Teffen Ellis
f02509d834
Fix input order, phrasing.
2026-04-23 04:51:23 +02:00
Teffen Ellis
8235fedfde
Flesh out checkbox group and radio style alignment.
2026-04-23 04:51:00 +02:00
Dominic R
028ec05a8b
website: Merge branch ( #21684 )
...
Co-authored-by: Codex <codex@openai.com >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-04-23 01:46:10 +00:00
Ryan Pesek
b4c9ac57e0
core/applications: Optimize list applications when only_with_launch_url=true ( #20428 )
...
* Performance optimizations for the application list API endpoint when only_with_launch_url=true
* lint
---------
Signed-off-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com >
2026-04-23 03:15:16 +02:00
Dewi Roberts
80b93e1fbc
website/docs: add authorization header info to all proxy configs ( #21664 )
...
Add authorization header info to all proxy configs
2026-04-23 02:35:02 +02:00
dependabot[bot]
dff6b48f53
web: bump @xmldom/xmldom from 0.8.12 to 0.8.13 in /web ( #21784 )
...
Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom ) from 0.8.12 to 0.8.13.
- [Release notes](https://github.com/xmldom/xmldom/releases )
- [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md )
- [Commits](https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13 )
---
updated-dependencies:
- dependency-name: "@xmldom/xmldom"
dependency-version: 0.8.13
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-23 02:33:20 +02:00
gp-somni-labs
79473341d6
internal/outpost: serialize websocket writes to prevent panic ( #21728 )
...
The outpost API controller shares a single *websocket.Conn across
multiple goroutines: the event-handler loop, the 10s health ticker
(SendEventHello), the shutdown path (WriteMessage close), initEvent
writing the hello frame on (re)connect, and RAC session handlers that
also invoke SendEventHello. gorilla/websocket explicitly documents that
concurrent WriteMessage/WriteJSON calls are unsafe and will panic with
"concurrent write to websocket connection", which takes the outpost
(and embedded-outpost authentik-server) pod down.
Fix by adding a sync.Mutex on APIController guarding every write path
on eventConn (initEvent hello, Shutdown close message, SendEventHello).
Reads (ReadJSON in startEventHandler) are left unsynchronized as
gorilla permits a single concurrent reader alongside a writer.
Minimal, localized change: no API changes, no behavior changes, writes
are already infrequent so lock contention is negligible.
Refs #11090
Co-authored-by: curiosity <curiosity@somni.dev >
2026-04-23 02:33:10 +02:00
dependabot[bot]
99f9682d61
core: bump rand from 0.8.5 to 0.8.6 in the cargo group across 1 directory ( #21783 )
...
core: bump rand in the cargo group across 1 directory
Bumps the cargo group with 1 update in the / directory: [rand](https://github.com/rust-random/rand ).
Updates `rand` from 0.8.5 to 0.8.6
- [Release notes](https://github.com/rust-random/rand/releases )
- [Changelog](https://github.com/rust-random/rand/blob/0.8.6/CHANGELOG.md )
- [Commits](https://github.com/rust-random/rand/compare/0.8.5...0.8.6 )
---
updated-dependencies:
- dependency-name: rand
dependency-version: 0.8.6
dependency-type: indirect
dependency-group: cargo
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-23 02:02:24 +02:00
Bapuji Koraganti
987f367d7b
web: merge MFA devices and tokens into unified Credentials tab ( #21705 )
...
* web: merge MFA devices and tokens into unified Credentials tab
Combines the separate "MFA Devices" and "Tokens and App passwords"
tabs into a single "Credentials" tab on the user settings page,
so users can manage all credentials from one place.
Fixes #21637
Signed-off-by: Bapuji Koraganti <bapuk.2008@gmail.com >
* add card title
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Bapuji Koraganti <bapuk.2008@gmail.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-23 02:02:00 +02:00
Jens L.
805ff9f1ab
web/admin: fix policy/stage wizard label, fix connector create wizard, cleanup ( #21781 )
...
