tweak

* Translate web/xliff/en.xlf in nl

100% translated source file: 'web/xliff/en.xlf'
on 'nl'.

* also auto enable squash merge after approval

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

.github/workflows/translation-rename.yml

@@ -1,4 +1,5 @@
 # Rename transifex pull requests to have a correct naming
+# Also enables auto squash-merge
 name: authentik-translation-transifex-rename
 
 on:
@@ -37,3 +38,8 @@ jobs:
             -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${{ github.event.pull_request.number }} \
             -d "{\"title\":\"translate: ${{ steps.title.outputs.title }}\"}"
+      - uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ steps.generate_token.outputs.token }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash

Makefile

@@ -148,8 +148,7 @@ web-lint-fix:
 
 web-lint:
 	cd web && npm run lint
-	# TODO: The analyzer hasn't run correctly in awhile.
-	# cd web && npm run lit-analyse
+	cd web && npm run lit-analyse
 
 web-check-compile:
 	cd web && npm run tsc

authentik/core/api/groups.py

@@ -49,7 +49,7 @@ class GroupSerializer(ModelSerializer):
     users_obj = ListSerializer(
         child=GroupMemberSerializer(), read_only=True, source="users", required=False
     )
-    parent_name = CharField(source="parent.name", read_only=True)
+    parent_name = CharField(source="parent.name", read_only=True, allow_null=True)
 
     num_pk = IntegerField(read_only=True)
 

authentik/enterprise/migrations/0002_rename_users_license_internal_users_and_more.py

@@ -26,4 +26,11 @@ class Migration(migrations.Migration):
                 fields=["key"], name="authentik_e_key_523e13_hash"
             ),
         ),
+        migrations.AlterModelOptions(
+            name="licenseusage",
+            options={
+                "verbose_name": "License Usage",
+                "verbose_name_plural": "License Usage Records",
+            },
+        ),
     ]

authentik/enterprise/models.py

@@ -15,6 +15,7 @@ from django.contrib.postgres.indexes import HashIndex
 from django.db import models
 from django.db.models.query import QuerySet
 from django.utils.timezone import now
+from django.utils.translation import gettext as _
 from guardian.shortcuts import get_anonymous_user
 from jwt import PyJWTError, decode, get_unverified_header
 from rest_framework.exceptions import ValidationError
@@ -187,3 +188,7 @@ class LicenseUsage(ExpiringModel):
     within_limits = models.BooleanField()
 
     record_date = models.DateTimeField(auto_now_add=True)
+
+    class Meta:
+        verbose_name = _("License Usage")
+        verbose_name_plural = _("License Usage Records")

authentik/events/api/events.py

@@ -4,7 +4,7 @@ from json import loads
 
 import django_filters
 from django.db.models.aggregates import Count
-from django.db.models.fields.json import KeyTextTransform
+from django.db.models.fields.json import KeyTextTransform, KeyTransform
 from django.db.models.functions import ExtractDay
 from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import OpenApiParameter, extend_schema
@@ -134,11 +134,11 @@ class EventViewSet(ModelViewSet):
         """Get the top_n events grouped by user count"""
         filtered_action = request.query_params.get("action", EventAction.LOGIN)
         top_n = int(request.query_params.get("top_n", "15"))
-        return Response(
+        events = (
             get_objects_for_user(request.user, "authentik_events.view_event")
             .filter(action=filtered_action)
             .exclude(context__authorized_application=None)
-            .annotate(application=KeyTextTransform("authorized_application", "context"))
+            .annotate(application=KeyTransform("authorized_application", "context"))
             .annotate(user_pk=KeyTextTransform("pk", "user"))
             .values("application")
             .annotate(counted_events=Count("application"))
@@ -146,6 +146,7 @@ class EventViewSet(ModelViewSet):
             .values("unique_users", "application", "counted_events")
             .order_by("-counted_events")[:top_n]
         )
+        return Response(EventTopPerUserSerializer(instance=events, many=True).data)
 
     @extend_schema(
         methods=["GET"],

authentik/lib/default.yml

@@ -84,6 +84,9 @@ ldap:
   tls:
     ciphers: null
 
+reputation:
+  expiry: 86400
+
 cookie_domain: null
 disable_update_check: false
 disable_startup_analytics: false

authentik/policies/reputation/migrations/0005_reputation_expires_reputation_expiring.py

@@ -0,0 +1,33 @@
+# Generated by Django 4.2.4 on 2023-08-31 10:42
+
+from django.db import migrations, models
+
+import authentik.policies.reputation.models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("authentik_policies_reputation", "0004_reputationpolicy_authentik_p_policy__8f0d70_idx"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="reputation",
+            name="expires",
+            field=models.DateTimeField(
+                default=authentik.policies.reputation.models.reputation_expiry
+            ),
+        ),
+        migrations.AddField(
+            model_name="reputation",
+            name="expiring",
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AlterModelOptions(
+            name="reputation",
+            options={
+                "verbose_name": "Reputation Score",
+                "verbose_name_plural": "Reputation Scores",
+            },
+        ),
+    ]

authentik/policies/reputation/models.py

@@ -1,13 +1,17 @@
 """authentik reputation request policy"""
+from datetime import timedelta
 from uuid import uuid4
 
 from django.db import models
 from django.db.models import Sum
 from django.db.models.query_utils import Q
+from django.utils.timezone import now
 from django.utils.translation import gettext as _
 from rest_framework.serializers import BaseSerializer
 from structlog import get_logger
 
+from authentik.core.models import ExpiringModel
+from authentik.lib.config import CONFIG
 from authentik.lib.models import SerializerModel
 from authentik.lib.utils.http import get_client_ip
 from authentik.policies.models import Policy
@@ -17,6 +21,11 @@ LOGGER = get_logger()
 CACHE_KEY_PREFIX = "goauthentik.io/policies/reputation/scores/"
 
 
+def reputation_expiry():
+    """Reputation expiry"""
+    return now() + timedelta(seconds=CONFIG.get_int("reputation.expiry"))
+
+
 class ReputationPolicy(Policy):
     """Return true if request IP/target username's score is below a certain threshold"""
 
@@ -59,7 +68,7 @@ class ReputationPolicy(Policy):
         verbose_name_plural = _("Reputation Policies")
 
 
-class Reputation(SerializerModel):
+class Reputation(ExpiringModel, SerializerModel):
     """Reputation for user and or IP."""
 
     reputation_uuid = models.UUIDField(primary_key=True, unique=True, default=uuid4)
@@ -69,6 +78,8 @@ class Reputation(SerializerModel):
     ip_geo_data = models.JSONField(default=dict)
     score = models.BigIntegerField(default=0)
 
+    expires = models.DateTimeField(default=reputation_expiry)
+
     updated = models.DateTimeField(auto_now_add=True)
 
     @property
@@ -81,4 +92,6 @@ class Reputation(SerializerModel):
         return f"Reputation {self.identifier}/{self.ip} @ {self.score}"
 
     class Meta:
+        verbose_name = _("Reputation Score")
+        verbose_name_plural = _("Reputation Scores")
         unique_together = ("identifier", "ip")

authentik/providers/oauth2/views/authorize.py

@@ -375,7 +375,9 @@ class AuthorizationFlowInitView(PolicyAccessView):
             ):
                 self.request.session[SESSION_KEY_LAST_LOGIN_UID] = login_uid
                 return self.handle_no_permission()
-        scope_descriptions = UserInfoView().get_scope_descriptions(self.params.scope)
+        scope_descriptions = UserInfoView().get_scope_descriptions(
+            self.params.scope, self.params.provider
+        )
         # Regardless, we start the planner and return to it
         planner = FlowPlanner(self.provider.authorization_flow)
         planner.allow_empty_flows = True

authentik/providers/oauth2/views/device_init.py

@@ -55,7 +55,7 @@ def validate_code(code: int, request: HttpRequest) -> Optional[HttpResponse]:
     if not app:
         return None
 
-    scope_descriptions = UserInfoView().get_scope_descriptions(token.scope)
+    scope_descriptions = UserInfoView().get_scope_descriptions(token.scope, token.provider)
     planner = FlowPlanner(token.provider.authorization_flow)
     planner.allow_empty_flows = True
     try:

authentik/providers/oauth2/views/userinfo.py

@@ -40,10 +40,14 @@ class UserInfoView(View):
 
     token: Optional[RefreshToken]
 
-    def get_scope_descriptions(self, scopes: list[str]) -> list[PermissionDict]:
+    def get_scope_descriptions(
+        self, scopes: list[str], provider: OAuth2Provider
+    ) -> list[PermissionDict]:
         """Get a list of all Scopes's descriptions"""
         scope_descriptions = []
-        for scope in ScopeMapping.objects.filter(scope_name__in=scopes).order_by("scope_name"):
+        for scope in ScopeMapping.objects.filter(scope_name__in=scopes, provider=provider).order_by(
+            "scope_name"
+        ):
             scope_descriptions.append(PermissionDict(id=scope.scope_name, name=scope.description))
         # GitHub Compatibility Scopes are handled differently, since they required custom paths
         # Hence they don't exist as Scope objects

authentik/root/settings.py

@@ -402,6 +402,7 @@ LOG_PRE_CHAIN = [
     structlog.stdlib.add_logger_name,
     structlog.processors.TimeStamper(),
     structlog.processors.StackInfoRenderer(),
+    structlog.processors.format_exc_info,
 ]
 
