Merge branch 'main' into core/object-attributes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	packages/client-go/api_admin.go
#	packages/client-go/api_core.go
#	packages/client-go/model_content_type.go
#	packages/client-go/model_model_enum.go
#	packages/client-rust/src/apis/admin_api.rs
#	packages/client-rust/src/apis/core_api.rs
#	packages/client-rust/src/models/content_type.rs
#	packages/client-rust/src/models/mod.rs
#	packages/client-rust/src/models/model_enum.rs

.github/actions/setup-node/action.yml

@@ -1,77 +0,0 @@
-name: "Setup Node.js and NPM"
-description: "Sets up Node.js with a specific NPM version via Corepack"
-inputs:
-  working-directory:
-    description: "Path to the working directory containing the package.json file"
-    required: false
-    default: "."
-  dependencies:
-    required: false
-    description: "List of dependencies to setup"
-    default: "monorepo,working-directory"
-  node-version-file:
-    description: "Path to file containing the Node.js version"
-    required: false
-    default: "package.json"
-  cache-dependency-path:
-    description: "Path to dependency lock file for caching"
-    required: false
-    default: "package-lock.json"
-  cache:
-    description: "Package manager to cache"
-    default: "npm"
-  registry-url:
-    description: "npm registry URL"
-    default: "https://registry.npmjs.org"
-
-runs:
-  using: "composite"
-  steps:
-    - name: Setup Node.js (Corepack bootstrap)
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
-      with:
-        node-version-file: ${{ inputs.node-version-file }}
-        registry-url: ${{ inputs.registry-url }}
-        cache: ${{ inputs.cache }}
-        cache-dependency-path: |
-          ${{ inputs.cache-dependency-path }}
-          ${{ inputs.working-directory }}/${{ inputs.cache-dependency-path }}
-
-    - name: Install Corepack
-      working-directory: ${{ github.workspace}}
-      shell: bash
-      run: | #shell
-        node ./scripts/node/setup-corepack.mjs --force
-        corepack enable
-    - name: Lint Node.js and NPM versions
-      shell: bash
-      run: node ./scripts/node/lint-runtime.mjs
-    - name: Setup Node.js (Monorepo Root)
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
-      with:
-        node-version-file: ${{ inputs.node-version-file }}
-        registry-url: ${{ inputs.registry-url }}
-    - name: Install monorepo dependencies
-      if: ${{ contains(inputs.dependencies, 'monorepo') }}
-      shell: bash
-      run: | #shell
-        node ./scripts/node/lint-lockfile.mjs
-        corepack npm ci
-    - name: Setup Node.js (Working Directory)
-      if: ${{ contains(inputs.dependencies, 'working-directory') }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
-      with:
-        node-version-file: ${{ inputs.working-directory }}/${{ inputs.node-version-file }}
-        registry-url: ${{ inputs.registry-url }}
-
-    - name: Install working directory dependencies
-      if: ${{ contains(inputs.dependencies, 'working-directory') }}
-      shell: bash
-      run: | # shell
-        corepack install
-
-        echo "node version: $(node --version)"
-        echo "npm version: $(corepack npm --version)"
-
-        node ./scripts/node/lint-lockfile.mjs ${{ inputs.working-directory }}
-        corepack npm ci --prefix ${{ inputs.working-directory }}

.github/actions/setup/action.yml

@@ -67,11 +67,27 @@ runs:
       uses: taiki-e/install-action@ec28e287910af896fd98e04056d31fa68607e7ad # v2
       with:
         tool: cargo-deny cargo-machete cargo-llvm-cov nextest
-    - name: Setup node (root, web)
+    - name: Setup node (web)
       if: ${{ contains(inputs.dependencies, 'node') }}
-      uses: ./.github/actions/setup-node
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
       with:
-        working-directory: web
+        node-version-file: "${{ inputs.working-directory }}web/package.json"
+        cache: "npm"
+        cache-dependency-path: "${{ inputs.working-directory }}web/package-lock.json"
+        registry-url: "https://registry.npmjs.org"
+    - name: Setup node (root)
+      if: ${{ contains(inputs.dependencies, 'node') }}
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
+      with:
+        node-version-file: "${{ inputs.working-directory }}package.json"
+        cache: "npm"
+        cache-dependency-path: "${{ inputs.working-directory }}package-lock.json"
+        registry-url: "https://registry.npmjs.org"
+    - name: Install Node deps
+      if: ${{ contains(inputs.dependencies, 'node') }}
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: npm ci
     - name: Setup go
       if: ${{ contains(inputs.dependencies, 'go') }}
       uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5
@@ -89,7 +105,7 @@ runs:
       run: |
         export PSQL_TAG=${{ inputs.postgresql_version }}
         docker compose -f .github/actions/setup/compose.yml up -d --wait
-        corepack npm ci --prefix web
+        cd web && npm ci
     - name: Generate config
       if: ${{ contains(inputs.dependencies, 'python') }}
       shell: uv run python {0}

.github/codecov.yml

@@ -1,6 +1,3 @@
-codecov:
-  notify:
-    wait_for_ci: true
 coverage:
   status:
     project:

.github/workflows/_reusable-docker-build-single.yml

@@ -67,16 +67,6 @@ jobs:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: ./.github/actions/setup-node
-        with:
-          working-directory: web
-          dependencies: "monorepo"
-      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
-        with:
-          go-version-file: "go.mod"
-      - name: Generate API Clients
-        run: |
-          make gen-client-ts
       - name: Build Docker Image
         uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         id: push

.github/workflows/ci-api-docs.yml

@@ -22,19 +22,25 @@ jobs:
           - prettier-check
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
-        with:
-          working-directory: website
+      - name: Install Dependencies
+        working-directory: website/
+        run: npm ci
       - name: Lint
-        run: corepack npm run ${{ matrix.command }} --prefix website
+        working-directory: website/
+        run: npm run ${{ matrix.command }}
   build:
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: website
+          node-version-file: website/package.json
+          cache: "npm"
+          cache-dependency-path: website/package-lock.json
+      - working-directory: website/
+        name: Install Dependencies
+        run: npm ci
       - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
         with:
           path: |
@@ -48,7 +54,7 @@ jobs:
         working-directory: website
         env:
           NODE_ENV: production
-        run: corepack npm run build -w api
+        run: npm run build -w api
       - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4
         with:
           name: api-docs
@@ -65,9 +71,11 @@ jobs:
         with:
           name: api-docs
           path: website/api/build
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: website
+          node-version-file: website/package.json
+          cache: "npm"
+          cache-dependency-path: website/package-lock.json
       - name: Deploy Netlify (Production)
         working-directory: website/api
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'

.github/workflows/ci-aws-cfn.yml

@@ -24,9 +24,14 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
       - name: Setup authentik env
         uses: ./.github/actions/setup
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: lifecycle/aws
+          node-version-file: lifecycle/aws/package.json
+          cache: "npm"
+          cache-dependency-path: lifecycle/aws/package-lock.json
+      - working-directory: lifecycle/aws/
+        run: |
+          npm ci
       - name: Check changes have been applied
         run: |
           uv run make aws-cfn

.github/workflows/ci-docs.yml

@@ -24,34 +24,46 @@ jobs:
           - prettier-check
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
-        with:
-          working-directory: website
+      - name: Install dependencies
+        working-directory: website/
+        run: npm ci
       - name: Lint
-        run: corepack npm run ${{ matrix.command }} --prefix website
+        working-directory: website/
+        run: npm run ${{ matrix.command }}
   build-docs:
     runs-on: ubuntu-latest
     env:
       NODE_ENV: production
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
-        name: Setup Node.js
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: website
+          node-version-file: website/package.json
+          cache: "npm"
+          cache-dependency-path: website/package-lock.json
+      - working-directory: website/
+        name: Install Dependencies
+        run: npm ci
       - name: Build Documentation via Docusaurus
-        run: corepack npm run build --prefix website
+        working-directory: website/
+        run: npm run build
   build-integrations:
     runs-on: ubuntu-latest
     env:
       NODE_ENV: production
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: website
+          node-version-file: website/package.json
+          cache: "npm"
+          cache-dependency-path: website/package-lock.json
+      - working-directory: website/
+        name: Install Dependencies
+        run: npm ci
       - name: Build Integrations via Docusaurus
-        run: corepack npm run build -w integrations --prefix website
+        working-directory: website/
+        run: npm run build -w integrations
   build-container:
     runs-on: ubuntu-latest
     permissions:

.github/workflows/ci-main.yml

@@ -109,13 +109,8 @@ jobs:
       - name: checkout stable
         run: |
           set -e -o pipefail
-
           cp -R .github ..
           cp -R scripts ..
-
-          mkdir -p ../packages
-          cp -R packages/logger-js ../packages/logger-js
-
           # Previous stable tag
           prev_stable=$(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1)
           # Current version family based on
@@ -123,13 +118,10 @@ jobs:
           if [[ -n $current_version_family ]]; then
               prev_stable="version/${current_version_family}"
           fi
-
           echo "::notice::Checking out ${prev_stable} as stable version..."
           git checkout ${prev_stable}
-
-          rm -rf .github/ scripts/ packages/logger-js/
+          rm -rf .github/ scripts/
           mv ../.github ../scripts .
-          mv ../packages/logger-js ./packages/
       - name: Setup authentik env (stable)
         uses: ./.github/actions/setup
         with:
@@ -260,7 +252,6 @@ jobs:
           COMPOSE_PROFILES: ${{ matrix.job.profiles }}
         run: |
           docker compose -f tests/e2e/compose.yml up -d --quiet-pull
-      - uses: ./.github/actions/setup-node
       - id: cache-web
         uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
         if: contains(matrix.job.profiles, 'selenium')
@@ -270,12 +261,10 @@ jobs:
       - name: prepare web ui
         if: steps.cache-web.outputs.cache-hit != 'true' && contains(matrix.job.profiles, 'selenium')
         working-directory: web
-        env:
-          NODE_ENV: "production"
         run: |
-          corepack npm ci
-          corepack npm run build
-          corepack npm run build:sfe
+          npm ci
+          npm run build
+          npm run build:sfe
       - name: run e2e
         run: |
           uv run coverage run manage.py test ${{ matrix.job.glob }}
@@ -324,12 +313,11 @@ jobs:
           key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
       - name: prepare web ui
         if: steps.cache-web.outputs.cache-hit != 'true'
-        env:
-          NODE_ENV: "production"
+        working-directory: web
         run: |
-          corepack npm ci --prefix web
-          corepack npm run build --prefix web
-          corepack npm run build:sfe --prefix web
+          npm ci
+          npm run build
+          npm run build:sfe
       - name: run conformance
         run: |
           uv run coverage run manage.py test ${{ matrix.job.glob }}

.github/workflows/ci-outpost.yml

@@ -145,11 +145,16 @@ jobs:
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version-file: "go.mod"
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: web
+          node-version-file: web/package.json
+          cache: "npm"
+          cache-dependency-path: web/package-lock.json
       - name: Build web
-        run: corepack npm run build-proxy --prefix web
+        working-directory: web/
+        run: |
+          npm ci
+          npm run build-proxy
       - name: Build outpost
         run: |
           set -x

.github/workflows/ci-web.yml

@@ -15,34 +15,48 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
-    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        command:
+          - lint
+          - lint:lockfile
+          - tsc
+          - prettier-check
+        project:
+          - web
+        include:
+          - command: tsc
+            project: web
+          - command: lit-analyse
+            project: web
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: web
+          node-version-file: ${{ matrix.project }}/package.json
+          cache: "npm"
+          cache-dependency-path: ${{ matrix.project }}/package-lock.json
+      - working-directory: ${{ matrix.project }}/
+        run: |
+          npm ci
       - name: Lint
-        run: corepack npm run lint-check --prefix web
-      - name: Check types
-        run: corepack npm run tsc --prefix web
-      - name: Check formatting
-        run: corepack npm run prettier-check --prefix web
-      - name: Lit analyse
-        run: corepack npm run lit-analyse --prefix web
-
+        working-directory: ${{ matrix.project }}/
+        run: npm run ${{ matrix.command }}
   build:
     runs-on: ubuntu-latest
-    timeout-minutes: 15
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: web
+          node-version-file: web/package.json
+          cache: "npm"
+          cache-dependency-path: web/package-lock.json
+      - working-directory: web/
+        run: npm ci
       - name: build
-        env:
-          NODE_ENV: "production"
         working-directory: web/
-        run: corepack npm run build
+        run: npm run build
   ci-web-mark:
     if: always()
     needs:
@@ -57,12 +71,15 @@ jobs:
     needs:
       - ci-web-mark
     runs-on: ubuntu-latest
-    timeout-minutes: 30
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: web
+          node-version-file: web/package.json
+          cache: "npm"
+          cache-dependency-path: web/package-lock.json
+      - working-directory: web/
+        run: npm ci
       - name: test
         working-directory: web/
-        run: corepack npm run test || exit 0
+        run: npm run test || exit 0

.github/workflows/packages-npm-publish.yml

@@ -35,19 +35,22 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
         with:
           fetch-depth: 2
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: ${{ matrix.package }}
+          node-version-file: ${{ matrix.package }}/package.json
+          registry-url: "https://registry.npmjs.org"
       - name: Get changed files
         id: changed-files
         uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # 24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files: |
             ${{ matrix.package }}/package.json
+      - name: Install Dependencies
+        run: npm ci
       - name: Publish package
         if: steps.changed-files.outputs.any_changed == 'true'
         working-directory: ${{ matrix.package }}
         run: |
-          corepack npm ci
-          corepack npm run build
-          corepack npm publish
+          npm ci
+          npm run build
+          npm publish

.github/workflows/release-publish.yml

@@ -87,9 +87,11 @@ jobs:
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version-file: "go.mod"
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: web
+          node-version-file: web/package.json
+          cache: "npm"
+          cache-dependency-path: web/package-lock.json
       - name: Set up QEMU
         uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
       - name: Set up Docker Buildx
@@ -149,9 +151,15 @@ jobs:
       - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
         with:
           go-version-file: "go.mod"
-      - uses: ./.github/actions/setup-node
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
         with:
-          working-directory: web
+          node-version-file: web/package.json
+          cache: "npm"
+          cache-dependency-path: web/package-lock.json
+      - name: Install web dependencies
+        working-directory: web/
+        run: |
+          npm ci
       - name: Build web
         working-directory: web/
         run: |

.github/workflows/repo-stale.yml

@@ -27,6 +27,8 @@ jobs:
           exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question,status/reviewing
           stale-issue-label: status/stale
           stale-issue-message: >
-            This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
+            This issue has been automatically marked as stale because it has not had
+            recent activity. It will be closed if no further activity occurs. Thank you
+            for your contributions.
           # Don't stale PRs, so only apply to PRs with a non-existent label
           only-pr-labels: foo

.gitignore

@@ -14,8 +14,6 @@ media
 # Node
 
 node_modules
-corepack.tgz
-.corepack
 
 .cspellcache
 cspell-report.*

.npmrc

@@ -1,20 +0,0 @@
-# Block lifecycle scripts (preinstall/install/postinstall/prepare) from dependencies.
-# This neutralizes the dominant npm supply-chain attack vector.
-#
-# Packages that legitimately need a build step (e.g. esbuild, chromedriver, tree-sitter)
-# must be rebuilt explicitly:
-#
-#   npm rebuild --foreground-scripts esbuild chromedriver tree-sitter tree-sitter-json
-ignore-scripts=true
-
-# Fail fast if the active Node/npm doesn't match the "engines" field.
-engine-strict=true
-
-# Pin exact versions so `npm install <pkg>` writes "1.2.3" not "^1.2.3".
-save-exact=true
-
-# Surface CVE warnings during install; doesn't block.
-audit=true
-
-# Suppress funding banners.
-fund=false

.vscode/settings.json

@@ -20,9 +20,6 @@
     },
     "todo-tree.tree.showCountsInTree": true,
     "todo-tree.tree.showBadges": true,
-    "yaml.format.printWidth": 200,
-    "yaml.format.singleQuote": true,
-    "yaml.format.bracketSpacing": false,
     "yaml.customTags": [
         "!Condition sequence",
         "!Context scalar",

CODEOWNERS

@@ -34,7 +34,6 @@ packages/django-channels-postgres       @goauthentik/backend
 packages/django-postgres-cache          @goauthentik/backend
 packages/django-dramatiq-postgres       @goauthentik/backend
 # Web packages
-.npmrc                                  @goauthentik/frontend
 tsconfig.json                           @goauthentik/frontend
 package.json                            @goauthentik/frontend
 package-lock.json                       @goauthentik/frontend

Makefile

@@ -106,9 +106,8 @@ migrate: ## Run the Authentik Django server's migrations
 
 i18n-extract: core-i18n-extract web-i18n-extract  ## Extract strings that require translation into files to send to a translation service
 
-aws-cfn: node-install
-	corepack npm install --prefix lifecycle/aws
-	$(UV) run corepack npm run aws-cfn --prefix lifecycle/aws
+aws-cfn:
+	cd lifecycle/aws && npm i && $(UV) run npm run aws-cfn
 
 run:  ## Run the main authentik server and worker processes
 	$(UV) run ak allinone
@@ -126,7 +125,7 @@ core-i18n-extract:
 		--ignore website \
 		-l en
 
-install: node-install web-install core-install  ## Install all requires dependencies for `node`, `web` and `core`
+install: node-install docs-install core-install  ## Install all requires dependencies for `node`, `docs` and `core`
 
 dev-drop-db:
 	$(eval pg_user := $(shell $(UV) run python -m authentik.lib.config postgresql.user 2>/dev/null))
@@ -229,55 +228,39 @@ gen-dev-config:  ## Generate a local development config file
 ## Node.js
 #########################
 
-# Packages whose install/postinstall scripts are required for correct
-# operation (binary downloads, native bindings). The root .npmrc sets
-# `ignore-scripts=true` to block dependency lifecycle scripts by default;
-# this list is rebuilt explicitly with scripts re-enabled. Audit any
-# additions: each entry runs arbitrary code at install time.
-TRUSTED_INSTALL_SCRIPTS := esbuild chromedriver tree-sitter tree-sitter-json
-
-node-preinstall: ## Install corepack and lint the runtime to ensure the correct Node.js version is being used before installing dependencies.
-	node ./scripts/node/setup-corepack.mjs
-	node ./scripts/node/lint-runtime.mjs
-
-node-install: node-preinstall ## Install the necessary libraries to build Node.js packages
-	corepack npm ci
+node-install:  ## Install the necessary libraries to build Node.js packages
+	npm ci
+	npm ci --prefix web
 
 #########################
 ## Web
 #########################
 
-web-install: ## Install the necessary libraries to build the Authentik UI
-	corepack npm ci --prefix web
-
-web-postinstall:  ## Trigger postinstall scripts for packages with native bindings or binary downloads, which are blocked by default for security reasons.
-	corepack npm rebuild --prefix web --ignore-scripts=false --foreground-scripts $(TRUSTED_INSTALL_SCRIPTS)
-
 web-build: node-install  ## Build the Authentik UI
-	corepack npm run --prefix web build
+	npm run --prefix web build
 
 web: web-lint-fix web-lint web-check-compile  ## Automatically fix formatting issues in the Authentik UI source code, lint the code, and compile it
 
 web-test: ## Run tests for the Authentik UI
-	corepack npm run --prefix web test
+	npm run --prefix web test
 
 web-watch:  ## Build and watch the Authentik UI for changes, updating automatically
-	corepack npm run --prefix web watch
+	npm run --prefix web watch
 web-storybook-watch:  ## Build and run the storybook documentation server
-	corepack npm run --prefix web storybook
+	npm run --prefix web storybook
 
 web-lint-fix:
-	corepack npm run --prefix web prettier
+	npm run --prefix web prettier
 
 web-lint:
-	corepack npm run --prefix web lint
-	corepack npm run --prefix web lit-analyse
+	npm run --prefix web lint
+	npm run --prefix web lit-analyse
 
 web-check-compile:
-	corepack npm run --prefix web tsc
+	npm run --prefix web tsc
 
 web-i18n-extract:
-	corepack npm run --prefix web extract-locales
+	npm run --prefix web extract-locales
 
 #########################
 ## Docs
@@ -285,36 +268,35 @@ web-i18n-extract:
 
 docs: docs-lint-fix docs-build  ## Automatically fix formatting issues in the Authentik docs source code, lint the code, and compile it
 
-docs-install: node-install  ## Install the necessary libraries to build the Authentik documentation
-	corepack npm ci --prefix website
+docs-install:
+	npm ci --prefix website
 
 docs-lint-fix: lint-spellcheck
-	corepack npm run --prefix website prettier
+	npm run --prefix website prettier
 
 docs-build:
-	node ./scripts/node/lint-runtime.mjs website
-	corepack npm run --prefix website build
+	npm run --prefix website build
 
 docs-watch:  ## Build and watch the topics documentation
-	corepack npm run --prefix website start
+	npm run --prefix website start
 
 integrations: docs-lint-fix integrations-build ## Fix formatting issues in the integrations source code, lint the code, and compile it
 
 integrations-build:
-	corepack npm run --prefix website -w integrations build
+	npm run --prefix website -w integrations build
 
 integrations-watch:  ## Build and watch the Integrations documentation
-	corepack npm run --prefix website -w integrations start
+	npm run --prefix website -w integrations start
 
 docs-api-build:
-	corepack npm run --prefix website -w api build
+	npm run --prefix website -w api build
 
 docs-api-watch:  ## Build and watch the API documentation
-	corepack npm run --prefix website -w api generate
-	corepack npm run --prefix website -w api start
+	npm run --prefix website -w api generate
+	npm run --prefix website -w api start
 
 docs-api-clean: ## Clean generated API documentation
-	corepack npm run --prefix website -w api build:api:clean
+	npm run --prefix website -w api build:api:clean
 
 #########################
 ## Docker

authentik/admin/api/meta.py

@@ -1,13 +1,16 @@
 """Meta API"""
 
+from django.apps import apps
 from drf_spectacular.utils import extend_schema
-from rest_framework.fields import CharField
+from rest_framework.fields import BooleanField, CharField
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.viewsets import ViewSet
 
+from authentik.api.validation import validate
 from authentik.core.api.utils import PassiveSerializer
+from authentik.core.models import AttributesMixin
 from authentik.lib.api import Models
 from authentik.lib.utils.reflection import get_apps
 
@@ -36,12 +39,19 @@ class AppsViewSet(ViewSet):
 class ModelViewSet(ViewSet):
     """Read-only view list all installed models"""
 
+    class ModelFilterSerializer(PassiveSerializer):
+        filter_has_attributes = BooleanField(allow_null=True, default=None)
+
     permission_classes = [IsAuthenticated]
 
-    @extend_schema(responses={200: AppSerializer(many=True)})
-    def list(self, request: Request) -> Response:
+    @extend_schema(responses={200: AppSerializer(many=True)}, parameters=[ModelFilterSerializer])
+    @validate(ModelFilterSerializer, "query")
+    def list(self, request: Request, query: ModelFilterSerializer) -> Response:
         """Read-only view list all installed models"""
         data = []
         for name, label in Models.choices:
+            if query.validated_data["filter_has_attributes"]:
+                if not issubclass(apps.get_model(name), AttributesMixin):
+                    continue
             data.append({"name": name, "label": label})
         return Response(AppSerializer(data, many=True).data)

authentik/core/api/application_entitlements.py

@@ -6,6 +6,7 @@ from rest_framework.exceptions import ValidationError
 from rest_framework.viewsets import ModelViewSet
 
 from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
+from authentik.core.api.object_attributes import AttributesMixinSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import ModelSerializer
 from authentik.core.models import (
@@ -14,7 +15,7 @@ from authentik.core.models import (
 )
 
 
-class ApplicationEntitlementSerializer(ModelSerializer):
+class ApplicationEntitlementSerializer(AttributesMixinSerializer, ModelSerializer):
     """ApplicationEntitlement Serializer"""
 
     def validate_app(self, app: Application) -> Application:

authentik/core/api/groups.py

@@ -30,6 +30,7 @@ from authentik.api.search.fields import (
     JSONSearchField,
 )
 from authentik.api.validation import validate
+from authentik.core.api.object_attributes import AttributesMixinSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import JSONDictField, ModelSerializer, PassiveSerializer
 from authentik.core.models import Group, User
@@ -146,7 +147,7 @@ class RelatedGroupSerializer(ModelSerializer):
         ]
 
 
-class GroupSerializer(ModelSerializer):
+class GroupSerializer(AttributesMixinSerializer, ModelSerializer):
     """Group Serializer"""
 
     attributes = JSONDictField(required=False)

authentik/core/api/object_attributes.py

@@ -0,0 +1,94 @@
+from typing import Any
+
+from django.contrib.contenttypes.models import ContentType
+from django.utils.translation import gettext_lazy as _
+from rest_framework.exceptions import ValidationError
+from rest_framework.fields import CharField, SerializerMethodField
+from rest_framework.viewsets import ModelViewSet
+
+from authentik.core.api.utils import ModelSerializer
+from authentik.core.models import AttributesMixin, ObjectAttribute
+from authentik.lib.utils.dict import get_path_from_dict
+
+
+class AttributesMixinSerializer(ModelSerializer):
+
+    def validate(self, data: dict[str, Any]) -> dict[str, Any]:
+        model = self.Meta.model
+        attrs = data.get("attributes", {})
+        attributes = ObjectAttribute.objects.filter(
+            object_type=ContentType.objects.get_for_model(model),
+            enabled=True,
+        )
+        for attr in attributes:
+            value = get_path_from_dict(attrs, attr.key)
+            attr.run_validation(value)
+        return data
+
+
+class ContentTypeSerializer(ModelSerializer):
+    app_label = CharField(read_only=True)
+    model = CharField(read_only=True)
+    verbose_name_plural = SerializerMethodField()
+    fully_qualified_model = SerializerMethodField()
+
+    def get_fully_qualified_model(self, ct: ContentType) -> str:
+        return f"{ct.app_label}.{ct.model}"
+
+    def get_verbose_name_plural(self, ct: ContentType) -> str:
+        return ct.model_class()._meta.verbose_name_plural
+
+    class Meta:
+        model = ContentType
+        fields = ("id", "app_label", "model", "verbose_name_plural", "fully_qualified_model")
+
+
+class ObjectAttributeSerializer(ModelSerializer):
+
+    object_type = CharField()
+    object_type_obj = ContentTypeSerializer(read_only=True, source="object_type")
+
+    def validate_object_type(self, fqm: str) -> ContentType:
+        app_label, _, model = fqm.partition(".")
+        ct = ContentType.objects.filter(app_label=app_label, model=model).first()
+        if not ct or not issubclass(ct.model_class(), AttributesMixin):
+            raise ValidationError("Invalid object type")
+        return ct
+
+    def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
+        if attrs.get("is_unique") and attrs.get("is_array"):
+            raise ValidationError(_("Unique cannot be enabled for arrays."))
+        return super().validate(attrs)
+
+    class Meta:
+        model = ObjectAttribute
+        fields = [
+            "pk",
+            "object_type",
+            "object_type_obj",
+            "enabled",
+            "created",
+            "key",
+            "label",
+            "last_updated",
+            "regex",
+            "type",
+            "group",
+            "managed",
+            "is_unique",
+            "is_required",
+            "is_array",
+        ]
+        extra_kwargs = {
+            "last_updated": {"read_only": True},
+            "created": {"read_only": True},
+            "pk": {"read_only": True},
+        }
+
+
+class ObjectAttributeViewSet(ModelViewSet):
+    serializer_class = ObjectAttributeSerializer
+    queryset = ObjectAttribute.objects.all()
+    filterset_fields = ["object_type__model", "object_type__app_label", "enabled"]
+    search_fields = ["key", "label", "group", "object_type__model", "object_type__app_label"]
+    ordering = ["key"]

authentik/core/api/users.py

@@ -65,6 +65,7 @@ from authentik.api.search.fields import (
 from authentik.api.validation import validate
 from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT
 from authentik.brands.models import Brand
+from authentik.core.api.object_attributes import AttributesMixinSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import (
     JSONDictField,
@@ -134,7 +135,7 @@ class PartialGroupSerializer(ModelSerializer):
         ]
 
 
-class UserSerializer(ModelSerializer):
+class UserSerializer(AttributesMixinSerializer, ModelSerializer):
     """User Serializer"""
 
     is_superuser = SerializerMethodField()

authentik/core/migrations/0058_objectattribute.py

@@ -0,0 +1,62 @@
+# Generated by Django 5.2.13 on 2026-04-11 18:35
+
+import django.db.models.deletion
+import uuid
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_core", "0057_remove_user_groups_remove_user_user_permissions_and_more"),
+        ("contenttypes", "0002_remove_content_type_name"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="ObjectAttribute",
+            fields=[
+                ("created", models.DateTimeField(auto_now_add=True)),
+                ("last_updated", models.DateTimeField(auto_now=True)),
+                (
+                    "managed",
+                    models.TextField(
+                        default=None,
+                        help_text="Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.",
+                        null=True,
+                        unique=True,
+                        verbose_name="Managed by authentik",
+                    ),
+                ),
+                (
+                    "attribute_id",
+                    models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False),
+                ),
+                ("enabled", models.BooleanField(default=True)),
+                ("label", models.TextField()),
+                ("group", models.TextField(blank=True)),
+                ("key", models.TextField()),
+                (
+                    "type",
+                    models.TextField(
+                        choices=[("text", "Text"), ("number", "Number"), ("boolean", "Boolean")]
+                    ),
+                ),
+                ("is_unique", models.BooleanField(default=False)),
+                ("is_required", models.BooleanField(default=False)),
+                ("regex", models.TextField(blank=True)),
+                ("is_array", models.BooleanField(default=False)),
+                (
+                    "object_type",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="contenttypes.contenttype"
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Object Attribute",
+                "verbose_name_plural": "Object Attributes",
+                "unique_together": {("object_type", "key", "enabled")},
+            },
+        ),
+    ]

authentik/core/models.py

@@ -13,6 +13,7 @@ from deepmerge import always_merger
 from django.contrib.auth.hashers import check_password, identify_hasher
 from django.contrib.auth.models import AbstractUser, Permission
 from django.contrib.auth.models import UserManager as DjangoUserManager
+from django.contrib.contenttypes.models import ContentType
 from django.contrib.sessions.base_session import AbstractBaseSession
 from django.core.validators import validate_slug
 from django.db import models
@@ -26,6 +27,7 @@ from guardian.models import RoleModelPermission, RoleObjectPermission
 from model_utils.managers import InheritanceManager
 from psqlextra.indexes import UniqueIndex
 from psqlextra.models import PostgresMaterializedViewModel
+from rest_framework.exceptions import ValidationError
 from rest_framework.serializers import Serializer
 from structlog.stdlib import get_logger
 