* update labels
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* remove unused app wizard hint
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* connector wizard should use grid
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-22 19:32:23 +02:00
dependabot[bot]
42fc9d537e
website: bump the build group in /website with 6 updates ( #21777 )
...
* website: bump the build group in /website with 6 updates
Bumps the build group in /website with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [@swc/core-darwin-arm64](https://github.com/swc-project/swc ) | `1.15.26` | `1.15.30` |
| [@swc/core-linux-arm64-gnu](https://github.com/swc-project/swc ) | `1.15.26` | `1.15.30` |
| [@swc/core-linux-x64-gnu](https://github.com/swc-project/swc ) | `1.15.26` | `1.15.30` |
| [@swc/html-darwin-arm64](https://github.com/swc-project/swc ) | `1.15.26` | `1.15.30` |
| [@swc/html-linux-arm64-gnu](https://github.com/swc-project/swc ) | `1.15.26` | `1.15.30` |
| [@swc/html-linux-x64-gnu](https://github.com/swc-project/swc ) | `1.15.26` | `1.15.30` |
Updates `@swc/core-darwin-arm64` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-arm64-gnu` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-x64-gnu` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/html-darwin-arm64` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/html-linux-arm64-gnu` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/html-linux-x64-gnu` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
---
updated-dependencies:
- dependency-name: "@swc/core-darwin-arm64"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/core-linux-arm64-gnu"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/core-linux-x64-gnu"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/html-darwin-arm64"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/html-linux-arm64-gnu"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
- dependency-name: "@swc/html-linux-x64-gnu"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: build
...
Signed-off-by: dependabot[bot] <support@github.com >
* sigh
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-22 17:38:32 +02:00
dependabot[bot]
3f4c0fb35d
core: bump library/nginx from 7f0adca to 3acc8b9 in /website ( #21775 )
...
Bumps library/nginx from `7f0adca` to `3acc8b9`.
---
updated-dependencies:
- dependency-name: library/nginx
dependency-version: 1.29-trixie
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 17:32:46 +02:00
dependabot[bot]
42d87072cf
core: bump library/node from f57f0c7 to b272ff1 in /website ( #21776 )
...
core: bump library/node from `f57f0c7` to `7e77811` in /website
Bumps library/node from `f57f0c7` to `7e77811`.
---
updated-dependencies:
- dependency-name: library/node
dependency-version: 25.9.0-trixie
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 17:32:36 +02:00
Jens L.
075a1f5875
web/admin: Allow binding users/groups in policy binding wizard and existing stage in stage binding wizard ( #21697 )
...
* web/admin: allow creating only binding for policies
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* dont show type selector if only one is allowed
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* do the same for stage wizard
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* minor unrelated fix: alignment in table desc
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* add option to bind existing policy
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* adjust labels?
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* Clean up post-type select state. Types.
* Clean up brand form.
* Flesh out parse.
* Tidy textarea.
* Fix table alignment when images are present.
* Simplify radio.
* Fix form group layout, styles.
* Flesh out plural helper.
* Flesh out formatted user display name.
* Allow slotted HTML in page description.
* Clean up transclusion types.
* Allow null.
* Flesh out user activation toggle.
* Clean up activation labeling.
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com >
2026-04-22 16:08:31 +02:00
Bapuji Koraganti
24edee3e78
flows: add warning message for expired password reset links ( #21395 )
...
* flows: add warning message for expired password reset links
Fixes #21306
* Replace token expiry check with REQUIRE_TOKEN authentication requirement
Incorporate review comments to move expired/invalid token handling from executor-level check to flow planner authentication requirement. This avoids disclosing whether a token ever existed and handles already-cleaned-up tokens.
* The fix was changing gettext_lazy to gettext
* remove unneeded migration
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* update form
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-22 15:09:05 +02:00
dependabot[bot]
9d55b9a9b0
web: bump the swc group across 1 directory with 11 updates ( #21778 )
...
Bumps the swc group with 1 update in the /web directory: [@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core ).