 LOGGING = {

authentik/sources/plex/tasks.py

@@ -30,7 +30,7 @@ def check_plex_token(self: MonitoredTask, source_slug: int):
         self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, ["Plex token is valid."]))
     except RequestException as exc:
         error = exception_to_string(exc)
-        if len(source.plex_token) < 1:
+        if len(source.plex_token) > 0:
             error = error.replace(source.plex_token, "$PLEX_TOKEN")
         self.set_status(
             TaskResult(

go.mod

@@ -26,7 +26,7 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/stretchr/testify v1.8.4
-	goauthentik.io/api/v3 v3.2023061.13
+	goauthentik.io/api/v3 v3.2023081.2
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
 	golang.org/x/oauth2 v0.11.0
 	golang.org/x/sync v0.3.0

go.sum

@@ -1071,8 +1071,8 @@ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqe
 go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
-goauthentik.io/api/v3 v3.2023061.13 h1:0V5XrryJdMrOug/5wWazmH+D3Y/dDGPyLDhWcbJ5Gm0=
-goauthentik.io/api/v3 v3.2023061.13/go.mod h1:sP1/Ak/vGw96xNgpyoObHgXfyAElcTN5CbbC+VdPQXk=
+goauthentik.io/api/v3 v3.2023081.2 h1:Mj5uqF/sEdcenZjWV+w/SvrLy8Un19vhjDek2DWmq/E=
+goauthentik.io/api/v3 v3.2023081.2/go.mod h1:sP1/Ak/vGw96xNgpyoObHgXfyAElcTN5CbbC+VdPQXk=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=

locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-08-23 10:04+0000\n"
+"POT-Creation-Date: 2023-08-30 17:44+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -23,11 +23,11 @@ msgstr ""
 msgid "Successfully re-scheduled Task %(name)s!"
 msgstr ""
 
-#: authentik/api/schema.py:24
+#: authentik/api/schema.py:25
 msgid "Generic API Error"
 msgstr ""
 
-#: authentik/api/schema.py:32
+#: authentik/api/schema.py:33
 msgid "Validation Error"
 msgstr ""
 
@@ -82,11 +82,11 @@ msgstr ""
 msgid "Create a SAML Provider by importing its Metadata."
 msgstr ""
 
-#: authentik/core/api/users.py:150
+#: authentik/core/api/users.py:158
 msgid "No leading or trailing slashes allowed."
 msgstr ""
 
-#: authentik/core/api/users.py:153
+#: authentik/core/api/users.py:161
 msgid "No empty segments in user path allowed."
 msgstr ""
 
@@ -102,7 +102,7 @@ msgstr ""
 msgid "User's display name."
 msgstr ""
 
-#: authentik/core/models.py:268 authentik/providers/oauth2/models.py:294
+#: authentik/core/models.py:268 authentik/providers/oauth2/models.py:295
 msgid "User"
 msgstr ""
 
@@ -291,12 +291,12 @@ msgstr ""
 msgid "Go home"
 msgstr ""
 
-#: authentik/core/templates/login/base_full.html:90
+#: authentik/core/templates/login/base_full.html:89
 msgid "Powered by authentik"
 msgstr ""
 
 #: authentik/core/views/apps.py:53
-#: authentik/providers/oauth2/views/authorize.py:391
+#: authentik/providers/oauth2/views/authorize.py:393
 #: authentik/providers/oauth2/views/device_init.py:70
 #: authentik/providers/saml/views/sso.py:70
 #, python-format
@@ -917,216 +917,216 @@ msgid ""
 "this method only if you have different UPN and Mail domains."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:42
+#: authentik/providers/oauth2/models.py:43
 msgid "Confidential"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:43
+#: authentik/providers/oauth2/models.py:44
 msgid "Public"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:65
+#: authentik/providers/oauth2/models.py:66
 msgid "Same identifier is used for all providers"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:67
+#: authentik/providers/oauth2/models.py:68
 msgid "Each provider has a different issuer, based on the application slug."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:74
+#: authentik/providers/oauth2/models.py:75
 msgid "code (Authorization Code Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:75
+#: authentik/providers/oauth2/models.py:76
 msgid "id_token (Implicit Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:76
+#: authentik/providers/oauth2/models.py:77
 msgid "id_token token (Implicit Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:77
+#: authentik/providers/oauth2/models.py:78
 msgid "code token (Hybrid Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:78
+#: authentik/providers/oauth2/models.py:79
 msgid "code id_token (Hybrid Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:79
+#: authentik/providers/oauth2/models.py:80
 msgid "code id_token token (Hybrid Flow)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:85
+#: authentik/providers/oauth2/models.py:86
 msgid "HS256 (Symmetric Encryption)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:86
+#: authentik/providers/oauth2/models.py:87
 msgid "RS256 (Asymmetric Encryption)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:87
+#: authentik/providers/oauth2/models.py:88
 msgid "ES256 (Asymmetric Encryption)"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:93
+#: authentik/providers/oauth2/models.py:94
 msgid "Scope used by the client"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:97
+#: authentik/providers/oauth2/models.py:98
 msgid ""
 "Description shown to the user when consenting. If left empty, the user won't "
 "be informed."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:116
+#: authentik/providers/oauth2/models.py:117
 msgid "Scope Mapping"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:117
+#: authentik/providers/oauth2/models.py:118
 msgid "Scope Mappings"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:127
+#: authentik/providers/oauth2/models.py:128
 msgid "Client Type"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:129
+#: authentik/providers/oauth2/models.py:130
 msgid ""
 "Confidential clients are capable of maintaining the confidentiality of their "
 "credentials. Public clients are incapable"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:136
+#: authentik/providers/oauth2/models.py:137
 msgid "Client ID"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:142
+#: authentik/providers/oauth2/models.py:143
 msgid "Client Secret"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:148
+#: authentik/providers/oauth2/models.py:149
 msgid "Redirect URIs"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:149
+#: authentik/providers/oauth2/models.py:150
 msgid "Enter each URI on a new line."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:154
+#: authentik/providers/oauth2/models.py:155
 msgid "Include claims in id_token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:156
+#: authentik/providers/oauth2/models.py:157
 msgid ""
 "Include User claims from scopes in the id_token, for applications that don't "
 "access the userinfo endpoint."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:165
+#: authentik/providers/oauth2/models.py:166
 msgid ""
 "Access codes not valid on or after current time + this value (Format: "
 "hours=1;minutes=2;seconds=3)."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:173
-#: authentik/providers/oauth2/models.py:181
+#: authentik/providers/oauth2/models.py:174
+#: authentik/providers/oauth2/models.py:182
 msgid ""
 "Tokens not valid on or after current time + this value (Format: hours=1;"
 "minutes=2;seconds=3)."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:190
+#: authentik/providers/oauth2/models.py:191
 msgid ""
 "Configure what data should be used as unique User Identifier. For most "
 "cases, the default should be fine."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:197
+#: authentik/providers/oauth2/models.py:198
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:202
+#: authentik/providers/oauth2/models.py:203
 msgid "Signing Key"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:206
+#: authentik/providers/oauth2/models.py:207
 msgid ""
 "Key used to sign the tokens. Only required when JWT Algorithm is set to "
 "RS256."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:213
+#: authentik/providers/oauth2/models.py:214
 msgid ""
 "Any JWT signed by the JWK of the selected source can be used to authenticate."
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:286
+#: authentik/providers/oauth2/models.py:287
 msgid "OAuth2/OpenID Provider"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:287
+#: authentik/providers/oauth2/models.py:288
 msgid "OAuth2/OpenID Providers"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:296
-#: authentik/providers/oauth2/models.py:428
+#: authentik/providers/oauth2/models.py:297
+#: authentik/providers/oauth2/models.py:429
 msgid "Scopes"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:315
+#: authentik/providers/oauth2/models.py:316
 msgid "Code"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:316
+#: authentik/providers/oauth2/models.py:317
 msgid "Nonce"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:317
+#: authentik/providers/oauth2/models.py:318
 msgid "Code Challenge"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:319
+#: authentik/providers/oauth2/models.py:320
 msgid "Code Challenge Method"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:339
+#: authentik/providers/oauth2/models.py:340
 msgid "Authorization Code"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:340
+#: authentik/providers/oauth2/models.py:341
 msgid "Authorization Codes"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:382
+#: authentik/providers/oauth2/models.py:383
 msgid "OAuth2 Access Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:383
+#: authentik/providers/oauth2/models.py:384
 msgid "OAuth2 Access Tokens"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:393
+#: authentik/providers/oauth2/models.py:394
 msgid "ID Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:412
+#: authentik/providers/oauth2/models.py:413
 msgid "OAuth2 Refresh Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:413
+#: authentik/providers/oauth2/models.py:414
 msgid "OAuth2 Refresh Tokens"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:440
+#: authentik/providers/oauth2/models.py:441
 msgid "Device Token"
 msgstr ""
 
-#: authentik/providers/oauth2/models.py:441
+#: authentik/providers/oauth2/models.py:442
 msgid "Device Tokens"
 msgstr ""
 
-#: authentik/providers/oauth2/views/authorize.py:446
+#: authentik/providers/oauth2/views/authorize.py:448
 #: authentik/providers/saml/views/flows.py:87
 #, python-format
 msgid "Redirecting to %(app)s..."
@@ -1136,20 +1136,20 @@ msgstr ""
 msgid "Invalid code"
 msgstr ""
 
-#: authentik/providers/oauth2/views/userinfo.py:51
-#: authentik/providers/oauth2/views/userinfo.py:52
+#: authentik/providers/oauth2/views/userinfo.py:55
+#: authentik/providers/oauth2/views/userinfo.py:56
 msgid "GitHub Compatibility: Access your User Information"
 msgstr ""
 
-#: authentik/providers/oauth2/views/userinfo.py:53
+#: authentik/providers/oauth2/views/userinfo.py:57
 msgid "GitHub Compatibility: Access you Email addresses"
 msgstr ""
 
-#: authentik/providers/oauth2/views/userinfo.py:54
+#: authentik/providers/oauth2/views/userinfo.py:58
 msgid "GitHub Compatibility: Access your Groups"
 msgstr ""
 
-#: authentik/providers/oauth2/views/userinfo.py:55
+#: authentik/providers/oauth2/views/userinfo.py:59
 msgid "authentik API Access on behalf of your user"
 msgstr ""
 