@@ -1392,3 +1394,61 @@ class AuthenticatedSession(SerializerModel):
             session=Session.objects.filter(session_key=request.session.session_key).first(),
             user=user,
         )
+
+
+class ObjectAttribute(SerializerModel, ManagedModel, CreatedUpdatedModel):
+    """User-defined schema for models' `attributes` JSON field."""
+
+    class AttributeType(models.TextChoices):
+        TEXT = "text"
+        NUMBER = "number"
+        BOOLEAN = "boolean"
+
+    attribute_id = models.UUIDField(default=uuid4, primary_key=True)
+
+    enabled = models.BooleanField(default=True)
+
+    object_type = models.ForeignKey(ContentType, on_delete=models.CASCADE)
+    label = models.TextField()
+    group = models.TextField(blank=True)
+    key = models.TextField()
+
+    type = models.TextField(choices=AttributeType.choices)
+    is_unique = models.BooleanField(default=False)
+    is_required = models.BooleanField(default=False)
+    regex = models.TextField(blank=True)
+    is_array = models.BooleanField(default=False)
+
+    def run_validation(self, value: Any) -> None:
+        err_key = f"attributes_{self.key.replace(".", "_")}"
+        if self.is_required and value is None:
+            raise ValidationError({err_key: _("This field is required")})
+        if self.is_array:
+            if not isinstance(value, (list, tuple)):
+                raise ValidationError({err_key: _("Value must be an array.")})
+            if self.regex != "":
+                if not all(re.fullmatch(self.regex, v) for v in value):
+                    raise ValidationError({err_key: _("Value does not match configured pattern.")})
+        else:
+            if self.is_unique:
+                model: type[models.Model] = self.object_type.model_class()
+                lookup_key = f"attributes__{self.key.replace(".", "__")}"
+                if model.objects.filter(**{lookup_key: value}).exists():
+                    raise ValidationError({err_key: _("Value is not unique.")})
+            if self.regex != "":
+                if not re.fullmatch(self.regex, value):
+                    raise ValidationError({err_key: _("Value does not match configured pattern.")})
+
+    @property
+    def serializer(self) -> type[Serializer]:
+        from authentik.core.api.object_attributes import ObjectAttributeSerializer
+
+        return ObjectAttributeSerializer
+
+    def __str__(self):
+        return f"Object attribute '{self.key}' for content type {self.object_type_id}"
+
+    class Meta:
+        verbose_name = _("Object Attribute")
+        verbose_name_plural = _("Object Attributes")
+        unique_together = (("object_type", "key", "enabled"),)

authentik/core/tests/test_object_attributes_api.py

@@ -0,0 +1,198 @@
+"""Test object attributes API"""
+
+from django.urls import reverse
+from rest_framework.test import APITestCase
+
+from authentik.core.api.object_attributes import ContentType
+from authentik.core.models import ObjectAttribute, User
+from authentik.core.tests.utils import create_test_admin_user, create_test_user
+from authentik.lib.generators import generate_id
+
+
+class TestObjectAttributesAPI(APITestCase):
+    """Test object attributes API"""
+
+    def setUp(self) -> None:
+        super().setUp()
+        self.user = create_test_admin_user()
+        self.client.force_login(self.user)
+
+    def test_create(self):
+        res = self.client.post(
+            reverse("authentik_api:objectattribute-list"),
+            data={
+                "object_type": "authentik_core.user",
+                "enabled": False,
+                "key": "employeeNumber",
+                "label": "Employee Number",
+                "type": "text",
+                "group": "Employee",
+                "is_unique": False,
+                "is_required": False,
+            },
+        )
+        self.assertEqual(res.status_code, 201)
+        attr = ObjectAttribute.objects.filter(key="employeeNumber").first()
+        self.assertIsNotNone(attr)
+
+    def test_create_invalid(self):
+        res = self.client.post(
+            reverse("authentik_api:objectattribute-list"),
+            data={
+                "object_type": "authentik_core.objectattribute",
+                "enabled": False,
+                "key": "employeeNumber",
+                "label": "Employee Number",
+                "type": "text",
+                "group": "Employee",
+                "is_unique": False,
+                "is_required": False,
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(res.content, {"object_type": ["Invalid object type"]})
+
+    def test_create_invalid_array_unique(self):
+        res = self.client.post(
+            reverse("authentik_api:objectattribute-list"),
+            data={
+                "object_type": "authentik_core.user",
+                "enabled": False,
+                "key": "employeeNumber",
+                "label": "Employee Number",
+                "type": "text",
+                "group": "Employee",
+                "is_unique": True,
+                "is_required": False,
+                "is_array": True,
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(
+            res.content, {"non_field_errors": ["Unique cannot be enabled for arrays."]}
+        )
+
+    def test_update(self):
+        attr = ObjectAttribute.objects.create(
+            object_type=ContentType.objects.get_for_model(User),
+            label="foo",
+            key=generate_id(),
+            type=ObjectAttribute.AttributeType.TEXT,
+        )
+        res = self.client.put(
+            reverse("authentik_api:objectattribute-detail", kwargs={"pk": attr.pk}),
+            data={
+                "object_type": "authentik_core.user",
+                "enabled": False,
+                "key": attr.key,
+                "label": "Employee Number",
+                "type": "text",
+                "group": "Employee",
+                "is_unique": False,
+                "is_required": False,
+            },
+        )
+        self.assertEqual(res.status_code, 200)
+        attr.refresh_from_db()
+        self.assertEqual(attr.label, "Employee Number")
+
+    def test_user_attrib_validation_required(self):
+        attr = ObjectAttribute.objects.create(
+            object_type=ContentType.objects.get_for_model(User),
+            label="foo",
+            key=generate_id(),
+            type=ObjectAttribute.AttributeType.TEXT,
+            is_required=True,
+        )
+        res = self.client.patch(
+            reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}),
+            data={
+                "attributes": {},
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(res.content, {f"attributes_{attr.key}": ["This field is required"]})
+
+    def test_user_attrib_validation_unique(self):
+        attr = ObjectAttribute.objects.create(
+            object_type=ContentType.objects.get_for_model(User),
+            label="foo",
+            key=generate_id(),
+            type=ObjectAttribute.AttributeType.TEXT,
+            is_unique=True,
+        )
+        other_user = create_test_user()
+        other_user.attributes[attr.key] = "foo"
+        other_user.save()
+        res = self.client.patch(
+            reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}),
+            data={
+                "attributes": {attr.key: "foo"},
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(res.content, {f"attributes_{attr.key}": ["Value is not unique."]})
+
+    def test_user_attrib_validation_regex(self):
+        attr = ObjectAttribute.objects.create(
+            object_type=ContentType.objects.get_for_model(User),
+            label="foo",
+            key=generate_id(),
+            type=ObjectAttribute.AttributeType.TEXT,
+            regex="bar",
+        )
+        res = self.client.patch(
+            reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}),
+            data={
+                "attributes": {attr.key: "foo"},
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(
+            res.content, {f"attributes_{attr.key}": ["Value does not match configured pattern."]}
+        )
+
+    def test_user_attrib_validation_array(self):
+        attr = ObjectAttribute.objects.create(
+            object_type=ContentType.objects.get_for_model(User),
+            label="foo",
+            key=generate_id(),
+            type=ObjectAttribute.AttributeType.TEXT,
+            is_array=True,
+        )
+        res = self.client.patch(
+            reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}),
+            data={
+                "attributes": {attr.key: "foo"},
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(res.content, {f"attributes_{attr.key}": ["Value must be an array."]})
+
+        res = self.client.patch(
+            reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}),
+            data={
+                "attributes": {attr.key: ["foo"]},
+            },
+        )
+        self.assertEqual(res.status_code, 200)
+
+    def test_user_attrib_validation_array_regex(self):
+        attr = ObjectAttribute.objects.create(
+            object_type=ContentType.objects.get_for_model(User),
+            label="foo",
+            key=generate_id(),
+            type=ObjectAttribute.AttributeType.TEXT,
+            is_array=True,
+            regex="bar",
+        )
+        res = self.client.patch(
+            reverse("authentik_api:user-detail", kwargs={"pk": self.user.pk}),
+            data={
+                "attributes": {attr.key: ["foo"]},
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(
+            res.content, {f"attributes_{attr.key}": ["Value does not match configured pattern."]}
+        )

authentik/core/urls.py

@@ -8,6 +8,7 @@ from authentik.core.api.applications import ApplicationViewSet
 from authentik.core.api.authenticated_sessions import AuthenticatedSessionViewSet
 from authentik.core.api.devices import AdminDeviceViewSet, DeviceViewSet
 from authentik.core.api.groups import GroupViewSet
+from authentik.core.api.object_attributes import ObjectAttributeViewSet
 from authentik.core.api.property_mappings import PropertyMappingViewSet
 from authentik.core.api.providers import ProviderViewSet
 from authentik.core.api.sources import (
@@ -87,6 +88,7 @@ api_urlpatterns = [
     ("core/groups", GroupViewSet),
     ("core/users", UserViewSet),
     ("core/tokens", TokenViewSet),
+    ("core/object_attributes", ObjectAttributeViewSet),
     ("sources/all", SourceViewSet),
     ("sources/user_connections/all", UserSourceConnectionViewSet),
     ("sources/group_connections/all", GroupSourceConnectionViewSet),

authentik/endpoints/api/device_access_group.py

@@ -1,11 +1,12 @@
 from rest_framework.viewsets import ModelViewSet
 
+from authentik.core.api.object_attributes import AttributesMixinSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import ModelSerializer
 from authentik.endpoints.models import DeviceAccessGroup
 
 
-class DeviceAccessGroupSerializer(ModelSerializer):
+class DeviceAccessGroupSerializer(AttributesMixinSerializer, ModelSerializer):
 
     class Meta:
         model = DeviceAccessGroup

authentik/enterprise/providers/scim/api.py

@@ -1,72 +1,14 @@
-from datetime import datetime
-
-from django.urls import reverse
 from django.utils.translation import gettext as _
 from rest_framework.exceptions import ValidationError
 
 from authentik.enterprise.license import LicenseKey
-from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMProvider
-from authentik.sources.oauth.models import UserOAuthSourceConnection
+from authentik.providers.scim.models import SCIMAuthenticationMode
 
 
 class SCIMProviderSerializerMixin:
 
-    def _get_token(self, instance: SCIMProvider) -> UserOAuthSourceConnection | None:
-        user = instance.auth_oauth_user
-        conn = UserOAuthSourceConnection.objects.filter(
-            user=user, source=instance.auth_oauth
-        ).first()
-        return conn
-
-    def get_auth_oauth_token_last_updated(self, instance: SCIMProvider) -> datetime | None:
-        conn = self._get_token(instance)
-        return conn.last_updated if conn else None
-
-    def get_auth_oauth_token_expires(self, instance: SCIMProvider) -> datetime | None:
-        conn = self._get_token(instance)
-        return conn.expires if conn else None
-
-    def get_auth_oauth_url_callback(self, instance: SCIMProvider) -> str | None:
-        if (
-            instance.auth_mode
-            in [
-                SCIMAuthenticationMode.TOKEN,
-                SCIMAuthenticationMode.OAUTH_SILENT,
-            ]
-            or not instance.backchannel_application
-        ):
-            return None
-        relative_url = reverse(
-            "authentik_enterprise_providers_scim:callback",
-            kwargs={"application_slug": instance.backchannel_application.slug},
-        )
-        if "request" not in self.context:
-            return relative_url
-        return self.context["request"].build_absolute_uri(relative_url)
-
-    def get_auth_oauth_url_start(self, instance: SCIMProvider) -> str | None:
-        if (
-            instance.auth_mode
-            in [
-                SCIMAuthenticationMode.TOKEN,
-                SCIMAuthenticationMode.OAUTH_SILENT,
-            ]
-            or not instance.backchannel_application
-        ):
-            return None
-        relative_url = reverse(
-            "authentik_enterprise_providers_scim:start",
-            kwargs={"application_slug": instance.backchannel_application.slug},
-        )
-        if "request" not in self.context:
-            return relative_url
-        return self.context["request"].build_absolute_uri(relative_url)
-
     def validate_auth_mode(self, auth_mode: SCIMAuthenticationMode) -> SCIMAuthenticationMode:
-        if auth_mode in [
-            SCIMAuthenticationMode.OAUTH_SILENT,
-            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
-        ]:
+        if auth_mode == SCIMAuthenticationMode.OAUTH:
             if not LicenseKey.cached_summary().status.is_valid:
                 raise ValidationError(_("Enterprise is required to use the OAuth mode."))
         return auth_mode

authentik/enterprise/providers/scim/apps.py

@@ -7,4 +7,3 @@ class AuthentikEnterpriseProviderSCIMConfig(EnterpriseConfig):
     label = "authentik_enterprise_providers_scim"
     verbose_name = "authentik Enterprise.Providers.SCIM"
     default = True
-    mountpoint = "application/scim/"

authentik/enterprise/providers/scim/auth_oauth2.py

@@ -1,14 +1,12 @@
 from datetime import timedelta
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING
 
 from django.utils.timezone import now
 from requests import Request, RequestException
 from structlog.stdlib import get_logger
 
-from authentik.common.oauth.constants import GRANT_TYPE_PASSWORD, GRANT_TYPE_REFRESH_TOKEN
 from authentik.providers.scim.clients.exceptions import SCIMRequestException
-from authentik.providers.scim.models import SCIMAuthenticationMode
-from authentik.sources.oauth.clients.base import BaseOAuthClient
+from authentik.sources.oauth.clients.oauth2 import OAuth2Client
 from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
 
 if TYPE_CHECKING:
@@ -20,26 +18,23 @@ class SCIMOAuthException(SCIMRequestException):
 
 
 class SCIMOAuthAuth:
+
     def __init__(self, provider: SCIMProvider):
         self.provider = provider
         self.user = provider.auth_oauth_user
         self.logger = get_logger().bind()
         self.connection = self.get_connection()
 
-    def retrieve_token(self, conn: UserOAuthSourceConnection | None) -> dict[str, Any]:
+    def retrieve_token(self):
+        if not self.provider.auth_oauth:
+            return None
         source: OAuthSource = self.provider.auth_oauth
-        client: BaseOAuthClient = source.source_type.callback_view(request=None).get_client(source)
+        client = OAuth2Client(source, None)
         access_token_url = source.source_type.access_token_url or ""
         if source.source_type.urls_customizable and source.access_token_url:
             access_token_url = source.access_token_url
         data = client.get_access_token_args(None, None)
-        if self.provider.auth_mode == SCIMAuthenticationMode.OAUTH_SILENT:
-            data["grant_type"] = GRANT_TYPE_PASSWORD
-        elif self.provider.auth_mode == SCIMAuthenticationMode.OAUTH_INTERACTIVE:
-            data["grant_type"] = GRANT_TYPE_REFRESH_TOKEN
-            if not conn:
-                raise SCIMOAuthException(None, "Could not refresh SCIM OAuth token")
-            data["refresh_token"] = conn.refresh_token
+        data["grant_type"] = "password"
         data.update(self.provider.auth_oauth_params)
         try:
             response = client.do_request(
@@ -59,14 +54,12 @@ class SCIMOAuthAuth:
             raise SCIMOAuthException(exc.response, message="Failed to get OAuth token") from exc
 
     def get_connection(self):
-        if not self.provider.auth_oauth:
-            return None
-        conn = UserOAuthSourceConnection.objects.filter(
-            source=self.provider.auth_oauth, user=self.user
+        token = UserOAuthSourceConnection.objects.filter(
+            source=self.provider.auth_oauth, user=self.user, expires__gt=now()
         ).first()
-        if conn and conn.access_token and conn.expires > now():
-            return conn
-        token = self.retrieve_token(conn)
+        if token and token.access_token:
+            return token
+        token = self.retrieve_token()
         access_token = token["access_token"]
         expires_in = int(token.get("expires_in", 0))
         token, _ = UserOAuthSourceConnection.objects.update_or_create(
@@ -74,10 +67,7 @@ class SCIMOAuthAuth:
             user=self.user,
             defaults={
                 "access_token": access_token,
-                "refresh_token": token.get("refresh_token"),
                 "expires": now() + timedelta(seconds=expires_in),
-                # When using `update_or_create`, `last_updated` is not updated
-                "last_updated": now(),
             },
         )
         return token

authentik/enterprise/providers/scim/signals.py

@@ -14,10 +14,7 @@ def scim_provider_post_save(sender: type[Model], instance: SCIMProvider, created
     """Create service account before provider is saved"""
     identifier = f"ak-providers-scim-{instance.pk}"
     with audit_ignore():
-        if instance.auth_mode in [
-            SCIMAuthenticationMode.OAUTH_SILENT,
-            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
-        ]:
+        if instance.auth_mode == SCIMAuthenticationMode.OAUTH:
             user, user_created = User.objects.update_or_create(
                 username=identifier,
                 defaults={

authentik/enterprise/providers/scim/tests.py

@@ -2,7 +2,7 @@
 
 from base64 import b64encode
 from datetime import timedelta
-from urllib.parse import parse_qs, urlencode, urlparse
+from unittest.mock import MagicMock, PropertyMock, patch
 
 from django.urls import reverse
 from django.utils.timezone import now
@@ -11,14 +11,17 @@ from rest_framework.test import APITestCase
 
 from authentik.blueprints.tests import apply_blueprint
 from authentik.core.models import Application, Group, User
+from authentik.core.tests.utils import create_test_admin_user
+from authentik.enterprise.license import LicenseKey
+from authentik.enterprise.models import License
+from authentik.enterprise.tests.test_license import expiry_valid
 from authentik.lib.generators import generate_id
 from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMMapping, SCIMProvider
 from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
 from authentik.tenants.models import Tenant
-from tests.live import create_test_admin_user
 
 
-class TestSCIMOAuthToken(APITestCase):
+class SCIMOAuthTests(APITestCase):
     """SCIM User tests"""
 
     @apply_blueprint("system/providers-scim.yaml")
@@ -39,7 +42,7 @@ class TestSCIMOAuthToken(APITestCase):
         self.provider = SCIMProvider.objects.create(
             name=generate_id(),
             url="https://localhost",
-            auth_mode=SCIMAuthenticationMode.OAUTH_SILENT,
+            auth_mode=SCIMAuthenticationMode.OAUTH,
             auth_oauth=self.source,
             auth_oauth_params={
                 "foo": "bar",
@@ -57,9 +60,8 @@ class TestSCIMOAuthToken(APITestCase):
         self.provider.property_mappings_group.add(
             SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group")
         )
-        self.admin = create_test_admin_user()
 
-    def test_retrieve_token_silent(self):
+    def test_retrieve_token(self):
         """Test token retrieval"""
         with Mocker() as mocker:
             token = generate_id()
@@ -84,44 +86,6 @@ class TestSCIMOAuthToken(APITestCase):
         )
         self.assertEqual(mocker.request_history[0].body, "grant_type=password&foo=bar")
 
-    def test_retrieve_token_interactive(self):
-        """Test token retrieval"""
-        self.provider.auth_mode = SCIMAuthenticationMode.OAUTH_INTERACTIVE
-        self.provider.save()
-        refresh_token = generate_id()
-        access_token = generate_id()
-        UserOAuthSourceConnection.objects.create(
-            user=self.provider.auth_oauth_user,
-            source=self.source,
-            refresh_token=refresh_token,
-            access_token=access_token,
-        )
-        with Mocker() as mocker:
-            token = generate_id()
-            mocker.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
-            self.provider.scim_auth()
-        conn = UserOAuthSourceConnection.objects.filter(
-            source=self.source,
-            user=self.provider.auth_oauth_user,
-        ).first()
-        self.assertIsNotNone(conn)
-        self.assertTrue(conn.is_valid)
-        auth = (
-            b64encode(
-                b":".join((self.source.consumer_key.encode(), self.source.consumer_secret.encode()))
-            )
-            .strip()
-            .decode()
-        )
-        self.assertEqual(
-            mocker.request_history[0].headers["Authorization"],
-            f"Basic {auth}",
-        )
-        self.assertEqual(
-            mocker.request_history[0].body,
-            f"grant_type=refresh_token&refresh_token={refresh_token}&foo=bar",
-        )
-
     def test_existing_token(self):
         """Test existing token"""
         UserOAuthSourceConnection.objects.create(
@@ -134,54 +98,96 @@ class TestSCIMOAuthToken(APITestCase):
             self.provider.scim_auth()
             self.assertEqual(len(mocker.request_history), 0)
 
-    def test_interactive_start(self):
-        self.client.force_login(self.admin)
-        res = self.client.get(
-            reverse(
-                "authentik_enterprise_providers_scim:start",
-                kwargs={
-                    "application_slug": self.app.slug,
+    @Mocker()
+    def test_user_create(self, mock: Mocker):
+        """Test user creation"""
+        scim_id = generate_id()
+        token = generate_id()
+        mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
+        mock.get(
+            "https://localhost/ServiceProviderConfig",
+            json={},
+        )
+        mock.post(
+            "https://localhost/Users",
+            json={
+                "id": scim_id,
+            },
+        )
+        uid = generate_id()
+        user = User.objects.create(
+            username=uid,
+            name=f"{uid} {uid}",
+            email=f"{uid}@goauthentik.io",
+        )
+        self.assertEqual(mock.call_count, 3)
+        self.assertEqual(mock.request_history[1].method, "GET")
+        self.assertEqual(mock.request_history[2].method, "POST")
+        self.assertJSONEqual(
+            mock.request_history[2].body,
+            {
+                "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
+                "active": True,
+                "emails": [
+                    {
+                        "primary": True,
+                        "type": "other",
+                        "value": f"{uid}@goauthentik.io",
+                    }
+                ],
+                "externalId": user.uid,
+                "name": {
+                    "familyName": uid,
+                    "formatted": f"{uid} {uid}",
+                    "givenName": uid,
                 },
-            )
+                "displayName": f"{uid} {uid}",
+                "userName": uid,
+            },
         )
-        self.assertEqual(res.status_code, 302)
-        query = parse_qs(urlparse(res.url).query)
-        self.assertEqual(query["client_id"], [self.source.consumer_key])
-        self.assertEqual(
-            query["redirect_uri"],
-            [f"http://testserver/application/scim/{self.app.slug}/oauth2/callback/"],
-        )
-        self.assertEqual(query["response_type"], ["code"])
 
-    def test_interactive_callback(self):
-        self.client.force_login(self.admin)
-        res = self.client.get(
-            reverse(
-                "authentik_enterprise_providers_scim:start",
-                kwargs={
-                    "application_slug": self.app.slug,
-                },
+    @patch(
+        "authentik.enterprise.license.LicenseKey.validate",
+        MagicMock(
+            return_value=LicenseKey(
+                aud="",
+                exp=expiry_valid,
+                name=generate_id(),
+                internal_users=100,
+                external_users=100,
             )
+        ),
+    )
+    def test_api_create(self):
+        License.objects.create(key=generate_id())
+        self.client.force_login(create_test_admin_user())
+        res = self.client.post(
+            reverse("authentik_api:scimprovider-list"),
+            {
+                "name": generate_id(),
+                "url": "http://localhost",
+                "auth_mode": "oauth",
+                "auth_oauth": str(self.source.pk),
+            },
         )
-        self.assertEqual(res.status_code, 302)
-        query = parse_qs(urlparse(res.url).query)
+        self.assertEqual(res.status_code, 201)
 
-        with Mocker() as mock:
-            token = generate_id()
-            mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
-
-            res = self.client.get(
-                reverse(
-                    "authentik_enterprise_providers_scim:callback",
-                    kwargs={
-                        "application_slug": self.app.slug,
-                    },
-                )
-                + "?"
-                + urlencode({"state": query["state"][0], "code": generate_id()})
-            )
-            self.assertEqual(res.status_code, 302)
-
-        conn = UserOAuthSourceConnection.objects.filter(source=self.source).first()
-        self.assertIsNotNone(conn)
-        self.assertTrue(conn.is_valid)
+    @patch(
+        "authentik.enterprise.models.LicenseUsageStatus.is_valid",
+        PropertyMock(return_value=False),
+    )
+    def test_api_create_no_license(self):
+        self.client.force_login(create_test_admin_user())
+        res = self.client.post(
+            reverse("authentik_api:scimprovider-list"),
+            {
+                "name": generate_id(),
+                "url": "http://localhost",
+                "auth_mode": "oauth",
+                "auth_oauth": str(self.source.pk),
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(
+            res.content, {"auth_mode": ["Enterprise is required to use the OAuth mode."]}
+        )

authentik/enterprise/providers/scim/tests/test_api.py

@@ -1,73 +0,0 @@
-"""SCIM OAuth tests"""
-
-from unittest.mock import MagicMock, PropertyMock, patch
-
-from django.urls import reverse
-from rest_framework.test import APITestCase
-
-from authentik.core.tests.utils import create_test_admin_user
-from authentik.enterprise.license import LicenseKey
-from authentik.enterprise.models import License
-from authentik.enterprise.tests.test_license import expiry_valid
-from authentik.lib.generators import generate_id
-from authentik.sources.oauth.models import OAuthSource
-
-
-class TestSCIMOAuthAPI(APITestCase):
-    """SCIM User tests"""
-
-    def setUp(self):
-        self.source = OAuthSource.objects.create(
-            name=generate_id(),
-            slug=generate_id(),
-            access_token_url="http://localhost/token",  # nosec
-            consumer_key=generate_id(),
-            consumer_secret=generate_id(),
-            provider_type="openidconnect",
-        )
-
-    @patch(
-        "authentik.enterprise.license.LicenseKey.validate",
-        MagicMock(
-            return_value=LicenseKey(
-                aud="",
-                exp=expiry_valid,
-                name=generate_id(),
-                internal_users=100,
-                external_users=100,
-            )
-        ),
-    )
-    def test_api_create(self):
-        License.objects.create(key=generate_id())
-        self.client.force_login(create_test_admin_user())
-        res = self.client.post(
-            reverse("authentik_api:scimprovider-list"),
-            {
-                "name": generate_id(),
-                "url": "http://localhost",
-                "auth_mode": "oauth",
-                "auth_oauth": str(self.source.pk),
-            },
-        )
-        self.assertEqual(res.status_code, 201)
-
-    @patch(
-        "authentik.enterprise.models.LicenseUsageStatus.is_valid",
-        PropertyMock(return_value=False),
-    )
-    def test_api_create_no_license(self):
-        self.client.force_login(create_test_admin_user())
-        res = self.client.post(
-            reverse("authentik_api:scimprovider-list"),
-            {
-                "name": generate_id(),
-                "url": "http://localhost",
-                "auth_mode": "oauth",
-                "auth_oauth": str(self.source.pk),
-            },
-        )
-        self.assertEqual(res.status_code, 400)
-        self.assertJSONEqual(
-            res.content, {"auth_mode": ["Enterprise is required to use the OAuth mode."]}
-        )

authentik/enterprise/providers/scim/tests/test_auth.py

@@ -1,100 +0,0 @@
-"""SCIM OAuth tests"""
-
-from requests_mock import Mocker
-from rest_framework.test import APITestCase
-
-from authentik.blueprints.tests import apply_blueprint
-from authentik.core.models import Application, Group, User
-from authentik.lib.generators import generate_id
-from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMMapping, SCIMProvider
-from authentik.sources.oauth.models import OAuthSource
-from authentik.tenants.models import Tenant
-
-
-class TestSCIMOAuthAuth(APITestCase):
-    """SCIM User tests"""
-
-    @apply_blueprint("system/providers-scim.yaml")
-    def setUp(self) -> None:
-        # Delete all users and groups as the mocked HTTP responses only return one ID
-        # which will cause errors with multiple users
-        Tenant.objects.update(avatars="none")
-        User.objects.all().exclude_anonymous().delete()
-        Group.objects.all().delete()
-        self.source = OAuthSource.objects.create(
-            name=generate_id(),
-            slug=generate_id(),
-            access_token_url="http://localhost/token",  # nosec
-            consumer_key=generate_id(),
-            consumer_secret=generate_id(),
-            provider_type="openidconnect",
-        )
-        self.provider = SCIMProvider.objects.create(
-            name=generate_id(),
-            url="https://localhost",
-            auth_mode=SCIMAuthenticationMode.OAUTH_SILENT,
-            auth_oauth=self.source,
-            auth_oauth_params={
-                "foo": "bar",
-            },
-            exclude_users_service_account=True,
-        )
-        self.app: Application = Application.objects.create(
-            name=generate_id(),
-            slug=generate_id(),
-        )
-        self.app.backchannel_providers.add(self.provider)
-        self.provider.property_mappings.add(
-            SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user")
-        )
-        self.provider.property_mappings_group.add(
-            SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group")
-        )
-
-    @Mocker()
-    def test_user_create(self, mock: Mocker):
-        """Test user creation"""
-        scim_id = generate_id()
-        token = generate_id()
-        mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
-        mock.get(
-            "https://localhost/ServiceProviderConfig",
-            json={},
-        )
-        mock.post(
-            "https://localhost/Users",
-            json={
-                "id": scim_id,
-            },
-        )
-        uid = generate_id()
-        user = User.objects.create(
-            username=uid,
-            name=f"{uid} {uid}",
-            email=f"{uid}@goauthentik.io",
-        )
-        self.assertEqual(mock.call_count, 3)
-        self.assertEqual(mock.request_history[1].method, "GET")
-        self.assertEqual(mock.request_history[2].method, "POST")
-        self.assertJSONEqual(
-            mock.request_history[2].body,
-            {
-                "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
-                "active": True,
-                "emails": [
-                    {
-                        "primary": True,
-                        "type": "other",
-                        "value": f"{uid}@goauthentik.io",
-                    }
-                ],
-                "externalId": user.uid,
-                "name": {
-                    "familyName": uid,
-                    "formatted": f"{uid} {uid}",
-                    "givenName": uid,
-                },
-                "displayName": f"{uid} {uid}",
-                "userName": uid,
-            },
-        )

authentik/enterprise/providers/scim/urls.py

@@ -1,10 +0,0 @@
-from django.urls import path
-
-from authentik.enterprise.providers.scim.views import SCIMOAuthStart, SCIMRedirectCallback
-
-urlpatterns = [
-    path("<slug:application_slug>/oauth2/start/", SCIMOAuthStart.as_view(), name="start"),
-    path(
-        "<slug:application_slug>/oauth2/callback/", SCIMRedirectCallback.as_view(), name="callback"
-    ),
-]

authentik/enterprise/providers/scim/views.py

@@ -1,70 +0,0 @@
-from datetime import timedelta
-
-from django.core.exceptions import PermissionDenied
-from django.http import HttpRequest
-from django.shortcuts import redirect
-from django.urls import reverse
-from django.utils.timezone import now
-
-from authentik.core.models import Application
-from authentik.providers.scim.models import SCIMProvider
-from authentik.sources.oauth.clients.base import BaseOAuthClient
-from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
-from authentik.sources.oauth.types.registry import RequestKind, registry
-from authentik.sources.oauth.views.callback import OAuthCallback
-from authentik.sources.oauth.views.redirect import OAuthRedirect
-
-
-class SCIMOAuthViewMixin:
-
-    provider: SCIMProvider
-
-    def get_client(self, source: OAuthSource, **kwargs) -> BaseOAuthClient:
-        source: OAuthSource = self.provider.auth_oauth
-        source_cls = registry.find(source.provider_type, kind=RequestKind.CALLBACK)
-        if not source_cls.client_class:
-            return super().get_client(source, **kwargs)
-        return source_cls.client_class(source, self.request, **kwargs)
-
-    def _get_scim_provider(self, app_slug: str):
-        app = Application.objects.filter(slug=app_slug).first()
-        if not app:
-            return None
-        provider = SCIMProvider.objects.filter(backchannel_application=app)
-        return provider.first()
-
-    def dispatch(self, request: HttpRequest, application_slug: str):
-        if not request.user.is_authenticated:
-            raise PermissionDenied()
-        provider = self._get_scim_provider(application_slug)
-        if not provider or not provider.auth_oauth:
-            raise PermissionDenied()
-        if not request.user.has_perm(
-            "authentik_providers_scim.change_scimprovider",
-            provider,
-        ):
-            raise PermissionDenied()
-        self.provider = provider
-        return super().dispatch(request, source_slug=provider.auth_oauth.slug)
-
-
-class SCIMOAuthStart(SCIMOAuthViewMixin, OAuthRedirect):
-
-    def get_callback_url(self, source: OAuthSource):
-        return reverse("authentik_enterprise_providers_scim:callback", kwargs=self.kwargs)
-
-
-class SCIMRedirectCallback(SCIMOAuthViewMixin, OAuthCallback):
-
-    def redirect_flow_manager(self, client: BaseOAuthClient):
-        expires_in = int(self.token.get("expires_in", 0))
-        UserOAuthSourceConnection.objects.update_or_create(
-            source=self.provider.auth_oauth,
-            user=self.provider.auth_oauth_user,
-            defaults={
-                "access_token": self.token.get("access_token"),
-                "refresh_token": self.token.get("refresh_token"),
-                "expires": now() + timedelta(seconds=expires_in),
-            },
-        )
-        return redirect("authentik_core:if-admin")

authentik/enterprise/reports/api/reports.py

@@ -4,13 +4,13 @@ from django.urls import reverse
 from drf_spectacular.utils import extend_schema
 from rest_framework import mixins
 from rest_framework.decorators import action
-from rest_framework.fields import CharField, SerializerMethodField
 from rest_framework.permissions import BasePermission
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
 from authentik.core.api.groups import PartialUserSerializer
+from authentik.core.api.object_attributes import ContentTypeSerializer
 from authentik.core.api.utils import ModelSerializer
 from authentik.enterprise.api import EnterpriseRequiredMixin
 from authentik.enterprise.reports.models import DataExport
@@ -18,19 +18,6 @@ from authentik.enterprise.reports.tasks import generate_export
 from authentik.rbac.permissions import HasPermission
 
