.0",
+                "@sentry/types": "7.48.0",
+                "@sentry/utils": "7.48.0",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2968,15 +2968,15 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/browser": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.47.0.tgz",
-            "integrity": "sha512-L0t07kS/G1UGVZ9fpD6HLuaX8vVBqAGWgu+1uweXthYozu/N7ZAsakjU/Ozu6FSXj1mO3NOJZhOn/goIZLSj5A==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.48.0.tgz",
+            "integrity": "sha512-tdx/2nhuiykncmXFlV4Dpp+Hxgt/v31LiyXE79IcM560wc+QmWKtzoW9azBWQ0xt5KOO3ERMib9qPE4/ql1/EQ==",
             "dependencies": {
-                "@sentry-internal/tracing": "7.47.0",
-                "@sentry/core": "7.47.0",
-                "@sentry/replay": "7.47.0",
-                "@sentry/types": "7.47.0",
-                "@sentry/utils": "7.47.0",
+                "@sentry-internal/tracing": "7.48.0",
+                "@sentry/core": "7.48.0",
+                "@sentry/replay": "7.48.0",
+                "@sentry/types": "7.48.0",
+                "@sentry/utils": "7.48.0",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -2989,12 +2989,12 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/core": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.47.0.tgz",
-            "integrity": "sha512-EFhZhKdMu7wKmWYZwbgTi8FNZ7Fq+HdlXiZWNz51Bqe3pHmfAkdHtAEs0Buo0v623MKA0CA4EjXIazGUM34XTg==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.48.0.tgz",
+            "integrity": "sha512-8FYuJTMpyuxRZvlen3gQ3rpOtVInSDmSyXqWEhCLuG/w34AtWoTiW7G516rsAAh6Hy1TP91GooMWbonP3XQNTQ==",
             "dependencies": {
-                "@sentry/types": "7.47.0",
-                "@sentry/utils": "7.47.0",
+                "@sentry/types": "7.48.0",
+                "@sentry/utils": "7.48.0",
                 "tslib": "^1.9.3"
             },
             "engines": {
@@ -3007,43 +3007,43 @@
             "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg=="
         },
         "node_modules/@sentry/replay": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.47.0.tgz",
-            "integrity": "sha512-BFpVZVmwlezZ83y0L43TCTJY142Fxh+z+qZSwTag5HlhmIpBKw/WKg06ajOhrYJbCBkhHmeOvyKkxX0jnc39ZA==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.48.0.tgz",
+            "integrity": "sha512-8fRHMGJ0NJeIZi6UucxUTvfDPaBa7+jU1kCTLjCcuH3X/UVz5PtGLMtFSO5U8HP+mUDlPs97MP1uoDvMa4S2Ng==",
             "dependencies": {
-                "@sentry/core": "7.47.0",
-                "@sentry/types": "7.47.0",
-                "@sentry/utils": "7.47.0"
+                "@sentry/core": "7.48.0",
+                "@sentry/types": "7.48.0",
+                "@sentry/utils": "7.48.0"
             },
             "engines": {
                 "node": ">=12"
             }
         },
         "node_modules/@sentry/tracing": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.47.0.tgz",
-            "integrity": "sha512-hJCpKdekwaFNbCVXxfCz5IxfSEJIKnkPmRSVHITOm5VhKwq2e5kmy4Rn6bzSETwJFSDE8LGbR/3eSfGTqw37XA==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.48.0.tgz",
+            "integrity": "sha512-X6w74Av0fyayNicKIlwL1IdpZ3O0ETQjyYXCDTwHoJL71ojrgrL5vdiNz8WwbPONTnqu98HehPYL/z3DCCKVbw==",
             "dependencies": {
-                "@sentry-internal/tracing": "7.47.0"
+                "@sentry-internal/tracing": "7.48.0"
             },
             "engines": {
                 "node": ">=8"
             }
         },
         "node_modules/@sentry/types": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.47.0.tgz",
-            "integrity": "sha512-GxXocplN0j1+uczovHrfkykl9wvkamDtWxlPUQgyGlbLGZn+UH1Y79D4D58COaFWGEZdSNKr62gZAjfEYu9nQA==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.48.0.tgz",
+            "integrity": "sha512-kkAszZwQ5/v4n7Yyw/DPNRWx7h724mVNRGZIJa9ggUMvTgMe7UKCZZ5wfQmYiKVlGbwd9pxXAcP8Oq15EbByFQ==",
             "engines": {
                 "node": ">=8"
             }
         },
         "node_modules/@sentry/utils": {
-            "version": "7.47.0",
-            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.47.0.tgz",
-            "integrity": "sha512-A89SaOLp6XeZfByeYo2C8Ecye/YAtk/gENuyOUhQEdMulI6mZdjqtHAp7pTMVgkBc/YNARVuoa+kR/IdRrTPkQ==",
+            "version": "7.48.0",
+            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.48.0.tgz",
+            "integrity": "sha512-d977sghkFVMfld0LrEyyY2gYrfayLPdDEpUDT+hg5y79r7zZDCFyHtdB86699E5K89MwDZahW7Erk+a1nk4x5w==",
             "dependencies": {
-                "@sentry/types": "7.47.0",
+                "@sentry/types": "7.48.0",
                 "tslib": "^1.9.3"
             },
             "engines": {