Updates `@swc/core` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/commits/v1.15.30/packages/core )
Updates `@swc/core-darwin-arm64` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-darwin-x64` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-arm-gnueabihf` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-arm64-gnu` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-arm64-musl` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-x64-gnu` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-linux-x64-musl` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-win32-arm64-msvc` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-win32-ia32-msvc` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
Updates `@swc/core-win32-x64-msvc` from 1.15.26 to 1.15.30
- [Release notes](https://github.com/swc-project/swc/releases )
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md )
- [Commits](https://github.com/swc-project/swc/compare/v1.15.26...v1.15.30 )
---
updated-dependencies:
- dependency-name: "@swc/core"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-darwin-arm64"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-darwin-x64"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-arm-gnueabihf"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-gnu"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-arm64-musl"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-x64-gnu"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-linux-x64-musl"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-win32-arm64-msvc"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-win32-ia32-msvc"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
- dependency-name: "@swc/core-win32-x64-msvc"
dependency-version: 1.15.30
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: swc
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:55:56 +02:00
dependabot[bot]
349be68d52
core: bump tokio from 1.52.0 to 1.52.1 ( #21774 )
...
Bumps [tokio](https://github.com/tokio-rs/tokio ) from 1.52.0 to 1.52.1.
- [Release notes](https://github.com/tokio-rs/tokio/releases )
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.52.0...tokio-1.52.1 )
---
updated-dependencies:
- dependency-name: tokio
dependency-version: 1.52.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:55:34 +02:00
dependabot[bot]
7dfb8d6129
core: bump library/node from a31ca31 to 735dd68 in /lifecycle/container ( #21773 )
...
core: bump library/node in /lifecycle/container
Bumps library/node from `a31ca31` to `735dd68`.
---
updated-dependencies:
- dependency-name: library/node
dependency-version: '24'
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:55:24 +02:00
dependabot[bot]
7f7965e42c
core: bump fido2 from 2.1.1 to 2.2.0 ( #21772 )
...
Bumps [fido2](https://github.com/Yubico/python-fido2 ) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/Yubico/python-fido2/releases )
- [Changelog](https://github.com/Yubico/python-fido2/blob/main/NEWS )
- [Commits](https://github.com/Yubico/python-fido2/compare/2.1.1...2.2.0 )
---
updated-dependencies:
- dependency-name: fido2
dependency-version: 2.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:55:13 +02:00
dependabot[bot]
2e2b471b94
core: bump library/golang from c0074c7 to cd8540d in /lifecycle/container ( #21771 )
...
core: bump library/golang in /lifecycle/container
Bumps library/golang from `c0074c7` to `cd8540d`.
---
updated-dependencies:
- dependency-name: library/golang
dependency-version: 1.26.2-trixie
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:54:51 +02:00
dependabot[bot]
4d53cd0790
core: bump github.com/pires/go-proxyproto from 0.11.0 to 0.12.0 ( #21770 )
...
Bumps [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto ) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/pires/go-proxyproto/releases )
- [Commits](https://github.com/pires/go-proxyproto/compare/v0.11.0...v0.12.0 )
---
updated-dependencies:
- dependency-name: github.com/pires/go-proxyproto
dependency-version: 0.12.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 13:54:42 +02:00
Jens L.
7b913eaaa9
root: update rustls-webpki ( #21769 )
...
* root: update rustls-webpki
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* allow earlier rustls-webpki updates since this is the second time this happened
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-22 13:00:11 +02:00
authentik-automation[bot]
880c1ec89a
core, web: update translations ( #21695 )
...
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
2026-04-22 11:41:48 +02:00
dependabot[bot]
d7724a52f2
core: bump python-dotenv from 1.2.1 to 1.2.2 in the uv group across 1 directory ( #21752 )
...
core: bump python-dotenv in the uv group across 1 directory
Bumps the uv group with 1 update in the / directory: [python-dotenv](https://github.com/theskumar/python-dotenv ).
Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases )
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md )
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2 )
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: indirect
dependency-group: uv
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:41:23 +02:00
dependabot[bot]
508b45b6e3
core: bump github.com/jackc/pgx/v5 from 5.9.1 to 5.9.2 ( #21755 )
...
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx ) from 5.9.1 to 5.9.2.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jackc/pgx/compare/v5.9.1...v5.9.2 )
---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
dependency-version: 5.9.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:41:05 +02:00
dependabot[bot]
2d52756761
core: bump github.com/go-openapi/runtime from 0.29.3 to 0.29.4 ( #21756 )
...
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime ) from 0.29.3 to 0.29.4.
- [Release notes](https://github.com/go-openapi/runtime/releases )
- [Commits](https://github.com/go-openapi/runtime/compare/v0.29.3...v0.29.4 )
---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
dependency-version: 0.29.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:40:56 +02:00
dependabot[bot]
6e84b74797
core: bump pydantic from 2.13.0 to 2.13.2 ( #21757 )
...
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 2.13.0 to 2.13.2.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.2 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-version: 2.13.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:40:28 +02:00
dependabot[bot]
aff93d35ef
core: bump django-stubs[compatible-mypy] from 6.0.2 to 6.0.3 ( #21758 )
...
Bumps [django-stubs[compatible-mypy]](https://github.com/typeddjango/django-stubs ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/typeddjango/django-stubs/releases )
- [Commits](https://github.com/typeddjango/django-stubs/compare/6.0.2...6.0.3 )
---
updated-dependencies:
- dependency-name: django-stubs[compatible-mypy]
dependency-version: 6.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:40:12 +02:00
dependabot[bot]
d995613212
core: bump aws-cdk-lib from 2.249.0 to 2.250.0 ( #21759 )
...
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk ) from 2.249.0 to 2.250.0.
- [Release notes](https://github.com/aws/aws-cdk/releases )
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md )
- [Commits](https://github.com/aws/aws-cdk/compare/v2.249.0...v2.250.0 )
---
updated-dependencies:
- dependency-name: aws-cdk-lib
dependency-version: 2.250.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:40:03 +02:00
dependabot[bot]
194f04bb6f
core: bump packaging from 26.0 to 26.1 ( #21760 )
...
Bumps [packaging](https://github.com/pypa/packaging ) from 26.0 to 26.1.
- [Release notes](https://github.com/pypa/packaging/releases )
- [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pypa/packaging/compare/26.0...26.1 )
---
updated-dependencies:
- dependency-name: packaging
dependency-version: '26.1'
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:39:50 +02:00
dependabot[bot]
ba14cac535
core: bump library/node from 28fd420 to a31ca31 in /lifecycle/container ( #21761 )
...
core: bump library/node in /lifecycle/container
Bumps library/node from `28fd420` to `a31ca31`.
---
updated-dependencies:
- dependency-name: library/node
dependency-version: '24'
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:39:39 +02:00
dependabot[bot]
953c70f5fc
ci: bump actions/setup-node from 6.3.0 to 6.4.0 ( #21762 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](53b83947a5...48b55a011bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:39:18 +02:00
dependabot[bot]
4c775b2258
ci: bump actions/setup-node from 6.3.0 to 6.4.0 in /.github/actions/setup ( #21764 )
...
ci: bump actions/setup-node in /.github/actions/setup
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](53b83947a5...48b55a011bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:39:09 +02:00
dependabot[bot]
2c851f7cd0
ci: bump taiki-e/install-action from 2.75.17 to 2.75.18 in /.github/actions/setup ( #21765 )
...
ci: bump taiki-e/install-action in /.github/actions/setup
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action ) from 2.75.17 to 2.75.18.
- [Release notes](https://github.com/taiki-e/install-action/releases )
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md )
- [Commits](58e8625425...055f5df8c3support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:38:54 +02:00
dependabot[bot]
520f81966c
core: bump tokio from 1.51.1 to 1.52.0 ( #21766 )
...