 
-class ContentTypeSerializer(ModelSerializer):
-    app_label = CharField(read_only=True)
-    model = CharField(read_only=True)
-    verbose_name_plural = SerializerMethodField()
-
-    def get_verbose_name_plural(self, ct: ContentType) -> str:
-        return ct.model_class()._meta.verbose_name_plural
-
-    class Meta:
-        model = ContentType
-        fields = ("id", "app_label", "model", "verbose_name_plural")
-
-
 class DataExportSerializer(EnterpriseRequiredMixin, ModelSerializer):
     requested_by = PartialUserSerializer(read_only=True)
     content_type = ContentTypeSerializer(read_only=True)

authentik/lib/expression/evaluator.py

@@ -10,6 +10,7 @@ from typing import TYPE_CHECKING, Any
 
 from cachetools import TLRUCache, cached
 from django.core.exceptions import FieldError
+from django.db.models import Model
 from django.http import HttpRequest
 from django.utils.text import slugify
 from django.utils.timezone import now
@@ -22,6 +23,7 @@ from structlog.stdlib import get_logger
 from authentik.core.models import User
 from authentik.events.models import Event
 from authentik.lib.expression.exceptions import ControlFlowException
+from authentik.lib.utils.dict import get_path_from_dict
 from authentik.lib.utils.email import normalize_addresses
 from authentik.lib.utils.http import get_http_session
 from authentik.lib.utils.time import timedelta_from_string
@@ -70,6 +72,7 @@ class BaseEvaluator:
             "ak_send_email": self.expr_send_email,
             "ak_user_by": BaseEvaluator.expr_user_by,
             "ak_user_has_authenticator": BaseEvaluator.expr_func_user_has_authenticator,
+            "ak_obj_attr": BaseEvaluator.expr_obj_attr,
             "ip_address": ip_address,
             "ip_network": ip_network,
             "list_flatten": BaseEvaluator.expr_flatten,
@@ -162,6 +165,16 @@ class BaseEvaluator:
             return False
         return len(list(user_devices)) > 0
 
+    @staticmethod
+    def expr_obj_attr(obj: Model, attr_key: str, fallback: str) -> Any:
+        """Get an attribute of the given object if set by its dotted path, otherwise
+        return fallback value."""
+        attrs = getattr(obj, "attributes", {})
+        value = get_path_from_dict(attrs, attr_key)
+        if value is None and fallback:
+            return getattr(obj, fallback)
+        return value
+
     def expr_event_create(self, action: str, **kwargs):
         """Create event with supplied data and try to extract as much relevant data
         from the context"""

authentik/providers/scim/api/providers.py

@@ -1,6 +1,5 @@
 """SCIM Provider API Views"""
 
-from rest_framework.fields import SerializerMethodField
 from rest_framework.viewsets import ModelViewSet
 
 from authentik.core.api.providers import ProviderSerializer
@@ -17,11 +16,6 @@ class SCIMProviderSerializer(
 ):
     """SCIMProvider Serializer"""
 
-    auth_oauth_token_last_updated = SerializerMethodField()
-    auth_oauth_token_expires = SerializerMethodField()
-    auth_oauth_url_callback = SerializerMethodField()
-    auth_oauth_url_start = SerializerMethodField()
-
     class Meta:
         model = SCIMProvider
         fields = [
@@ -41,10 +35,6 @@ class SCIMProviderSerializer(
             "auth_mode",
             "auth_oauth",
             "auth_oauth_params",
-            "auth_oauth_token_last_updated",
-            "auth_oauth_token_expires",
-            "auth_oauth_url_callback",
-            "auth_oauth_url_start",
             "compatibility_mode",
             "service_provider_config_cache_timeout",
             "exclude_users_service_account",

authentik/providers/scim/migrations/0019_scimprovider_group_filters_and_more.py

@@ -102,16 +102,4 @@ class Migration(migrations.Migration):
                 verbose_name="SCIM Compatibility Mode",
             ),
         ),
-        migrations.AlterField(
-            model_name="scimprovider",
-            name="auth_mode",
-            field=models.TextField(
-                choices=[
-                    ("token", "Token"),
-                    ("oauth", "OAuth (Silent)"),
-                    ("oauth_interactive", "OAuth (interactive)"),
-                ],
-                default="token",
-            ),
-        ),
     ]

authentik/providers/scim/models.py

@@ -72,8 +72,7 @@ class SCIMAuthenticationMode(models.TextChoices):
     """SCIM authentication modes"""
 
     TOKEN = "token", _("Token")
-    OAUTH_SILENT = "oauth", _("OAuth (Silent)")
-    OAUTH_INTERACTIVE = "oauth_interactive", _("OAuth (interactive)")
+    OAUTH = "oauth", _("OAuth")
 
 
 class SCIMCompatibilityMode(models.TextChoices):
@@ -145,10 +144,7 @@ class SCIMProvider(OutgoingSyncProvider, BackchannelProvider):
     )
 
     def scim_auth(self) -> AuthBase:
-        if self.auth_mode in [
-            SCIMAuthenticationMode.OAUTH_SILENT,
-            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
-        ]:
+        if self.auth_mode == SCIMAuthenticationMode.OAUTH:
             try:
                 from authentik.enterprise.providers.scim.auth_oauth2 import SCIMOAuthAuth
 

authentik/sources/oauth/types/registry.py

@@ -1,5 +1,6 @@
 """Source type manager"""
 
+from collections.abc import Callable
 from enum import Enum
 from typing import Any
 
@@ -113,7 +114,7 @@ class SourceTypeRegistry:
             )
         return found_type
 
-    def find(self, type_name: str, kind: RequestKind) -> type[OAuthCallback | OAuthRedirect]:
+    def find(self, type_name: str, kind: RequestKind) -> Callable:
         """Find fitting Source Type"""
         found_type = self.find_type(type_name)
         if kind == RequestKind.CALLBACK:

authentik/sources/oauth/views/callback.py

@@ -15,7 +15,6 @@ from structlog.stdlib import get_logger
 
 from authentik.core.sources.flow_manager import SourceFlowManager
 from authentik.events.models import Event, EventAction
-from authentik.sources.oauth.clients.base import BaseOAuthClient
 from authentik.sources.oauth.models import (
     GroupOAuthSourceConnection,
     OAuthSource,
@@ -30,7 +29,7 @@ class OAuthCallback(OAuthClientMixin, View):
     "Base OAuth callback view."
 
     source: OAuthSource
-    token: dict[str, Any] | None = None
+    token: dict | None = None
 
     def dispatch(self, request: HttpRequest, *_, **kwargs) -> HttpResponse:
         """View Get handler"""
@@ -50,31 +49,20 @@ class OAuthCallback(OAuthClientMixin, View):
         if "error" in self.token:
             return self.handle_login_failure(self.token["error"])
         # Fetch profile info
-        try:
-            res = self.redirect_flow_manager(client)
-        except ValueError as exc:
-            # if we're authenticated and not in a source stage and this new flag is enabled,
-            # just continue
-            if self.request.user.is_authenticated:
-                pass
-            return self.handle_login_failure(exc.args[0])
-        return res
-
-    def redirect_flow_manager(self, client: BaseOAuthClient) -> HttpResponse:
         try:
             raw_info = client.get_profile_info(self.token)
             if raw_info is None:
-                raise ValueError("Could not retrieve profile.")
+                return self.handle_login_failure("Could not retrieve profile.")
         except JSONDecodeError as exc:
             Event.new(
                 EventAction.CONFIGURATION_ERROR,
                 message="Failed to JSON-decode profile.",
                 raw_profile=exc.doc,
             ).from_http(self.request)
-            raise ValueError("Could not retrieve profile.") from None
+            return self.handle_login_failure("Could not retrieve profile.")
         identifier = self.get_user_id(info=raw_info)
         if identifier is None:
-            raise ValueError("Could not determine id.")
+            return self.handle_login_failure("Could not determine id.")
         sfm = OAuthSourceFlowManager(
             source=self.source,
             request=self.request,

blueprints/schema.json

@@ -296,6 +296,46 @@
                         }
                     }
                 },
+                {
+                    "type": "object",
+                    "required": [
+                        "model",
+                        "identifiers"
+                    ],
+                    "properties": {
+                        "model": {
+                            "const": "authentik_core.objectattribute"
+                        },
+                        "id": {
+                            "type": "string"
+                        },
+                        "state": {
+                            "type": "string",
+                            "enum": [
+                                "absent",
+                                "created",
+                                "must_created",
+                                "present"
+                            ],
+                            "default": "present"
+                        },
+                        "conditions": {
+                            "type": "array",
+                            "items": {
+                                "type": "boolean"
+                            }
+                        },
+                        "permissions": {
+                            "$ref": "#/$defs/model_authentik_core.objectattribute_permissions"
+                        },
+                        "attrs": {
+                            "$ref": "#/$defs/model_authentik_core.objectattribute"
+                        },
+                        "identifiers": {
+                            "$ref": "#/$defs/model_authentik_core.objectattribute"
+                        }
+                    }
+                },
                 {
                     "type": "object",
                     "required": [
@@ -5420,6 +5460,95 @@
                 }
             }
         },
+        "model_authentik_core.objectattribute": {
+            "type": "object",
+            "properties": {
+                "object_type": {
+                    "type": "string",
+                    "minLength": 1,
+                    "title": "Object type"
+                },
+                "enabled": {
+                    "type": "boolean",
+                    "title": "Enabled"
+                },
+                "key": {
+                    "type": "string",
+                    "minLength": 1,
+                    "title": "Key"
+                },
+                "label": {
+                    "type": "string",
+                    "minLength": 1,
+                    "title": "Label"
+                },
+                "regex": {
+                    "type": "string",
+                    "title": "Regex"
+                },
+                "type": {
+                    "type": "string",
+                    "enum": [
+                        "text",
+                        "number",
+                        "boolean"
+                    ],
+                    "title": "Type"
+                },
+                "group": {
+                    "type": "string",
+                    "title": "Group"
+                },
+                "managed": {
+                    "type": [
+                        "string",
+                        "null"
+                    ],
+                    "minLength": 1,
+                    "title": "Managed by authentik",
+                    "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
+                },
+                "is_unique": {
+                    "type": "boolean",
+                    "title": "Is unique"
+                },
+                "is_required": {
+                    "type": "boolean",
+                    "title": "Is required"
+                },
+                "is_array": {
+                    "type": "boolean",
+                    "title": "Is array"
+                }
+            },
+            "required": []
+        },
+        "model_authentik_core.objectattribute_permissions": {
+            "type": "array",
+            "items": {
+                "type": "object",
+                "required": [
+                    "permission"
+                ],
+                "properties": {
+                    "permission": {
+                        "type": "string",
+                        "enum": [
+                            "add_objectattribute",
+                            "change_objectattribute",
+                            "delete_objectattribute",
+                            "view_objectattribute"
+                        ]
+                    },
+                    "user": {
+                        "type": "integer"
+                    },
+                    "role": {
+                        "type": "string"
+                    }
+                }
+            }
+        },
         "model_authentik_core.token": {
             "type": "object",
             "properties": {
@@ -5610,6 +5739,7 @@
                             "authentik_core.add_groupancestrynode",
                             "authentik_core.add_groupparentagenode",
                             "authentik_core.add_groupsourceconnection",
+                            "authentik_core.add_objectattribute",
                             "authentik_core.add_propertymapping",
                             "authentik_core.add_provider",
                             "authentik_core.add_source",
@@ -5624,6 +5754,7 @@
                             "authentik_core.change_groupancestrynode",
                             "authentik_core.change_groupparentagenode",
                             "authentik_core.change_groupsourceconnection",
+                            "authentik_core.change_objectattribute",
                             "authentik_core.change_propertymapping",
                             "authentik_core.change_provider",
                             "authentik_core.change_source",
@@ -5637,6 +5768,7 @@
                             "authentik_core.delete_groupancestrynode",
                             "authentik_core.delete_groupparentagenode",
                             "authentik_core.delete_groupsourceconnection",
+                            "authentik_core.delete_objectattribute",
                             "authentik_core.delete_propertymapping",
                             "authentik_core.delete_provider",
                             "authentik_core.delete_source",
@@ -5657,6 +5789,7 @@
                             "authentik_core.view_groupancestrynode",
                             "authentik_core.view_groupparentagenode",
                             "authentik_core.view_groupsourceconnection",
+                            "authentik_core.view_objectattribute",
                             "authentik_core.view_propertymapping",
                             "authentik_core.view_provider",
                             "authentik_core.view_source",
@@ -9085,6 +9218,7 @@
                         "authentik_core.application",
                         "authentik_core.applicationentitlement",
                         "authentik_core.token",
+                        "authentik_core.objectattribute",
                         "authentik_crypto.certificatekeypair",
                         "authentik_endpoints.deviceuserbinding",
                         "authentik_endpoints.deviceaccessgroup",
@@ -11203,8 +11337,7 @@
                     "type": "string",
                     "enum": [
                         "token",
-                        "oauth",
-                        "oauth_interactive"
+                        "oauth"
                     ],
                     "title": "Auth mode"
                 },
@@ -11377,6 +11510,7 @@
                             "authentik_core.add_groupancestrynode",
                             "authentik_core.add_groupparentagenode",
                             "authentik_core.add_groupsourceconnection",
+                            "authentik_core.add_objectattribute",
                             "authentik_core.add_propertymapping",
                             "authentik_core.add_provider",
                             "authentik_core.add_source",
@@ -11391,6 +11525,7 @@
                             "authentik_core.change_groupancestrynode",
                             "authentik_core.change_groupparentagenode",
                             "authentik_core.change_groupsourceconnection",
+                            "authentik_core.change_objectattribute",
                             "authentik_core.change_propertymapping",
                             "authentik_core.change_provider",
                             "authentik_core.change_source",
@@ -11404,6 +11539,7 @@
                             "authentik_core.delete_groupancestrynode",
                             "authentik_core.delete_groupparentagenode",
                             "authentik_core.delete_groupsourceconnection",
+                            "authentik_core.delete_objectattribute",
                             "authentik_core.delete_propertymapping",
                             "authentik_core.delete_provider",
                             "authentik_core.delete_source",
@@ -11424,6 +11560,7 @@
                             "authentik_core.view_groupancestrynode",
                             "authentik_core.view_groupparentagenode",
                             "authentik_core.view_groupsourceconnection",
+                            "authentik_core.view_objectattribute",
                             "authentik_core.view_propertymapping",
                             "authentik_core.view_provider",
                             "authentik_core.view_source",

blueprints/system/object-attributes-user.yaml

@@ -0,0 +1,145 @@
+version: 1
+metadata:
+  labels:
+    blueprints.goauthentik.io/system: "true"
+  name: System - Object Attributes - User
+entries:
+  identity:
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: givenName
+        managed: goauthentik.io/object-attrs/user/identity/givenName
+      attrs:
+        group: Identity
+        object_type: authentik_core.user
+        label: Given Name
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: familyName
+        managed: goauthentik.io/object-attrs/user/identity/familyName
+      attrs:
+        group: Identity
+        object_type: authentik_core.user
+        label: Family Name
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+  ak:
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: settings.locale
+        managed: goauthentik.io/object-attrs/user/settings/locale
+      attrs:
+        group: Settings
+        object_type: authentik_core.user
+        label: Locale
+        enabled: true
+        is_required: false
+        is_unique: false
+        type: text
+  address:
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: street
+        managed: goauthentik.io/object-attrs/user/address/street
+      attrs:
+        group: Address
+        object_type: authentik_core.user
+        label: Street
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: state
+        managed: goauthentik.io/object-attrs/user/address/state
+      attrs:
+        group: Address
+        object_type: authentik_core.user
+        label: State
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: location
+        managed: goauthentik.io/object-attrs/user/address/location
+      attrs:
+        group: Address
+        object_type: authentik_core.user
+        label: Location
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: postalCode
+        managed: goauthentik.io/object-attrs/user/address/postal-code
+      attrs:
+        group: Address
+        object_type: authentik_core.user
+        label: Postal code
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+  contact:
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: phoneNumber
+        managed: goauthentik.io/object-attrs/user/contact/phone-number
+      attrs:
+        group: Contact
+        object_type: authentik_core.user
+        label: Phone number(s)
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+        is_array: true
+  unix:
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: shell
+        managed: goauthentik.io/object-attrs/user/unix/shell
+      attrs:
+        group: Unix
+        object_type: authentik_core.user
+        label: Shell
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+  employee:
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: employeeNumber
+        managed: goauthentik.io/object-attrs/user/employee/number
+      attrs:
+        group: Employee
+        object_type: authentik_core.user
+        label: Employee Number
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text
+    - model: authentik_core.objectattribute
+      identifiers:
+        key: jobTitle
+        managed: goauthentik.io/object-attrs/user/employee/title
+      attrs:
+        group: Employee
+        object_type: authentik_core.user
+        label: Title
+        enabled: false
+        is_required: false
+        is_unique: false
+        type: text

blueprints/system/providers-oauth2.yaml

@@ -35,14 +35,13 @@ entries:
       description: "General Profile Information"
       expression: |
         return {
-            # Because authentik only saves the user's full name, and has no concept of first and last names,
-            # the full name is used as given name.
-            # You can override this behaviour in custom mappings, i.e. `request.user.name.split(" ")`
             "name": request.user.name,
-            "given_name": request.user.name,
+            "given_name": ak_obj_attr(request.user, "givenName", "name"),
+            "family_name": ak_obj_attr(request.user, "familyName"),
             "preferred_username": request.user.username,
             "nickname": request.user.username,
             "groups": [group.name for group in request.user.groups.all()],
+            "picture": request.user.avatar,
         }
   - identifiers:
       managed: goauthentik.io/providers/oauth2/scope-entitlements

blueprints/system/providers-scim.yaml

@@ -42,8 +42,8 @@ entries:
             "userName": request.user.username,
             "name": {
                 "formatted": formatted,
-                "givenName": givenName,
-                "familyName": familyName,
+                "givenName": ak_obj_attr(request.user, "givenName") or givenName,
+                "familyName": ak_obj_attr(request.user, "familyName") or familyName,
             },
             "displayName": request.user.name,
             "photos": photos,

lifecycle/aws/package-lock.json

@@ -13,8 +13,8 @@
                 "cross-env": "^10.1.0"
             },
             "engines": {
-                "node": ">=24",
-                "npm": ">=11.10.1"
+                "node": ">=20",
+                "npm": ">=11.6.2"
             }
         },
         "node_modules/@epic-web/invariant": {

lifecycle/aws/package.json

@@ -11,20 +11,7 @@
         "cross-env": "^10.1.0"
     },
     "engines": {
-        "node": ">=24",
-        "npm": ">=11.14.1"
-    },
-    "devEngines": {
-        "runtime": {
-            "name": "node",
-            "onFail": "warn",
-            "version": ">=24"
-        },
-        "packageManager": {
-            "name": "npm",
-            "version": ">=11.14.1",
-            "onFail": "warn"
-        }
-    },
-    "packageManager": "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367"
+        "node": ">=20",
+        "npm": ">=11.6.2"
+    }
 }

lifecycle/container/Dockerfile

@@ -7,17 +7,6 @@ ARG GIT_BUILD_HASH
 ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
 ENV NODE_ENV=production
 
-WORKDIR /work
-
-RUN --mount=type=bind,target=/work/package.json,src=./package.json \
-    --mount=type=bind,target=/work/package-lock.json,src=./package-lock.json \
-    --mount=type=bind,target=/work/web/package.json,src=./web/package.json \
-    --mount=type=bind,target=/work/web/package-lock.json,src=./web/package-lock.json \
-    --mount=type=bind,target=/work/scripts/node/,src=./scripts/node/ \
-    --mount=type=bind,target=/work/packages/logger-js/,src=./packages/logger-js/ \
-    node ./scripts/node/setup-corepack.mjs --force && \
-    node ./scripts/node/lint-runtime.mjs ./web
-
 WORKDIR /work/web
 
 # These files need to be copied and cannot be mounted as `npm ci` will build the client's typescript
@@ -29,7 +18,7 @@ RUN --mount=type=bind,target=/work/web/package.json,src=./web/package.json \
     --mount=type=bind,target=/work/web/packages/sfe/package.json,src=./web/packages/sfe/package.json \
     --mount=type=bind,target=/work/web/scripts,src=./web/scripts \
     --mount=type=cache,id=npm-ak,sharing=shared,target=/root/.npm \
-    corepack npm ci
+    npm ci
 
 COPY ./package.json /work
 COPY ./web /work/web/

lifecycle/container/proxy.Dockerfile

@@ -10,22 +10,12 @@ WORKDIR /static
 COPY ./packages /packages
 COPY ./web/packages /static/packages
 
-RUN --mount=type=bind,target=/static/package.json,src=./package.json \
-    --mount=type=bind,target=/static/package-lock.json,src=./package-lock.json \
-    --mount=type=bind,target=/static/web/package.json,src=./web/package.json \
-    --mount=type=bind,target=/static/web/package-lock.json,src=./web/package-lock.json \
-    --mount=type=bind,target=/static/scripts/node/,src=./scripts/node/ \
-    --mount=type=bind,target=/static/packages/logger-js/,src=./packages/logger-js/ \
-    node ./scripts/node/setup-corepack.mjs --force && \
-    node ./scripts/node/lint-runtime.mjs ./web
-
 COPY package.json /
-
 RUN --mount=type=bind,target=/static/package.json,src=./web/package.json \
     --mount=type=bind,target=/static/package-lock.json,src=./web/package-lock.json \
     --mount=type=bind,target=/static/scripts,src=./web/scripts \
     --mount=type=cache,target=/root/.npm \
-    corepack npm ci
+    npm ci
 
 COPY web .
 RUN npm run build-proxy

package.json

@@ -3,9 +3,9 @@
     "version": "2026.8.0-rc1",
     "private": true,
     "scripts": {
-        "lint": "run-s lint:runtime lint:spellcheck lint:lockfile",
-        "lint:lockfile": "node ./scripts/node/lint-lockfile.mjs",
-        "lint:runtime": "node ./scripts/node/lint-runtime.mjs",
+        "lint": "run-s lint:spellcheck lint:lockfile",
+        "lint:lockfile": "echo 'Skipping lockfile linting'",
+        "lint:node": "echo 'Skipping node linting'",
         "lint:spellcheck": "cspell . --config cspell.config.jsonc"
     },
     "type": "module",
@@ -14,7 +14,6 @@
     },
     "dependencies": {
         "@eslint/js": "^9.39.3",
-        "@goauthentik/docusaurus-config": "./packages/docusaurus-config",
         "@goauthentik/eslint-config": "./packages/eslint-config",
         "@goauthentik/logger-js": "./packages/logger-js",
         "@goauthentik/prettier-config": "./packages/prettier-config",
@@ -24,15 +23,15 @@
         "npm-run-all": "^4.1.5",
         "pino": "^10.3.1",
         "pino-pretty": "^13.1.2",
-        "prettier": "^3.8.3",
+        "prettier": "^3.8.1",
         "prettier-plugin-packagejson": "^3.0.0",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3"
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "workspaces": [],
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -42,11 +41,11 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "warn"
         }
     },
-    "packageManager": "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367",
+    "packageManager": "npm@11.11.0+sha512.f36811c4aae1fde639527368ae44c571d050006a608d67a191f195a801a52637a312d259186254aa3a3799b05335b7390539cf28656d18f0591a1125ba35f973",
     "prettier": "@goauthentik/prettier-config",
     "overrides": {
         "@typescript-eslint/eslint-plugin": {

packages/client-ts/src/apis/AdminApi.ts

@@ -58,6 +58,10 @@ export interface AdminFileUsedByListRequest {
     name?: string;
 }
 
+export interface AdminModelsListRequest {
+    filterHasAttributes?: boolean | null;
+}
+
 export interface AdminSettingsPartialUpdateRequest {
     patchedSettingsRequest?: PatchedSettingsRequest;
 }
@@ -400,9 +404,15 @@ export class AdminApi extends runtime.BaseAPI {
     /**
      * Creates request options for adminModelsList without sending the request
      */
-    async adminModelsListRequestOpts(): Promise<runtime.RequestOpts> {
+    async adminModelsListRequestOpts(
+        requestParameters: AdminModelsListRequest,
+    ): Promise<runtime.RequestOpts> {
         const queryParameters: any = {};
 
+        if (requestParameters["filterHasAttributes"] != null) {
+            queryParameters["filter_has_attributes"] = requestParameters["filterHasAttributes"];
+        }
+
         const headerParameters: runtime.HTTPHeaders = {};
 
         if (this.configuration && this.configuration.accessToken) {
@@ -428,9 +438,10 @@ export class AdminApi extends runtime.BaseAPI {
      * Read-only view list all installed models
      */
     async adminModelsListRaw(
+        requestParameters: AdminModelsListRequest,
         initOverrides?: RequestInit | runtime.InitOverrideFunction,
     ): Promise<runtime.ApiResponse<Array<App>>> {
-        const requestOptions = await this.adminModelsListRequestOpts();
+        const requestOptions = await this.adminModelsListRequestOpts(requestParameters);
         const response = await this.request(requestOptions, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(AppFromJSON));
@@ -440,9 +451,10 @@ export class AdminApi extends runtime.BaseAPI {
      * Read-only view list all installed models
      */
     async adminModelsList(
+        requestParameters: AdminModelsListRequest = {},
         initOverrides?: RequestInit | runtime.InitOverrideFunction,
     ): Promise<Array<App>> {
-        const response = await this.adminModelsListRaw(initOverrides);
+        const response = await this.adminModelsListRaw(requestParameters, initOverrides);
         return await response.value();
     }
 

packages/client-ts/src/apis/CoreApi.ts

@@ -28,11 +28,14 @@ import type {
     ImpersonationRequest,
     IntentEnum,
     Link,
+    ObjectAttribute,
+    ObjectAttributeRequest,
     PaginatedApplicationEntitlementList,
     PaginatedApplicationList,
     PaginatedAuthenticatedSessionList,
     PaginatedBrandList,
     PaginatedGroupList,
+    PaginatedObjectAttributeList,
     PaginatedTokenList,
     PaginatedUserConsentList,
     PaginatedUserList,
@@ -40,6 +43,7 @@ import type {
     PatchedApplicationRequest,
     PatchedBrandRequest,
     PatchedGroupRequest,
+    PatchedObjectAttributeRequest,
     PatchedTokenRequest,
     PatchedUserRequest,
     PolicyTestResult,
@@ -80,11 +84,14 @@ import {
     GroupRequestToJSON,
     ImpersonationRequestToJSON,
     LinkFromJSON,
+    ObjectAttributeFromJSON,
+    ObjectAttributeRequestToJSON,
     PaginatedApplicationEntitlementListFromJSON,
     PaginatedApplicationListFromJSON,
     PaginatedAuthenticatedSessionListFromJSON,
     PaginatedBrandListFromJSON,
     PaginatedGroupListFromJSON,
+    PaginatedObjectAttributeListFromJSON,
     PaginatedTokenListFromJSON,
     PaginatedUserConsentListFromJSON,
     PaginatedUserListFromJSON,
@@ -92,6 +99,7 @@ import {
     PatchedApplicationRequestToJSON,
     PatchedBrandRequestToJSON,
     PatchedGroupRequestToJSON,
+    PatchedObjectAttributeRequestToJSON,
     PatchedTokenRequestToJSON,
     PatchedUserRequestToJSON,
     PolicyTestResultFromJSON,
@@ -332,6 +340,38 @@ export interface CoreGroupsUsedByListRequest {
     groupUuid: string;
 }
 