@@ -1157,7 +1157,7 @@ msgstr ""
 msgid "User and password attributes must be set when basic auth is enabled."
 msgstr ""
 
-#: authentik/providers/proxy/api.py:62
+#: authentik/providers/proxy/api.py:63
 msgid "Internal host cannot be empty when forward auth is disabled."
 msgstr ""
 
@@ -1895,7 +1895,7 @@ msgstr ""
 msgid "TOTP Authenticator Setup Stages"
 msgstr ""
 
-#: authentik/stages/authenticator_validate/challenge.py:123
+#: authentik/stages/authenticator_validate/challenge.py:131
 msgid "Invalid Token"
 msgstr ""
 
@@ -2047,15 +2047,15 @@ msgstr ""
 msgid "Email Stages"
 msgstr ""
 
-#: authentik/stages/email/stage.py:112
+#: authentik/stages/email/stage.py:117
 msgid "Successfully verified Email."
 msgstr ""
 
-#: authentik/stages/email/stage.py:119 authentik/stages/email/stage.py:141
+#: authentik/stages/email/stage.py:124 authentik/stages/email/stage.py:146
 msgid "No pending user."
 msgstr ""
 
-#: authentik/stages/email/stage.py:131
+#: authentik/stages/email/stage.py:136
 msgid "Email sent."
 msgstr ""
 
@@ -2178,11 +2178,11 @@ msgstr ""
 msgid "Identification Stages"
 msgstr ""
 
-#: authentik/stages/identification/stage.py:184
+#: authentik/stages/identification/stage.py:188
 msgid "Log in"
 msgstr ""
 
-#: authentik/stages/identification/stage.py:185
+#: authentik/stages/identification/stage.py:189
 msgid "Continue"
 msgstr ""
 

poetry.lock

@@ -3458,13 +3458,13 @@ urllib3 = {version = ">=1.26,<3", extras = ["socks"]}
 
 [[package]]
 name = "sentry-sdk"
-version = "1.29.2"
+version = "1.30.0"
 description = "Python client for Sentry (https://sentry.io)"
 optional = false
 python-versions = "*"
 files = [
-    {file = "sentry-sdk-1.29.2.tar.gz", hash = "sha256:a99ee105384788c3f228726a88baf515fe7b5f1d2d0f215a03d194369f158df7"},
-    {file = "sentry_sdk-1.29.2-py2.py3-none-any.whl", hash = "sha256:3e17215d8006612e2df02b0e73115eb8376c37e3f586d8436fa41644e605074d"},
+    {file = "sentry-sdk-1.30.0.tar.gz", hash = "sha256:7dc873b87e1faf4d00614afd1058bfa1522942f33daef8a59f90de8ed75cd10c"},
+    {file = "sentry_sdk-1.30.0-py2.py3-none-any.whl", hash = "sha256:2e53ad63f96bb9da6570ba2e755c267e529edcf58580a2c0d2a11ef26e1e678b"},
 ]
 
 [package.dependencies]
@@ -3487,6 +3487,7 @@ httpx = ["httpx (>=0.16.0)"]
 huey = ["huey (>=2)"]
 loguru = ["loguru (>=0.5)"]
 opentelemetry = ["opentelemetry-distro (>=0.35b0)"]
+opentelemetry-experimental = ["opentelemetry-distro (>=0.40b0,<1.0)", "opentelemetry-instrumentation-aiohttp-client (>=0.40b0,<1.0)", "opentelemetry-instrumentation-django (>=0.40b0,<1.0)", "opentelemetry-instrumentation-fastapi (>=0.40b0,<1.0)", "opentelemetry-instrumentation-flask (>=0.40b0,<1.0)", "opentelemetry-instrumentation-requests (>=0.40b0,<1.0)", "opentelemetry-instrumentation-sqlite3 (>=0.40b0,<1.0)", "opentelemetry-instrumentation-urllib (>=0.40b0,<1.0)"]
 pure-eval = ["asttokens", "executing", "pure-eval"]
 pymongo = ["pymongo (>=3.1)"]
 pyspark = ["pyspark (>=2.4.4)"]

schema.yml

@@ -12961,7 +12961,7 @@ paths:
         schema:
           type: string
           format: uuid
-        description: A UUID string identifying this reputation.
+        description: A UUID string identifying this Reputation Score.
         required: true
       tags:
       - policies
@@ -12995,7 +12995,7 @@ paths:
         schema:
           type: string
           format: uuid
-        description: A UUID string identifying this reputation.
+        description: A UUID string identifying this Reputation Score.
         required: true
       tags:
       - policies
@@ -13026,7 +13026,7 @@ paths:
         schema:
           type: string
           format: uuid
-        description: A UUID string identifying this reputation.
+        description: A UUID string identifying this Reputation Score.
         required: true
       tags:
       - policies
@@ -29523,7 +29523,7 @@ components:
             * `authentik_policies_expression.expressionpolicy` - Expression Policy
             * `authentik_policies_password.passwordpolicy` - Password Policy
             * `authentik_policies_reputation.reputationpolicy` - Reputation Policy
-            * `authentik_policies_reputation.reputation` - reputation
+            * `authentik_policies_reputation.reputation` - Reputation Score
             * `authentik_policies.policybinding` - Policy Binding
             * `authentik_providers_ldap.ldapprovider` - LDAP Provider
             * `authentik_providers_oauth2.scopemapping` - Scope Mapping
@@ -29713,7 +29713,7 @@ components:
             * `authentik_policies_expression.expressionpolicy` - Expression Policy
             * `authentik_policies_password.passwordpolicy` - Password Policy
             * `authentik_policies_reputation.reputationpolicy` - Reputation Policy
-            * `authentik_policies_reputation.reputation` - reputation
+            * `authentik_policies_reputation.reputation` - Reputation Score
             * `authentik_policies.policybinding` - Policy Binding
             * `authentik_providers_ldap.ldapprovider` - LDAP Provider
             * `authentik_providers_oauth2.scopemapping` - Scope Mapping
@@ -30498,6 +30498,7 @@ components:
         parent_name:
           type: string
           readOnly: true
+          nullable: true
         users:
           type: array
           items:
@@ -31942,7 +31943,7 @@ components:
         * `authentik_policies_expression.expressionpolicy` - Expression Policy
         * `authentik_policies_password.passwordpolicy` - Password Policy
         * `authentik_policies_reputation.reputationpolicy` - Reputation Policy
-        * `authentik_policies_reputation.reputation` - reputation
+        * `authentik_policies_reputation.reputation` - Reputation Score
         * `authentik_policies.policybinding` - Policy Binding
         * `authentik_providers_ldap.ldapprovider` - LDAP Provider
         * `authentik_providers_oauth2.scopemapping` - Scope Mapping
@@ -34929,7 +34930,7 @@ components:
             * `authentik_policies_expression.expressionpolicy` - Expression Policy
             * `authentik_policies_password.passwordpolicy` - Password Policy
             * `authentik_policies_reputation.reputationpolicy` - Reputation Policy
-            * `authentik_policies_reputation.reputation` - reputation
+            * `authentik_policies_reputation.reputation` - Reputation Score
             * `authentik_policies.policybinding` - Policy Binding
             * `authentik_providers_ldap.ldapprovider` - LDAP Provider
             * `authentik_providers_oauth2.scopemapping` - Scope Mapping