Bumps [tokio](https://github.com/tokio-rs/tokio ) from 1.51.1 to 1.52.0.
- [Release notes](https://github.com/tokio-rs/tokio/releases )
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.51.1...tokio-1.52.0 )
---
updated-dependencies:
- dependency-name: tokio
dependency-version: 1.52.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-22 11:38:41 +02:00
Jens L.
7f27ee3267
ci: fix postgres path for postgres 18 tests ( #21767 )
...
* ci: test migrations-from-stable failing
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* fix postgres path
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-22 11:27:16 +02:00
Sai Asish Y
6d57854bff
sources/oauth: pick a single pkce method from OIDC discovery, not the whole list ( #21689 )
...
* sources/oauth: pick a single pkce method from OIDC discovery, not the whole list
When an OAuth source is configured with `oidc_well_known_url`, the API
serializer fetches the upstream's OpenID configuration and merges the
selected endpoints into the source attrs. The merge used a straight
field_map that aliased the pkce TextField to
`code_challenge_methods_supported`:
field_map = {
...
"pkce": "code_challenge_methods_supported",
}
for ak_key, oidc_key in field_map.items():
...
attrs[ak_key] = config.get(oidc_key, "")
`code_challenge_methods_supported` is a JSON array per RFC 8414
(e.g. ["plain", "S256"]), but attrs["pkce"] is backed by a TextField
with choices NONE / PLAIN / S256. Django does not validate choices on
plain assignment, so the list survives serialisation and is later
formatted by the client as
str(pkce_mode) -> "['plain', 'S256']"
which ships as `code_challenge_method=%5B%27plain%27%2C+%27S256%27%5D`
on the /authorize request. The upstream rejects the subsequent /token
exchange with HTTP 400 because it has no PKCE state for that value.
Separate the pkce handling from the rest of the field_map loop: only
fill pkce when the user has not set it, and select one scalar method
from the advertised list (prefer S256, the RFC 7636 MUST for public
clients, then plain, then NONE as a last resort). Non-list / missing
values fall back to NONE. User-supplied pkce still wins, matching the
existing "don't overwrite user-set values" intent.
Fixes #21665
Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com >
* update test
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
* simplify
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: SAY-5 <SAY-5@users.noreply.github.com >
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-21 19:40:03 +02:00
Dominic R
f7871d726e
website/integrations: grafana: migrate to entitlements ( #21676 )
...
* website/integrations: grafana: migrate to entitlements
* website/integrations: migrate Grafana role mappings to entitlements
* rm
* Add scope
* Add scope
* Update website/integrations/monitoring/grafana/index.mdx
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
Signed-off-by: Dominic R <dominic@sdko.org >
---------
Signed-off-by: Dominic R <dominic@sdko.org >
Co-authored-by: Dewi Roberts <dewi@goauthentik.io >
2026-04-21 14:08:22 +00:00
Jens L.
189056e19a
providers/oauth2: don't auto-set redirect_uri ( #21746 )
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
2026-04-21 15:58:57 +02:00
Dominic R
24362625a9
website/integrations: forgejo: migrate to entitlements ( #21682 )
...
* website/integrations: forgejo: migrate to entitlements
* website/integrations: migrate Forgejo permissions to entitlements
* rm
* Add scope
2026-04-21 09:41:01 -04:00
dependabot[bot]
5266166d64
core: bump aws-lc-rs from 1.16.2 to 1.16.3 ( #21740 )
...
Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs ) from 1.16.2 to 1.16.3.
- [Release notes](https://github.com/aws/aws-lc-rs/releases )
- [Commits](https://github.com/aws/aws-lc-rs/compare/v1.16.2...v1.16.3 )
---
updated-dependencies:
- dependency-name: aws-lc-rs
dependency-version: 1.16.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 15:16:11 +02:00
dependabot[bot]
44d13e3ea5
core: bump clap from 4.6.0 to 4.6.1 ( #21744 )
...