+export interface CoreObjectAttributesCreateRequest {
+    objectAttributeRequest: ObjectAttributeRequest;
+}
+
+export interface CoreObjectAttributesDestroyRequest {
+    attributeId: string;
+}
+
+export interface CoreObjectAttributesListRequest {
+    enabled?: boolean;
+    objectTypeAppLabel?: string;
+    objectTypeModel?: string;
+    ordering?: string;
+    page?: number;
+    pageSize?: number;
+    search?: string;
+}
+
+export interface CoreObjectAttributesPartialUpdateRequest {
+    attributeId: string;
+    patchedObjectAttributeRequest?: PatchedObjectAttributeRequest;
+}
+
+export interface CoreObjectAttributesRetrieveRequest {
+    attributeId: string;
+}
+
+export interface CoreObjectAttributesUpdateRequest {
+    attributeId: string;
+    objectAttributeRequest: ObjectAttributeRequest;
+}
+
 export interface CoreTokensCreateRequest {
     tokenRequest: TokenRequest;
 }
@@ -3237,6 +3277,426 @@ export class CoreApi extends runtime.BaseAPI {
         return await response.value();
     }
 
+    /**
+     * Creates request options for coreObjectAttributesCreate without sending the request
+     */
+    async coreObjectAttributesCreateRequestOpts(
+        requestParameters: CoreObjectAttributesCreateRequest,
+    ): Promise<runtime.RequestOpts> {
+        if (requestParameters["objectAttributeRequest"] == null) {
+            throw new runtime.RequiredError(
+                "objectAttributeRequest",
+                'Required parameter "objectAttributeRequest" was null or undefined when calling coreObjectAttributesCreate().',
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters["Content-Type"] = "application/json";
+
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("authentik", []);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+
+        let urlPath = `/core/object_attributes/`;
+
+        return {
+            path: urlPath,
+            method: "POST",
+            headers: headerParameters,
+            query: queryParameters,
+            body: ObjectAttributeRequestToJSON(requestParameters["objectAttributeRequest"]),
+        };
+    }
+
+    /**
+     */
+    async coreObjectAttributesCreateRaw(
+        requestParameters: CoreObjectAttributesCreateRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<runtime.ApiResponse<ObjectAttribute>> {
+        const requestOptions = await this.coreObjectAttributesCreateRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) =>
+            ObjectAttributeFromJSON(jsonValue),
+        );
+    }
+
+    /**
+     */
+    async coreObjectAttributesCreate(
+        requestParameters: CoreObjectAttributesCreateRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<ObjectAttribute> {
+        const response = await this.coreObjectAttributesCreateRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Creates request options for coreObjectAttributesDestroy without sending the request
+     */
+    async coreObjectAttributesDestroyRequestOpts(
+        requestParameters: CoreObjectAttributesDestroyRequest,
+    ): Promise<runtime.RequestOpts> {
+        if (requestParameters["attributeId"] == null) {
+            throw new runtime.RequiredError(
+                "attributeId",
+                'Required parameter "attributeId" was null or undefined when calling coreObjectAttributesDestroy().',
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("authentik", []);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+
+        let urlPath = `/core/object_attributes/{attribute_id}/`;
+        urlPath = urlPath.replace(
+            `{${"attribute_id"}}`,
+            encodeURIComponent(String(requestParameters["attributeId"])),
+        );
+
+        return {
+            path: urlPath,
+            method: "DELETE",
+            headers: headerParameters,
+            query: queryParameters,
+        };
+    }
+
+    /**
+     */
+    async coreObjectAttributesDestroyRaw(
+        requestParameters: CoreObjectAttributesDestroyRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<runtime.ApiResponse<void>> {
+        const requestOptions = await this.coreObjectAttributesDestroyRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.VoidApiResponse(response);
+    }
+
+    /**
+     */
+    async coreObjectAttributesDestroy(
+        requestParameters: CoreObjectAttributesDestroyRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<void> {
+        await this.coreObjectAttributesDestroyRaw(requestParameters, initOverrides);
+    }
+
+    /**
+     * Creates request options for coreObjectAttributesList without sending the request
+     */
+    async coreObjectAttributesListRequestOpts(
+        requestParameters: CoreObjectAttributesListRequest,
+    ): Promise<runtime.RequestOpts> {
+        const queryParameters: any = {};
+
+        if (requestParameters["enabled"] != null) {
+            queryParameters["enabled"] = requestParameters["enabled"];
+        }
+
+        if (requestParameters["objectTypeAppLabel"] != null) {
+            queryParameters["object_type__app_label"] = requestParameters["objectTypeAppLabel"];
+        }
+
+        if (requestParameters["objectTypeModel"] != null) {
+            queryParameters["object_type__model"] = requestParameters["objectTypeModel"];
+        }
+
+        if (requestParameters["ordering"] != null) {
+            queryParameters["ordering"] = requestParameters["ordering"];
+        }
+
+        if (requestParameters["page"] != null) {
+            queryParameters["page"] = requestParameters["page"];
+        }
+
+        if (requestParameters["pageSize"] != null) {
+            queryParameters["page_size"] = requestParameters["pageSize"];
+        }
+
+        if (requestParameters["search"] != null) {
+            queryParameters["search"] = requestParameters["search"];
+        }
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("authentik", []);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+
+        let urlPath = `/core/object_attributes/`;
+
+        return {
+            path: urlPath,
+            method: "GET",
+            headers: headerParameters,
+            query: queryParameters,
+        };
+    }
+
+    /**
+     */
+    async coreObjectAttributesListRaw(
+        requestParameters: CoreObjectAttributesListRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<runtime.ApiResponse<PaginatedObjectAttributeList>> {
+        const requestOptions = await this.coreObjectAttributesListRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) =>
+            PaginatedObjectAttributeListFromJSON(jsonValue),
+        );
+    }
+
+    /**
+     */
+    async coreObjectAttributesList(
+        requestParameters: CoreObjectAttributesListRequest = {},
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<PaginatedObjectAttributeList> {
+        const response = await this.coreObjectAttributesListRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Creates request options for coreObjectAttributesPartialUpdate without sending the request
+     */
+    async coreObjectAttributesPartialUpdateRequestOpts(
+        requestParameters: CoreObjectAttributesPartialUpdateRequest,
+    ): Promise<runtime.RequestOpts> {
+        if (requestParameters["attributeId"] == null) {
+            throw new runtime.RequiredError(
+                "attributeId",
+                'Required parameter "attributeId" was null or undefined when calling coreObjectAttributesPartialUpdate().',
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters["Content-Type"] = "application/json";
+
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("authentik", []);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+
+        let urlPath = `/core/object_attributes/{attribute_id}/`;
+        urlPath = urlPath.replace(
+            `{${"attribute_id"}}`,
+            encodeURIComponent(String(requestParameters["attributeId"])),
+        );
+
+        return {
+            path: urlPath,
+            method: "PATCH",
+            headers: headerParameters,
+            query: queryParameters,
+            body: PatchedObjectAttributeRequestToJSON(
+                requestParameters["patchedObjectAttributeRequest"],
+            ),
+        };
+    }
+
+    /**
+     */
+    async coreObjectAttributesPartialUpdateRaw(
+        requestParameters: CoreObjectAttributesPartialUpdateRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<runtime.ApiResponse<ObjectAttribute>> {
+        const requestOptions =
+            await this.coreObjectAttributesPartialUpdateRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) =>
+            ObjectAttributeFromJSON(jsonValue),
+        );
+    }
+
+    /**
+     */
+    async coreObjectAttributesPartialUpdate(
+        requestParameters: CoreObjectAttributesPartialUpdateRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<ObjectAttribute> {
+        const response = await this.coreObjectAttributesPartialUpdateRaw(
+            requestParameters,
+            initOverrides,
+        );
+        return await response.value();
+    }
+
+    /**
+     * Creates request options for coreObjectAttributesRetrieve without sending the request
+     */
+    async coreObjectAttributesRetrieveRequestOpts(
+        requestParameters: CoreObjectAttributesRetrieveRequest,
+    ): Promise<runtime.RequestOpts> {
+        if (requestParameters["attributeId"] == null) {
+            throw new runtime.RequiredError(
+                "attributeId",
+                'Required parameter "attributeId" was null or undefined when calling coreObjectAttributesRetrieve().',
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("authentik", []);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+
+        let urlPath = `/core/object_attributes/{attribute_id}/`;
+        urlPath = urlPath.replace(
+            `{${"attribute_id"}}`,
+            encodeURIComponent(String(requestParameters["attributeId"])),
+        );
+
+        return {
+            path: urlPath,
+            method: "GET",
+            headers: headerParameters,
+            query: queryParameters,
+        };
+    }
+
+    /**
+     */
+    async coreObjectAttributesRetrieveRaw(
+        requestParameters: CoreObjectAttributesRetrieveRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<runtime.ApiResponse<ObjectAttribute>> {
+        const requestOptions =
+            await this.coreObjectAttributesRetrieveRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) =>
+            ObjectAttributeFromJSON(jsonValue),
+        );
+    }
+
+    /**
+     */
+    async coreObjectAttributesRetrieve(
+        requestParameters: CoreObjectAttributesRetrieveRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<ObjectAttribute> {
+        const response = await this.coreObjectAttributesRetrieveRaw(
+            requestParameters,
+            initOverrides,
+        );
+        return await response.value();
+    }
+
+    /**
+     * Creates request options for coreObjectAttributesUpdate without sending the request
+     */
+    async coreObjectAttributesUpdateRequestOpts(
+        requestParameters: CoreObjectAttributesUpdateRequest,
+    ): Promise<runtime.RequestOpts> {
+        if (requestParameters["attributeId"] == null) {
+            throw new runtime.RequiredError(
+                "attributeId",
+                'Required parameter "attributeId" was null or undefined when calling coreObjectAttributesUpdate().',
+            );
+        }
+
+        if (requestParameters["objectAttributeRequest"] == null) {
+            throw new runtime.RequiredError(
+                "objectAttributeRequest",
+                'Required parameter "objectAttributeRequest" was null or undefined when calling coreObjectAttributesUpdate().',
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters["Content-Type"] = "application/json";
+
+        if (this.configuration && this.configuration.accessToken) {
+            const token = this.configuration.accessToken;
+            const tokenString = await token("authentik", []);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
+        }
+
+        let urlPath = `/core/object_attributes/{attribute_id}/`;
+        urlPath = urlPath.replace(
+            `{${"attribute_id"}}`,
+            encodeURIComponent(String(requestParameters["attributeId"])),
+        );
+
+        return {
+            path: urlPath,
+            method: "PUT",
+            headers: headerParameters,
+            query: queryParameters,
+            body: ObjectAttributeRequestToJSON(requestParameters["objectAttributeRequest"]),
+        };
+    }
+
+    /**
+     */
+    async coreObjectAttributesUpdateRaw(
+        requestParameters: CoreObjectAttributesUpdateRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<runtime.ApiResponse<ObjectAttribute>> {
+        const requestOptions = await this.coreObjectAttributesUpdateRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) =>
+            ObjectAttributeFromJSON(jsonValue),
+        );
+    }
+
+    /**
+     */
+    async coreObjectAttributesUpdate(
+        requestParameters: CoreObjectAttributesUpdateRequest,
+        initOverrides?: RequestInit | runtime.InitOverrideFunction,
+    ): Promise<ObjectAttribute> {
+        const response = await this.coreObjectAttributesUpdateRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
     /**
      * Creates request options for coreTokensCreate without sending the request
      */

packages/client-ts/src/models/ContentType.ts

@@ -42,6 +42,12 @@ export interface ContentType {
      * @memberof ContentType
      */
     readonly verboseNamePlural: string;
+    /**
+     *
+     * @type {string}
+     * @memberof ContentType
+     */
+    readonly fullyQualifiedModel: string;
 }
 
 /**
@@ -52,6 +58,8 @@ export function instanceOfContentType(value: object): value is ContentType {
     if (!("appLabel" in value) || value["appLabel"] === undefined) return false;
     if (!("model" in value) || value["model"] === undefined) return false;
     if (!("verboseNamePlural" in value) || value["verboseNamePlural"] === undefined) return false;
+    if (!("fullyQualifiedModel" in value) || value["fullyQualifiedModel"] === undefined)
+        return false;
     return true;
 }
 
@@ -68,6 +76,7 @@ export function ContentTypeFromJSONTyped(json: any, ignoreDiscriminator: boolean
         appLabel: json["app_label"],
         model: json["model"],
         verboseNamePlural: json["verbose_name_plural"],
+        fullyQualifiedModel: json["fully_qualified_model"],
     };
 }
 
@@ -76,7 +85,10 @@ export function ContentTypeToJSON(json: any): ContentType {
 }
 
 export function ContentTypeToJSONTyped(
-    value?: Omit<ContentType, "id" | "app_label" | "model" | "verbose_name_plural"> | null,
+    value?: Omit<
+        ContentType,
+        "id" | "app_label" | "model" | "verbose_name_plural" | "fully_qualified_model"
+    > | null,
     ignoreDiscriminator: boolean = false,
 ): any {
     if (value == null) {

packages/client-ts/src/models/ModelEnum.ts

@@ -23,6 +23,7 @@ export const ModelEnum = {
     AuthentikCoreApplication: "authentik_core.application",
     AuthentikCoreApplicationentitlement: "authentik_core.applicationentitlement",
     AuthentikCoreToken: "authentik_core.token",
+    AuthentikCoreObjectattribute: "authentik_core.objectattribute",
     AuthentikCryptoCertificatekeypair: "authentik_crypto.certificatekeypair",
     AuthentikEndpointsDeviceuserbinding: "authentik_endpoints.deviceuserbinding",
     AuthentikEndpointsDeviceaccessgroup: "authentik_endpoints.deviceaccessgroup",

packages/client-ts/src/models/ObjectAttribute.ts

@@ -0,0 +1,191 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * authentik
+ * Making authentication simple.
+ *
+ * The version of the OpenAPI document: 2026.5.0-rc1
+ * Contact: hello@goauthentik.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import type { ContentType } from "./ContentType";
+import { ContentTypeFromJSON } from "./ContentType";
+import type { ObjectAttributeTypeEnum } from "./ObjectAttributeTypeEnum";
+import {
+    ObjectAttributeTypeEnumFromJSON,
+    ObjectAttributeTypeEnumToJSON,
+} from "./ObjectAttributeTypeEnum";
+
+/**
+ *
+ * @export
+ * @interface ObjectAttribute
+ */
+export interface ObjectAttribute {
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    readonly pk: string;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    objectType: string;
+    /**
+     *
+     * @type {ContentType}
+     * @memberof ObjectAttribute
+     */
+    readonly objectTypeObj: ContentType;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttribute
+     */
+    enabled?: boolean;
+    /**
+     *
+     * @type {Date}
+     * @memberof ObjectAttribute
+     */
+    readonly created: Date;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    key: string;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    label: string;
+    /**
+     *
+     * @type {Date}
+     * @memberof ObjectAttribute
+     */
+    readonly lastUpdated: Date;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    regex?: string;
+    /**
+     *
+     * @type {ObjectAttributeTypeEnum}
+     * @memberof ObjectAttribute
+     */
+    type: ObjectAttributeTypeEnum;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    group?: string;
+    /**
+     * Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
+     * @type {string}
+     * @memberof ObjectAttribute
+     */
+    managed?: string | null;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttribute
+     */
+    isUnique?: boolean;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttribute
+     */
+    isRequired?: boolean;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttribute
+     */
+    isArray?: boolean;
+}
+
+/**
+ * Check if a given object implements the ObjectAttribute interface.
+ */
+export function instanceOfObjectAttribute(value: object): value is ObjectAttribute {
+    if (!("pk" in value) || value["pk"] === undefined) return false;
+    if (!("objectType" in value) || value["objectType"] === undefined) return false;
+    if (!("objectTypeObj" in value) || value["objectTypeObj"] === undefined) return false;
+    if (!("created" in value) || value["created"] === undefined) return false;
+    if (!("key" in value) || value["key"] === undefined) return false;
+    if (!("label" in value) || value["label"] === undefined) return false;
+    if (!("lastUpdated" in value) || value["lastUpdated"] === undefined) return false;
+    if (!("type" in value) || value["type"] === undefined) return false;
+    return true;
+}
+
+export function ObjectAttributeFromJSON(json: any): ObjectAttribute {
+    return ObjectAttributeFromJSONTyped(json, false);
+}
+
+export function ObjectAttributeFromJSONTyped(
+    json: any,
+    ignoreDiscriminator: boolean,
+): ObjectAttribute {
+    if (json == null) {
+        return json;
+    }
+    return {
+        pk: json["pk"],
+        objectType: json["object_type"],
+        objectTypeObj: ContentTypeFromJSON(json["object_type_obj"]),
+        enabled: json["enabled"] == null ? undefined : json["enabled"],
+        created: new Date(json["created"]),
+        key: json["key"],
+        label: json["label"],
+        lastUpdated: new Date(json["last_updated"]),
+        regex: json["regex"] == null ? undefined : json["regex"],
+        type: ObjectAttributeTypeEnumFromJSON(json["type"]),
+        group: json["group"] == null ? undefined : json["group"],
+        managed: json["managed"] == null ? undefined : json["managed"],
+        isUnique: json["is_unique"] == null ? undefined : json["is_unique"],
+        isRequired: json["is_required"] == null ? undefined : json["is_required"],
+        isArray: json["is_array"] == null ? undefined : json["is_array"],
+    };
+}
+
+export function ObjectAttributeToJSON(json: any): ObjectAttribute {
+    return ObjectAttributeToJSONTyped(json, false);
+}
+
+export function ObjectAttributeToJSONTyped(
+    value?: Omit<ObjectAttribute, "pk" | "object_type_obj" | "created" | "last_updated"> | null,
+    ignoreDiscriminator: boolean = false,
+): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        object_type: value["objectType"],
+        enabled: value["enabled"],
+        key: value["key"],
+        label: value["label"],
+        regex: value["regex"],
+        type: ObjectAttributeTypeEnumToJSON(value["type"]),
+        group: value["group"],
+        managed: value["managed"],
+        is_unique: value["isUnique"],
+        is_required: value["isRequired"],
+        is_array: value["isArray"],
+    };
+}

packages/client-ts/src/models/ObjectAttributeRequest.ts

@@ -0,0 +1,157 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * authentik
+ * Making authentication simple.
+ *
+ * The version of the OpenAPI document: 2026.5.0-rc1
+ * Contact: hello@goauthentik.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import type { ObjectAttributeTypeEnum } from "./ObjectAttributeTypeEnum";
+import {
+    ObjectAttributeTypeEnumFromJSON,
+    ObjectAttributeTypeEnumToJSON,
+} from "./ObjectAttributeTypeEnum";
+
+/**
+ *
+ * @export
+ * @interface ObjectAttributeRequest
+ */
+export interface ObjectAttributeRequest {
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttributeRequest
+     */
+    objectType: string;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttributeRequest
+     */
+    enabled?: boolean;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttributeRequest
+     */
+    key: string;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttributeRequest
+     */
+    label: string;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttributeRequest
+     */
+    regex?: string;
+    /**
+     *
+     * @type {ObjectAttributeTypeEnum}
+     * @memberof ObjectAttributeRequest
+     */
+    type: ObjectAttributeTypeEnum;
+    /**
+     *
+     * @type {string}
+     * @memberof ObjectAttributeRequest
+     */
+    group?: string;
+    /**
+     * Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
+     * @type {string}
+     * @memberof ObjectAttributeRequest
+     */
+    managed?: string | null;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttributeRequest
+     */
+    isUnique?: boolean;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttributeRequest
+     */
+    isRequired?: boolean;
+    /**
+     *
+     * @type {boolean}
+     * @memberof ObjectAttributeRequest
+     */
+    isArray?: boolean;
+}
+
+/**
+ * Check if a given object implements the ObjectAttributeRequest interface.
+ */
+export function instanceOfObjectAttributeRequest(value: object): value is ObjectAttributeRequest {
+    if (!("objectType" in value) || value["objectType"] === undefined) return false;
+    if (!("key" in value) || value["key"] === undefined) return false;
+    if (!("label" in value) || value["label"] === undefined) return false;
+    if (!("type" in value) || value["type"] === undefined) return false;
+    return true;
+}
+
+export function ObjectAttributeRequestFromJSON(json: any): ObjectAttributeRequest {
+    return ObjectAttributeRequestFromJSONTyped(json, false);
+}
+
+export function ObjectAttributeRequestFromJSONTyped(
+    json: any,
+    ignoreDiscriminator: boolean,
+): ObjectAttributeRequest {
+    if (json == null) {
+        return json;
+    }
+    return {
+        objectType: json["object_type"],
+        enabled: json["enabled"] == null ? undefined : json["enabled"],
+        key: json["key"],
+        label: json["label"],
+        regex: json["regex"] == null ? undefined : json["regex"],
+        type: ObjectAttributeTypeEnumFromJSON(json["type"]),
+        group: json["group"] == null ? undefined : json["group"],
+        managed: json["managed"] == null ? undefined : json["managed"],
+        isUnique: json["is_unique"] == null ? undefined : json["is_unique"],
+        isRequired: json["is_required"] == null ? undefined : json["is_required"],
+        isArray: json["is_array"] == null ? undefined : json["is_array"],
+    };
+}
+
+export function ObjectAttributeRequestToJSON(json: any): ObjectAttributeRequest {
+    return ObjectAttributeRequestToJSONTyped(json, false);
+}
+
+export function ObjectAttributeRequestToJSONTyped(
+    value?: ObjectAttributeRequest | null,
+    ignoreDiscriminator: boolean = false,
+): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        object_type: value["objectType"],
+        enabled: value["enabled"],
+        key: value["key"],
+        label: value["label"],
+        regex: value["regex"],
+        type: ObjectAttributeTypeEnumToJSON(value["type"]),
+        group: value["group"],
+        managed: value["managed"],
+        is_unique: value["isUnique"],
+        is_required: value["isRequired"],
+        is_array: value["isArray"],
+    };
+}

packages/client-ts/src/models/ObjectAttributeTypeEnum.ts

@@ -0,0 +1,59 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * authentik
+ * Making authentication simple.
+ *
+ * The version of the OpenAPI document: 2026.5.0-rc1
+ * Contact: hello@goauthentik.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+/**
+ *
+ * @export
+ */
+export const ObjectAttributeTypeEnum = {
+    Text: "text",
+    Number: "number",
+    Boolean: "boolean",
+    UnknownDefaultOpenApi: "11184809",
+} as const;
+export type ObjectAttributeTypeEnum =
+    (typeof ObjectAttributeTypeEnum)[keyof typeof ObjectAttributeTypeEnum];
+
+export function instanceOfObjectAttributeTypeEnum(value: any): boolean {
+    for (const key in ObjectAttributeTypeEnum) {
+        if (Object.prototype.hasOwnProperty.call(ObjectAttributeTypeEnum, key)) {
+            if (ObjectAttributeTypeEnum[key as keyof typeof ObjectAttributeTypeEnum] === value) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+
+export function ObjectAttributeTypeEnumFromJSON(json: any): ObjectAttributeTypeEnum {
+    return ObjectAttributeTypeEnumFromJSONTyped(json, false);
+}
+
+export function ObjectAttributeTypeEnumFromJSONTyped(
+    json: any,
+    ignoreDiscriminator: boolean,
+): ObjectAttributeTypeEnum {
+    return json as ObjectAttributeTypeEnum;
+}
+
+export function ObjectAttributeTypeEnumToJSON(value?: ObjectAttributeTypeEnum | null): any {
+    return value as any;
+}
+
+export function ObjectAttributeTypeEnumToJSONTyped(
+    value: any,
+    ignoreDiscriminator: boolean,
+): ObjectAttributeTypeEnum {
+    return value as ObjectAttributeTypeEnum;
+}

packages/client-ts/src/models/PaginatedObjectAttributeList.ts

@@ -0,0 +1,93 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * authentik
+ * Making authentication simple.
+ *
+ * The version of the OpenAPI document: 2026.5.0-rc1
+ * Contact: hello@goauthentik.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import type { ObjectAttribute } from "./ObjectAttribute";
+import { ObjectAttributeFromJSON, ObjectAttributeToJSON } from "./ObjectAttribute";
+import type { Pagination } from "./Pagination";
+import { PaginationFromJSON, PaginationToJSON } from "./Pagination";
+
+/**
+ *
+ * @export
+ * @interface PaginatedObjectAttributeList
+ */
+export interface PaginatedObjectAttributeList {
+    /**
+     *
+     * @type {Pagination}
+     * @memberof PaginatedObjectAttributeList
+     */
+    pagination: Pagination;
+    /**
+     *
+     * @type {Array<ObjectAttribute>}
+     * @memberof PaginatedObjectAttributeList
+     */
+    results: Array<ObjectAttribute>;
+    /**
+     *
+     * @type {{ [key: string]: any; }}
+     * @memberof PaginatedObjectAttributeList
+     */
+    autocomplete: { [key: string]: any };
+}
+
+/**
+ * Check if a given object implements the PaginatedObjectAttributeList interface.
+ */
+export function instanceOfPaginatedObjectAttributeList(
+    value: object,
+): value is PaginatedObjectAttributeList {
+    if (!("pagination" in value) || value["pagination"] === undefined) return false;
+    if (!("results" in value) || value["results"] === undefined) return false;
+    if (!("autocomplete" in value) || value["autocomplete"] === undefined) return false;
+    return true;
+}
+
+export function PaginatedObjectAttributeListFromJSON(json: any): PaginatedObjectAttributeList {
+    return PaginatedObjectAttributeListFromJSONTyped(json, false);
+}
+
+export function PaginatedObjectAttributeListFromJSONTyped(
+    json: any,
+    ignoreDiscriminator: boolean,
+): PaginatedObjectAttributeList {
+    if (json == null) {
+        return json;
+    }
+    return {
+        pagination: PaginationFromJSON(json["pagination"]),
+        results: (json["results"] as Array<any>).map(ObjectAttributeFromJSON),
+        autocomplete: json["autocomplete"],
+    };
+}
+
+export function PaginatedObjectAttributeListToJSON(json: any): PaginatedObjectAttributeList {
+    return PaginatedObjectAttributeListToJSONTyped(json, false);
+}
+
+export function PaginatedObjectAttributeListToJSONTyped(
+    value?: PaginatedObjectAttributeList | null,
+    ignoreDiscriminator: boolean = false,
+): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        pagination: PaginationToJSON(value["pagination"]),
+        results: (value["results"] as Array<any>).map(ObjectAttributeToJSON),
+        autocomplete: value["autocomplete"],
+    };
+}

packages/client-ts/src/models/PatchedObjectAttributeRequest.ts

@@ -0,0 +1,155 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * authentik
+ * Making authentication simple.
+ *
+ * The version of the OpenAPI document: 2026.5.0-rc1
+ * Contact: hello@goauthentik.io
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import type { ObjectAttributeTypeEnum } from "./ObjectAttributeTypeEnum";
+import {
+    ObjectAttributeTypeEnumFromJSON,
+    ObjectAttributeTypeEnumToJSON,
+} from "./ObjectAttributeTypeEnum";
+
+/**
+ *
+ * @export
+ * @interface PatchedObjectAttributeRequest
+ */
+export interface PatchedObjectAttributeRequest {
+    /**
+     *
+     * @type {string}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    objectType?: string;
+    /**
+     *
+     * @type {boolean}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    enabled?: boolean;
+    /**
+     *
+     * @type {string}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    key?: string;
+    /**
+     *
+     * @type {string}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    label?: string;
+    /**
+     *
+     * @type {string}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    regex?: string;
+    /**
+     *
+     * @type {ObjectAttributeTypeEnum}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    type?: ObjectAttributeTypeEnum;
+    /**
+     *
+     * @type {string}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    group?: string;
+    /**
+     * Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update.
+     * @type {string}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    managed?: string | null;
+    /**
+     *
+     * @type {boolean}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    isUnique?: boolean;
+    /**
+     *
+     * @type {boolean}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    isRequired?: boolean;
+    /**
+     *
+     * @type {boolean}
+     * @memberof PatchedObjectAttributeRequest
+     */
+    isArray?: boolean;
+}
+
+/**
+ * Check if a given object implements the PatchedObjectAttributeRequest interface.
+ */
+export function instanceOfPatchedObjectAttributeRequest(
+    value: object,
+): value is PatchedObjectAttributeRequest {
+    return true;
+}
+
+export function PatchedObjectAttributeRequestFromJSON(json: any): PatchedObjectAttributeRequest {
+    return PatchedObjectAttributeRequestFromJSONTyped(json, false);
+}
+
+export function PatchedObjectAttributeRequestFromJSONTyped(
+    json: any,
+    ignoreDiscriminator: boolean,
+): PatchedObjectAttributeRequest {
+    if (json == null) {
+        return json;
+    }
+    return {
+        objectType: json["object_type"] == null ? undefined : json["object_type"],
+        enabled: json["enabled"] == null ? undefined : json["enabled"],
+        key: json["key"] == null ? undefined : json["key"],
+        label: json["label"] == null ? undefined : json["label"],
+        regex: json["regex"] == null ? undefined : json["regex"],
+        type: json["type"] == null ? undefined : ObjectAttributeTypeEnumFromJSON(json["type"]),
+        group: json["group"] == null ? undefined : json["group"],
+        managed: json["managed"] == null ? undefined : json["managed"],
+        isUnique: json["is_unique"] == null ? undefined : json["is_unique"],
+        isRequired: json["is_required"] == null ? undefined : json["is_required"],
+        isArray: json["is_array"] == null ? undefined : json["is_array"],
+    };
+}
+
+export function PatchedObjectAttributeRequestToJSON(json: any): PatchedObjectAttributeRequest {
+    return PatchedObjectAttributeRequestToJSONTyped(json, false);
+}
+
+export function PatchedObjectAttributeRequestToJSONTyped(
+    value?: PatchedObjectAttributeRequest | null,
+    ignoreDiscriminator: boolean = false,
+): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        object_type: value["objectType"],
+        enabled: value["enabled"],
+        key: value["key"],
+        label: value["label"],
+        regex: value["regex"],
+        type: ObjectAttributeTypeEnumToJSON(value["type"]),
+        group: value["group"],
+        managed: value["managed"],
+        is_unique: value["isUnique"],
+        is_required: value["isRequired"],
+        is_array: value["isArray"],
+    };
+}

packages/client-ts/src/models/SCIMAuthenticationModeEnum.ts

@@ -19,7 +19,6 @@
 export const SCIMAuthenticationModeEnum = {
     Token: "token",
     Oauth: "oauth",
-    OauthInteractive: "oauth_interactive",
     UnknownDefaultOpenApi: "11184809",
 } as const;
 export type SCIMAuthenticationModeEnum =

packages/client-ts/src/models/SCIMProvider.ts

@@ -125,30 +125,6 @@ export interface SCIMProvider {
      * @memberof SCIMProvider
      */
     authOauthParams?: { [key: string]: any };
-    /**
-     *
-     * @type {Date}
-     * @memberof SCIMProvider
-     */
-    readonly authOauthTokenLastUpdated: Date | null;
-    /**
-     *
-     * @type {Date}
-     * @memberof SCIMProvider
-     */
-    readonly authOauthTokenExpires: Date | null;
-    /**
-     *
-     * @type {string}
-     * @memberof SCIMProvider
-     */
-    readonly authOauthUrlCallback: string | null;
-    /**
-     *
-     * @type {string}
-     * @memberof SCIMProvider
-     */
-    readonly authOauthUrlStart: string | null;
     /**
      * Alter authentik behavior for vendor-specific SCIM implementations.
      * @type {CompatibilityModeEnum}
@@ -214,13 +190,6 @@ export function instanceOfSCIMProvider(value: object): value is SCIMProvider {
     if (!("verboseNamePlural" in value) || value["verboseNamePlural"] === undefined) return false;
     if (!("metaModelName" in value) || value["metaModelName"] === undefined) return false;
     if (!("url" in value) || value["url"] === undefined) return false;
-    if (!("authOauthTokenLastUpdated" in value) || value["authOauthTokenLastUpdated"] === undefined)
-        return false;
-    if (!("authOauthTokenExpires" in value) || value["authOauthTokenExpires"] === undefined)
-        return false;
-    if (!("authOauthUrlCallback" in value) || value["authOauthUrlCallback"] === undefined)
-        return false;
-    if (!("authOauthUrlStart" in value) || value["authOauthUrlStart"] === undefined) return false;
     return true;
 }
 