web/package-lock.json

@@ -17,14 +17,14 @@
                 "@codemirror/theme-one-dark": "^6.1.2",
                 "@formatjs/intl-listformat": "^7.4.0",
                 "@fortawesome/fontawesome-free": "^6.4.2",
-                "@goauthentik/api": "^2023.8.0-1693337284",
+                "@goauthentik/api": "^2023.8.1-1693482391",
                 "@lit-labs/context": "^0.4.0",
-                "@lit-labs/task": "^3.0.1",
+                "@lit-labs/task": "^3.0.2",
                 "@lit/localize": "^0.11.4",
                 "@patternfly/elements": "^2.4.0",
                 "@patternfly/patternfly": "^4.224.2",
-                "@sentry/browser": "^7.65.0",
-                "@sentry/tracing": "^7.65.0",
+                "@sentry/browser": "^7.66.0",
+                "@sentry/tracing": "^7.66.0",
                 "@webcomponents/webcomponentsjs": "^2.8.0",
                 "base64-js": "^1.5.1",
                 "chart.js": "^4.4.0",
@@ -48,7 +48,7 @@
                 "@babel/plugin-proposal-private-methods": "^7.18.6",
                 "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
                 "@babel/plugin-transform-runtime": "^7.22.10",
-                "@babel/preset-env": "^7.22.10",
+                "@babel/preset-env": "^7.22.14",
                 "@babel/preset-typescript": "^7.22.11",
                 "@hcaptcha/types": "^1.0.3",
                 "@jackfranklin/rollup-plugin-markdown": "^0.4.0",
@@ -81,7 +81,7 @@
                 "lit-analyzer": "^1.2.1",
                 "npm-run-all": "^4.1.5",
                 "prettier": "^3.0.3",
-                "pyright": "^1.1.324",
+                "pyright": "^1.1.325",
                 "react": "^18.2.0",
                 "react-dom": "^18.2.0",
                 "rollup": "^3.28.1",
@@ -1001,9 +1001,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-async-generator-functions": {
-            "version": "7.22.10",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.22.10.tgz",
-            "integrity": "sha512-eueE8lvKVzq5wIObKK/7dvoeKJ+xc6TvRn6aysIjS6pSCeLy7S/eVi7pEQknZqyqvzaNKdDtem8nUNTBgDVR2g==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.22.11.tgz",
+            "integrity": "sha512-0pAlmeRJn6wU84zzZsEOx1JV1Jf8fqO9ok7wofIJwUnplYo247dcd24P+cMJht7ts9xkzdtB0EPHmOb7F+KzXw==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-environment-visitor": "^7.22.5",
@@ -1082,12 +1082,12 @@
             }
         },
         "node_modules/@babel/plugin-transform-class-static-block": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.22.5.tgz",
-            "integrity": "sha512-SPToJ5eYZLxlnp1UzdARpOGeC2GbHvr9d/UV0EukuVx8atktg194oe+C5BqQ8jRTkgLRVOPYeXRSBg1IlMoVRA==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.22.11.tgz",
+            "integrity": "sha512-GMM8gGmqI7guS/llMFk1bJDkKfn3v3C4KHK9Yg1ey5qcHcOlKb0QvcMrgzvxo+T03/4szNh5lghY+fEC98Kq9g==",
             "dev": true,
             "dependencies": {
-                "@babel/helper-create-class-features-plugin": "^7.22.5",
+                "@babel/helper-create-class-features-plugin": "^7.22.11",
                 "@babel/helper-plugin-utils": "^7.22.5",
                 "@babel/plugin-syntax-class-static-block": "^7.14.5"
             },
@@ -1184,9 +1184,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-dynamic-import": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.22.5.tgz",
-            "integrity": "sha512-0MC3ppTB1AMxd8fXjSrbPa7LT9hrImt+/fcj+Pg5YMD7UQyWp/02+JWpdnCymmsXwIx5Z+sYn1bwCn4ZJNvhqQ==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.22.11.tgz",
+            "integrity": "sha512-g/21plo58sfteWjaO0ZNVb+uEOkJNjAaHhbejrnBmu011l/eNDScmkbjCC3l4FKb10ViaGU4aOkFznSu2zRHgA==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1216,9 +1216,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-export-namespace-from": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.22.5.tgz",
-            "integrity": "sha512-X4hhm7FRnPgd4nDA4b/5V280xCx6oL7Oob5+9qVS5C13Zq4bh1qq7LU0GgRU6b5dBWBvhGaXYVB4AcN6+ol6vg==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.22.11.tgz",
+            "integrity": "sha512-xa7aad7q7OiT8oNZ1mU7NrISjlSkVdMbNxn9IuLZyL9AJEhs1Apba3I+u5riX1dIkdptP5EKDG5XDPByWxtehw==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1280,9 +1280,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-json-strings": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.22.5.tgz",
-            "integrity": "sha512-DuCRB7fu8MyTLbEQd1ew3R85nx/88yMoqo2uPSjevMj3yoN7CDM8jkgrY0wmVxfJZyJ/B9fE1iq7EQppWQmR5A==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.22.11.tgz",
+            "integrity": "sha512-CxT5tCqpA9/jXFlme9xIBCc5RPtdDq3JpkkhgHQqtDdiTnTI0jtZ0QzXhr5DILeYifDPp2wvY2ad+7+hLMW5Pw==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1311,9 +1311,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-logical-assignment-operators": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.22.5.tgz",
-            "integrity": "sha512-MQQOUW1KL8X0cDWfbwYP+TbVbZm16QmQXJQ+vndPtH/BoO0lOKpVoEDMI7+PskYxH+IiE0tS8xZye0qr1lGzSA==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.22.11.tgz",
+            "integrity": "sha512-qQwRTP4+6xFCDV5k7gZBF3C31K34ut0tbEcTKxlX/0KXxm9GLcO14p570aWxFvVzx6QAfPgq7gaeIHXJC8LswQ==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1375,13 +1375,13 @@
             }
         },
         "node_modules/@babel/plugin-transform-modules-systemjs": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.22.5.tgz",
-            "integrity": "sha512-emtEpoaTMsOs6Tzz+nbmcePl6AKVtS1yC4YNAeMun9U8YCsgadPNxnOPQ8GhHFB2qdx+LZu9LgoC0Lthuu05DQ==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.22.11.tgz",
+            "integrity": "sha512-rIqHmHoMEOhI3VkVf5jQ15l539KrwhzqcBO6wdCNWPWc/JWt9ILNYNUssbRpeq0qWns8svuw8LnMNCvWBIJ8wA==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-hoist-variables": "^7.22.5",
-                "@babel/helper-module-transforms": "^7.22.5",
+                "@babel/helper-module-transforms": "^7.22.9",
                 "@babel/helper-plugin-utils": "^7.22.5",
                 "@babel/helper-validator-identifier": "^7.22.5"
             },
@@ -1440,9 +1440,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-nullish-coalescing-operator": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.22.5.tgz",
-            "integrity": "sha512-6CF8g6z1dNYZ/VXok5uYkkBBICHZPiGEl7oDnAx2Mt1hlHVHOSIKWJaXHjQJA5VB43KZnXZDIexMchY4y2PGdA==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.22.11.tgz",
+            "integrity": "sha512-YZWOw4HxXrotb5xsjMJUDlLgcDXSfO9eCmdl1bgW4+/lAGdkjaEvOnQ4p5WKKdUgSzO39dgPl0pTnfxm0OAXcg==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1456,9 +1456,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-numeric-separator": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.22.5.tgz",
-            "integrity": "sha512-NbslED1/6M+sXiwwtcAB/nieypGw02Ejf4KtDeMkCEpP6gWFMX1wI9WKYua+4oBneCCEmulOkRpwywypVZzs/g==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.22.11.tgz",
+            "integrity": "sha512-3dzU4QGPsILdJbASKhF/V2TVP+gJya1PsueQCxIPCEcerqF21oEcrob4mzjsp2Py/1nLfF5m+xYNMDpmA8vffg==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1472,13 +1472,13 @@
             }
         },
         "node_modules/@babel/plugin-transform-object-rest-spread": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.22.5.tgz",
-            "integrity": "sha512-Kk3lyDmEslH9DnvCDA1s1kkd3YWQITiBOHngOtDL9Pt6BZjzqb6hiOlb8VfjiiQJ2unmegBqZu0rx5RxJb5vmQ==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.22.11.tgz",
+            "integrity": "sha512-nX8cPFa6+UmbepISvlf5jhQyaC7ASs/7UxHmMkuJ/k5xSHvDPPaibMo+v3TXwU/Pjqhep/nFNpd3zn4YR59pnw==",
             "dev": true,
             "dependencies": {
-                "@babel/compat-data": "^7.22.5",
-                "@babel/helper-compilation-targets": "^7.22.5",
+                "@babel/compat-data": "^7.22.9",
+                "@babel/helper-compilation-targets": "^7.22.10",
                 "@babel/helper-plugin-utils": "^7.22.5",
                 "@babel/plugin-syntax-object-rest-spread": "^7.8.3",
                 "@babel/plugin-transform-parameters": "^7.22.5"
@@ -1507,9 +1507,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-optional-catch-binding": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.22.5.tgz",
-            "integrity": "sha512-pH8orJahy+hzZje5b8e2QIlBWQvGpelS76C63Z+jhZKsmzfNaPQ+LaW6dcJ9bxTpo1mtXbgHwy765Ro3jftmUg==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.22.11.tgz",
+            "integrity": "sha512-rli0WxesXUeCJnMYhzAglEjLWVDF6ahb45HuprcmQuLidBJFWjNnOzssk2kuc6e33FlLaiZhG/kUIzUMWdBKaQ==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1523,9 +1523,9 @@
             }
         },
         "node_modules/@babel/plugin-transform-optional-chaining": {
-            "version": "7.22.10",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.22.10.tgz",
-            "integrity": "sha512-MMkQqZAZ+MGj+jGTG3OTuhKeBpNcO+0oCEbrGNEaOmiEn+1MzRyQlYsruGiU8RTK3zV6XwrVJTmwiDOyYK6J9g==",
+            "version": "7.22.12",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.22.12.tgz",
+            "integrity": "sha512-7XXCVqZtyFWqjDsYDY4T45w4mlx1rf7aOgkc/Ww76xkgBiOlmjPkx36PBLHa1k1rwWvVgYMPsbuVnIamx2ZQJw==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-plugin-utils": "^7.22.5",
@@ -1571,13 +1571,13 @@
             }
         },
         "node_modules/@babel/plugin-transform-private-property-in-object": {
-            "version": "7.22.5",
-            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.22.5.tgz",
-            "integrity": "sha512-/9xnaTTJcVoBtSSmrVyhtSvO3kbqS2ODoh2juEU72c3aYonNF0OMGiaz2gjukyKM2wBBYJP38S4JiE0Wfb5VMQ==",
+            "version": "7.22.11",
+            "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.22.11.tgz",
+            "integrity": "sha512-sSCbqZDBKHetvjSwpyWzhuHkmW5RummxJBVbYLkGkaiTOWGxml7SXt0iWa03bzxFIx7wOj3g/ILRd0RcJKBeSQ==",
             "dev": true,
             "dependencies": {
                 "@babel/helper-annotate-as-pure": "^7.22.5",
-                "@babel/helper-create-class-features-plugin": "^7.22.5",
+                "@babel/helper-create-class-features-plugin": "^7.22.11",
                 "@babel/helper-plugin-utils": "^7.22.5",
                 "@babel/plugin-syntax-private-property-in-object": "^7.14.5"
             },
@@ -1812,9 +1812,9 @@
             }
         },
         "node_modules/@babel/preset-env": {
-            "version": "7.22.10",
-            "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.22.10.tgz",
-            "integrity": "sha512-riHpLb1drNkpLlocmSyEg4oYJIQFeXAK/d7rI6mbD0XsvoTOOweXDmQPG/ErxsEhWk3rl3Q/3F6RFQlVFS8m0A==",
+            "version": "7.22.14",
+            "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.22.14.tgz",
+            "integrity": "sha512-daodMIoVo+ol/g+//c/AH+szBkFj4STQUikvBijRGL72Ph+w+AMTSh55DUETe8KJlPlDT1k/mp7NBfOuiWmoig==",
             "dev": true,
             "dependencies": {
                 "@babel/compat-data": "^7.22.9",
@@ -1843,41 +1843,41 @@
                 "@babel/plugin-syntax-top-level-await": "^7.14.5",
                 "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6",
                 "@babel/plugin-transform-arrow-functions": "^7.22.5",
-                "@babel/plugin-transform-async-generator-functions": "^7.22.10",
+                "@babel/plugin-transform-async-generator-functions": "^7.22.11",
                 "@babel/plugin-transform-async-to-generator": "^7.22.5",
                 "@babel/plugin-transform-block-scoped-functions": "^7.22.5",