web/package.json

@@ -66,7 +66,7 @@
         "@codemirror/theme-one-dark": "^6.1.1",
         "@formatjs/intl-listformat": "^7.1.9",
         "@fortawesome/fontawesome-free": "^6.4.0",
-        "@goauthentik/api": "^2023.3.1-1680447184",
+        "@goauthentik/api": "^2023.4.0-1681471246",
         "@hcaptcha/types": "^1.0.3",
         "@jackfranklin/rollup-plugin-markdown": "^0.4.0",
         "@lingui/cli": "^3.17.2",
@@ -79,8 +79,8 @@
         "@rollup/plugin-node-resolve": "^15.0.2",
         "@rollup/plugin-replace": "^5.0.2",
         "@rollup/plugin-typescript": "^11.1.0",
-        "@sentry/browser": "^7.47.0",
-        "@sentry/tracing": "^7.47.0",
+        "@sentry/browser": "^7.48.0",
+        "@sentry/tracing": "^7.48.0",
         "@squoosh/cli": "^0.7.3",
         "@trivago/prettier-plugin-sort-imports": "^4.1.1",
         "@types/chart.js": "^2.9.37",

web/src/common/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2023.4.0";
+export const VERSION = "2023.4.1";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

website/docs/installation/docker-compose.md

@@ -14,20 +14,29 @@ This installation method is for test-setups and small-scale production setups.
 
 Download the latest `docker-compose.yml` from [here](https://goauthentik.io/docker-compose.yml). Place it in a directory of your choice.
 
-If this is a fresh authentik install run the following commands to generate a password:
+If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen**, a popular generator:
 
 ```shell
 # You can also use openssl instead: `openssl rand -base64 36`
 sudo apt-get install -y pwgen
-# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported
-# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
+```
+
+Next, run the following commands to generate a password and secret key and write them to your `.env` file:
+
+```shell
 echo "PG_PASS=$(pwgen -s 40 1)" >> .env
 echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env
-# Skip if you don't want to enable error reporting
+# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported
+# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
+```
+
+To enable error reporting, run the following command:
+
+```shell
 echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env
 ```
 
-## Email configuration (optional, but recommended)
+## Email configuration (optional but recommended)
 
 It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails.
 

website/docs/releases/2023/v2023.4.md

@@ -3,6 +3,14 @@ title: Release 2023.4 - RADIUS support
 slug: "/releases/2023.4"
 ---
 
+## Breaking changes
+
+-   (Kubernetes only) Changes to RBAC objects created by helm
+
+    In previous versions, the helm chart would create a _ClusterRole_ and _ClusterRoleBinding_ if the service account creation was enabled. This was done to allow the deployment of outposts in any namespace in kubernetes. As this conflicted with multiple authentik installs per cluster, and was often not used, the new helm chart changes these resources to a _Role_ and _RoleBinding_, which give authentik access to deploy in the same namespace.
+
+    To keep the old behaviour, you can install the [authentik-remote-cluster](https://artifacthub.io/packages/helm/goauthentik/authentik-remote-cluster) chart, which deploys the same RBAC into any other namespace or cluster.
+
 ## New features
 