@@ -254,16 +223,6 @@ export function SCIMProviderFromJSONTyped(json: any, ignoreDiscriminator: boolea
                 : SCIMAuthenticationModeEnumFromJSON(json["auth_mode"]),
         authOauth: json["auth_oauth"] == null ? undefined : json["auth_oauth"],
         authOauthParams: json["auth_oauth_params"] == null ? undefined : json["auth_oauth_params"],
-        authOauthTokenLastUpdated:
-            json["auth_oauth_token_last_updated"] == null
-                ? null
-                : new Date(json["auth_oauth_token_last_updated"]),
-        authOauthTokenExpires:
-            json["auth_oauth_token_expires"] == null
-                ? null
-                : new Date(json["auth_oauth_token_expires"]),
-        authOauthUrlCallback: json["auth_oauth_url_callback"],
-        authOauthUrlStart: json["auth_oauth_url_start"],
         compatibilityMode:
             json["compatibility_mode"] == null
                 ? undefined
@@ -297,10 +256,6 @@ export function SCIMProviderToJSONTyped(
         | "verbose_name"
         | "verbose_name_plural"
         | "meta_model_name"
-        | "auth_oauth_token_last_updated"
-        | "auth_oauth_token_expires"
-        | "auth_oauth_url_callback"
-        | "auth_oauth_url_start"
     > | null,
     ignoreDiscriminator: boolean = false,
 ): any {

packages/client-ts/src/models/index.ts

@@ -344,6 +344,9 @@ export * from "./OAuthSource";
 export * from "./OAuthSourcePropertyMapping";
 export * from "./OAuthSourcePropertyMappingRequest";
 export * from "./OAuthSourceRequest";
+export * from "./ObjectAttribute";
+export * from "./ObjectAttributeRequest";
+export * from "./ObjectAttributeTypeEnum";
 export * from "./OpenIDConnectConfiguration";
 export * from "./OperatingSystem";
 export * from "./OperatingSystemRequest";
@@ -439,6 +442,7 @@ export * from "./PaginatedNotificationWebhookMappingList";
 export * from "./PaginatedOAuth2ProviderList";
 export * from "./PaginatedOAuthSourceList";
 export * from "./PaginatedOAuthSourcePropertyMappingList";
+export * from "./PaginatedObjectAttributeList";
 export * from "./PaginatedOutpostList";
 export * from "./PaginatedPasswordExpiryPolicyList";
 export * from "./PaginatedPasswordPolicyList";
@@ -595,6 +599,7 @@ export * from "./PatchedNotificationWebhookMappingRequest";
 export * from "./PatchedOAuth2ProviderRequest";
 export * from "./PatchedOAuthSourcePropertyMappingRequest";
 export * from "./PatchedOAuthSourceRequest";
+export * from "./PatchedObjectAttributeRequest";
 export * from "./PatchedOutpostRequest";
 export * from "./PatchedPasswordExpiryPolicyRequest";
 export * from "./PatchedPasswordPolicyRequest";

packages/docusaurus-config/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/docusaurus-config",
-    "version": "3.0.0",
+    "version": "2.7.0",
     "description": "authentik's Docusaurus config",
     "license": "MIT",
     "repository": {
@@ -30,33 +30,33 @@
         "prism-react-renderer": "^2.4.1"
     },
     "devDependencies": {
-        "@docusaurus/theme-common": "^3.10.0",
+        "@docusaurus/theme-common": "3.10.0",
         "@docusaurus/theme-search-algolia": "^3.10.0",
         "@docusaurus/types": "^3.10.0",
         "@eslint/js": "^9.39.3",
         "@goauthentik/eslint-config": "../eslint-config",
         "@goauthentik/prettier-config": "../prettier-config",
         "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.7.0",
+        "@types/node": "^25.5.0",
         "@types/react": "^19.2.14",
         "@types/react-dom": "^19.2.3",
         "eslint": "^9.39.3",
         "pino": "^10.3.1",
-        "prettier": "^3.8.3",
+        "prettier": "^3.8.1",
         "prettier-plugin-packagejson": "^3.0.2",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3"
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "peerDependencies": {
-        "@docusaurus/theme-common": "^3.10.1",
-        "@docusaurus/theme-search-algolia": "^3.10.1",
-        "@docusaurus/types": "^3.10.1",
-        "react": ">=19",
-        "react-dom": ">=19"
+        "@docusaurus/theme-common": "^3.9.2",
+        "@docusaurus/theme-search-algolia": "^3.9.2",
+        "@docusaurus/types": "^3.9.2",
+        "react": ">=18",
+        "react-dom": ">=18"
     },
     "optionalDependencies": {
-        "react": ">=19",
-        "react-dom": ">=19"
+        "react": ">=18",
+        "react-dom": ">=18"
     },
     "files": [
         "./index.js",
@@ -66,7 +66,7 @@
     ],
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -76,7 +76,7 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "warn"
         }
     },

packages/esbuild-plugin-live-reload/package-lock.json

@@ -17,20 +17,20 @@
                 "@goauthentik/logger-js": "../logger-js",
                 "@goauthentik/prettier-config": "../prettier-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.3.0",
                 "esbuild": "^0.27.4",
                 "eslint": "^9.39.3",
                 "pino": "^10.3.1",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
                 "typedoc": "^0.28.18",
                 "typedoc-plugin-markdown": "^4.11.0",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
                 "@goauthentik/logger-js": "^1.0.1",
@@ -44,7 +44,7 @@
         },
         "../eslint-config": {
             "name": "@goauthentik/eslint-config",
-            "version": "2.0.0",
+            "version": "1.3.0",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -52,26 +52,26 @@
                 "eslint-plugin-import": "^2.32.0",
                 "eslint-plugin-lit": "^2.2.1",
                 "eslint-plugin-react": "^7.37.5",
-                "eslint-plugin-react-hooks": "^7.1.1",
+                "eslint-plugin-react-hooks": "^7.0.1",
                 "eslint-plugin-wc": "^3.1.0"
             },
             "devDependencies": {
                 "@goauthentik/prettier-config": "../prettier-config",
                 "@goauthentik/tsconfig": "../tsconfig",
                 "@types/eslint": "^9.6.1",
-                "@types/node": "^25.7.0",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "@types/node": "^25.5.0",
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
                 "react": "^18.0.0 || ^19.0.0",
                 "react-dom": "^18.0.0 || ^19.0.0",
-                "typescript": "^6.0.3 || ^7.0.0",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^5.9.3 || ^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "peerDependenciesMeta": {
                 "react": {
@@ -84,25 +84,25 @@
         },
         "../logger-js": {
             "name": "@goauthentik/logger-js",
-            "version": "2.0.0",
+            "version": "1.1.1",
             "dev": true,
             "license": "MIT",
             "devDependencies": {
                 "@eslint/js": "^9.39.3",
                 "@goauthentik/prettier-config": "../prettier-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.5.0",
                 "eslint": "^9.39.3",
                 "pino": "^10.3.1",
                 "pino-pretty": "^13.1.2",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
                 "pino": "^10.3.1",
@@ -119,7 +119,7 @@
         },
         "../prettier-config": {
             "name": "@goauthentik/prettier-config",
-            "version": "4.0.0",
+            "version": "3.5.0",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -129,30 +129,30 @@
                 "@eslint/js": "^9.39.3",
                 "@goauthentik/eslint-config": "../eslint-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.0.0",
                 "eslint": "^9.39.3",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2"
             }
         },
         "../tsconfig": {
             "name": "@goauthentik/tsconfig",
-            "version": "1.0.9",
+            "version": "1.0.8",
             "dev": true,
             "license": "MIT",
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             }
         },
         "node_modules/@esbuild/aix-ppc64": {
@@ -904,13 +904,13 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "25.7.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
-            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
+            "version": "25.5.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.21.0"
+                "undici-types": "~7.18.0"
             }
         },
         "node_modules/@types/unist": {
@@ -921,20 +921,20 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
-            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
+            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/type-utils": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/type-utils": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "ignore": "^7.0.5",
                 "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -944,9 +944,9 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.59.3",
+                "@typescript-eslint/parser": "^8.57.2",
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -960,16 +960,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
-            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
+            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -981,18 +981,18 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
-            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
+            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.59.3",
-                "@typescript-eslint/types": "^8.59.3",
+                "@typescript-eslint/tsconfig-utils": "^8.57.2",
+                "@typescript-eslint/types": "^8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -1003,18 +1003,18 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
-            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
+            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3"
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1025,9 +1025,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
-            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
+            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -1038,21 +1038,21 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
-            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
+            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
                 "debug": "^4.4.3",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1063,13 +1063,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
-            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
+            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -1081,21 +1081,21 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
-            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
+            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.59.3",
-                "@typescript-eslint/tsconfig-utils": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/project-service": "8.57.2",
+                "@typescript-eslint/tsconfig-utils": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3",
                 "minimatch": "^10.2.2",
                 "semver": "^7.7.3",
                 "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1105,7 +1105,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -1119,9 +1119,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.6",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+            "version": "5.0.5",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -1132,13 +1132,13 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.5",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+            "version": "10.2.4",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
             "dev": true,
             "license": "BlueOak-1.0.0",
             "dependencies": {
-                "brace-expansion": "^5.0.5"
+                "brace-expansion": "^5.0.2"
             },
             "engines": {
                 "node": "18 || 20 || >=22"
@@ -1148,16 +1148,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
-            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
+            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3"
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1168,17 +1168,17 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
-            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
+            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
                 "eslint-visitor-keys": "^5.0.0"
             },
             "engines": {
@@ -2164,9 +2164,9 @@
             }
         },
         "node_modules/prettier": {
-            "version": "3.8.3",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
-            "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
+            "version": "3.8.1",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
+            "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
             "dev": true,
             "license": "MIT",
             "bin": {
@@ -2515,9 +2515,9 @@
             }
         },
         "node_modules/typescript": {
-            "version": "6.0.3",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
-            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
+            "version": "6.0.2",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {
@@ -2529,16 +2529,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
-            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
+            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.59.3",
-                "@typescript-eslint/parser": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3"
+                "@typescript-eslint/eslint-plugin": "8.57.2",
+                "@typescript-eslint/parser": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2549,7 +2549,7 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/uc.micro": {
@@ -2560,9 +2560,9 @@
             "license": "MIT"
         },
         "node_modules/undici-types": {
-            "version": "7.21.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
-            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
+            "version": "7.18.2",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
             "dev": true,
             "license": "MIT"
         },

packages/esbuild-plugin-live-reload/package.json

@@ -49,16 +49,16 @@
         "@goauthentik/logger-js": "../logger-js",
         "@goauthentik/prettier-config": "../prettier-config",
         "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.7.0",
+        "@types/node": "^25.3.0",
         "esbuild": "^0.27.4",
         "eslint": "^9.39.3",
         "pino": "^10.3.1",
-        "prettier": "^3.8.3",
+        "prettier": "^3.8.1",
         "prettier-plugin-packagejson": "^3.0.2",
         "typedoc": "^0.28.18",
         "typedoc-plugin-markdown": "^4.11.0",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3"
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "peerDependencies": {
         "@goauthentik/logger-js": "^1.0.1",
@@ -73,7 +73,7 @@
     ],
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -83,7 +83,7 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "warn"
         }
     },

packages/eslint-config/package-lock.json

@@ -1,38 +1,38 @@
 {
     "name": "@goauthentik/eslint-config",
-    "version": "2.0.0",
+    "version": "1.3.0",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/eslint-config",
-            "version": "2.0.0",
+            "version": "1.3.0",
             "license": "MIT",
             "dependencies": {
                 "eslint": "^9.39.3",
                 "eslint-plugin-import": "^2.32.0",
-                "eslint-plugin-lit": "^2.3.1",
+                "eslint-plugin-lit": "^2.2.1",
                 "eslint-plugin-react": "^7.37.5",
-                "eslint-plugin-react-hooks": "^7.1.1",
+                "eslint-plugin-react-hooks": "^7.0.1",
                 "eslint-plugin-wc": "^3.1.0"
             },
             "devDependencies": {
                 "@goauthentik/prettier-config": "../prettier-config",
                 "@goauthentik/tsconfig": "../tsconfig",
                 "@types/eslint": "^9.6.1",
-                "@types/node": "^25.7.0",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "@types/node": "^25.5.0",
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
                 "react": "^18.0.0 || ^19.0.0",
                 "react-dom": "^18.0.0 || ^19.0.0",
-                "typescript": "^6.0.3 || ^7.0.0",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^5.9.3 || ^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "peerDependenciesMeta": {
                 "react": {
@@ -45,7 +45,7 @@
         },
         "../prettier-config": {
             "name": "@goauthentik/prettier-config",
-            "version": "4.0.0",
+            "version": "3.5.0",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -55,30 +55,30 @@
                 "@eslint/js": "^9.39.3",
                 "@goauthentik/eslint-config": "../eslint-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.0.0",
                 "eslint": "^9.39.3",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2"
             }
         },
         "../tsconfig": {
             "name": "@goauthentik/tsconfig",
-            "version": "2.0.0",
+            "version": "1.0.8",
             "dev": true,
             "license": "MIT",
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             }
         },
         "node_modules/@babel/code-frame": {
@@ -576,30 +576,30 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "25.7.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
-            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
+            "version": "25.5.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.21.0"
+                "undici-types": "~7.18.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
-            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
+            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/type-utils": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/type-utils": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "ignore": "^7.0.5",
                 "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -609,9 +609,9 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.59.3",
+                "@typescript-eslint/parser": "^8.57.2",
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -625,16 +625,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
-            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
+            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -646,18 +646,18 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
-            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
+            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.59.3",
-                "@typescript-eslint/types": "^8.59.3",
+                "@typescript-eslint/tsconfig-utils": "^8.57.2",
+                "@typescript-eslint/types": "^8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -668,18 +668,18 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
-            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
+            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3"
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -690,9 +690,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
-            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
+            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -703,21 +703,21 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
-            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
+            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
                 "debug": "^4.4.3",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -728,13 +728,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
-            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
+            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -746,21 +746,21 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
-            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
+            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.59.3",
-                "@typescript-eslint/tsconfig-utils": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/project-service": "8.57.2",
+                "@typescript-eslint/tsconfig-utils": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3",
                 "minimatch": "^10.2.2",
                 "semver": "^7.7.3",
                 "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -770,7 +770,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -784,9 +784,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.6",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+            "version": "5.0.5",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -797,13 +797,13 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.5",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+            "version": "10.2.4",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
             "dev": true,
             "license": "BlueOak-1.0.0",
             "dependencies": {
-                "brace-expansion": "^5.0.5"
+                "brace-expansion": "^5.0.2"
             },
             "engines": {
                 "node": "18 || 20 || >=22"
@@ -813,9 +813,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/semver": {
-            "version": "7.8.0",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.0.tgz",
-            "integrity": "sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==",
+            "version": "7.7.4",
+            "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+            "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
             "dev": true,
             "license": "ISC",
             "bin": {
@@ -826,16 +826,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
-            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
+            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3"
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -846,17 +846,17 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
-            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
+            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
                 "eslint-visitor-keys": "^5.0.0"
             },
             "engines": {
@@ -1431,37 +1431,6 @@
                 "node": ">=0.10.0"
             }
         },
-        "node_modules/domelementtype": {
-            "version": "3.0.0",
-            "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-3.0.0.tgz",
-            "integrity": "sha512-umCQid3jKbDmVjx8jGaW7uUykm4DEUeyV21hPxNMo2nV955DhUThwqyOIDtreepP31hl84X7G5U9ZfsWvIB3Pg==",
-            "funding": [
-                {
-                    "type": "github",
-                    "url": "https://github.com/sponsors/fb55"
-                }
-            ],
-            "license": "BSD-2-Clause",
-            "engines": {
-                "node": ">=20.19.0"
-            }
-        },
-        "node_modules/domhandler": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-6.0.1.tgz",
-            "integrity": "sha512-gYzvtM72ZtxQO0T048kd6HWSbbGCNOUwcnfQ01cqIJ4X2IYKFFHZ5mKvrQETcFXxsRObZulDaKmy//R7TPtsBg==",
-            "license": "BSD-2-Clause",
-            "dependencies": {
-                "domelementtype": "^3.0.0"
-            },
-            "engines": {
-                "node": ">=20.19.0"
-            },
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/fb55/domhandler?sponsor=1"
-            }
-        },
         "node_modules/dunder-proto": {
             "version": "1.0.1",
             "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -1482,18 +1451,6 @@
             "integrity": "sha512-PwfIw7WQSt3xX7yOf5OE/unLzsK9CaN2f/FvV3WjPR1Knoc1T9vePRVV4W1EM301JzzysK51K7FNKcusCr0zYA==",
             "license": "ISC"
         },
-        "node_modules/entities": {
-            "version": "8.0.0",
-            "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
-            "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
-            "license": "BSD-2-Clause",
-            "engines": {
-                "node": ">=20.19.0"
-            },
-            "funding": {
-                "url": "https://github.com/fb55/entities?sponsor=1"
-            }
-        },
         "node_modules/es-abstract": {
             "version": "1.24.1",
             "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.1.tgz",
@@ -1833,13 +1790,13 @@
             }
         },
         "node_modules/eslint-plugin-lit": {
-            "version": "2.3.1",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.3.1.tgz",
-            "integrity": "sha512-wAqDOOWQzUoY5uK124ZR+h7Snx0+KdZd3Knv6133gRHEcu03jbqnouK4GBwVl6PkGOkNy40zSchOp9VbBh4yHg==",
+            "version": "2.2.1",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.2.1.tgz",
+            "integrity": "sha512-mnqqwpWF4PBF/YjlGt9mbHwrWCGMtaqdpnqISv3nGcTl8iStaAt9UGieMY3i8vwKfSSWtkEfBZUcRKFGys6yiw==",
             "license": "MIT",
             "dependencies": {
-                "parse5": "^8.0.1",
-                "parse5-htmlparser2-tree-adapter": "^8.0.1"
+                "parse5": "^6.0.1",
+                "parse5-htmlparser2-tree-adapter": "^6.0.1"
             },
             "engines": {
                 "node": ">= 18"
@@ -1881,9 +1838,9 @@
             }
         },
         "node_modules/eslint-plugin-react-hooks": {
-            "version": "7.1.1",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-7.1.1.tgz",
-            "integrity": "sha512-f2I7Gw6JbvCexzIInuSbZpfdQ44D7iqdWX01FKLvrPgqxoE7oMj8clOfto8U6vYiz4yd5oKu39rRSVOe1zRu0g==",
+            "version": "7.0.1",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-7.0.1.tgz",
+            "integrity": "sha512-O0d0m04evaNzEPoSW+59Mezf8Qt0InfgGIBJnpC0h3NH/WjUAR7BIKUfysC6todmtiZ/A0oUVS8Gce0WhBrHsA==",
             "license": "MIT",
             "dependencies": {
                 "@babel/core": "^7.24.4",
@@ -1896,7 +1853,7 @@
                 "node": ">=18"
             },
             "peerDependencies": {
-                "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0 || ^10.0.0"
+                "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0"
             }
         },
         "node_modules/eslint-plugin-react/node_modules/resolve": {
@@ -3237,28 +3194,18 @@
             }
         },
         "node_modules/parse5": {
-            "version": "8.0.1",
-            "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
-            "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
-            "license": "MIT",
-            "dependencies": {
-                "entities": "^8.0.0"
-            },
-            "funding": {
-                "url": "https://github.com/inikulin/parse5?sponsor=1"
-            }
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
+            "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==",
+            "license": "MIT"
         },
         "node_modules/parse5-htmlparser2-tree-adapter": {
-            "version": "8.0.1",
-            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-8.0.1.tgz",
-            "integrity": "sha512-aqkH+xQxX+QGZtP5GIMmqqp16Y0v9muEf2VVeypv35kFsD5bqP1UeBanSshdfjMY+RTh2vN4mmK6nEOVRMEvHg==",
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-6.0.1.tgz",
+            "integrity": "sha512-qPuWvbLgvDGilKc5BoicRovlT4MtYT6JfJyBOMDsKoiT+GiuP5qyrPCnR9HcPECIJJmZh5jRndyNThnhhb/vlA==",
             "license": "MIT",
             "dependencies": {
-                "domhandler": "^6.0.1",
-                "parse5": "^8.0.0"
-            },
-            "funding": {
-                "url": "https://github.com/inikulin/parse5?sponsor=1"
+                "parse5": "^6.0.1"
             }
         },
         "node_modules/path-exists": {
@@ -3771,14 +3718,14 @@
             }
         },
         "node_modules/tinyglobby": {
-            "version": "0.2.16",
-            "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
-            "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==",
+            "version": "0.2.15",
+            "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
+            "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "fdir": "^6.5.0",
-                "picomatch": "^4.0.4"
+                "picomatch": "^4.0.3"
             },
             "engines": {
                 "node": ">=12.0.0"
@@ -3911,9 +3858,9 @@
             }
         },
         "node_modules/typescript": {
-            "version": "6.0.3",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
-            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
+            "version": "6.0.2",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {
@@ -3925,16 +3872,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
-            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
+            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.59.3",
-                "@typescript-eslint/parser": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3"
+                "@typescript-eslint/eslint-plugin": "8.57.2",
+                "@typescript-eslint/parser": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3945,7 +3892,7 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/unbox-primitive": {
@@ -3967,9 +3914,9 @@
             }
         },
         "node_modules/undici-types": {
-            "version": "7.21.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
-            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
+            "version": "7.18.2",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
             "dev": true,
             "license": "MIT"
         },

packages/eslint-config/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/eslint-config",
-    "version": "2.0.0",
+    "version": "1.3.0",
     "description": "authentik's ESLint config",
     "license": "MIT",
     "repository": {
@@ -39,24 +39,24 @@
     "dependencies": {
         "eslint": "^9.39.3",
         "eslint-plugin-import": "^2.32.0",
-        "eslint-plugin-lit": "^2.3.1",
+        "eslint-plugin-lit": "^2.2.1",
         "eslint-plugin-react": "^7.37.5",
-        "eslint-plugin-react-hooks": "^7.1.1",
+        "eslint-plugin-react-hooks": "^7.0.1",
         "eslint-plugin-wc": "^3.1.0"
     },
     "devDependencies": {
         "@goauthentik/prettier-config": "../prettier-config",
         "@goauthentik/tsconfig": "../tsconfig",
         "@types/eslint": "^9.6.1",
-        "@types/node": "^25.7.0",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3"
+        "@types/node": "^25.5.0",
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "peerDependencies": {
         "react": "^18.0.0 || ^19.0.0",
         "react-dom": "^18.0.0 || ^19.0.0",
-        "typescript": "^6.0.3 || ^7.0.0",
-        "typescript-eslint": "^8.59.3"
+        "typescript": "^5.9.3 || ^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "files": [
         "./index.js",
@@ -65,7 +65,7 @@
     ],
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -75,7 +75,7 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "warn"
         }
     },

packages/logger-js/package-lock.json

@@ -1,29 +1,29 @@
 {
     "name": "@goauthentik/logger-js",
-    "version": "2.0.0",
+    "version": "1.1.2",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/logger-js",
-            "version": "2.0.0",
+            "version": "1.1.2",
             "license": "MIT",
             "devDependencies": {
                 "@eslint/js": "^9.39.3",
                 "@goauthentik/prettier-config": "../prettier-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.5.0",
                 "eslint": "^9.39.3",
                 "pino": "^10.3.1",
                 "pino-pretty": "^13.1.2",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
                 "pino": "^10.3.1",
@@ -40,7 +40,7 @@
         },
         "../prettier-config": {
             "name": "@goauthentik/prettier-config",
-            "version": "4.0.0",
+            "version": "3.5.0",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -50,30 +50,30 @@
                 "@eslint/js": "^9.39.3",
                 "@goauthentik/eslint-config": "../eslint-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.0.0",
                 "eslint": "^9.39.3",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2"
             }
         },
         "../tsconfig": {
             "name": "@goauthentik/tsconfig",
-            "version": "2.0.0",
+            "version": "1.0.9",
             "dev": true,
             "license": "MIT",
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             }
         },
         "node_modules/@eslint-community/eslint-utils": {
@@ -361,30 +361,30 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "25.7.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
-            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
+            "version": "25.5.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.21.0"
+                "undici-types": "~7.18.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
-            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
+            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/type-utils": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/type-utils": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "ignore": "^7.0.5",
                 "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -394,22 +394,22 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.59.3",
+                "@typescript-eslint/parser": "^8.57.2",
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
-            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
+            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -421,18 +421,18 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
-            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
+            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.59.3",
-                "@typescript-eslint/types": "^8.59.3",
+                "@typescript-eslint/tsconfig-utils": "^8.57.2",
+                "@typescript-eslint/types": "^8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -443,18 +443,18 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
-            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
+            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3"
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -465,9 +465,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
-            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
+            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -478,21 +478,21 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
-            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
+            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
                 "debug": "^4.4.3",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -503,13 +503,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
-            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
+            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -521,21 +521,21 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
-            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
+            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.59.3",
-                "@typescript-eslint/tsconfig-utils": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/project-service": "8.57.2",
+                "@typescript-eslint/tsconfig-utils": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3",
                 "minimatch": "^10.2.2",
                 "semver": "^7.7.3",
                 "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -545,20 +545,20 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
-            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
+            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3"
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -569,17 +569,17 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
-            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
+            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
                 "eslint-visitor-keys": "^5.0.0"
             },
             "engines": {
@@ -687,9 +687,9 @@
             }
         },
         "node_modules/brace-expansion": {
-            "version": "5.0.6",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+            "version": "5.0.5",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -1409,13 +1409,13 @@
             "license": "MIT"
         },
         "node_modules/minimatch": {
-            "version": "10.2.5",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+            "version": "10.2.4",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
             "dev": true,
             "license": "BlueOak-1.0.0",
             "dependencies": {
-                "brace-expansion": "^5.0.5"
+                "brace-expansion": "^5.0.2"
             },
             "engines": {
                 "node": "18 || 20 || >=22"
@@ -1653,9 +1653,9 @@
             }
         },
         "node_modules/prettier": {
-            "version": "3.8.3",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
-            "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
+            "version": "3.8.1",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
+            "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
             "dev": true,
             "license": "MIT",
             "bin": {
@@ -1946,9 +1946,9 @@
             }
         },
         "node_modules/typescript": {
-            "version": "6.0.3",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
-            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
+            "version": "6.0.2",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {
@@ -1960,16 +1960,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
-            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
+            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.59.3",
-                "@typescript-eslint/parser": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3"
+                "@typescript-eslint/eslint-plugin": "8.57.2",
+                "@typescript-eslint/parser": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1980,13 +1980,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/undici-types": {
-            "version": "7.21.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
-            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
+            "version": "7.18.2",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
             "dev": true,
             "license": "MIT"
         },

packages/logger-js/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/logger-js",
-    "version": "2.0.0",
+    "version": "1.1.2",
     "description": "Pino-based logger for authentik",
     "license": "MIT",
     "repository": {
@@ -31,14 +31,14 @@
         "@eslint/js": "^9.39.3",
         "@goauthentik/prettier-config": "../prettier-config",
         "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.7.0",
+        "@types/node": "^25.5.0",
         "eslint": "^9.39.3",
         "pino": "^10.3.1",
         "pino-pretty": "^13.1.2",
-        "prettier": "^3.8.3",
+        "prettier": "^3.8.1",
         "prettier-plugin-packagejson": "^3.0.2",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3"
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "peerDependencies": {
         "pino": "^10.3.1",
@@ -51,7 +51,7 @@
     ],
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -61,7 +61,7 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "ignore"
         }
     },