                 "@babel/plugin-transform-block-scoping": "^7.22.10",
                 "@babel/plugin-transform-class-properties": "^7.22.5",
-                "@babel/plugin-transform-class-static-block": "^7.22.5",
+                "@babel/plugin-transform-class-static-block": "^7.22.11",
                 "@babel/plugin-transform-classes": "^7.22.6",
                 "@babel/plugin-transform-computed-properties": "^7.22.5",
                 "@babel/plugin-transform-destructuring": "^7.22.10",
                 "@babel/plugin-transform-dotall-regex": "^7.22.5",
                 "@babel/plugin-transform-duplicate-keys": "^7.22.5",
-                "@babel/plugin-transform-dynamic-import": "^7.22.5",
+                "@babel/plugin-transform-dynamic-import": "^7.22.11",
                 "@babel/plugin-transform-exponentiation-operator": "^7.22.5",
-                "@babel/plugin-transform-export-namespace-from": "^7.22.5",
+                "@babel/plugin-transform-export-namespace-from": "^7.22.11",
                 "@babel/plugin-transform-for-of": "^7.22.5",
                 "@babel/plugin-transform-function-name": "^7.22.5",
-                "@babel/plugin-transform-json-strings": "^7.22.5",
+                "@babel/plugin-transform-json-strings": "^7.22.11",
                 "@babel/plugin-transform-literals": "^7.22.5",
-                "@babel/plugin-transform-logical-assignment-operators": "^7.22.5",
+                "@babel/plugin-transform-logical-assignment-operators": "^7.22.11",
                 "@babel/plugin-transform-member-expression-literals": "^7.22.5",
                 "@babel/plugin-transform-modules-amd": "^7.22.5",
-                "@babel/plugin-transform-modules-commonjs": "^7.22.5",
-                "@babel/plugin-transform-modules-systemjs": "^7.22.5",
+                "@babel/plugin-transform-modules-commonjs": "^7.22.11",
+                "@babel/plugin-transform-modules-systemjs": "^7.22.11",
                 "@babel/plugin-transform-modules-umd": "^7.22.5",
                 "@babel/plugin-transform-named-capturing-groups-regex": "^7.22.5",
                 "@babel/plugin-transform-new-target": "^7.22.5",
-                "@babel/plugin-transform-nullish-coalescing-operator": "^7.22.5",
-                "@babel/plugin-transform-numeric-separator": "^7.22.5",
-                "@babel/plugin-transform-object-rest-spread": "^7.22.5",
+                "@babel/plugin-transform-nullish-coalescing-operator": "^7.22.11",
+                "@babel/plugin-transform-numeric-separator": "^7.22.11",
+                "@babel/plugin-transform-object-rest-spread": "^7.22.11",
                 "@babel/plugin-transform-object-super": "^7.22.5",
-                "@babel/plugin-transform-optional-catch-binding": "^7.22.5",
-                "@babel/plugin-transform-optional-chaining": "^7.22.10",
+                "@babel/plugin-transform-optional-catch-binding": "^7.22.11",
+                "@babel/plugin-transform-optional-chaining": "^7.22.12",
                 "@babel/plugin-transform-parameters": "^7.22.5",
                 "@babel/plugin-transform-private-methods": "^7.22.5",
-                "@babel/plugin-transform-private-property-in-object": "^7.22.5",
+                "@babel/plugin-transform-private-property-in-object": "^7.22.11",
                 "@babel/plugin-transform-property-literals": "^7.22.5",
                 "@babel/plugin-transform-regenerator": "^7.22.10",
                 "@babel/plugin-transform-reserved-words": "^7.22.5",
@@ -1891,7 +1891,7 @@
                 "@babel/plugin-transform-unicode-regex": "^7.22.5",
                 "@babel/plugin-transform-unicode-sets-regex": "^7.22.5",
                 "@babel/preset-modules": "0.1.6-no-external-plugins",
-                "@babel/types": "^7.22.10",
+                "@babel/types": "^7.22.11",
                 "babel-plugin-polyfill-corejs2": "^0.4.5",
                 "babel-plugin-polyfill-corejs3": "^0.8.3",
                 "babel-plugin-polyfill-regenerator": "^0.5.2",
@@ -2904,9 +2904,9 @@
             }
         },
         "node_modules/@goauthentik/api": {
-            "version": "2023.8.0-1693337284",
-            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.0-1693337284.tgz",
-            "integrity": "sha512-M2tWPmNZ4ti7GNR+cOzGVHo6UGTLC7t/eKI/ahjv+dldcNrzL9gPyEpxv+CMfsF51yPFYMcGN/tWgSOGtomMSQ=="
+            "version": "2023.8.1-1693482391",
+            "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.8.1-1693482391.tgz",
+            "integrity": "sha512-L+W/Gomj7dZLPHOT5dNvzGQDjxqHr3FpuzqR+cmSTOYKy7wM/ZuttqCXUw7+Dy4hu42JWgbktrbyZK43kPwNQA=="
         },
         "node_modules/@hcaptcha/types": {
             "version": "1.0.3",
@@ -3448,9 +3448,9 @@
             "integrity": "sha512-kXOeFbfCm4fFf2A3WwVEeQj55tMZa8c8/f9AKHMobQMkzNUfUj+antR3fRPaZJawsa1aZiP/Da3ndpZrwEe4rQ=="
         },
         "node_modules/@lit-labs/task": {
-            "version": "3.0.1",
-            "resolved": "https://registry.npmjs.org/@lit-labs/task/-/task-3.0.1.tgz",
-            "integrity": "sha512-+VKnnVLRitDIpd/PBCTHAc012B5Xn43Sfq1scFt23aq0sxnAbTrapLR1ST2DgLRohBg/c4KlMIvgYf/5TZHqHw==",
+            "version": "3.0.2",
+            "resolved": "https://registry.npmjs.org/@lit-labs/task/-/task-3.0.2.tgz",
+            "integrity": "sha512-X6d+KWZR3q1ZrXs/auM5PbZcW3B5RlpU4gqk/upstwTZM6JN19P6o9Qgo+qjovIDsUZsYnlGQqtdPBwPrKzLUA==",
             "dependencies": {
                 "@lit/reactive-element": "^1.1.0"
             }
@@ -4478,13 +4478,13 @@
             }
         },
         "node_modules/@sentry-internal/tracing": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.65.0.tgz",
-            "integrity": "sha512-TEYkiq5vKr1Y79YIu+UYr1sO3vEMttQOBsOZLziDbqiC7TvKUARBR4W5XWfb9qBVDeon87EFNKluW0/+7rzYWw==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.66.0.tgz",
+            "integrity": "sha512-3vCgC2hC3T45pn53yTDVcRpHoJTBxelDPPZVsipAbZnoOVPkj7n6dNfDhj3I3kwWCBPahPkXmE+R4xViR8VqJg==",
             "dependencies": {
-                "@sentry/core": "7.65.0",
-                "@sentry/types": "7.65.0",
-                "@sentry/utils": "7.65.0",
+                "@sentry/core": "7.66.0",
+                "@sentry/types": "7.66.0",
+                "@sentry/utils": "7.66.0",
                 "tslib": "^2.4.1 || ^1.9.3"
             },
             "engines": {
@@ -4492,15 +4492,15 @@
             }
         },
         "node_modules/@sentry/browser": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.65.0.tgz",
-            "integrity": "sha512-TUzZPAXNJ/Y1yakFODYhsEtdDpLdkgjTfrx5i9MOnXQLrcRR0C4TC1KitqbP6Tv7Xha9WiR0TDZkh7gS/9RxEA==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.66.0.tgz",
+            "integrity": "sha512-rW037rf8jkhyykG38+HUdwkRCKHJEMM5NkCqPIO5zuuxfLKukKdI2rbvgJ93s3/9UfsTuDFcKFL1u43mCn6sDw==",
             "dependencies": {
-                "@sentry-internal/tracing": "7.65.0",
-                "@sentry/core": "7.65.0",
-                "@sentry/replay": "7.65.0",
-                "@sentry/types": "7.65.0",
-                "@sentry/utils": "7.65.0",
+                "@sentry-internal/tracing": "7.66.0",
+                "@sentry/core": "7.66.0",
+                "@sentry/replay": "7.66.0",
+                "@sentry/types": "7.66.0",
+                "@sentry/utils": "7.66.0",
                 "tslib": "^2.4.1 || ^1.9.3"
             },
             "engines": {
@@ -4508,12 +4508,12 @@
             }
         },
         "node_modules/@sentry/core": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.65.0.tgz",
-            "integrity": "sha512-EwZABW8CtAbRGXV69FqeCqcNApA+Jbq308dko0W+MFdFe+9t2RGubUkpPxpJcbWy/dN2j4LiuENu1T7nWn0ZAQ==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.66.0.tgz",
+            "integrity": "sha512-WMAEPN86NeCJ1IT48Lqiz4MS5gdDjBwP4M63XP4msZn9aujSf2Qb6My5uT87AJr9zBtgk8MyJsuHr35F0P3q1w==",
             "dependencies": {
-                "@sentry/types": "7.65.0",
-                "@sentry/utils": "7.65.0",
+                "@sentry/types": "7.66.0",
+                "@sentry/utils": "7.66.0",
                 "tslib": "^2.4.1 || ^1.9.3"
             },
             "engines": {
@@ -4521,43 +4521,43 @@
             }
         },
         "node_modules/@sentry/replay": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.65.0.tgz",
-            "integrity": "sha512-vhlk5F9RrhMQ+gOjNlLoWXamAPLNIT6wNII1O9ae+DRhZFmiUYirP5ag6dH5lljvNZndKl+xw+lJGJ3YdjXKlQ==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.66.0.tgz",
+            "integrity": "sha512-5Y2SlVTOFTo3uIycv0mRneBakQtLgWkOnsJaC5LB0Ip0TqVKiMCbQ578vvXp+yvRj4LcS1gNd98xTTNojBoQNg==",
             "dependencies": {
-                "@sentry/core": "7.65.0",
-                "@sentry/types": "7.65.0",
-                "@sentry/utils": "7.65.0"
+                "@sentry/core": "7.66.0",
+                "@sentry/types": "7.66.0",
+                "@sentry/utils": "7.66.0"
             },
             "engines": {
                 "node": ">=12"
             }
         },
         "node_modules/@sentry/tracing": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.65.0.tgz",
-            "integrity": "sha512-Afxg4c/ve5GNa1af66I5/aQR6y86vQUxJZ57AEFTzlHtzo0SIUNgjwRO54raYdUZvvKhzyoiaaX6ZO+F9xqtmw==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.66.0.tgz",
+            "integrity": "sha512-9bnz2EcOwjeMZAuYJnrwcRrImu9c10p7A0iDB8b2HLcp7gpuCkJbJyGoC1xeKD7reVD0BPq3VIbeHSwCcQufoQ==",
             "dependencies": {
-                "@sentry-internal/tracing": "7.65.0"
+                "@sentry-internal/tracing": "7.66.0"
             },
             "engines": {
                 "node": ">=8"
             }
         },
         "node_modules/@sentry/types": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.65.0.tgz",
-            "integrity": "sha512-YYq7IDLLhpSBTmHoyWFtq/5ZDaEJ01r7xGuhB0aSIq33cm2I7im/B3ipzoOP/ukGZSIhuYVW9t531xZEO0+6og==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.66.0.tgz",
+            "integrity": "sha512-uUMSoSiar6JhuD8p7ON/Ddp4JYvrVd2RpwXJRPH1A4H4Bd4DVt1mKJy1OLG6HdeQv39XyhB1lPZckKJg4tATPw==",
             "engines": {
                 "node": ">=8"
             }
         },
         "node_modules/@sentry/utils": {
-            "version": "7.65.0",
-            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.65.0.tgz",
-            "integrity": "sha512-2JEBf4jzRSClhp+LJpX/E3QgHEeKvXqFMeNhmwQ07qqd6szhfH2ckYFj4gXk6YiGGY4Act3C6oxLfdZovG71bw==",
+            "version": "7.66.0",
+            "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.66.0.tgz",
+            "integrity": "sha512-9GYUVgXjK66uXXcLXVMXVzlptqMtq1eJENCuDeezQiEFrNA71KkLDg00wESp+LL+bl3wpVTBApArpbF6UEG5hQ==",
             "dependencies": {
-                "@sentry/types": "7.65.0",
+                "@sentry/types": "7.66.0",
                 "tslib": "^2.4.1 || ^1.9.3"
             },
             "engines": {
@@ -19165,9 +19165,9 @@
             }
         },
         "node_modules/pyright": {
-            "version": "1.1.324",
-            "resolved": "https://registry.npmjs.org/pyright/-/pyright-1.1.324.tgz",
-            "integrity": "sha512-/Ng8G2Gb17dzQEHKgPa+Z5a6LPCLYNA4BVno1UdpDjnC9iLw0VAn5k/RNuaGkB/mhA82lV0OBcd5JEdaWcA3qg==",
+            "version": "1.1.325",
+            "resolved": "https://registry.npmjs.org/pyright/-/pyright-1.1.325.tgz",
+            "integrity": "sha512-hMvcY5G9WTRbvEKGiiqTepyORAppNPXZDUer5GZ15t1DYB79WwP3M0Tec6S0an7FDoY6eaJ5CtK+diJbmISIBQ==",
             "dev": true,
             "bin": {
                 "pyright": "index.js",

