Had one to-do left in my AOR.

* main:
  web: revise ak-page-navbar to use standard event handlers (#16898)

.github/actions/docker-push-variables/push_vars.py

@@ -2,16 +2,28 @@
 
 import os
 from json import dumps
+from sys import exit as sysexit
 from time import time
 
 from authentik import authentik_version
 
+
+def must_or_fail(input: str | None, error: str) -> str:
+    if not input:
+        print(f"::error::{error}")
+        sysexit(1)
+    return input
+
+
 # Decide if we should push the image or not
 should_push = True
 if len(os.environ.get("DOCKER_USERNAME", "")) < 1:
     # Don't push if we don't have DOCKER_USERNAME, i.e. no secrets are available
     should_push = False
-if os.environ.get("GITHUB_REPOSITORY").lower() == "goauthentik/authentik-internal":
+if (
+    must_or_fail(os.environ.get("GITHUB_REPOSITORY"), "Repo required").lower()
+    == "goauthentik/authentik-internal"
+):
     # Don't push on the internal repo
     should_push = False
 
@@ -20,13 +32,16 @@ if os.environ.get("GITHUB_HEAD_REF", "") != "":
     branch_name = os.environ["GITHUB_HEAD_REF"]
 safe_branch_name = branch_name.replace("refs/heads/", "").replace("/", "-").replace("'", "-")
 
-image_names = os.getenv("IMAGE_NAME").split(",")
+image_names = must_or_fail(os.getenv("IMAGE_NAME"), "Image name required").split(",")
 image_arch = os.getenv("IMAGE_ARCH") or None
 
 is_pull_request = bool(os.getenv("PR_HEAD_SHA"))
 is_release = "dev" not in image_names[0]
 
-sha = os.environ["GITHUB_SHA"] if not is_pull_request else os.getenv("PR_HEAD_SHA")
+sha = must_or_fail(
+    os.environ["GITHUB_SHA"] if not is_pull_request else os.getenv("PR_HEAD_SHA"),
+    "could not determine SHA",
+)
 
 # 2042.1.0 or 2042.1.0-rc1
 version = authentik_version()
@@ -58,7 +73,7 @@ else:
 image_main_tag = image_tags[0].split(":")[-1]
 
 
-def get_attest_image_names(image_with_tags: list[str]):
+def get_attest_image_names(image_with_tags: list[str]) -> str:
     """Attestation only for GHCR"""
     image_tags = []
     for image_name in set(name.split(":")[0] for name in image_with_tags):
@@ -82,7 +97,6 @@ if os.getenv("RELEASE", "false").lower() == "true":
     image_build_args = [f"VERSION={os.getenv('REF')}"]
 else:
     image_build_args = [f"GIT_BUILD_HASH={sha}"]
-image_build_args = "\n".join(image_build_args)
 
 with open(os.environ["GITHUB_OUTPUT"], "a+", encoding="utf-8") as _output:
     print(f"shouldPush={str(should_push).lower()}", file=_output)
@@ -95,4 +109,4 @@ with open(os.environ["GITHUB_OUTPUT"], "a+", encoding="utf-8") as _output:
     print(f"imageMainTag={image_main_tag}", file=_output)
     print(f"imageMainName={image_tags[0]}", file=_output)
     print(f"cacheTo={cache_to}", file=_output)
-    print(f"imageBuildArgs={image_build_args}", file=_output)
+    print(f"imageBuildArgs={"\n".join(image_build_args)}", file=_output)

.github/workflows/api-ts-publish.yml

@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v5
         with:
           token: ${{ steps.generate_token.outputs.token }}
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: web/package.json
           registry-url: "https://registry.npmjs.org"

.github/workflows/ci-api-docs.yml

@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: website/package.json
           cache: "npm"
@@ -71,7 +71,7 @@ jobs:
         with:
           name: api-docs
           path: website/api/build
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: website/package.json
           cache: "npm"

.github/workflows/ci-aws-cfn.yml

@@ -24,7 +24,7 @@ jobs:
       - uses: actions/checkout@v5
       - name: Setup authentik env
         uses: ./.github/actions/setup
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: lifecycle/aws/package.json
           cache: "npm"

.github/workflows/ci-docs.yml

@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: website/package.json
           cache: "npm"
@@ -49,7 +49,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: website/package.json
           cache: "npm"