Bumps [clap](https://github.com/clap-rs/clap ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/clap-rs/clap/releases )
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.6.0...clap_complete-v4.6.1 )
---
updated-dependencies:
- dependency-name: clap
dependency-version: 4.6.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 15:16:02 +02:00
dependabot[bot]
c7e8037ef7
website: bump docusaurus-plugin-openapi-docs from 5.0.0 to 5.0.1 in /website ( #21711 )
...
* website: bump docusaurus-plugin-openapi-docs in /website
Bumps [docusaurus-plugin-openapi-docs](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/tree/HEAD/packages/docusaurus-plugin-openapi-docs ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/releases )
- [Changelog](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/commits/v5.0.1/packages/docusaurus-plugin-openapi-docs )
---
updated-dependencies:
- dependency-name: docusaurus-plugin-openapi-docs
dependency-version: 5.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* update both
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: Jens Langhammer <jens@goauthentik.io >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io >
2026-04-21 14:32:02 +02:00
dependabot[bot]
a10769e60e
core: bump sentry-sdk from 2.57.0 to 2.58.0 ( #21733 )
...
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python ) from 2.57.0 to 2.58.0.
- [Release notes](https://github.com/getsentry/sentry-python/releases )
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md )
- [Commits](https://github.com/getsentry/sentry-python/compare/2.57.0...2.58.0 )
---
updated-dependencies:
- dependency-name: sentry-sdk
dependency-version: 2.58.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:54 +01:00
dependabot[bot]
1a1f752f28
core: bump pydantic from 2.12.5 to 2.13.0 ( #21734 )
...
Bumps [pydantic](https://github.com/pydantic/pydantic ) from 2.12.5 to 2.13.0.
- [Release notes](https://github.com/pydantic/pydantic/releases )
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md )
- [Commits](https://github.com/pydantic/pydantic/compare/v2.12.5...v2.13.0 )
---
updated-dependencies:
- dependency-name: pydantic
dependency-version: 2.13.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:49 +01:00
dependabot[bot]
081fe60ad7
core: bump aws-cdk-lib from 2.248.0 to 2.249.0 ( #21735 )
...
Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk ) from 2.248.0 to 2.249.0.
- [Release notes](https://github.com/aws/aws-cdk/releases )
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md )
- [Commits](https://github.com/aws/aws-cdk/compare/v2.248.0...v2.249.0 )
---
updated-dependencies:
- dependency-name: aws-cdk-lib
dependency-version: 2.249.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:45 +01:00
dependabot[bot]
8be14a6de4
ci: bump tj-actions/changed-files from 47.0.5 to 47.0.6 ( #21737 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 47.0.5 to 47.0.6.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](22103cc46b...9426d40962support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:41 +01:00
dependabot[bot]
57c97d5318
ci: bump int128/docker-manifest-create-action from 2.17.0 to 2.18.0 ( #21738 )
...
Bumps [int128/docker-manifest-create-action](https://github.com/int128/docker-manifest-create-action ) from 2.17.0 to 2.18.0.
- [Release notes](https://github.com/int128/docker-manifest-create-action/releases )
- [Commits](44422a4b04...3de37de96csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:36 +01:00
dependabot[bot]
d44cd63a52
web: bump prettier from 3.8.2 to 3.8.3 in /web ( #21739 )
...
Bumps [prettier](https://github.com/prettier/prettier ) from 3.8.2 to 3.8.3.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.8.2...3.8.3 )
---
updated-dependencies:
- dependency-name: prettier
dependency-version: 3.8.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:32 +01:00
dependabot[bot]
33e4f8beb2
core: bump axum from 0.8.8 to 0.8.9 ( #21741 )
...
Bumps [axum](https://github.com/tokio-rs/axum ) from 0.8.8 to 0.8.9.
- [Release notes](https://github.com/tokio-rs/axum/releases )
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md )
- [Commits](https://github.com/tokio-rs/axum/compare/axum-v0.8.8...axum-v0.8.9 )
---
updated-dependencies:
- dependency-name: axum
dependency-version: 0.8.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-21 13:15:26 +01:00