web/package.json

@@ -34,14 +34,14 @@
         "@codemirror/theme-one-dark": "^6.1.2",
         "@formatjs/intl-listformat": "^7.4.0",
         "@fortawesome/fontawesome-free": "^6.4.2",
-        "@goauthentik/api": "^2023.8.0-1693337284",
+        "@goauthentik/api": "^2023.8.1-1693482391",
         "@lit-labs/context": "^0.4.0",
-        "@lit-labs/task": "^3.0.1",
+        "@lit-labs/task": "^3.0.2",
         "@lit/localize": "^0.11.4",
         "@patternfly/elements": "^2.4.0",
         "@patternfly/patternfly": "^4.224.2",
-        "@sentry/browser": "^7.65.0",
-        "@sentry/tracing": "^7.65.0",
+        "@sentry/browser": "^7.66.0",
+        "@sentry/tracing": "^7.66.0",
         "@webcomponents/webcomponentsjs": "^2.8.0",
         "base64-js": "^1.5.1",
         "chart.js": "^4.4.0",
@@ -65,7 +65,7 @@
         "@babel/plugin-proposal-private-methods": "^7.18.6",
         "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
         "@babel/plugin-transform-runtime": "^7.22.10",
-        "@babel/preset-env": "^7.22.10",
+        "@babel/preset-env": "^7.22.14",
         "@babel/preset-typescript": "^7.22.11",
         "@hcaptcha/types": "^1.0.3",
         "@jackfranklin/rollup-plugin-markdown": "^0.4.0",
@@ -98,7 +98,7 @@
         "lit-analyzer": "^1.2.1",
         "npm-run-all": "^4.1.5",
         "prettier": "^3.0.3",
-        "pyright": "^1.1.324",
+        "pyright": "^1.1.325",
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
         "rollup": "^3.28.1",

web/src/admin/blueprints/BlueprintForm.ts

@@ -1,6 +1,7 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { docLink } from "@goauthentik/common/global";
 import { first } from "@goauthentik/common/utils";
+import "@goauthentik/components/ak-toggle-group";
 import "@goauthentik/elements/CodeMirror";
 import "@goauthentik/elements/forms/FormGroup";
 import "@goauthentik/elements/forms/HorizontalFormElement";
@@ -18,9 +19,9 @@ import PFContent from "@patternfly/patternfly/components/Content/content.css";
 import { BlueprintFile, BlueprintInstance, ManagedApi } from "@goauthentik/api";
 
 enum blueprintSource {
-    file,
-    oci,
-    internal,
+    file = "file",
+    oci = "oci",
+    internal = "internal",
 }
 
 @customElement("ak-blueprint-form")

web/src/admin/events/EventInfo.ts

@@ -258,16 +258,18 @@ new?labels=bug,from_authentik&title=${encodeURIComponent(title)}
                 return html` <div class="pf-c-card__title">${msg("Secret:")}</div>
                     ${this.getModelInfo(this.event.context.secret as EventModel)}`;
             case EventActions.SystemException:
-                return html` <a
-                        class="pf-c-button pf-m-primary"
-                        target="_blank"
-                        href=${this.buildGitHubIssueUrl(this.event.context)}
-                    >
-                        ${msg("Open issue on GitHub...")}
-                    </a>
-                    <div class="pf-l-flex">
+                return html`<div class="pf-l-flex">
                         <div class="pf-l-flex__item">
                             <div class="pf-c-card__title">${msg("Exception")}</div>
+                            <div class="pf-c-card__title">
+                                <a
+                                    class="pf-c-button pf-m-primary"
+                                    target="_blank"
+                                    href=${this.buildGitHubIssueUrl(this.event.context)}
+                                >
+                                    ${msg("Open issue on GitHub...")}
+                                </a>
+                            </div>
                             <div class="pf-c-card__body">
                                 <pre>${this.event.context.message}</pre>
                             </div>

web/src/admin/policies/PolicyBindingForm.ts

@@ -1,5 +1,6 @@
 import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
 import { first, groupBy } from "@goauthentik/common/utils";
+import "@goauthentik/components/ak-toggle-group";
 import "@goauthentik/elements/forms/HorizontalFormElement";
 import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
 import "@goauthentik/elements/forms/SearchSelect";
@@ -24,9 +25,9 @@ import {
 } from "@goauthentik/api";
 
 enum target {
-    policy,
-    group,
-    user,
+    policy = "policy",
+    group = "group",
+    user = "user",
 }
 
 @customElement("ak-policy-binding-form")
@@ -51,7 +52,7 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
     @property()
     targetPk?: string;
 
-    @property({ type: Number })
+    @state()
     policyGroupUser: target = target.policy;
 
     @property({ type: Boolean })
@@ -76,6 +77,21 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
         if (this.targetPk) {
             data.target = this.targetPk;
         }
+        switch (this.policyGroupUser) {
+            case target.policy:
+                data.user = null;
+                data.group = null;
+                break;
+            case target.group:
+                data.policy = null;
+                data.user = null;
+                break;
+            case target.user:
+                data.policy = null;
+                data.group = null;
+                break;
+        }
+        console.log(data);
         if (this.instance?.pk) {
             return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsUpdate({
                 policyBindingUuid: this.instance.pk,

web/src/admin/stages/deny/DenyStageForm.ts

@@ -42,7 +42,7 @@ export class DenyStageForm extends ModelForm<DenyStage, string> {
         return html`<form class="pf-c-form pf-m-horizontal">
             <span>
                 ${msg(
-                    "Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.",
+                    "Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.",
                 )}
             </span>
             <ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">

web/src/components/ak-toggle-group.ts

@@ -6,6 +6,7 @@ import { customElement, property } from "lit/decorators.js";
 import { classMap } from "lit/directives/class-map.js";
 
 import PFToggleGroup from "@patternfly/patternfly/components/ToggleGroup/toggle-group.css";
+import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
 type Pair = [string, string];
 