.github/workflows/ci-main.yml

@@ -34,6 +34,7 @@ jobs:
           - codespell
           - pending-migrations
           - ruff
+          - mypy
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5

.github/workflows/ci-outpost.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
       - name: Prepare and generate API
@@ -38,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
       - name: Setup authentik env
@@ -141,10 +141,10 @@ jobs:
       - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: web/package.json
           cache: "npm"

.github/workflows/ci-web.yml

@@ -32,7 +32,7 @@ jobs:
             project: web
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: ${{ matrix.project }}/package.json
           cache: "npm"
@@ -49,7 +49,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: web/package.json
           cache: "npm"
@@ -77,7 +77,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: web/package.json
           cache: "npm"

.github/workflows/packages-npm-publish.yml

@@ -29,13 +29,13 @@ jobs:
       - uses: actions/checkout@v5
         with:
           fetch-depth: 2
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: ${{ matrix.package }}/package.json
           registry-url: "https://registry.npmjs.org"
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c
+        uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
         with:
           files: |
             ${{ matrix.package }}/package.json

.github/workflows/release-publish.yml

@@ -84,7 +84,7 @@ jobs:
           - rac
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
       - name: Set up QEMU
@@ -147,10 +147,10 @@ jobs:
         goarch: [amd64, arm64]
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6
         with:
           go-version-file: "go.mod"
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version-file: web/package.json
           cache: "npm"
@@ -187,7 +187,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: aws-actions/configure-aws-credentials@v4
+      - uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: "arn:aws:iam::016170277896:role/github_goauthentik_authentik"
           aws-region: ${{ env.AWS_REGION }}

.github/workflows/repo-stale.yml

@@ -20,7 +20,7 @@ jobs:
         with:
           app_id: ${{ secrets.GH_APP_ID }}
           private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           repo-token: ${{ steps.generate_token.outputs.token }}
           days-before-stale: 60

.vscode/settings.json

@@ -1,4 +1,16 @@
 {
+    "[css]": {
+        "editor.minimap.markSectionHeaderRegex": "#\\bregion\\s*(?<separator>-?)\\s*(?<label>.*)\\*/$"
+    },
+    "[makefile]": {
+        "editor.minimap.markSectionHeaderRegex": "^#{25}\n##\\s\\s*(?<separator>-?)\\s*(?<label>[^\n]*)\n#{25}$"
+    },
+    "[dockerfile]": {
+        "editor.minimap.markSectionHeaderRegex": "\\bStage\\s*\\d:(?<separator>-?)\\s*(?<label>.*)$"
+    },
+    "[jsonc]": {
+        "editor.minimap.markSectionHeaderRegex": "#\\bregion\\s*(?<separator>-?)\\s*(?<label>.*)$"
+    },
     "todo-tree.tree.showCountsInTree": true,
     "todo-tree.tree.showBadges": true,
     "yaml.customTags": [

Dockerfile

@@ -76,9 +76,9 @@ RUN --mount=type=secret,id=GEOIPUPDATE_ACCOUNT_ID \
     /bin/sh -c "GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/GEOIPUPDATE_LICENSE_KEY /usr/bin/entry.sh || echo 'Failed to get GeoIP database, disabling'; exit 0"
 
 # Stage 4: Download uv
-FROM ghcr.io/astral-sh/uv:0.8.14 AS uv
+FROM ghcr.io/astral-sh/uv:0.8.19 AS uv
 # Stage 5: Base python image
-FROM ghcr.io/goauthentik/fips-python:3.13.7-slim-bookworm-fips AS python-base
+FROM ghcr.io/goauthentik/fips-python:3.13.7-slim-trixie-fips AS python-base
 
 ENV VENV_PATH="/ak-root/.venv" \
     PATH="/lifecycle:/ak-root/.venv/bin:$PATH" \