packages/prettier-config/package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "@goauthentik/prettier-config",
-    "version": "4.0.0",
+    "version": "3.5.0",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/prettier-config",
-            "version": "4.0.0",
+            "version": "3.5.0",
             "license": "MIT",
             "dependencies": {
                 "format-imports": "^4.0.8"
@@ -15,25 +15,25 @@
                 "@eslint/js": "^9.39.3",
                 "@goauthentik/eslint-config": "../eslint-config",
                 "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.0.0",
                 "eslint": "^9.39.3",
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
-                "prettier": "^3.8.3",
+                "prettier": "^3.8.1",
                 "prettier-plugin-packagejson": "^3.0.2"
             }
         },
         "../eslint-config": {
             "name": "@goauthentik/eslint-config",
-            "version": "2.0.0",
+            "version": "1.3.0",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -41,26 +41,26 @@
                 "eslint-plugin-import": "^2.32.0",
                 "eslint-plugin-lit": "^2.2.1",
                 "eslint-plugin-react": "^7.37.5",
-                "eslint-plugin-react-hooks": "^7.1.1",
+                "eslint-plugin-react-hooks": "^7.0.1",
                 "eslint-plugin-wc": "^3.1.0"
             },
             "devDependencies": {
                 "@goauthentik/prettier-config": "../prettier-config",
                 "@goauthentik/tsconfig": "../tsconfig",
                 "@types/eslint": "^9.6.1",
-                "@types/node": "^25.7.0",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
+                "@types/node": "^25.3.0",
+                "typescript": "^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             },
             "peerDependencies": {
                 "react": "^18.0.0 || ^19.0.0",
                 "react-dom": "^18.0.0 || ^19.0.0",
-                "typescript": "^6.0.3 || ^7.0.0",
-                "typescript-eslint": "^8.59.3"
+                "typescript": "^5.9.3 || ^6.0.2",
+                "typescript-eslint": "^8.57.2"
             },
             "peerDependenciesMeta": {
                 "react": {
@@ -73,12 +73,12 @@
         },
         "../tsconfig": {
             "name": "@goauthentik/tsconfig",
-            "version": "1.0.9",
+            "version": "1.0.8",
             "dev": true,
             "license": "MIT",
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             }
         },
         "node_modules/@babel/helper-string-parser": {
@@ -382,30 +382,30 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "25.7.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
-            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
+            "version": "25.5.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.21.0"
+                "undici-types": "~7.18.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
-            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
+            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/type-utils": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/type-utils": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "ignore": "^7.0.5",
                 "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -415,9 +415,9 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.59.3",
+                "@typescript-eslint/parser": "^8.57.2",
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -431,16 +431,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
-            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
+            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -452,18 +452,18 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
-            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
+            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.59.3",
-                "@typescript-eslint/types": "^8.59.3",
+                "@typescript-eslint/tsconfig-utils": "^8.57.2",
+                "@typescript-eslint/types": "^8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -474,18 +474,18 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
-            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
+            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3"
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -496,9 +496,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
-            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
+            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -509,21 +509,21 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
-            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
+            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
                 "debug": "^4.4.3",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -534,13 +534,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
-            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
+            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -552,21 +552,21 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
-            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
+            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.59.3",
-                "@typescript-eslint/tsconfig-utils": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/project-service": "8.57.2",
+                "@typescript-eslint/tsconfig-utils": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3",
                 "minimatch": "^10.2.2",
                 "semver": "^7.7.3",
                 "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -576,7 +576,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -590,9 +590,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.6",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+            "version": "5.0.5",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -603,13 +603,13 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.5",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+            "version": "10.2.4",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
             "dev": true,
             "license": "BlueOak-1.0.0",
             "dependencies": {
-                "brace-expansion": "^5.0.5"
+                "brace-expansion": "^5.0.2"
             },
             "engines": {
                 "node": "18 || 20 || >=22"
@@ -619,16 +619,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
-            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
+            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3"
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -639,17 +639,17 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
-            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
+            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
                 "eslint-visitor-keys": "^5.0.0"
             },
             "engines": {
@@ -1745,9 +1745,9 @@
             }
         },
         "node_modules/prettier": {
-            "version": "3.8.3",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
-            "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
+            "version": "3.8.1",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
+            "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
             "license": "MIT",
             "bin": {
                 "prettier": "bin/prettier.cjs"
@@ -2001,9 +2001,9 @@
             }
         },
         "node_modules/typescript": {
-            "version": "6.0.3",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
-            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
+            "version": "6.0.2",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {
@@ -2015,16 +2015,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
-            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
+            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.59.3",
-                "@typescript-eslint/parser": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3"
+                "@typescript-eslint/eslint-plugin": "8.57.2",
+                "@typescript-eslint/parser": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2035,13 +2035,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/undici-types": {
-            "version": "7.21.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
-            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
+            "version": "7.18.2",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
             "dev": true,
             "license": "MIT"
         },

packages/prettier-config/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/prettier-config",
-    "version": "4.0.0",
+    "version": "3.5.0",
     "description": "authentik's Prettier config",
     "license": "MIT",
     "repository": {
@@ -39,15 +39,15 @@
         "@eslint/js": "^9.39.3",
         "@goauthentik/eslint-config": "../eslint-config",
         "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.7.0",
+        "@types/node": "^25.0.0",
         "eslint": "^9.39.3",
-        "prettier": "^3.8.3",
+        "prettier": "^3.8.1",
         "prettier-plugin-packagejson": "^3.0.2",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3"
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.57.2"
     },
     "peerDependencies": {
-        "prettier": "^3.8.3",
+        "prettier": "^3.8.1",
         "prettier-plugin-packagejson": "^3.0.2"
     },
     "files": [
@@ -57,7 +57,7 @@
     ],
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -67,7 +67,7 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "warn"
         }
     },

packages/tsconfig/package-lock.json

@@ -1,16 +1,16 @@
 {
     "name": "@goauthentik/tsconfig",
-    "version": "2.0.0",
+    "version": "1.0.9",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/tsconfig",
-            "version": "2.0.0",
+            "version": "1.0.9",
             "license": "MIT",
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.10.1"
             }
         }
     }

packages/tsconfig/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/tsconfig",
-    "version": "2.0.0",
+    "version": "1.0.9",
     "description": "authentik's base TypeScript configuration.",
     "license": "MIT",
     "repository": {
@@ -15,7 +15,7 @@
     "type": "module",
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.10.1"
     },
     "devEngines": {
         "runtime": {
@@ -25,7 +25,7 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": ">=11.10.1",
             "onFail": "warn"
         }
     },

packages/tsconfig/tsconfig.json

@@ -1,6 +1,7 @@
 {
     "$schema": "https://json.schemastore.org/tsconfig",
     "compilerOptions": {
+        "ignoreDeprecations": "6.0",
         "alwaysStrict": true,
         "composite": true,
         "declaration": true,

schema.yml

@@ -134,6 +134,12 @@ paths:
     get:
       operationId: admin_models_list
       description: Read-only view list all installed models
+      parameters:
+      - in: query
+        name: filter_has_attributes
+        schema:
+          type: boolean
+          nullable: true
       tags:
       - admin
       security:
@@ -3720,6 +3726,172 @@ paths:
           $ref: '#/components/responses/ValidationErrorResponse'
         '403':
           $ref: '#/components/responses/GenericErrorResponse'
+  /core/object_attributes/:
+    get:
+      operationId: core_object_attributes_list
+      parameters:
+      - in: query
+        name: enabled
+        schema:
+          type: boolean
+      - in: query
+        name: object_type__app_label
+        schema:
+          type: string
+      - in: query
+        name: object_type__model
+        schema:
+          type: string
+      - $ref: '#/components/parameters/QueryPaginationOrdering'
+      - $ref: '#/components/parameters/QueryPaginationPage'
+      - $ref: '#/components/parameters/QueryPaginationPageSize'
+      - $ref: '#/components/parameters/QuerySearch'
+      tags:
+      - core
+      security:
+      - authentik: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PaginatedObjectAttributeList'
+          description: ''
+        '400':
+          $ref: '#/components/responses/ValidationErrorResponse'
+        '403':
+          $ref: '#/components/responses/GenericErrorResponse'
+    post:
+      operationId: core_object_attributes_create
+      tags:
+      - core
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ObjectAttributeRequest'
+        required: true
+      security:
+      - authentik: []
+      responses:
+        '201':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObjectAttribute'
+          description: ''
+        '400':
+          $ref: '#/components/responses/ValidationErrorResponse'
+        '403':
+          $ref: '#/components/responses/GenericErrorResponse'
+  /core/object_attributes/{attribute_id}/:
+    get:
+      operationId: core_object_attributes_retrieve
+      parameters:
+      - in: path
+        name: attribute_id
+        schema:
+          type: string
+          format: uuid
+        description: A UUID string identifying this Object Attribute.
+        required: true
+      tags:
+      - core
+      security:
+      - authentik: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObjectAttribute'
+          description: ''
+        '400':
+          $ref: '#/components/responses/ValidationErrorResponse'
+        '403':
+          $ref: '#/components/responses/GenericErrorResponse'
+    put:
+      operationId: core_object_attributes_update
+      parameters:
+      - in: path
+        name: attribute_id
+        schema:
+          type: string
+          format: uuid
+        description: A UUID string identifying this Object Attribute.
+        required: true
+      tags:
+      - core
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ObjectAttributeRequest'
+        required: true
+      security:
+      - authentik: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObjectAttribute'
+          description: ''
+        '400':
+          $ref: '#/components/responses/ValidationErrorResponse'
+        '403':
+          $ref: '#/components/responses/GenericErrorResponse'
+    patch:
+      operationId: core_object_attributes_partial_update
+      parameters:
+      - in: path
+        name: attribute_id
+        schema:
+          type: string
+          format: uuid
+        description: A UUID string identifying this Object Attribute.
+        required: true
+      tags:
+      - core
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/PatchedObjectAttributeRequest'
+      security:
+      - authentik: []
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ObjectAttribute'
+          description: ''
+        '400':
+          $ref: '#/components/responses/ValidationErrorResponse'
+        '403':
+          $ref: '#/components/responses/GenericErrorResponse'
+    delete:
+      operationId: core_object_attributes_destroy
+      parameters:
+      - in: path
+        name: attribute_id
+        schema:
+          type: string
+          format: uuid
+        description: A UUID string identifying this Object Attribute.
+        required: true
+      tags:
+      - core
+      security:
+      - authentik: []
+      responses:
+        '204':
+          description: No response body
+        '400':
+          $ref: '#/components/responses/ValidationErrorResponse'
+        '403':
+          $ref: '#/components/responses/GenericErrorResponse'
   /core/tokens/:
     get:
       operationId: core_tokens_list
@@ -36858,8 +37030,12 @@ components:
         verbose_name_plural:
           type: string
           readOnly: true
+        fully_qualified_model:
+          type: string
+          readOnly: true
       required:
       - app_label
+      - fully_qualified_model
       - id
       - model
       - verbose_name_plural
@@ -43421,6 +43597,7 @@ components:
       - authentik_core.application
       - authentik_core.applicationentitlement
       - authentik_core.token
+      - authentik_core.objectattribute
       - authentik_crypto.certificatekeypair
       - authentik_endpoints.deviceuserbinding
       - authentik_endpoints.deviceaccessgroup
@@ -44702,6 +44879,111 @@ components:
       - name
       - provider_type
       - slug
+    ObjectAttribute:
+      type: object
+      properties:
+        pk:
+          type: string
+          format: uuid
+          readOnly: true
+          title: Attribute id
+        object_type:
+          type: string
+        object_type_obj:
+          allOf:
+          - $ref: '#/components/schemas/ContentType'
+          readOnly: true
+        enabled:
+          type: boolean
+          default: true
+        created:
+          type: string
+          format: date-time
+          readOnly: true
+        key:
+          type: string
+        label:
+          type: string
+        last_updated:
+          type: string
+          format: date-time
+          readOnly: true
+        regex:
+          type: string
+        type:
+          $ref: '#/components/schemas/ObjectAttributeTypeEnum'
+        group:
+          type: string
+        managed:
+          type: string
+          nullable: true
+          title: Managed by authentik
+          description: Objects that are managed by authentik. These objects are created
+            and updated automatically. This flag only indicates that an object can
+            be overwritten by migrations. You can still modify the objects via the
+            API, but expect changes to be overwritten in a later update.
+        is_unique:
+          type: boolean
+        is_required:
+          type: boolean
+        is_array:
+          type: boolean
+      required:
+      - created
+      - key
+      - label
+      - last_updated
+      - object_type
+      - object_type_obj
+      - pk
+      - type
+    ObjectAttributeRequest:
+      type: object
+      properties:
+        object_type:
+          type: string
+          minLength: 1
+        enabled:
+          type: boolean
+          default: true
+        key:
+          type: string
+          minLength: 1
+        label:
+          type: string
+          minLength: 1
+        regex:
+          type: string
+        type:
+          $ref: '#/components/schemas/ObjectAttributeTypeEnum'
+        group:
+          type: string
+        managed:
+          type: string
+          nullable: true
+          minLength: 1
+          title: Managed by authentik
+          description: Objects that are managed by authentik. These objects are created
+            and updated automatically. This flag only indicates that an object can
+            be overwritten by migrations. You can still modify the objects via the
+            API, but expect changes to be overwritten in a later update.
+        is_unique:
+          type: boolean
+        is_required:
+          type: boolean
+        is_array:
+          type: boolean
+      required:
+      - key
+      - label
+      - object_type
+      - type
+    ObjectAttributeTypeEnum:
+      enum:
+      - text
+      - number
+      - boolean
+      type: string
     OpenIDConnectConfiguration:
       type: object
       description: rest_framework Serializer for OIDC Configuration
@@ -46252,6 +46534,21 @@ components:
       - autocomplete
       - pagination
       - results
+    PaginatedObjectAttributeList:
+      type: object
+      properties:
+        pagination:
+          $ref: '#/components/schemas/Pagination'
+        results:
+          type: array
+          items:
+            $ref: '#/components/schemas/ObjectAttribute'
+        autocomplete:
+          $ref: '#/components/schemas/Autocomplete'
+      required:
+      - autocomplete
+      - pagination
+      - results
     PaginatedOutpostList:
       type: object
       properties:
@@ -50034,6 +50331,42 @@ components:
           - $ref: '#/components/schemas/AuthorizationCodeAuthMethodEnum'
           description: How to perform authentication during an authorization_code
             token request flow
+    PatchedObjectAttributeRequest:
+      type: object
+      properties:
+        object_type:
+          type: string
+          minLength: 1
+        enabled:
+          type: boolean
+          default: true
+        key:
+          type: string
+          minLength: 1
+        label:
+          type: string
+          minLength: 1
+        regex:
+          type: string
+        type:
+          $ref: '#/components/schemas/ObjectAttributeTypeEnum'
+        group:
+          type: string
+        managed:
+          type: string
+          nullable: true
+          minLength: 1
+          title: Managed by authentik
+          description: Objects that are managed by authentik. These objects are created
+            and updated automatically. This flag only indicates that an object can
+            be overwritten by migrations. You can still modify the objects via the
+            API, but expect changes to be overwritten in a later update.
+        is_unique:
+          type: boolean
+        is_required:
+          type: boolean
+        is_array:
+          type: boolean
     PatchedOutpostRequest:
       type: object
       description: Outpost Serializer
@@ -54916,7 +55249,6 @@ components:
       enum:
       - token
       - oauth
-      - oauth_interactive
       type: string
     SCIMMapping:
       type: object
@@ -55051,24 +55383,6 @@ components:
           type: object
           additionalProperties: {}
           description: Additional OAuth parameters, such as grant_type
-        auth_oauth_token_last_updated:
-          type: string
-          format: date-time
-          nullable: true
-          readOnly: true
-        auth_oauth_token_expires:
-          type: string
-          format: date-time
-          nullable: true
-          readOnly: true
-        auth_oauth_url_callback:
-          type: string
-          nullable: true
-          readOnly: true
-        auth_oauth_url_start:
-          type: string
-          nullable: true
-          readOnly: true
         compatibility_mode:
           allOf:
           - $ref: '#/components/schemas/CompatibilityModeEnum'
@@ -55101,10 +55415,6 @@ components:
       required:
       - assigned_backchannel_application_name
       - assigned_backchannel_application_slug
-      - auth_oauth_token_expires
-      - auth_oauth_token_last_updated
-      - auth_oauth_url_callback
-      - auth_oauth_url_start
       - component
       - meta_model_name
       - name

scripts/node/lint-lockfile.mjs

@@ -1,278 +0,0 @@
-#!/usr/bin/env node
-/**
- * @file Lints the package-lock.json file to ensure it is in sync with package.json.
- *
- * Usage:
- *   lint-lockfile [options] [directory]
- *
- * Options:
- *   --warn    Report issues as warnings instead of failing. The lockfile is
- *             still regenerated on disk, but the process exits 0.
- *
- * Exit codes:
- *   0  Lockfile is in sync (or --warn was passed)
- *   1  Unexpected error
- *   2  Lockfile drift detected
- */
-
-/// <reference lib="esnext" />
-
-import * as assert from "node:assert/strict";
-import { findPackageJSON } from "node:module";
-import { dirname } from "node:path";
-import { isDeepStrictEqual, parseArgs } from "node:util";
-
-import { ConsoleLogger } from "../../packages/logger-js/lib/node.js";
-import { parseCWD, reportAndExit } from "./utils/commands.mjs";
-import { corepack } from "./utils/corepack.mjs";
-import { gitStatus } from "./utils/git.mjs";
-import { findNPMPackage, loadJSON, npm, pluckDependencyFields } from "./utils/node.mjs";
-
-//#region Constants
-
-const logger = ConsoleLogger.prefix("lint:lockfile");
-
-const { values: options, positionals } = parseArgs({
-    options: {
-        "warn": {
-            type: "boolean",
-            default: false,
-            description: "Report issues as warnings instead of failing",
-        },
-        "skip-git": {
-            type: "boolean",
-            default: !!process.env.CI,
-            description:
-                "Skip checking for uncommitted changes (use with --warn to ignore drift without reporting)",
-        },
-    },
-    allowPositionals: true,
-});
-
-const cwd = parseCWD(positionals);
-
-const ignoredProperties = new Set([
-    // ---
-    "peer",
-    "engines",
-    "optional",
-]);
-
-//#region Utilities
-
-/**
- * @param {Record<string, unknown>} actual
- * @param {Record<string, unknown>} expected
- * @param {string[]} [prefix]
- * @returns {Set<string>[]}
- */
-function extractDiffedProperties(actual, expected, prefix = []) {
-    const a = actual ?? {};
-    const b = expected ?? {};
-    const keys = new Set([...Object.keys(a), ...Object.keys(b)]);
-    /** @type {Set<string>[]} */
-    const diffs = [];
-
-    for (const key of keys) {
-        const path = [...prefix, key];
-        const valA = a[key];
-        const valB = b[key];
-
-        if (
-            valA !== null &&
-            valB !== null &&
-            typeof valA === "object" &&
-            typeof valB === "object" &&
-            !Array.isArray(valA) &&
-            !Array.isArray(valB)
-        ) {
-            // @ts-ignore
-            diffs.push(...extractDiffedProperties(valA, valB, path));
-        } else if (!isDeepStrictEqual(valA, valB)) {
-            diffs.push(new Set(path));
-        }
-    }
-
-    return diffs;
-}
-
-//#endregion
-
-/**
- * Exit code when lockfile drift is detected (distinct from general errors)
- */
-const EXIT_DRIFT = 2;
-
-/**
- * @returns {Promise<string[]>} The list of issues detected.
- */
-async function run() {
-    /** @type {string[]} */
-    const issues = [];
-
-    /**
-     * Records an issue. In strict mode, throws immediately.
-     * In warn mode, collects the message for later reporting.
-     *
-     * @param {boolean} ok
-     * @param {string} message
-     */
-    const check = (ok, message) => {
-        if (ok) return;
-
-        if (options.warn) {
-            issues.push(message);
-            return;
-        }
-
-        assert.fail(message);
-    };
-
-    /**
-     * Checks deep equality of two values. In strict mode, throws if they are not equal.
-     * In warn mode, records an issue instead.
-     *
-     * @param {unknown} actual
-     * @param {unknown} expected
-     * @param {string} message
-     */
-    const checkDeep = (actual, expected, message) => {
-        if (options.warn) {
-            if (!isDeepStrictEqual(actual, expected)) {
-                issues.push(message);
-            }
-
-            return;
-        }
-
-        assert.deepStrictEqual(actual, expected, message);
-    };
-
-    logger.info(`Linting lockfile integrity in: ${cwd}`);
-
-    // MARK: Locate files
-
-    const resolvedPath = import.meta.resolve(cwd);
-    const packageJSONPath = findPackageJSON(resolvedPath);
-
-    assert.ok(
-        packageJSONPath,
-        "Could not find package.json in the current directory or any parent directories",
-    );
-
-    const packageDir = dirname(packageJSONPath);
-    const { packageLockPath } = await findNPMPackage(packageDir);
-    const lockfileDir = dirname(packageLockPath);
-    const isWorkspace = lockfileDir !== packageDir;
-
-    const corepackVersion = await corepack`--version`().catch(() => null);
-    const useCorepack = !!corepackVersion;
-    logger.info(`corepack: ${corepackVersion || "disabled"}`);
-
-    const expected = {
-        lockfile: await loadJSON(packageLockPath),
-        package: await loadJSON(packageJSONPath).then(pluckDependencyFields),
-    };
-
-    logger.info(`package.json: ${packageJSONPath} (${expected.package.name})`);
-    logger.info(`package-lock.json: ${packageLockPath}${isWorkspace ? " (workspace root)" : ""}`);
-
-    // MARK: Uncommitted changes
-
-    if (options["skip-git"]) {
-        logger.warn("Skipping git status check");
-    } else {
-        const packageStatus = await gitStatus(packageJSONPath);
-        const lockfileStatus = await gitStatus(packageLockPath);
-
-        if (!packageStatus.available || !lockfileStatus.available) {
-            logger.warn("Git is not available; skipping uncommitted change detection.");
-        } else {
-            check(packageStatus.clean, `package.json has uncommitted changes: ${packageJSONPath}`);
-
-            check(
-                lockfileStatus.clean,
-                `package-lock.json has uncommitted changes: ${packageLockPath}`,
-            );
-        }
-    }
-
-    // MARK: Regenerate
-
-    const npmVersion = await npm`--version`({ useCorepack });
-
-    logger.info(`Detected npm version: ${npmVersion}`);
-
-    await npm`install --package-lock-only`({
-        cwd: lockfileDir,
-        useCorepack,
-    });
-
-    logger.info("npm install complete.");
-
-    const actual = {
-        lockfile: await loadJSON(packageLockPath),
-        package: await loadJSON(packageJSONPath).then(pluckDependencyFields),
-    };
-
-    // MARK: Compare
-
-    assert.deepStrictEqual(
-        actual.package,
-        expected.package,
-        `package.json was unexpectedly modified during lockfile check: ${packageJSONPath}`,
-    );
-
-    try {
-        checkDeep(
-            actual.lockfile,
-            expected.lockfile,
-            `package-lock.json is out of sync with package.json`,
-        );
-    } catch (error) {
-        if (!(error instanceof assert.AssertionError)) {
-            throw error;
-        }
-
-        // NPM versions <=11.10 has issues with deterministic lockfile generation,
-        // especially around optional peer dependencies.
-        const diffedProperties = extractDiffedProperties(actual.lockfile, expected.lockfile).filter(
-            (segments) => segments.isDisjointFrom(ignoredProperties),
-        );
-
-        if (diffedProperties.length) {
-            const formatted = diffedProperties
-                .map((segments) => Array.from(segments).join("."))
-                .join("\n");
-
-            throw new Error(`Lockfile drift detected:\n${formatted}`, { cause: error });
-        }
-
-        logger.warn(
-            "Permissible dependency differences detected. Run `npm install` to update the lockfile.",
-        );
-    }
-
-    return issues;
-}
-
-run()
-    .then((issues) => {
-        if (issues.length) {
-            logger.warn(`⚠️  ${issues.length} issue(s) detected:`);
-
-            for (const issue of issues) {
-                logger.warn(`  - ${issue}`);
-            }
-
-            if (options.warn) {
-                logger.warn(
-                    "The lockfile on disk has been regenerated. Review and commit the changes.",
-                );
-                process.exit(EXIT_DRIFT);
-            }
-        } else {
-            logger.info("✅ Lockfile is in sync.");
-        }
-    })
-    .catch((error) => reportAndExit(error, logger));

scripts/node/lint-runtime.mjs

@@ -1,114 +0,0 @@
-#!/usr/bin/env node
-/**
- * @file Lints the installed Node.js and npm versions against the requirements specified in package.json.
- *
- * Usage:
- *   lint-node [options] [directory]
- *
- * Exit codes:
- *   0  Versions are in sync
- *   1  Version mismatch detected
- */
-
-import * as assert from "node:assert/strict";
-import { parseArgs } from "node:util";
-
-import { ConsoleLogger } from "../../packages/logger-js/lib/node.js";
-import { CommandError, parseCWD, reportAndExit } from "./utils/commands.mjs";
-import { corepack } from "./utils/corepack.mjs";
-import { resolveRepoRoot } from "./utils/git.mjs";
-import { compareVersions, findNPMPackage, loadJSON, node, npm, parseRange } from "./utils/node.mjs";
-
-const logger = ConsoleLogger.prefix("lint-runtime");
-
-/**
- * @param {string} start
- */
-async function readRequirements(start) {
-    const { packageJSONPath } = await findNPMPackage(start);
-
-    logger.info(`Checking versions in ${packageJSONPath}`);
-
-    const packageJSONData = await loadJSON(packageJSONPath);
-
-    const nodeVersion = await node`--version`().then((output) => output.replace(/^v/, ""));
-
-    const requiredNpmVersion = packageJSONData.engines?.npm;
-    const requiredNodeVersion = packageJSONData.engines?.node;
-
-    return { nodeVersion, requiredNpmVersion, requiredNodeVersion };
-}
-
-async function main() {
-    const parsedArgs = parseArgs({
-        allowPositionals: true,
-    });
-
-    const cwd = parseCWD(parsedArgs.positionals);
-    const repoRoot = await resolveRepoRoot(cwd).catch(() => null);
-
-    logger.info(`cwd ${cwd}`);
-    logger.info(`repository ${repoRoot || "not found"}`);
-
-    const corepackVersion = await corepack`--version`().catch(() => null);
-    const useCorepack = !!corepackVersion;
-    logger.info(`corepack ${corepackVersion || "disabled"}`);
-
-    const npmVersion = await npm`--version`({ cwd, useCorepack })
-        .then((version) => {
-            logger.info(`npm${corepackVersion ? " (via Corepack)" : ""} ${version}`);
-
-            return version;
-        })
-        .catch((error) => {
-            if (error instanceof CommandError && corepackVersion) {
-                logger.warn(`Failed to read npm version via Corepack ${error.message}`);
-
-                logger.info(`Attempting to read npm version directly without Corepack...`);
-                // Corepack might be misconfigured or outdated.
-                // Attempting a second read without Corepack can help us distinguish
-                // between a general npm issue and a Corepack-specific one.
-                return npm`--version`({ cwd }).then((version) => {
-                    logger.info(`npm (direct) ${version}`);
-
-                    return version;
-                });
-            }
-
-            throw error;
-        });
-
-    const { nodeVersion, requiredNpmVersion, requiredNodeVersion } = await readRequirements(cwd);
-
-    logger.info(`node ${nodeVersion}`);
-
-    if (requiredNpmVersion) {
-        logger.info(`package.json npm ${requiredNpmVersion}`);
-
-        const { operator, version: required } = parseRange(requiredNpmVersion);
-        const result = compareVersions(npmVersion, required);
-
-        assert.ok(
-            operator === ">=" ? result >= 0 : result === 0,
-            `npm version ${npmVersion} does not satisfy required version ${requiredNpmVersion}`,
-        );
-    }
-
-    if (requiredNodeVersion) {
-        logger.info(`package.json node ${requiredNodeVersion}`);
-
-        const { operator, version: required } = parseRange(requiredNodeVersion);
-        const result = compareVersions(nodeVersion, required);
-
-        assert.ok(
-            operator === ">=" ? result >= 0 : result === 0,
-            `Node.js version ${nodeVersion} does not satisfy required version ${requiredNodeVersion}`,
-        );
-    }
-}
-
-main()
-    .then(() => {
-        logger.info("✅ Node.js and npm versions are in sync.");
-    })
-    .catch((error) => reportAndExit(error, logger));

scripts/node/setup-corepack.mjs

@@ -1,110 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * @file Downloads the latest corepack tarball from the npm registry.
- */
-
-import * as fs from "node:fs/promises";
-import { parseArgs } from "node:util";
-
-import { ConsoleLogger } from "../../packages/logger-js/lib/node.js";
-import { $, parseCWD, reportAndExit } from "./utils/commands.mjs";
-import { corepack, pullLatestCorepack, verifyPackageManagerIntegrity } from "./utils/corepack.mjs";
-import { resolveRepoRoot } from "./utils/git.mjs";
-import { findNPMPackage, loadJSON, npm } from "./utils/node.mjs";
-
-/**
- * @deprecated Remove after Corepack is merged into the monorepo and we can rely on the version specified in package.json.
- */
-const FALLBACK_PACKAGE_MANAGER =
-    "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367";
-const logger = ConsoleLogger.prefix("setup-corepack");
-
-async function main() {
-    const parsedArgs = parseArgs({
-        options: {
-            force: {
-                type: "boolean",
-                default: false,
-                description: "Force re-download of corepack even if a version is already installed",
-            },
-        },
-        allowPositionals: true,
-    });
-
-    const cwdArg = parseCWD(parsedArgs.positionals);
-
-    const repoRoot = await resolveRepoRoot(cwdArg).catch(() => null);
-    const cwd = repoRoot || cwdArg;
-
-    const npmVersion = await npm`--version`({ cwd });
-
-    logger.info(`npm ${npmVersion}`);
-
-    const corepackVersion = await corepack`--version`({ cwd }).catch(() => null);
-
-    logger.info(`corepack ${corepackVersion || "not found"}`);
-
-    if (corepackVersion && !parsedArgs.values.force) {
-        logger.info("Corepack is already installed, skipping download (use --force to override)");
-        return;
-    }
-
-    await pullLatestCorepack(cwd);
-
-    await npm`install --force -g corepack@latest`({ cwd });
-    logger.info("Corepack installed successfully");
-
-    const { packageJSONPath } = await findNPMPackage(cwd);
-
-    logger.info(`Checking versions in ${packageJSONPath}`);
-
-    const packageJSONData = await loadJSON(packageJSONPath);
-
-    const packageManagerSpec = packageJSONData.packageManager || FALLBACK_PACKAGE_MANAGER;
-    const plusIndex = packageManagerSpec.indexOf("+");
-    const packageManager =
-        plusIndex === -1 ? packageManagerSpec : packageManagerSpec.slice(0, plusIndex);
-    const checksum = plusIndex === -1 ? "" : packageManagerSpec.slice(plusIndex + 1);
-
-    if (!checksum) {
-        throw new Error(
-            `Invalid packageManager field in package.json. Expected format "name@version+checksum". Got "${packageJSONData.packageManager}".`,
-        );
-    }
-
-    await verifyPackageManagerIntegrity(packageManager, checksum);
-
-    await $`corepack install -g ${packageManager}`({ cwd });
-
-    logger.info(`Setting up Corepack to use ${packageManager}...`);
-
-    const writablePackageJSON = await fs.access(packageJSONPath, fs.constants.W_OK).then(
-        () => true,
-        () => false,
-    );
-
-    /**
-     * @type {string}
-     */
-    let subcommand;
-
-    if (!writablePackageJSON) {
-        if (!packageJSONData.packageManager) {
-            throw new Error(
-                `package.json is not writable and does not specify a packageManager field. Was the package.json file mounted via Docker?`,
-            );
-        }
-
-        subcommand = "install -g";
-    } else {
-        logger.info("package.json is writable");
-        subcommand = "use";
-    }
-
-    await $`corepack ${subcommand} ${packageManager}`({ cwd });
-
-    logger.info("Corepack installed npm successfully");
-}
-
-main().catch((error) => reportAndExit(error, logger));