@@ -26,6 +27,7 @@ type Pair = [string, string];
 export class AkToggleGroup extends CustomEmitterElement(AKElement) {
     static get styles() {
         return [
+            PFBase,
             PFToggleGroup,
             css`
                 .pf-c-toggle-group {

web/xliff/de.xlf

@@ -4135,10 +4135,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Den Fluss statisch verweigern. Um diese Phase effektiv zu nutzen, deaktivieren Sie *Evaluate on plan* für die entsprechende Bindung</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>Dummy-Stage zum Testen verwendet. Zeigt eine einfache Schaltfläche zum Fortfahren und besteht immer.</target>
@@ -5894,6 +5890,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/en.xlf

@@ -4365,10 +4365,6 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>Offset after which consent expires.</source>
         <target>Offset after which consent expires.</target>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>Dummy stage used for testing. Shows a simple continue button and always passes.</target>
@@ -6210,6 +6206,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/es.xlf

@@ -4061,10 +4061,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Niega el flujo estáticamente. Para usar esta etapa de manera efectiva, desactive *Evaluar en plan* en el encuadernado respectivo.</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>Escenario ficticio utilizado para las pruebas. Muestra un botón de continuar simple y siempre pasa.</target>
@@ -5802,6 +5798,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/fr_FR.xlf

@@ -4137,10 +4137,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Refuser statiquement le flux. Pour utiliser cette étape efficacement, désactivez *Évaluer en planification* dans la liaison applicable.</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>Étape factice utilisée pour les tests. Montre un simple bouton continuer et réussit toujours.</target>
@@ -5909,6 +5905,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/nl.xlf

@@ -5419,11 +5419,6 @@ slaagt niet wanneer een of beide geselecteerde opties gelijk zijn aan of boven d
         <source>Offset after which consent expires.</source>
         <target>Vertraging na verloop waarvan toestemming vervalt.</target>
         
-      </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Weiger de flow statisch. Om deze fase effectief te gebruiken, schakelt u *Evaluatie op schema* uit voor de respectievelijke binding.</target>
-        
       </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
@@ -7720,6 +7715,10 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
   <target>Extern: <x id="0" equiv-text="${item.externalUsers}"/></target>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
+  <target>Statisch de flow weigeren. Om deze fase effectief te gebruiken, schakelt u Evalueren wanneer de flow is gepland uit bij de betreffende binding.</target>
 </trans-unit>
     </body>
   </file>

web/xliff/pl.xlf

@@ -4234,10 +4234,6 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>Offset after which consent expires.</source>
         <target>Przesunięcie, po którym zgoda wygasa.</target>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Statycznie zaprzeczaj przepływowi. Aby efektywnie korzystać z tego etapu, wyłącz opcję *Oceń zgodnie z planem* w odpowiednim powiązaniu.</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>Atrapa etapu używana do testowania. Pokazuje prosty przycisk kontynuuj i zawsze przechodzi.</target>
@@ -6041,6 +6037,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/pseudo-LOCALE.xlf

@@ -4328,10 +4328,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
         
-      </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        
       </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
@@ -6145,6 +6141,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/tr.xlf

@@ -4052,10 +4052,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>Akışı statik olarak reddet. Bu aşamayı etkili bir şekilde kullanmak için ilgili bağlama üzerinde *Planda değerlendirme* devre dışı bırakın.</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>Test için kullanılan kukla aşama. Basit bir devam düğmesi gösterir ve her zaman geçer.</target>
@@ -5792,6 +5788,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh-Hans.xlf

@@ -5455,11 +5455,6 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>Offset after which consent expires.</source>
         <target>同意过期后的偏移。</target>
         
-      </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>静态拒绝流。要有效地使用此阶段，请在相应的绑定上禁用*规划时进行评估*。</target>
-        
       </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
@@ -7776,6 +7771,10 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
   <target>外部：<x id="0" equiv-text="${item.externalUsers}"/></target>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
+  <target>静态拒绝流。要有效地使用此阶段，请在相应的绑定上禁用*规划时进行评估*。</target>
 </trans-unit>
     </body>
   </file>

web/xliff/zh-Hant.xlf

@@ -4097,10 +4097,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>静态拒绝流。要有效地使用此阶段，请在相应的绑定上禁用*按计划评估*。</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>用于测试的虚拟阶段。显示一个简单的 “继续” 按钮，并且始终通过。</target>
@@ -5847,6 +5843,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

web/xliff/zh_CN.xlf

@@ -5455,11 +5455,6 @@ doesn't pass when either or both of the selected options are equal or above the
         <source>Offset after which consent expires.</source>
         <target>同意过期后的偏移。</target>
         
-      </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>静态拒绝流。要有效地使用此阶段，请在相应的绑定上禁用*规划时进行评估*。</target>
-        
       </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
@@ -7776,6 +7771,10 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
   <target>外部：<x id="0" equiv-text="${item.externalUsers}"/></target>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
+  <target>静态拒绝流。要有效地使用此阶段，请在相应的绑定上禁用*规划时进行评估*。</target>
 </trans-unit>
     </body>
   </file>

web/xliff/zh_TW.xlf

@@ -4097,10 +4097,6 @@ doesn't pass when either or both of the selected options are equal or above the
       <trans-unit id="se0c660020d9cf5b7">
         <source>Offset after which consent expires.</source>
       </trans-unit>
-      <trans-unit id="s5e9527b6481a94ce">
-        <source>Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding.</source>
-        <target>静态拒绝流。要有效地使用此阶段，请在相应的绑定上禁用*按计划评估*。</target>
-      </trans-unit>
       <trans-unit id="s22b10ed263b96194">
         <source>Dummy stage used for testing. Shows a simple continue button and always passes.</source>
         <target>用于测试的虚拟阶段。显示一个简单的 “继续” 按钮，并且始终通过。</target>
@@ -5846,6 +5842,9 @@ Bindings to groups/users are checked against the user of the event.</source>
 </trans-unit>
 <trans-unit id="s57b07e524f8f5c2a">
   <source>External: <x id="0" equiv-text="${item.externalUsers}"/></source>
+</trans-unit>
+<trans-unit id="s7f68101a50f526ee">
+  <source>Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding.</source>
 </trans-unit>
     </body>
   </file>

website/blog/2023-08-31-announcing-the-authentik-enterprise-release/item.md

@@ -0,0 +1,56 @@
+---
+title: “Announcing “the authentik Enterprise release!”
+slug: 2023-08-31-announcing-the-authentik-enterprise-release
+authors:
+    - name: Jens Langhammer
+      title: CTO at Authentik Security Inc
+      url: https://github.com/BeryJu
+      image_url: https://github.com/BeryJu.png
+tags:
+    - founder
+    - SSO
+    - open source
+    - community
+    - identity provider
+    - enterprise
+    - support
+    - help-center
+    - security
+    - authentication
+hide_table_of_contents: false
+image: ./image1.png
+---
+
+📣 We are happy to announce that the first authentik Enterprise release is here! 🎉
+
+The Enterprise release of authentik provides all of the functionality that we have spent years building in our open source product, plus dedicated support and account management.
+This Enterprise version is available in Preview mode in our latest release, 2023.8.
+
+This is an exciting step for us, as we grow the team and the company and our user base. We officially became a company just last fall (I wrote about it in November 2022, in “[The next step for authentik"](../2022-11-02-the-next-step-for-authentik/item.md)), and this release is another move forwards in maturing authentik into the SSO and identity management app of choice.
+
+One thing we want to acknowledge up front is that we would never have been able to achieve this goal without the years of support from our open source community. You all helped build authentik into what it is today, and that’s why all of our Enterprise-level features will be open core and source available, always.
+
+![](./image1.png)
+
+<!--truncate-->
+
+To upgrade and get going with the Enterprise version, refer to our documentation for instructions for your deployment:
+
+-   [Docker Compose installation](../docs/installation/docker-compose)
+-   [Kubernetes installation](../docs/installation/kubernetes)
+
+Keeping it simple, we made sure that installing and upgrading authentik is exactly the same process for both Enterprise version and our free open source version.
+
+With this first Enterprise release, dedicated support is the feature; this version provides access to our Support center where you can open tickets, view tickets and their progress, and ask questions about your Enterprise product.
+
+For our open source community, we will continue to engage in the robust conversations and problem-solving, as always, in our Discord server. These conversation and community collaboration are the heart and soul of authentik… we learn from everyone, and we will always be active and responsive there within our community.
+
+Check out our Enterprise documentation for information about creating and managing your organization, purchasing and activating a license, accessing support, and managing billing and organization members.
+
+-   [Get started with Enterprise](../docs/enterprise/get-started)
+-   [Manage you Enterprise account](../docs/enterprise/manage-enterprise)
+-   [Support for Enterprise accounts](../docs/enterprise/entsupport)
+
+In future releases, we will be adding additional Enterprise features, including RBAC support, authentication for remote desktop access, and an authentik mobile app for multi-factor authentication.
+
+For this preview release of authentik Enterprise, we’d like to hear from you; thoughts and suggestions, questions, any specific direction that you’d like to see the Enterprise version focus on? Contact us at [hello@goauthentik.io](mailto:hello@goauthentik.io).