 -   RADIUS support

website/package-lock.json

@@ -15,10 +15,10 @@
                 "@mdx-js/react": "^1.6.22",
                 "clsx": "^1.2.1",
                 "disqus-react": "^1.1.5",
-                "postcss": "^8.4.21",
+                "postcss": "^8.4.22",
                 "rapidoc": "^9.3.4",
                 "react": "^17.0.2",
-                "react-before-after-slider-component": "^1.1.6",
+                "react-before-after-slider-component": "^1.1.8",
                 "react-dom": "^17.0.2",
                 "react-feather": "^2.0.10",
                 "react-toggle": "^4.1.3"
@@ -8731,9 +8731,15 @@
             }
         },
         "node_modules/nanoid": {
-            "version": "3.3.4",
-            "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-            "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+            "version": "3.3.6",
+            "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+            "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/ai"
+                }
+            ],
             "bin": {
                 "nanoid": "bin/nanoid.cjs"
             },
@@ -9310,9 +9316,9 @@
             }
         },
         "node_modules/postcss": {
-            "version": "8.4.21",
-            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
-            "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
+            "version": "8.4.22",
+            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.22.tgz",
+            "integrity": "sha512-XseknLAfRHzVWjCEtdviapiBtfLdgyzExD50Rg2ePaucEesyh8Wv4VPdW0nbyDa1ydbrAxV19jvMT4+LFmcNUA==",
             "funding": [
                 {
                     "type": "opencollective",
@@ -9321,10 +9327,14 @@
                 {
                     "type": "tidelift",
                     "url": "https://tidelift.com/funding/github/npm/postcss"
+                },
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/ai"
                 }
             ],
             "dependencies": {
-                "nanoid": "^3.3.4",
+                "nanoid": "^3.3.6",
                 "picocolors": "^1.0.0",
                 "source-map-js": "^1.0.2"
             },
@@ -10203,9 +10213,9 @@
             }
         },
         "node_modules/react-before-after-slider-component": {
-            "version": "1.1.6",
-            "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.6.tgz",
-            "integrity": "sha512-T6MgeomX17ibpxdDcS4GyncUb8IiZPQr9yTt9+ay1m4J5P8AGwgqOnR28Y3bMdcnjg8kIo8bvffLG5vuIWQIcw==",
+            "version": "1.1.8",
+            "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.8.tgz",
+            "integrity": "sha512-KcY231f68+7bF0Zkfat55jvgNSSCB5TkBtm1HhLeb336jtQ0hYKkdq6VwrleNrfeVdUD2v+E7DzgNJYc6dsY3Q==",
             "peerDependencies": {
                 "react": ">=17.0.2",
                 "react-dom": ">=17.0.2"
@@ -19838,9 +19848,9 @@
             }
         },
         "nanoid": {
-            "version": "3.3.4",
-            "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-            "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw=="
+            "version": "3.3.6",
+            "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
+            "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA=="
         },
         "negotiator": {
             "version": "0.6.3",
@@ -20243,11 +20253,11 @@
             }
         },
         "postcss": {
-            "version": "8.4.21",
-            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz",
-            "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==",
+            "version": "8.4.22",
+            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.22.tgz",
+            "integrity": "sha512-XseknLAfRHzVWjCEtdviapiBtfLdgyzExD50Rg2ePaucEesyh8Wv4VPdW0nbyDa1ydbrAxV19jvMT4+LFmcNUA==",
             "requires": {
-                "nanoid": "^3.3.4",
+                "nanoid": "^3.3.6",
                 "picocolors": "^1.0.0",
                 "source-map-js": "^1.0.2"
             }
@@ -20814,9 +20824,9 @@
             }
         },
         "react-before-after-slider-component": {
-            "version": "1.1.6",
-            "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.6.tgz",
-            "integrity": "sha512-T6MgeomX17ibpxdDcS4GyncUb8IiZPQr9yTt9+ay1m4J5P8AGwgqOnR28Y3bMdcnjg8kIo8bvffLG5vuIWQIcw==",
+            "version": "1.1.8",
+            "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.8.tgz",
+            "integrity": "sha512-KcY231f68+7bF0Zkfat55jvgNSSCB5TkBtm1HhLeb336jtQ0hYKkdq6VwrleNrfeVdUD2v+E7DzgNJYc6dsY3Q==",
             "requires": {}
         },
         "react-dev-utils": {

website/package.json

@@ -22,10 +22,10 @@
         "@mdx-js/react": "^1.6.22",
         "clsx": "^1.2.1",
         "disqus-react": "^1.1.5",
-        "postcss": "^8.4.21",
+        "postcss": "^8.4.22",
         "rapidoc": "^9.3.4",
         "react": "^17.0.2",
-        "react-before-after-slider-component": "^1.1.6",
+        "react-before-after-slider-component": "^1.1.8",
         "react-dom": "^17.0.2",
         "react-feather": "^2.0.10",
         "react-toggle": "^4.1.3"