scripts/node/utils/commands.mjs

@@ -1,123 +0,0 @@
-/**
- * Utility functions for running shell commands and handling their results.
- *
- * @import { ExecOptions } from "node:child_process"
- * @import { IConsoleLogger } from "../../../packages/logger-js/lib/shared.js"
- */
-
-import { exec } from "node:child_process";
-import { resolve, sep } from "node:path";
-import { promisify } from "node:util";
-
-import { ConsoleLogger } from "../../../packages/logger-js/lib/node.js";
-
-const logger = ConsoleLogger.prefix("commands");
-
-export class CommandError extends Error {
-    name = "CommandError";
-
-    /**
-     * @param {string} command
-     * @param {ErrorOptions & ExecOptions} options
-     */
-    constructor(command, { cause, cwd, shell } = {}) {
-        const cwdInfo = cwd ? ` in directory ${cwd}` : "";
-        const shellInfo = shell ? ` using shell ${shell}` : "";
-
-        super(`Command failed: ${command}${cwdInfo}${shellInfo}`, { cause });
-    }
-}
-
-/**
- * @param {string[]} positionals
- * @returns {string} The resolved current working directory for the script
- */
-export function parseCWD(positionals) {
-    // `INIT_CWD` is present only if the script is run via npm.
-    const initCWD = process.env.INIT_CWD || process.cwd();
-
-    const cwd = (positionals.length ? resolve(initCWD, positionals[0]) : initCWD) + sep;
-
-    return cwd;
-}
-
-const execAsync = promisify(exec);
-
-/**
- * A timeout value to prevent hanging indefinitely when running shell commands,
- * such as if CI is experiencing issues with provisioning or network connectivity.
- */
-const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
-
-/**
- * @param {Awaited<ReturnType<typeof execAsync>>} result
- */
-export const trimResult = (result) => String(result.stdout).trim();
-
-/**
- * @typedef {(strings: TemplateStringsArray, ...expressions: unknown[]) =>
- *   (options?: ExecOptions) => Promise<string>
- * } CommandTag
- */
-
-function createTag(prefix = "") {
-    /** @type {CommandTag} */
-    return (strings, ...expressions) => {
-        const command = (prefix ? prefix + " " : "") + String.raw(strings, ...expressions);
-
-        logger.debug(command);
-
-        return (options) =>
-            execAsync(command, { timeout: DEFAULT_TIMEOUT_MS, ...options })
-                .then(trimResult)
-                .catch((cause) => {
-                    throw new CommandError(command, { ...options, cause });
-                });
-    };
-}
-
-/**
- * A tagged template function for running shell commands.
- * @type {CommandTag & { bind(prefix: string): CommandTag }}
- */
-export const $ = createTag();
-
-/**
- * @param {string} prefix
- * @returns {CommandTag}
- */
-$.bind = (prefix) => createTag(prefix);
-
-/**
- * Promisified version of {@linkcode exec} for easier async/await usage.
- *
- * @param {string} command The command to run, with space-separated arguments.
- * @param {ExecOptions} [options] Optional execution options.
- * @throws {CommandError} If the command fails to execute.
- */
-export function $2(command, options) {
-    return execAsync(command, { timeout: DEFAULT_TIMEOUT_MS, ...options })
-        .then(trimResult)
-        .catch((cause) => {
-            throw new CommandError(command, { ...options, cause });
-        });
-}
-
-/**
- * Logs the given error and its cause (if any) and exits the process with a failure code.
- * @param {unknown} error
- * @param {IConsoleLogger} logger
- * @returns {never}
- */
-export function reportAndExit(error, logger = ConsoleLogger) {
-    const message = error instanceof Error ? error.message : String(error);
-    const cause = error instanceof Error && error.cause instanceof Error ? error.cause : null;
-
-    logger.error(`❌ ${message}`);
-
-    if (cause) {
-        logger.error(`Caused by: ${cause.message}`);
-    }
-
-    process.exit(1);
-}

scripts/node/utils/corepack.mjs

@@ -1,165 +0,0 @@
-import * as crypto from "node:crypto";
-import * as fs from "node:fs/promises";
-import { join, relative } from "node:path";
-
-import { ConsoleLogger } from "../../../packages/logger-js/lib/node.js";
-import { $ } from "./commands.mjs";
-
-const REGISTRY_BASE_URL = "https://registry.npmjs.org";
-const REGISTRY_URL = `${REGISTRY_BASE_URL}/corepack`;
-const OUTPUT_DIR = join(".corepack", "releases");
-const OUTPUT_FILENAME = "latest.tgz";
-
-export const corepack = $.bind("corepack");
-
-/**
- * Reads the installed Corepack version.
- *
- * @param {string} [cwd] The directory to run the command in.
- * @returns {Promise<string | null>} The installed Corepack version
- */
-export function readCorepackVersion(cwd = process.cwd()) {
-    return $`corepack --version`({ cwd });
-}
-
-const logger = ConsoleLogger.prefix("setup-corepack");
-
-/**
- * @param {string} baseDirectory
- */
-export async function pullLatestCorepack(baseDirectory = process.cwd()) {
-    logger.info("Fetching corepack metadata from registry...");
-
-    const outputDir = join(baseDirectory, OUTPUT_DIR);
-    const outputPath = join(outputDir, OUTPUT_FILENAME);
-
-    const res = await fetch(REGISTRY_URL, { signal: AbortSignal.timeout(1000 * 60) });
-
-    if (!res.ok) {
-        throw new Error(`Failed to fetch registry metadata: ${res.status} ${res.statusText}`);
-    }
-
-    const metadata = await res.json();
-
-    const latestVersion = metadata["dist-tags"].latest;
-    const versionData = metadata.versions[latestVersion];
-    const tarballUrl = versionData.dist.tarball;
-    const expectedIntegrity = versionData.dist.integrity;
-
-    logger.info(`Latest corepack version: ${latestVersion}`);
-    logger.info(`Tarball URL: ${tarballUrl}`);
-    logger.info(`Expected integrity: ${expectedIntegrity}`);
-
-    logger.info({ url: tarballUrl }, "Downloading tarball...");
-
-    const tarballRes = await fetch(tarballUrl, {
-        signal: AbortSignal.timeout(1000 * 60),
-    });
-
-    if (!tarballRes.ok) {
-        throw new Error(
-            `Failed to download tarball: ${tarballRes.status} ${tarballRes.statusText}`,
-        );
-    }
-
-    const tarballBuffer = Buffer.from(await tarballRes.arrayBuffer());
-
-    logger.info("Verifying integrity...");
-
-    const [algorithm, expectedHash] = expectedIntegrity.split("-");
-    const actualHash = crypto.createHash(algorithm).update(tarballBuffer).digest("base64");
-
-    if (actualHash !== expectedHash) {
-        throw new Error(
-            `Integrity mismatch!\n  Expected: ${expectedHash}\n  Actual:   ${actualHash}`,
-        );
-    }
-
-    logger.info("Integrity verified.");
-
-    await fs.mkdir(outputDir, { recursive: true });
-    await fs.writeFile(outputPath, tarballBuffer);
-
-    logger.info(`Saved to ${relative(baseDirectory, outputPath)}`);
-    logger.info(`corepack@${latestVersion} (${expectedIntegrity})`);
-}
-
-/**
- * Downloads the tarball for a package manager spec from the npm registry and
- * verifies it matches the expected Corepack-style checksum (`<algorithm>.<hex>`).
- *
- * Corepack's CLI does not enforce the `+integrity` suffix on the `packageManager`
- * field when invoked via `corepack install -g`, so we verify the bytes ourselves
- * before handing control back to Corepack.
- *
- * @param {string} packageManager E.g. `npm@11.14.1`.
- * @param {string} expectedChecksum E.g. `sha512.6a8a4d67...`.
- * @returns {Promise<void>}
- */
-export async function verifyPackageManagerIntegrity(packageManager, expectedChecksum) {
-    const atIndex = packageManager.lastIndexOf("@");
-
-    if (atIndex <= 0) {
-        throw new Error(
-            `Invalid packageManager spec "${packageManager}". Expected "name@version".`,
-        );
-    }
-
-    const name = packageManager.slice(0, atIndex);
-    const version = packageManager.slice(atIndex + 1);
-
-    const separatorIndex = expectedChecksum.indexOf(".");
-
-    if (separatorIndex <= 0) {
-        throw new Error(
-            `Invalid checksum format "${expectedChecksum}". Expected "<algorithm>.<hex>".`,
-        );
-    }
-
-    const algorithm = expectedChecksum.slice(0, separatorIndex);
-    const expectedHex = expectedChecksum.slice(separatorIndex + 1).toLowerCase();
-
-    logger.info(`Verifying ${name}@${version} against ${algorithm} checksum...`);
-
-    const metadataUrl = `${REGISTRY_BASE_URL}/${encodeURIComponent(name)}/${encodeURIComponent(version)}`;
-
-    const metadataRes = await fetch(metadataUrl, {
-        signal: AbortSignal.timeout(1000 * 60),
-    });
-
-    if (!metadataRes.ok) {
-        throw new Error(
-            `Failed to fetch registry metadata for ${name}@${version}: ${metadataRes.status} ${metadataRes.statusText}`,
-        );
-    }
-
-    const versionData = await metadataRes.json();
-    const tarballUrl = versionData?.dist?.tarball;
-
-    if (!tarballUrl) {
-        throw new Error(`Registry response missing dist.tarball for ${name}@${version}.`);
-    }
-
-    logger.info({ url: tarballUrl }, "Downloading tarball...");
-
-    const tarballRes = await fetch(tarballUrl, {
-        signal: AbortSignal.timeout(1000 * 60),
-    });
-
-    if (!tarballRes.ok) {
-        throw new Error(
-            `Failed to download tarball: ${tarballRes.status} ${tarballRes.statusText}`,
-        );
-    }
-
-    const tarballBuffer = Buffer.from(await tarballRes.arrayBuffer());
-    const actualHex = crypto.createHash(algorithm).update(tarballBuffer).digest("hex");
-
-    if (actualHex !== expectedHex) {
-        throw new Error(
-            `Integrity mismatch for ${name}@${version}!\n  Expected: ${algorithm}.${expectedHex}\n  Actual:   ${algorithm}.${actualHex}`,
-        );
-    }
-
-    logger.info(`Integrity verified for ${name}@${version}.`);
-}

scripts/node/utils/git.mjs

@@ -1,25 +0,0 @@
-import { $ } from "./commands.mjs";
-
-/**
- * Checks whether the given file has uncommitted changes in git.
- *
- * @param {string} filePath
- * @param {string} [cwd]
- * @returns {Promise<{ clean: boolean, available: boolean }>}
- */
-export async function gitStatus(filePath, cwd = process.cwd()) {
-    return $`git status --porcelain ${filePath}`({ cwd })
-        .then((output) => ({ clean: !output, available: true }))
-        .catch(() => ({ clean: false, available: false }));
-}
-
-/**
- * Finds the root directory of the git repository containing the given directory.
- *
- * @param {string} cwd
- * @returns {Promise<string>} The path to the git repository root.
- * @throws {Error} If the command fails (e.g., not a git repository).
- */
-export function resolveRepoRoot(cwd = process.cwd()) {
-    return $`git rev-parse --show-toplevel`({ cwd });
-}

scripts/node/utils/node.mjs

@@ -1,175 +0,0 @@
-/**
- * Utility functions for working with npm packages and versions.
- *
- * @import { ExecOptions } from "node:child_process"
- */
-
-import * as fs from "node:fs/promises";
-import { dirname, join } from "node:path";
-
-import { $ } from "./commands.mjs";
-
-/**
- * Find the nearest directory containing both package.json and package-lock.json,
- * starting from the given directory and walking upward.
- *
- * @param {string} start The directory to start searching from.
- * @returns {Promise<{ packageJSONPath: string, packageLockPath: string }>}
- * @throws {Error} If no co-located package.json and package-lock.json are found.
- */
-export async function findNPMPackage(start) {
-    let currentDir = start;
-
-    while (currentDir !== dirname(currentDir)) {
-        const packageJSONPath = join(currentDir, "package.json");
-        const packageLockPath = join(currentDir, "package-lock.json");
-
-        try {
-            await Promise.all([fs.access(packageJSONPath), fs.access(packageLockPath)]);
-            return {
-                packageJSONPath,
-                packageLockPath,
-            };
-        } catch {
-            // Continue searching up the directory tree
-        }
-
-        currentDir = dirname(currentDir);
-    }
-
-    throw new Error(`No co-located package.json and package-lock.json found above ${start}`);
-}
-
-/**
- * @typedef {object} PackageJSON
- * @property {string} name
- * @property {string} version
- * @property {Record<string, string>} [dependencies]
- * @property {Record<string, string>} [devDependencies]
- * @property {Record<string, string>} [peerDependencies]
- * @property {Record<string, string>} [optionalDependencies]
- * @property {Record<string, string>} [peerDependenciesMeta]
- * @property {Record<string, string>} [engines]
- * @property {Record<string, string>} [devEngines]
- * @property {string} [packageManager]
- */
-
-/**
- * @param {string} jsonPath
- * @returns {Promise<PackageJSON>}
- */
-export function loadJSON(jsonPath) {
-    return fs
-        .readFile(jsonPath, "utf-8")
-        .then(JSON.parse)
-        .catch((cause) => {
-            throw new Error(`Failed to load JSON file at ${jsonPath}`, { cause });
-        });
-}
-
-const PackageJSONComparisionFields = /** @type {const} */ ([
-    "name",
-    "dependencies",
-    "devDependencies",
-    "optionalDependencies",
-    "peerDependencies",
-    "peerDependenciesMeta",
-]);
-
-/**
- * @typedef {typeof PackageJSONComparisionFields[number]} PackageJSONComparisionField
- */
-
-/**
- * Extracts only the dependency fields from a package.json object for comparison purposes.
- *
- * @param {PackageJSON} data
- * @returns {Pick<PackageJSON, PackageJSONComparisionField>}
- */
-export function pluckDependencyFields(data) {
-    /**
-     * @type {Record<string, unknown>}
-     */
-    const result = {};
-
-    for (const field of PackageJSONComparisionFields) {
-        if (data[field]) {
-            result[field] = data[field];
-        }
-    }
-
-    return /** @type {Pick<PackageJSON, PackageJSONComparisionField>} */ (result);
-}
-
-//#region Versioning
-
-/**
- * Compares two semantic version strings (e.g., "14.17.0").
- *
- * @param {string} a The first version string.
- * @param {string} b The second version string.
- * @returns {number}
- */
-export function compareVersions(a, b) {
-    const pa = a.split(".").map(Number);
-    const pb = b.split(".").map(Number);
-    for (let i = 0; i < 3; i++) {
-        if (pa[i] > pb[i]) return 1;
-        if (pa[i] < pb[i]) return -1;
-    }
-    return 0;
-}
-
-/**
- * Runs a Node.js command and returns its stdout output as a string.
- *
- * @param {TemplateStringsArray} strings
- * @param  {...unknown} expressions
- * @returns {(options?: ExecOptions) => Promise<string>}
- */
-export const node = $.bind("node");
-
-/**
- * @typedef {object} NPMCommandOptions
- * @property {boolean} [useCorepack] Whether to prefix the command with "corepack " to use Corepack's shims.
- * @returns {Promise<string>}
- */
-
-/**
- * Runs an npm command and returns its stdout output as a string.
- *
- * @param {TemplateStringsArray} strings
- * @param  {...unknown} expressions
- * @returns {(options?: ExecOptions & NPMCommandOptions) => Promise<string>}
- */
-export function npm(strings, ...expressions) {
-    const subcommand = String.raw(strings, ...expressions);
-
-    return ({ useCorepack, ...options } = {}) => {
-        const command = [useCorepack ? "corepack" : "", "npm", subcommand]
-            .filter(Boolean)
-            .join(" ");
-
-        return $`${command}`(options);
-    };
-}
-
-/**
- * Parses a version range string, stripping any leading >= and normalizing to three parts.
- * @param {string} range
- * @returns {{ operator: ">=" | "=", version: string }}
- */
-export function parseRange(range) {
-    const hasGte = range.startsWith(">=");
-    const raw = hasGte ? range.slice(2) : range;
-    const parts = raw.split(".").map(Number);
-
-    while (parts.length < 3) parts.push(0);
-
-    return {
-        operator: hasGte ? ">=" : "=",
-        version: parts.join("."),
-    };
-}
-
-//#endregion

uv.lock

@@ -3743,32 +3743,32 @@ wheels = [
 
 [[package]]
 name = "ujson"
-version = "5.12.1"
+version = "5.12.0"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/bc/78/937198ea8708182dd1edbf0237bf255a96feab3f511691ad08b84da98e5d/ujson-5.12.1.tar.gz", hash = "sha256:5b7e96406c301a1366534479a7352ec40ec68bb327c0c119091635acd5925e35", size = 7164538, upload-time = "2026-05-05T22:05:01.354Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/cb/3e/c35530c5ffc25b71c59ae0cd7b8f99df37313daa162ce1e2f7925f7c2877/ujson-5.12.0.tar.gz", hash = "sha256:14b2e1eb528d77bc0f4c5bd1a7ebc05e02b5b41beefb7e8567c9675b8b13bcf4", size = 7158451, upload-time = "2026-03-11T22:19:30.397Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/f8/ca/d88d86f90f8f237985f3e347b9a4f9fa24e8d30d19ec7d477ed18aa58393/ujson-5.12.1-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:6f19e9a407a24230df0cc1ec1c0f5999872ba526b14a780f80ad6479f5eed9bc", size = 58099, upload-time = "2026-05-05T22:04:06.688Z" },
-    { url = "https://files.pythonhosted.org/packages/ae/2d/a0a88407cee3550f7ed1e49b41157ee2d410f51905ed51fb134844255280/ujson-5.12.1-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:8b657e870c77aaacdeea86cfad3e6d2ef9b52517e45988c9c367f7ee764fe4dd", size = 55631, upload-time = "2026-05-05T22:04:07.925Z" },
-    { url = "https://files.pythonhosted.org/packages/a9/6d/12a3b8e72132db244ae048075e71a0079b3c5f61ff45b7ca81d5193ab3e7/ujson-5.12.1-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:984b5a99d1e0a037c2046c3c4b34cec832565d62d5017be0a035bf3cbfab72dc", size = 59469, upload-time = "2026-05-05T22:04:09.208Z" },
-    { url = "https://files.pythonhosted.org/packages/a2/72/310f8c21737554f2d2b4f1883e1a71e8a6ab0d8f92f0feb8aaa85e0f4b66/ujson-5.12.1-cp314-cp314-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:f48ef8a16f1d85bd7982beac7adfd3fb704058631db84c1c61c8a1b7072b1508", size = 61611, upload-time = "2026-05-05T22:04:10.836Z" },
-    { url = "https://files.pythonhosted.org/packages/50/50/ab4b2f7bab6c7a67298c8f2aca80e2082eaf6f332cf2d099762647b5301e/ujson-5.12.1-cp314-cp314-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4f39ba3b65cc637b59731532f7e7c807786bff1d0332ab2d5b96a04d2584d78f", size = 59122, upload-time = "2026-05-05T22:04:12.137Z" },
-    { url = "https://files.pythonhosted.org/packages/21/48/5d81cbe76fc2aa9e071aa489a3041cf0712f5e0663d60d501641f92b7bb4/ujson-5.12.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:07f307780f85b49cba93f291718421b6f5f3b627a323b431fad937a18f6587cb", size = 1038938, upload-time = "2026-05-05T22:04:13.548Z" },
-    { url = "https://files.pythonhosted.org/packages/fb/a7/abe1acb0e5d8b8d724b35533a44c89684c88100a5fd9f2fee7f7155528d5/ujson-5.12.1-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:1c335caea51c31494e514b82d50763b9792d3960d2c7d9fdb6b6fb8ed50ebdd0", size = 1198416, upload-time = "2026-05-05T22:04:15.609Z" },
-    { url = "https://files.pythonhosted.org/packages/ed/6e/087067d6ee22bd01bfba9fb1f32ce98c24ae2bcbab53bd2fbf8f7a80fe9e/ujson-5.12.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:19ea07e29a45d199f926aadf93a9974128438c01b83141fba32477c0ee604b33", size = 1091425, upload-time = "2026-05-05T22:04:17.909Z" },
-    { url = "https://files.pythonhosted.org/packages/4e/d2/28938574b766980f873b68962abb4c68a944d939446768982934ad3bcd93/ujson-5.12.1-cp314-cp314-win32.whl", hash = "sha256:c8e626b6bc9bdd2e8f7393b7d99f3daa2ca4022e6203662e70de7bb3604b21b9", size = 42334, upload-time = "2026-05-05T22:04:19.85Z" },
-    { url = "https://files.pythonhosted.org/packages/49/b0/0af30bf65d96b73c28054b344ebbe24bc96780ae8a7f2973f5dad979510a/ujson-5.12.1-cp314-cp314-win_amd64.whl", hash = "sha256:c6d3bdd020333688ee60559437021ed68a98a28fdd609b5af16de5dd58f90cba", size = 46586, upload-time = "2026-05-05T22:04:21.298Z" },
-    { url = "https://files.pythonhosted.org/packages/4e/3b/0ee2555823724e60cc847c715c299f5792aa444bdde69c51d4aa42d885c2/ujson-5.12.1-cp314-cp314-win_arm64.whl", hash = "sha256:e3c9c894971f4ada3ded16a804ed4640e1f2b3e5239beaeec7c48296f39f4232", size = 41178, upload-time = "2026-05-05T22:04:22.597Z" },
-    { url = "https://files.pythonhosted.org/packages/3f/3d/7547835cd0b7fa22eb1122702f81b2403c38a0027a2cc0d75acc449a4a66/ujson-5.12.1-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:49dd9c378e1c8e676785ff2b62cb490074229f15ab54abf45b623713cb2c36b5", size = 58565, upload-time = "2026-05-05T22:04:23.75Z" },
-    { url = "https://files.pythonhosted.org/packages/ed/6a/1784e0b24aab50623eb47b2f7a8dc22c9d809d798854d2568a9cb7c3560f/ujson-5.12.1-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:6d8827904358d7da59ccf2e1fd8de59e78248036d17fecc0462e62c6721f1102", size = 56157, upload-time = "2026-05-05T22:04:25.028Z" },
-    { url = "https://files.pythonhosted.org/packages/91/2d/2c1b24df24eee309047d81460c3a1acf0d047207327edc6f3cab8a614985/ujson-5.12.1-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:dc26caebea90425662ef0b979f945f6ac832651881107d6ec9a3c4d4a4ba929c", size = 60288, upload-time = "2026-05-05T22:04:26.273Z" },
-    { url = "https://files.pythonhosted.org/packages/c5/14/c0c603e3dff2ef98f7deee2df7795e6055abbc5825c6ef530024b3b06a15/ujson-5.12.1-cp314-cp314t-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:45022aae09ac3d45bda6fbfc631088d1aff9a0465542d40bd6d295ced378c430", size = 62302, upload-time = "2026-05-05T22:04:27.516Z" },
-    { url = "https://files.pythonhosted.org/packages/5c/0d/889bbc044561d9adc9bf413620fbd9878f352c9fd36da829d319bca2f5ad/ujson-5.12.1-cp314-cp314t-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b22aa0f644516d3d5b29464949e4b23fe784f84b4a1030ab9ac3cb42aaedabb1", size = 59784, upload-time = "2026-05-05T22:04:28.776Z" },
-    { url = "https://files.pythonhosted.org/packages/18/35/3b1d8ff8cd6dc048f5c495af6ee6ded43055562610a7e9b78b438dc6421e/ujson-5.12.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:7dc5cf44ea42365cd1b66e6ed3fc6ca040c86587b024a6659b98e99d31cff2cd", size = 1039759, upload-time = "2026-05-05T22:04:30.291Z" },
-    { url = "https://files.pythonhosted.org/packages/6a/d8/3c66cdf839420a6da2d6140a54a882c15efd135bcced103bd4473d577636/ujson-5.12.1-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:8df5d984ff4ac1ef292d70f30da03417038a7e1e0bc272d28ca9d34f02f41682", size = 1199121, upload-time = "2026-05-05T22:04:31.961Z" },
-    { url = "https://files.pythonhosted.org/packages/54/51/c3d1b94a4ad27dc7532e9f7d00b869463157cede2295ba6d57566afeb8cd/ujson-5.12.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:485f0182a0c0b54c304061cdc826d8343ce595c4055f7a24e72772a8520e5f7b", size = 1092085, upload-time = "2026-05-05T22:04:33.697Z" },
-    { url = "https://files.pythonhosted.org/packages/ae/52/4d4a6e78290a5eef3f576f6d281e6355535db903a08483fd1bb393bf8cb9/ujson-5.12.1-cp314-cp314t-win32.whl", hash = "sha256:4e12ca368b397aed7fa1eec534ea1ba8d94977b376f9df3e93ae1acfd004ec40", size = 43243, upload-time = "2026-05-05T22:04:35.486Z" },
-    { url = "https://files.pythonhosted.org/packages/3d/c8/849366785de52b513e5fc89d7aea0b531e71bb5641407cbdfdf47a99ede8/ujson-5.12.1-cp314-cp314t-win_amd64.whl", hash = "sha256:cec6b9b539539affc1f01a795c99574592a635ce22331b64f2b42e0af570659e", size = 47662, upload-time = "2026-05-05T22:04:37.07Z" },
-    { url = "https://files.pythonhosted.org/packages/8a/46/36a67f5a531a15308124786f3e2b7b96414b9d23dbcdc2a182dd3ffa2e1d/ujson-5.12.1-cp314-cp314t-win_arm64.whl", hash = "sha256:696224d4cfb8883fa5c0285dff31e5ce924704dd9ccd38e9ea8b5bf4a42b12fc", size = 41680, upload-time = "2026-05-05T22:04:39.083Z" },
+    { url = "https://files.pythonhosted.org/packages/10/bd/9a8d693254bada62bfea75a507e014afcfdb6b9d047b6f8dd134bfefaf67/ujson-5.12.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:85833bca01aa5cae326ac759276dc175c5fa3f7b3733b7d543cf27f2df12d1ef", size = 56499, upload-time = "2026-03-11T22:18:45.431Z" },
+    { url = "https://files.pythonhosted.org/packages/bd/2d/285a83df8176e18dcd675d1a4cff8f7620f003f30903ea43929406e98986/ujson-5.12.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:d22cad98c2a10bbf6aa083a8980db6ed90d4285a841c4de892890c2b28286ef9", size = 53998, upload-time = "2026-03-11T22:18:47.184Z" },
+    { url = "https://files.pythonhosted.org/packages/bf/8b/e2f09e16dabfa91f6a84555df34a4329fa7621e92ed054d170b9054b9bb2/ujson-5.12.0-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:99cc80facad240b0c2fb5a633044420878aac87a8e7c348b9486450cba93f27c", size = 57783, upload-time = "2026-03-11T22:18:48.271Z" },
+    { url = "https://files.pythonhosted.org/packages/68/fb/ba1d06f3658a0c36d0ab3869ec3914f202bad0a9bde92654e41516c7bb13/ujson-5.12.0-cp314-cp314-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:d1831c07bd4dce53c4b666fa846c7eba4b7c414f2e641a4585b7f50b72f502dc", size = 60011, upload-time = "2026-03-11T22:18:49.284Z" },
+    { url = "https://files.pythonhosted.org/packages/64/2b/3e322bf82d926d9857206cd5820438d78392d1f523dacecb8bd899952f73/ujson-5.12.0-cp314-cp314-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0e00cec383eab2406c9e006bd4edb55d284e94bb943fda558326048178d26961", size = 57465, upload-time = "2026-03-11T22:18:50.584Z" },
+    { url = "https://files.pythonhosted.org/packages/e9/fd/af72d69603f9885e5136509a529a4f6d88bf652b457263ff96aefcd3ab7d/ujson-5.12.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:f19b3af31d02a2e79c5f9a6deaab0fb3c116456aeb9277d11720ad433de6dfc6", size = 1037275, upload-time = "2026-03-11T22:18:51.998Z" },
+    { url = "https://files.pythonhosted.org/packages/9c/a7/a2411ec81aef7872578e56304c3e41b3a544a9809e95c8e1df46923fc40b/ujson-5.12.0-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:bacbd3c69862478cbe1c7ed4325caedec580d8acf31b8ee1b9a1e02a56295cad", size = 1196758, upload-time = "2026-03-11T22:18:53.548Z" },
+    { url = "https://files.pythonhosted.org/packages/ed/85/aa18ae175dd03a118555aa14304d4f466f9db61b924c97c6f84388ecacb1/ujson-5.12.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:94c5f1621cbcab83c03be46441f090b68b9f307b6c7ec44d4e3f6d5997383df4", size = 1089760, upload-time = "2026-03-11T22:18:55.336Z" },
+    { url = "https://files.pythonhosted.org/packages/d3/d4/4b40b67ac7e916ebffc3041ae2320c5c0b8a045300d4c542b6e50930cca5/ujson-5.12.0-cp314-cp314-win32.whl", hash = "sha256:e6369ac293d2cc40d52577e4fa3d75a70c1aae2d01fa3580a34a4e6eff9286b9", size = 41043, upload-time = "2026-03-11T22:18:56.505Z" },
+    { url = "https://files.pythonhosted.org/packages/24/38/a1496d2a3428981f2b3a2ffbb4656c2b05be6cc406301d6b10a6445f6481/ujson-5.12.0-cp314-cp314-win_amd64.whl", hash = "sha256:31348a0ffbfc815ce78daac569d893349d85a0b57e1cd2cdbba50b7f333784da", size = 45303, upload-time = "2026-03-11T22:18:57.454Z" },
+    { url = "https://files.pythonhosted.org/packages/85/d3/39dbd3159543d9c57ec3a82d36226152cf0d710784894ce5aa24b8220ac1/ujson-5.12.0-cp314-cp314-win_arm64.whl", hash = "sha256:6879aed770557f0961b252648d36f6fdaab41079d37a2296b5649fd1b35608e0", size = 39860, upload-time = "2026-03-11T22:18:58.578Z" },
+    { url = "https://files.pythonhosted.org/packages/c3/71/9b4dacb177d3509077e50497222d39eec04c8b41edb1471efc764d645237/ujson-5.12.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:7ddb08b3c2f9213df1f2e3eb2fbea4963d80ec0f8de21f0b59898e34f3b3d96d", size = 56845, upload-time = "2026-03-11T22:18:59.629Z" },
+    { url = "https://files.pythonhosted.org/packages/24/c2/8abffa3be1f3d605c4a62445fab232b3e7681512ce941c6b23014f404d36/ujson-5.12.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:0a3ae28f0b209be5af50b54ca3e2123a3de3a57d87b75f1e5aa3d7961e041983", size = 54463, upload-time = "2026-03-11T22:19:00.697Z" },
+    { url = "https://files.pythonhosted.org/packages/db/2e/60114a35d1d6796eb428f7affcba00a921831ff604a37d9142c3d8bbe5c5/ujson-5.12.0-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d30ad4359413c8821cc7b3707f7ca38aa8bc852ba3b9c5a759ee2d7740157315", size = 58689, upload-time = "2026-03-11T22:19:01.739Z" },
+    { url = "https://files.pythonhosted.org/packages/c8/ad/010925c2116c21ce119f9c2ff18d01f48a19ade3ff4c5795da03ce5829fc/ujson-5.12.0-cp314-cp314t-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:02f93da7a4115e24f886b04fd56df1ee8741c2ce4ea491b7ab3152f744ad8f8e", size = 60618, upload-time = "2026-03-11T22:19:03.101Z" },
+    { url = "https://files.pythonhosted.org/packages/9b/74/db7f638bf20282b1dccf454386cbd483faaaed3cdbb9cb27e06f74bb109e/ujson-5.12.0-cp314-cp314t-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:3ff4ede90ed771140caa7e1890de17431763a483c54b3c1f88bd30f0cc1affc0", size = 58151, upload-time = "2026-03-11T22:19:04.175Z" },
+    { url = "https://files.pythonhosted.org/packages/9c/7e/3ebaecfa70a2e8ce623db8e21bd5cb05d42a5ef943bcbb3309d71b5de68d/ujson-5.12.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bf9cc97f05048ac8f3e02cd58f0fe62b901453c24345bfde287f4305dcc31c", size = 1038117, upload-time = "2026-03-11T22:19:05.558Z" },
+    { url = "https://files.pythonhosted.org/packages/2e/aa/e073eda7f0036c2973b28db7bb99faba17a932e7b52d801f9bb3e726271f/ujson-5.12.0-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:2324d9a0502317ffc35d38e153c1b2fa9610ae03775c9d0f8d0cca7b8572b04e", size = 1197434, upload-time = "2026-03-11T22:19:06.92Z" },
+    { url = "https://files.pythonhosted.org/packages/1c/01/b9a13f058fdd50c746b192c4447ca8d6352e696dcda912ccee10f032ff85/ujson-5.12.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:50524f4f6a1c839714dbaff5386a1afb245d2d5ec8213a01fbc99cea7307811e", size = 1090401, upload-time = "2026-03-11T22:19:08.383Z" },
+    { url = "https://files.pythonhosted.org/packages/c4/37/3d1b4e0076b6e43379600b5229a5993db8a759ff2e1830ea635d876f6644/ujson-5.12.0-cp314-cp314t-win32.whl", hash = "sha256:f7a0430d765f9bda043e6aefaba5944d5f21ec43ff4774417d7e296f61917382", size = 41880, upload-time = "2026-03-11T22:19:09.671Z" },
+    { url = "https://files.pythonhosted.org/packages/b1/c5/3c2a262a138b9f0014fe1134a6b5fdc2c54245030affbaac2fcbc0632138/ujson-5.12.0-cp314-cp314t-win_amd64.whl", hash = "sha256:ccbfd94e59aad4a2566c71912b55f0547ac1680bfac25eb138e6703eb3dd434e", size = 46365, upload-time = "2026-03-11T22:19:10.662Z" },
+    { url = "https://files.pythonhosted.org/packages/83/40/956dc20b7e00dc0ff3259871864f18dab211837fce3478778bedb3132ac1/ujson-5.12.0-cp314-cp314t-win_arm64.whl", hash = "sha256:42d875388fbd091c7ea01edfff260f839ba303038ffb23475ef392012e4d63dd", size = 40398, upload-time = "2026-03-11T22:19:11.666Z" },
 ]
 
 [[package]]

web/README.md

@@ -3,27 +3,6 @@
 This is the default UI for the authentik server. The documentation is going to be a little sparse
 for awhile, but at least let's get started.
 