website/docs/flow/examples/snippets.md

@@ -16,7 +16,7 @@ plan.redirect("https://foo.bar")
 return False
 ```
 
-This policy should be bound to the stage after your redirect should happen. For example, if you have an identification and a password stage, and you want to redirect after identification, bind the policy to the password stage. Make sure the policy binding is set to re-evaluate policies.
+This policy should be bound to the stage after your redirect should happen. For example, if you have an identification and a password stage, and you want to redirect after identification, bind the policy to the password stage. Make sure the stage binding's option _Evaluate when stage is run_ is enabled.
 
 ### Deny flow when user is authenticated
 

website/docs/flow/index.md

@@ -10,7 +10,7 @@ For example, a standard login flow would consist of the following stages:
 -   Password, the user's password is checked against the hash in the database
 -   Log the user in
 
-Upon flow execution, a plan containing all stages is generated. This means that all attached policies are evaluated upon execution. This behaviour can be altered by enabling the **Re-evaluate Policies** option on the binding.
+Upon flow execution, a plan containing all stages is generated. This means that all attached policies are evaluated upon execution. This behaviour can be altered by enabling the **Evaluate when stage is run** option on the binding.
 
 To determine which flow is linked, authentik searches all flows with the required designation and chooses the first instance the current user has access to.
 

website/docs/flow/inspector.md

@@ -14,7 +14,7 @@ The following infos are shown in the inspector
 
 ## Next stage
 
-This is the currently planned next stage. If you have stage bindings configured to evaluate on plan (default), then you will see the result here. If you however have them configured to re-evaluate, then this will not show up here, since the results will vary based on your input.
+This is the currently planned next stage. If you have stage bindings configured to _Evaluate when flow is planned_, then you will see the result here. If you however have them configured to re-evaluate (_Evaluate when stage is run_), then this will not show up here, since the results will vary based on your input.
 
 Shown is the name and kind of the stage, as well as the unique ID.
 

website/docs/flow/stages/deny.md

@@ -6,5 +6,5 @@ This stage stops the execution of a flow. This can be used to conditionally deny
 even if they are not signed in (and permissions can't be checked via groups).
 
 :::caution
-To effectively use this stage, make sure to **disable** _Evaluate on plan_ on the Stage binding.
+To effectively use this stage, make sure _Evaluate when flow is planned_ is **disable** on the Stage binding.
 :::

website/docs/flow/stages/password/index.md

@@ -26,4 +26,4 @@ return DuoDevice.objects.filter(user=request.context['pending_user'], confirmed=
 
 Afterwards, bind the policy you've created to the stage binding of the password stage.
 
-Make sure to uncheck _Evaluate on plan_ and check _Re-evaluate policies_, otherwise an invalid result will be cached.
+Make sure to uncheck _Evaluate when flow is planned_ and check _Evaluate when stage is run_, otherwise an invalid result will be cached.

website/docs/installation/configuration.md

@@ -51,15 +51,19 @@ kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
 -   `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES`: Timeout for cached policies until they expire in seconds, defaults to 300
 -   `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300
 
+    :::info
+    `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for.
+    :::
+
 ## Listen Setting
 
--   `AUTHENTIK_LISTEN__HTTP`: Listening address:port (e.g. `0.0.0.0:9000`) for HTTP (Server and Proxy outpost)
--   `AUTHENTIK_LISTEN__HTTPS`: Listening address:port (e.g. `0.0.0.0:9443`) for HTTPS (Server and Proxy outpost)
--   `AUTHENTIK_LISTEN__LDAP`: Listening address:port (e.g. `0.0.0.0:3389`) for LDAP (LDAP outpost)
--   `AUTHENTIK_LISTEN__LDAPS`: Listening address:port (e.g. `0.0.0.0:6636`) for LDAPS (LDAP outpost)
--   `AUTHENTIK_LISTEN__METRICS`: Listening address:port (e.g. `0.0.0.0:9300`) for Prometheus metrics (All)
--   `AUTHENTIK_LISTEN__DEBUG`: Listening address:port (e.g. `0.0.0.0:9900`) for Go Debugging metrics (All)
--   `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS`: List of CIDRs that proxy headers should be accepted from (Server)
+-   `AUTHENTIK_LISTEN__HTTP`: Listening address:port (e.g. `0.0.0.0:9000`) for HTTP (Applies to Server and Proxy outpost)
+-   `AUTHENTIK_LISTEN__HTTPS`: Listening address:port (e.g. `0.0.0.0:9443`) for HTTPS (Applies to Server and Proxy outpost)
+-   `AUTHENTIK_LISTEN__LDAP`: Listening address:port (e.g. `0.0.0.0:3389`) for LDAP (Applies to LDAP outpost)
+-   `AUTHENTIK_LISTEN__LDAPS`: Listening address:port (e.g. `0.0.0.0:6636`) for LDAPS (Applies to LDAP outpost)
+-   `AUTHENTIK_LISTEN__METRICS`: Listening address:port (e.g. `0.0.0.0:9300`) for Prometheus metrics (Applies to All)
+-   `AUTHENTIK_LISTEN__DEBUG`: Listening address:port (e.g. `0.0.0.0:9900`) for Go Debugging metrics (Applies to All)
+-   `AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS`: List of CIDRs that proxy headers should be accepted from (Applies to Server)
 
     Defaults to `127.0.0.0/8`, `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `fe80::/10`, `::1/128`.
 
@@ -297,6 +301,16 @@ Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources.
 
 Defaults to `null`.
 
+### `AUTHENTIK_REPUTATION__EXPIRY`
+
+:::info
+Requires authentik 2023.8.2
+:::
+
+Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes.
+
+Defaults to `86400`.
+
 ### `AUTHENTIK_WEB__WORKERS`
 
 :::info

website/docs/policies/index.md

@@ -43,4 +43,4 @@ authentik keeps track of failed login attempts by source IP and attempted userna
 
 This policy can be used, for example, to prompt clients with a low score to pass a captcha before they can continue.
 
-To make sure this policy is executed correctly, set `Re-evaluate policies` when using it with a flow.
+To make sure this policy is executed correctly, set _Evaluate when stage is run_ when using it with a flow.

website/package-lock.json

@@ -15,7 +15,7 @@
                 "@mdx-js/react": "^1.6.22",
                 "clsx": "^2.0.0",
                 "disqus-react": "^1.1.5",
-                "postcss": "^8.4.28",
+                "postcss": "^8.4.29",
                 "rapidoc": "^9.3.4",
                 "react": "^17.0.2",
                 "react-before-after-slider-component": "^1.1.8",
@@ -26,7 +26,7 @@
                 "remark-github": "^11.2.4"
             },
             "devDependencies": {
-                "prettier": "3.0.2"
+                "prettier": "3.0.3"
             }
         },
         "node_modules/@algolia/autocomplete-core": {
@@ -9406,9 +9406,9 @@
             }
         },
         "node_modules/postcss": {
-            "version": "8.4.28",
-            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.28.tgz",
-            "integrity": "sha512-Z7V5j0cq8oEKyejIKfpD8b4eBy9cwW2JWPk0+fB1HOAMsfHbnAXLLS+PfVWlzMSLQaWttKDt607I0XHmpE67Vw==",
+            "version": "8.4.29",
+            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.29.tgz",
+            "integrity": "sha512-cbI+jaqIeu/VGqXEarWkRCCffhjgXc0qjBtXpqJhTBohMUjUQnbBr0xqX3vEKudc4iviTewcJo5ajcec5+wdJw==",
             "funding": [
                 {
                     "type": "opencollective",
@@ -10008,9 +10008,9 @@
             }
         },
         "node_modules/prettier": {
-            "version": "3.0.2",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.2.tgz",
-            "integrity": "sha512-o2YR9qtniXvwEZlOKbveKfDQVyqxbEIWn48Z8m3ZJjBjcCmUy3xZGIv+7AkaeuaTr6yPXJjwv07ZWlsWbEy1rQ==",
+            "version": "3.0.3",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.3.tgz",
+            "integrity": "sha512-L/4pUDMxcNa8R/EthV08Zt42WBO4h1rarVtK0K+QJG0X187OLo7l699jWw0GKuwzkPQ//jMFA/8Xm6Fh3J/DAg==",
             "dev": true,
             "bin": {
                 "prettier": "bin/prettier.cjs"
@@ -20579,9 +20579,9 @@
             }
         },
         "postcss": {
-            "version": "8.4.28",
-            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.28.tgz",
-            "integrity": "sha512-Z7V5j0cq8oEKyejIKfpD8b4eBy9cwW2JWPk0+fB1HOAMsfHbnAXLLS+PfVWlzMSLQaWttKDt607I0XHmpE67Vw==",
+            "version": "8.4.29",
+            "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.29.tgz",
+            "integrity": "sha512-cbI+jaqIeu/VGqXEarWkRCCffhjgXc0qjBtXpqJhTBohMUjUQnbBr0xqX3vEKudc4iviTewcJo5ajcec5+wdJw==",
             "requires": {
                 "nanoid": "^3.3.6",
                 "picocolors": "^1.0.0",
@@ -20927,9 +20927,9 @@
             "integrity": "sha512-ravE6m9Atw9Z/jjttRUZ+clIXogdghyZAuWJ3qEzjT+jI/dL1ifAqhZeC5VHzQp1MSt1+jxKkFNemj/iO7tVUA=="
         },
         "prettier": {
-            "version": "3.0.2",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.2.tgz",
-            "integrity": "sha512-o2YR9qtniXvwEZlOKbveKfDQVyqxbEIWn48Z8m3ZJjBjcCmUy3xZGIv+7AkaeuaTr6yPXJjwv07ZWlsWbEy1rQ==",
+            "version": "3.0.3",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.0.3.tgz",
+            "integrity": "sha512-L/4pUDMxcNa8R/EthV08Zt42WBO4h1rarVtK0K+QJG0X187OLo7l699jWw0GKuwzkPQ//jMFA/8Xm6Fh3J/DAg==",
             "dev": true
         },
         "pretty-error": {

website/package.json

@@ -22,7 +22,7 @@
         "@mdx-js/react": "^1.6.22",
         "clsx": "^2.0.0",
         "disqus-react": "^1.1.5",
-        "postcss": "^8.4.28",
+        "postcss": "^8.4.29",
         "rapidoc": "^9.3.4",
         "react": "^17.0.2",
         "react-before-after-slider-component": "^1.1.8",
@@ -45,6 +45,6 @@
         ]
     },
     "devDependencies": {
-        "prettier": "3.0.2"
+        "prettier": "3.0.3"
     }
 }