-# Setup
-
-Install dependencies from the repo root with `make node-install` (or `make install` for the full
-Python + web + docs bootstrap). This wraps `npm ci` and explicitly rebuilds the small set of
-packages whose install scripts are required for the toolchain to function — currently `esbuild`,
-`chromedriver`, `tree-sitter`, and `tree-sitter-json`.
-
-The repo-root `.npmrc` sets `ignore-scripts=true` to neutralize the dominant npm supply-chain
-attack vector. As a side effect, running `npm ci` directly in this directory will install
-dependencies but skip those rebuilds, leaving `esbuild` and `chromedriver` in a non-functional
-state. If you bypass `make`, run the rebuild step yourself:
-
-```bash
-npm rebuild --ignore-scripts=false --foreground-scripts \
-    esbuild chromedriver tree-sitter tree-sitter-json
-```
-
-New dependencies that ship install scripts must be audited and added to `TRUSTED_INSTALL_SCRIPTS`
-in the repo-root `Makefile`. Each entry is arbitrary code that runs at install time, so the list
-is intentionally small.
-
 # The Theory of the authentik UI
 
 In Peter Naur's 1985 essay [Programming as Theory

web/package-lock.json

@@ -51,7 +51,7 @@
                 "@types/codemirror": "^5.60.17",
                 "@types/grecaptcha": "^3.0.9",
                 "@types/guacamole-common-js": "^1.5.5",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.6.2",
                 "@types/react": "^19.2.14",
                 "@types/react-dom": "^19.2.3",
                 "@typescript-eslint/eslint-plugin": "^8.57.2",
@@ -73,7 +73,7 @@
                 "dompurify": "^3.4.2",
                 "esbuild": "^0.28.0",
                 "eslint": "^9.39.3",
-                "eslint-plugin-lit": "^2.3.1",
+                "eslint-plugin-lit": "^2.2.1",
                 "eslint-plugin-wc": "^3.1.0",
                 "fuse.js": "^7.3.0",
                 "globals": "^17.6.0",
@@ -114,7 +114,7 @@
                 "turnstile-types": "^1.2.3",
                 "type-fest": "^5.6.0",
                 "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3",
+                "typescript-eslint": "^8.57.2",
                 "unist-util-visit": "^5.1.0",
                 "vite": "^8.0.12",
                 "vitest": "^4.1.6",
@@ -124,46 +124,17 @@
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.6.2"
             },
             "optionalDependencies": {
                 "@esbuild/darwin-arm64": "^0.28.0",
                 "@esbuild/linux-arm64": "^0.28.0",
                 "@esbuild/linux-x64": "^0.28.0",
-                "@goauthentik/prettier-config-dev": "../packages/prettier-config",
                 "@rollup/rollup-darwin-arm64": "^4.57.1",
                 "@rollup/rollup-linux-arm64-gnu": "^4.57.1",
                 "@rollup/rollup-linux-x64-gnu": "^4.57.1"
             }
         },
-        "../packages/prettier-config": {
-            "name": "@goauthentik/prettier-config",
-            "version": "4.0.0",
-            "license": "MIT",
-            "optional": true,
-            "dependencies": {
-                "format-imports": "^4.0.8"
-            },
-            "devDependencies": {
-                "@eslint/js": "^9.39.3",
-                "@goauthentik/eslint-config": "../eslint-config",
-                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.7.0",
-                "eslint": "^9.39.3",
-                "prettier": "^3.8.3",
-                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.59.3"
-            },
-            "engines": {
-                "node": ">=24",
-                "npm": ">=11.14.1"
-            },
-            "peerDependencies": {
-                "prettier": "^3.8.3",
-                "prettier-plugin-packagejson": "^3.0.2"
-            }
-        },
         "node_modules/@adobe/css-tools": {
             "version": "4.4.4",
             "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.4.4.tgz",
@@ -1626,10 +1597,6 @@
                 "prettier-plugin-packagejson": "^3.0.2"
             }
         },
-        "node_modules/@goauthentik/prettier-config-dev": {
-            "resolved": "../packages/prettier-config",
-            "link": true
-        },
         "node_modules/@goauthentik/tsconfig": {
             "version": "1.0.9",
             "resolved": "https://registry.npmjs.org/@goauthentik/tsconfig/-/tsconfig-1.0.9.tgz",
@@ -5513,12 +5480,12 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "25.7.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
-            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
+            "version": "25.6.2",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.2.tgz",
+            "integrity": "sha512-sokuT28dxf9JT5Kady1fsXOvI4HVpjZa95NKT5y9PNTIrs2AsobR4GFAA90ZG8M+nxVRLysCXsVj6eGC7Vbrlw==",
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.21.0"
+                "undici-types": "~7.19.0"
             }
         },
         "node_modules/@types/ramda": {
@@ -5582,19 +5549,19 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
-            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
+            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/type-utils": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/type-utils": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "ignore": "^7.0.5",
                 "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5604,9 +5571,9 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.59.3",
+                "@typescript-eslint/parser": "^8.57.2",
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -5619,15 +5586,15 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
-            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
+            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -5639,17 +5606,17 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
-            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
+            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.59.3",
-                "@typescript-eslint/types": "^8.59.3",
+                "@typescript-eslint/tsconfig-utils": "^8.57.2",
+                "@typescript-eslint/types": "^8.57.2",
                 "debug": "^4.4.3"
             },
             "engines": {
@@ -5660,17 +5627,17 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
-            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
+            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3"
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5681,9 +5648,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
-            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
+            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5693,20 +5660,20 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
-            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
+            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2",
                 "debug": "^4.4.3",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5717,13 +5684,13 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
-            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
+            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5734,20 +5701,20 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
-            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
+            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.59.3",
-                "@typescript-eslint/tsconfig-utils": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/visitor-keys": "8.59.3",
+                "@typescript-eslint/project-service": "8.57.2",
+                "@typescript-eslint/tsconfig-utils": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/visitor-keys": "8.57.2",
                 "debug": "^4.4.3",
                 "minimatch": "^10.2.2",
                 "semver": "^7.7.3",
                 "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.5.0"
+                "ts-api-utils": "^2.4.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5757,7 +5724,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -5770,9 +5737,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.6",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
+            "version": "5.0.5",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
             "license": "MIT",
             "dependencies": {
                 "balanced-match": "^4.0.2"
@@ -5782,12 +5749,12 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.5",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
-            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
+            "version": "10.2.4",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
             "license": "BlueOak-1.0.0",
             "dependencies": {
-                "brace-expansion": "^5.0.5"
+                "brace-expansion": "^5.0.2"
             },
             "engines": {
                 "node": "18 || 20 || >=22"
@@ -5797,9 +5764,9 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree/node_modules/semver": {
-            "version": "7.8.0",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.0.tgz",
-            "integrity": "sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==",
+            "version": "7.7.4",
+            "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+            "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
             "license": "ISC",
             "bin": {
                 "semver": "bin/semver.js"
@@ -5809,15 +5776,15 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
-            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
+            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.59.3",
-                "@typescript-eslint/types": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3"
+                "@typescript-eslint/scope-manager": "8.57.2",
+                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5828,16 +5795,16 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
-            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
+            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/types": "8.57.2",
                 "eslint-visitor-keys": "^5.0.0"
             },
             "engines": {
@@ -8711,37 +8678,6 @@
             "license": "MIT",
             "peer": true
         },
-        "node_modules/domelementtype": {
-            "version": "3.0.0",
-            "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-3.0.0.tgz",
-            "integrity": "sha512-umCQid3jKbDmVjx8jGaW7uUykm4DEUeyV21hPxNMo2nV955DhUThwqyOIDtreepP31hl84X7G5U9ZfsWvIB3Pg==",
-            "funding": [
-                {
-                    "type": "github",
-                    "url": "https://github.com/sponsors/fb55"
-                }
-            ],
-            "license": "BSD-2-Clause",
-            "engines": {
-                "node": ">=20.19.0"
-            }
-        },
-        "node_modules/domhandler": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-6.0.1.tgz",
-            "integrity": "sha512-gYzvtM72ZtxQO0T048kd6HWSbbGCNOUwcnfQ01cqIJ4X2IYKFFHZ5mKvrQETcFXxsRObZulDaKmy//R7TPtsBg==",
-            "license": "BSD-2-Clause",
-            "dependencies": {
-                "domelementtype": "^3.0.0"
-            },
-            "engines": {
-                "node": ">=20.19.0"
-            },
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/fb55/domhandler?sponsor=1"
-            }
-        },
         "node_modules/dompurify": {
             "version": "3.4.2",
             "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz",
@@ -9259,13 +9195,13 @@
             }
         },
         "node_modules/eslint-plugin-lit": {
-            "version": "2.3.1",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.3.1.tgz",
-            "integrity": "sha512-wAqDOOWQzUoY5uK124ZR+h7Snx0+KdZd3Knv6133gRHEcu03jbqnouK4GBwVl6PkGOkNy40zSchOp9VbBh4yHg==",
+            "version": "2.2.1",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.2.1.tgz",
+            "integrity": "sha512-mnqqwpWF4PBF/YjlGt9mbHwrWCGMtaqdpnqISv3nGcTl8iStaAt9UGieMY3i8vwKfSSWtkEfBZUcRKFGys6yiw==",
             "license": "MIT",
             "dependencies": {
-                "parse5": "^8.0.1",
-                "parse5-htmlparser2-tree-adapter": "^8.0.1"
+                "parse5": "^6.0.1",
+                "parse5-htmlparser2-tree-adapter": "^6.0.1"
             },
             "engines": {
                 "node": ">= 18"
@@ -9274,29 +9210,11 @@
                 "eslint": ">= 8"
             }
         },
-        "node_modules/eslint-plugin-lit/node_modules/entities": {
-            "version": "8.0.0",
-            "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
-            "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
-            "license": "BSD-2-Clause",
-            "engines": {
-                "node": ">=20.19.0"
-            },
-            "funding": {
-                "url": "https://github.com/fb55/entities?sponsor=1"
-            }
-        },
         "node_modules/eslint-plugin-lit/node_modules/parse5": {
-            "version": "8.0.1",
-            "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
-            "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
-            "license": "MIT",
-            "dependencies": {
-                "entities": "^8.0.0"
-            },
-            "funding": {
-                "url": "https://github.com/inikulin/parse5?sponsor=1"
-            }
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
+            "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==",
+            "license": "MIT"
         },
         "node_modules/eslint-plugin-react": {
             "version": "7.37.5",
@@ -14899,41 +14817,19 @@
             }
         },
         "node_modules/parse5-htmlparser2-tree-adapter": {
-            "version": "8.0.1",
-            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-8.0.1.tgz",
-            "integrity": "sha512-aqkH+xQxX+QGZtP5GIMmqqp16Y0v9muEf2VVeypv35kFsD5bqP1UeBanSshdfjMY+RTh2vN4mmK6nEOVRMEvHg==",
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-6.0.1.tgz",
+            "integrity": "sha512-qPuWvbLgvDGilKc5BoicRovlT4MtYT6JfJyBOMDsKoiT+GiuP5qyrPCnR9HcPECIJJmZh5jRndyNThnhhb/vlA==",
             "license": "MIT",
             "dependencies": {
-                "domhandler": "^6.0.1",
-                "parse5": "^8.0.0"
-            },
-            "funding": {
-                "url": "https://github.com/inikulin/parse5?sponsor=1"
-            }
-        },
-        "node_modules/parse5-htmlparser2-tree-adapter/node_modules/entities": {
-            "version": "8.0.0",
-            "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
-            "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
-            "license": "BSD-2-Clause",
-            "engines": {
-                "node": ">=20.19.0"
-            },
-            "funding": {
-                "url": "https://github.com/fb55/entities?sponsor=1"
+                "parse5": "^6.0.1"
             }
         },
         "node_modules/parse5-htmlparser2-tree-adapter/node_modules/parse5": {
-            "version": "8.0.1",
-            "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
-            "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
-            "license": "MIT",
-            "dependencies": {
-                "entities": "^8.0.0"
-            },
-            "funding": {
-                "url": "https://github.com/inikulin/parse5?sponsor=1"
-            }
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
+            "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==",
+            "license": "MIT"
         },
         "node_modules/path-data-parser": {
             "version": "0.1.0",
@@ -18570,15 +18466,15 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.59.3",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
-            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
+            "version": "8.57.2",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
+            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.59.3",
-                "@typescript-eslint/parser": "8.59.3",
-                "@typescript-eslint/typescript-estree": "8.59.3",
-                "@typescript-eslint/utils": "8.59.3"
+                "@typescript-eslint/eslint-plugin": "8.57.2",
+                "@typescript-eslint/parser": "8.57.2",
+                "@typescript-eslint/typescript-estree": "8.57.2",
+                "@typescript-eslint/utils": "8.57.2"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -18589,7 +18485,7 @@
             },
             "peerDependencies": {
                 "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.1.0"
+                "typescript": ">=4.8.4 <6.0.0"
             }
         },
         "node_modules/ufo": {
@@ -18672,9 +18568,9 @@
             }
         },
         "node_modules/undici-types": {
-            "version": "7.21.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
-            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
+            "version": "7.19.2",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz",
+            "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==",
             "license": "MIT"
         },
         "node_modules/unicorn-magic": {
@@ -19799,14 +19695,14 @@
             "license": "MIT",
             "dependencies": {
                 "@goauthentik/tsconfig": "^1.0.9",
-                "@types/node": "^25.7.0",
+                "@types/node": "^25.6.2",
                 "@types/semver": "^7.7.1",
                 "semver": "^7.7.4",
                 "typescript": "^6.0.3"
             },
             "engines": {
                 "node": ">=24",
-                "npm": ">=11.14.1"
+                "npm": ">=11.6.2"
             }
         },
         "packages/core/node_modules/semver": {

web/package.json

@@ -13,6 +13,7 @@
         "format": "wireit",
         "lint": "eslint --fix .",
         "lint:imports": "knip --config scripts/knip.config.ts",
+        "lint:lockfile": "wireit",
         "lint:types": "wireit",
         "lint-check": "eslint --max-warnings 0 .",
         "lit-analyse": "wireit",
@@ -126,7 +127,7 @@
         "@types/codemirror": "^5.60.17",
         "@types/grecaptcha": "^3.0.9",
         "@types/guacamole-common-js": "^1.5.5",
-        "@types/node": "^25.7.0",
+        "@types/node": "^25.6.2",
         "@types/react": "^19.2.14",
         "@types/react-dom": "^19.2.3",
         "@typescript-eslint/eslint-plugin": "^8.57.2",
@@ -148,7 +149,7 @@
         "dompurify": "^3.4.2",
         "esbuild": "^0.28.0",
         "eslint": "^9.39.3",
-        "eslint-plugin-lit": "^2.3.1",
+        "eslint-plugin-lit": "^2.2.1",
         "eslint-plugin-wc": "^3.1.0",
         "fuse.js": "^7.3.0",
         "globals": "^17.6.0",
@@ -189,7 +190,7 @@
         "turnstile-types": "^1.2.3",
         "type-fest": "^5.6.0",
         "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.3",
+        "typescript-eslint": "^8.57.2",
         "unist-util-visit": "^5.1.0",
         "vite": "^8.0.12",
         "vitest": "^4.1.6",
@@ -201,7 +202,6 @@
         "@esbuild/darwin-arm64": "^0.28.0",
         "@esbuild/linux-arm64": "^0.28.0",
         "@esbuild/linux-x64": "^0.28.0",
-        "@goauthentik/prettier-config-dev": "../packages/prettier-config",
         "@rollup/rollup-darwin-arm64": "^4.57.1",
         "@rollup/rollup-linux-arm64-gnu": "^4.57.1",
         "@rollup/rollup-linux-x64-gnu": "^4.57.1"
@@ -266,6 +266,11 @@
                 "build-locales"
             ]
         },
+        "lint:lockfile": {
+            "__comment": "The lockfile-lint package does not have an option to ensure resolved hashes are set everywhere",
+            "shell": true,
+            "command": "sh ./scripts/lint-lockfile.sh package-lock.json"
+        },
         "lit-analyse": {
             "command": "lit-analyzer src"
         },
@@ -274,7 +279,8 @@
             "dependencies": [
                 "lint",
                 "lint:types",
-                "lint:components"
+                "lint:components",
+                "lint:lockfile"
             ]
         },
         "storybook:build": {
@@ -292,7 +298,7 @@
     },
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.6.2"
     },
     "devEngines": {
         "runtime": {
@@ -302,12 +308,11 @@
         },
         "packageManager": {
             "name": "npm",
-            "version": ">=11.14.1",
+            "version": "11.10.1",
             "onFail": "warn"
         }
     },
-    "packageManager": "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367",
-    "prettier": "./prettier.config.mjs",
+    "prettier": "@goauthentik/prettier-config",
     "overrides": {
         "@goauthentik/esbuild-plugin-live-reload": {
             "esbuild": "$esbuild",
@@ -346,7 +351,6 @@
         "rapidoc": {
             "@apitools/openapi-parser": "0.0.37"
         },
-        "tree-sitter": false,
         "typescript-eslint": {
             "typescript": "$typescript"
         },

web/packages/core/package.json

@@ -45,13 +45,13 @@
     },
     "dependencies": {
         "@goauthentik/tsconfig": "^1.0.9",
-        "@types/node": "^25.7.0",
+        "@types/node": "^25.6.2",
         "@types/semver": "^7.7.1",
         "semver": "^7.7.4",
         "typescript": "^6.0.3"
     },
     "engines": {
         "node": ">=24",
-        "npm": ">=11.14.1"
+        "npm": ">=11.6.2"
     }
 }

web/prettier.config.mjs

@@ -1,15 +0,0 @@
-/**
- * @file Prettier config resolver.
- *
- * This file attempts to import the monorepo's local Prettier config package,
- * falling back to the published version if the local one cannot be found.
- */
-
-const config = await import("@goauthentik/prettier-config-dev")
-    .catch(() => {
-        console.debug("Fallback to published @goauthentik/prettier-config");
-        return import("@goauthentik/prettier-config");
-    })
-    .then((module) => module.default);
-
-export default config;

web/scripts/lint-lockfile.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+if ! command -v jq  >/dev/null 2>&1 ; then
+    echo "This check requires the jq program be installed."
+    echo "To install jq, visit"
+    echo "    https://jqlang.github.io/jq/"
+    exit 1
+fi
+
+CMD=$(jq -r '.packages | to_entries[] | select((.key | contains("node_modules")) and (.value | has("resolved") | not)) | .key' < "$1")
+
+if [ -n "$CMD" ]; then
+    echo "ERROR package-lock.json entries missing 'resolved' field:"
+    echo ""
+    # Shellcheck erroneously believes that shell string substitution can be used here, but that
+    # feature lacks a "start of line" discriminator.
+    # shellcheck disable=SC2001
+    echo "$CMD" | sed 's/^/    /g'
+    echo ""
+    exit 1
+fi    

web/src/admin/Routes.ts

@@ -87,6 +87,10 @@ export const ROUTES: Route[] = [
         await import("#admin/policies/reputation/ReputationListPage");
         return html`<ak-policy-reputation-list></ak-policy-reputation-list>`;
     }),
+    new Route(new RegExp("^/identity/object-attributes$"), async () => {
+        await import("#admin/object-attributes/ObjectAttributeListPage");
+        return html`<ak-object-attribute-list></ak-object-attribute-list>`;
+    }),
     new Route(new RegExp("^/identity/groups$"), async () => {
         await import("#admin/groups/GroupListPage");
         return html`<ak-group-list></ak-group-list>`;

web/src/admin/applications/ApplicationForm.ts

@@ -129,7 +129,7 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
                 label=${msg("Application Name")}
                 spellcheck="false"
                 required
-                help=${msg("The name displayed in the application dashboard.")}
+                help=${msg("The name displayed in the application library.")}
             ></ak-text-input>
             <ak-slug-input
                 name="slug"
@@ -197,16 +197,16 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
                         ?checked=${this.instance?.openInNewTab ?? false}
                         label=${msg("Open in new tab")}
                         help=${msg(
-                            "If checked, the launch URL will open in a new browser tab or window from the user's application dashboard.",
+                            "If checked, the launch URL will open in a new browser tab or window from the user's application library.",
                         )}
                     >
                     </ak-switch-input>
                     <ak-switch-input
                         name="metaHide"
                         ?checked=${this.instance?.metaHide ?? false}
-                        label=${msg("Hide from Application Dashboard")}
+                        label=${msg("Hide from My applications")}
                         help=${msg(
-                            "If checked, this application will not be shown on the user's application dashboard.",
+                            "If checked, this application will not be shown on the user's My applications page.",
                         )}
                     >
                     </ak-switch-input>
@@ -225,7 +225,7 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
                         name="metaPublisher"
                         value="${ifDefined(this.instance?.metaPublisher)}"
                         placeholder=${msg("Type an optional publisher name...")}
-                        help=${msg("The publisher is shown in the application dashboard.")}
+                        help=${msg("The publisher is shown in the application library.")}
                     ></ak-text-input>
                     <ak-textarea-input
                         label=${msg("Description")}
@@ -233,7 +233,7 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
                         placeholder=${msg("Type an optional description...")}
                         value=${ifDefined(this.instance?.metaDescription)}
                         help=${msg(
-                            "The description is shown in the application dashboard and may provide additional information about the application to end users.",
+                            "The description is shown in the application library and may provide additional information about the application to end users.",
                         )}
                     ></ak-textarea-input>
                 </div>

web/src/admin/applications/entitlements/ApplicationEntitlementForm.ts

@@ -1,15 +1,12 @@
-import "#elements/CodeMirror";
 import "#elements/forms/HorizontalFormElement";
 import "#elements/forms/Radio";
 import "#elements/forms/SearchSelect/index";
 
 import { DEFAULT_CONFIG } from "#common/api/config";
 
-import { ModelForm } from "#elements/forms/ModelForm";
+import { ObjectAttributeModelForm } from "#admin/object-attributes/renderAttributes";
 
-import { ApplicationEntitlement, CoreApi } from "@goauthentik/api";
-
-import YAML from "yaml";
+import { ApplicationEntitlement, CoreApi, ModelEnum } from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { CSSResult, html, TemplateResult } from "lit";
@@ -18,7 +15,12 @@ import { customElement, property } from "lit/decorators.js";
 import PFContent from "@patternfly/patternfly/components/Content/content.css";
 
 @customElement("ak-application-entitlement-form")
-export class ApplicationEntitlementForm extends ModelForm<ApplicationEntitlement, string> {
+export class ApplicationEntitlementForm extends ObjectAttributeModelForm<
+    ApplicationEntitlement,
+    string
+> {
+    public model = ModelEnum.AuthentikCoreApplicationentitlement;
+
     async loadInstance(pk: string): Promise<ApplicationEntitlement> {
         return new CoreApi(DEFAULT_CONFIG).coreApplicationEntitlementsRetrieve({
             pbmUuid: pk,
@@ -61,16 +63,7 @@ export class ApplicationEntitlementForm extends ModelForm<ApplicationEntitlement
                     required
                 />
             </ak-form-element-horizontal>
-            <ak-form-element-horizontal label=${msg("Attributes")} name="attributes">
-                <ak-codemirror
-                    mode="yaml"
-                    value="${YAML.stringify(this.instance?.attributes ?? {})}"
-                >
-                </ak-codemirror>
-                <p class="pf-c-form__helper-text">
-                    ${msg("Set custom attributes using YAML or JSON.")}
-                </p>
-            </ak-form-element-horizontal>`;
+            ${this.renderObjectAttributes(this.objAttributes, this.instance)}`;
     }
 }
 

web/src/admin/applications/wizard/steps/ak-application-wizard-application-step.ts

@@ -131,7 +131,7 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
                     spellcheck="false"
                     required
                     .errorMessages=${errors.name ?? this.errorMessages("name")}
-                    help=${msg("The name displayed in the Application Dashboard.")}
+                    help=${msg("The name displayed in the application library.")}
                 ></ak-text-input>
                 <ak-slug-input
                     name="slug"
@@ -183,16 +183,16 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
                             ?checked=${app.openInNewTab ?? false}
                             label=${msg("Open in new tab")}
                             help=${msg(
-                                "If checked, the launch URL will open in a new browser tab or window from the user's Application Dashboard.",
+                                "If checked, the launch URL will open in a new browser tab or window from the user's application library.",
                             )}
                         >
                         </ak-switch-input>
                         <ak-switch-input
                             name="metaHide"
                             ?checked=${app.metaHide ?? false}
-                            label=${msg("Hide from Application Dashboard")}
+                            label=${msg("Hide from My applications")}
                             help=${msg(
-                                "If checked, this application will not be shown on the user's application dashboard.",
+                                "If checked, this application will not be shown on the user's My applications page.",
                             )}
                         >
                         </ak-switch-input>
@@ -211,7 +211,7 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
                             name="metaPublisher"
                             value="${ifDefined(app.metaPublisher)}"
                             .errorMessages=${errors.metaPublisher}
-                            help=${msg("The publisher is shown in the application dashboard.")}
+                            help=${msg("The publisher is shown in the application library.")}
                         ></ak-text-input>
                         <ak-textarea-input
                             label=${msg("Description")}
@@ -219,7 +219,7 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
                             value=${ifDefined(app.metaDescription)}
                             .errorMessages=${errors.metaDescription}
                             help=${msg(
-                                "The description is shown in the application dashboard and may provide additional information about the application to end users.",
+                                "The description is shown in the application library and may provide additional information about the application to end users.",
                             )}
                         ></ak-textarea-input>
                     </div>

web/src/admin/endpoints/DeviceAccessGroupForm.ts

@@ -4,10 +4,16 @@ import "#elements/forms/HorizontalFormElement";
 import { DEFAULT_CONFIG } from "#common/api/config";
 import { PFSize } from "#common/enums";
 
-import { ModelForm } from "#elements/forms/ModelForm";
 import { WithBrandConfig } from "#elements/mixins/branding";
 
-import { DeviceAccessGroup, DeviceAccessGroupRequest, EndpointsApi } from "@goauthentik/api";
+import { ObjectAttributeModelForm } from "#admin/object-attributes/renderAttributes";
+
+import {
+    DeviceAccessGroup,
+    DeviceAccessGroupRequest,
+    EndpointsApi,
+    ModelEnum,
+} from "@goauthentik/api";
 
 import { msg } from "@lit/localize";
 import { html } from "lit";
@@ -20,7 +26,11 @@ import { ifDefined } from "lit/directives/if-defined.js";
  * @prop {string} instancePk - The primary key of the instance to load.
  */
 @customElement("ak-endpoints-device-access-groups-form")
-export class DeviceAccessGroupForm extends WithBrandConfig(ModelForm<DeviceAccessGroup, string>) {
+export class DeviceAccessGroupForm extends WithBrandConfig(
+    ObjectAttributeModelForm<DeviceAccessGroup, string>,
+) {
+    public model = ModelEnum.AuthentikEndpointsDeviceaccessgroup;
+
     public static override verboseName = msg("Device Access Group");
     public static override verboseNamePlural = msg("Device Access Groups");
 
@@ -53,13 +63,14 @@ export class DeviceAccessGroupForm extends WithBrandConfig(ModelForm<DeviceAcces
 
     protected override renderForm() {
         return html`<ak-text-input
-            name="name"
-            autocomplete="off"
-            placeholder=${msg("Type a group name...")}
-            label=${msg("Group Name")}
-            value=${ifDefined(this.instance?.name)}
-            required
-        ></ak-text-input>`;
+                name="name"
+                autocomplete="off"
+                placeholder=${msg("Type a group name...")}
+                label=${msg("Group Name")}
+                value=${ifDefined(this.instance?.name)}
+                required
+            ></ak-text-input>
+            ${this.renderObjectAttributes(this.objAttributes, this.instance)}`;
     }
 }