Makefile

@@ -238,34 +238,30 @@ node-install:  ## Install the necessary libraries to build Node.js packages
 #########################
 
 web-build: node-install  ## Build the Authentik UI
-	cd web && npm run build
+	npm run --prefix web build
 
 web: web-lint-fix web-lint web-check-compile  ## Automatically fix formatting issues in the Authentik UI source code, lint the code, and compile it
 
 web-test: ## Run tests for the Authentik UI
-	cd web && npm run test
+	npm run --prefix web test
 
 web-watch:  ## Build and watch the Authentik UI for changes, updating automatically
-	rm -rf web/dist/
-	mkdir web/dist/
-	touch web/dist/.gitkeep
-	cd web && npm run watch
-
+	npm run --prefix web watch
 web-storybook-watch:  ## Build and run the storybook documentation server
-	cd web && npm run storybook
+	npm run --prefix web storybook
 
 web-lint-fix:
-	cd web && npm run prettier
+	npm run --prefix web prettier
 
 web-lint:
-	cd web && npm run lint
-	cd web && npm run lit-analyse
+	npm run --prefix web lint
+	npm run --prefix web lit-analyse
 
 web-check-compile:
-	cd web && npm run tsc
+	npm run --prefix web tsc
 
 web-i18n-extract:
-	cd web && npm run extract-locales
+	npm run --prefix web extract-locales
 
 #########################
 ## Docs
@@ -277,31 +273,31 @@ docs-install:
 	npm ci --prefix website
 
 docs-lint-fix: lint-codespell
-	npm run prettier --prefix website
+	npm run --prefix website prettier
 
 docs-build:
-	npm run build --prefix website
+	npm run --prefix website build
 
 docs-watch:  ## Build and watch the topics documentation
-	npm run start --prefix website
+	npm run --prefix website start
 
 integrations: docs-lint-fix integrations-build ## Fix formatting issues in the integrations source code, lint the code, and compile it
 
 integrations-build:
-	npm run build --prefix website -w integrations
+	npm run --prefix website -w integrations build
 
 integrations-watch:  ## Build and watch the Integrations documentation
-	npm run start --prefix website -w integrations
+	npm run --prefix website -w integrations start
 
 docs-api-build:
-	npm run build --prefix website -w api
+	npm run --prefix website -w api build
 
 docs-api-watch:  ## Build and watch the API documentation
-	npm run build:api --prefix website -w api
-	npm run start --prefix website -w api
+	npm run --prefix website -w api build:api
+	npm run --prefix website -w api start
 
 docs-api-clean: ## Clean generated API documentation
-	npm run build:api:clean --prefix website -w api
+	npm run --prefix website -w api build:api:clean
 
 #########################
 ## Docker
@@ -324,6 +320,9 @@ ci--meta-debug:
 	python -V
 	node --version
 
+ci-mypy: ci--meta-debug
+	uv run mypy --strict $(PY_SOURCES)
+
 ci-black: ci--meta-debug
 	uv run black --check $(PY_SOURCES)
 

README.md

@@ -9,7 +9,6 @@
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/goauthentik/authentik/ci-outpost.yml?branch=main&label=outpost%20build&style=for-the-badge)](https://github.com/goauthentik/authentik/actions/workflows/ci-outpost.yml)
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/goauthentik/authentik/ci-web.yml?branch=main&label=web%20build&style=for-the-badge)](https://github.com/goauthentik/authentik/actions/workflows/ci-web.yml)
 [![Code Coverage](https://img.shields.io/codecov/c/gh/goauthentik/authentik?style=for-the-badge)](https://codecov.io/gh/goauthentik/authentik)
-![Docker pulls](https://img.shields.io/docker/pulls/authentik/server.svg?style=for-the-badge)
 ![Latest version](https://img.shields.io/docker/v/authentik/server?sort=semver&style=for-the-badge)
 [![](https://img.shields.io/badge/Help%20translate-transifex-blue?style=for-the-badge)](https://www.transifex.com/authentik/authentik/)
 

authentik/api/schema.py

@@ -104,6 +104,68 @@ def postprocess_schema_responses(result, generator: SchemaGenerator, **kwargs):
     return result
 
 
+def postprocess_schema_pagination(result, generator: SchemaGenerator, **kwargs):
+    to_replace = {
+        "ordering": create_component(
+            generator,
+            "QueryPaginationOrdering",
+            {
+                "name": "ordering",
+                "required": False,
+                "in": "query",
+                "description": "Which field to use when ordering the results.",
+                "schema": {"type": "string"},
+            },
+            ResolvedComponent.PARAMETER,
+        ),
+        "page": create_component(
+            generator,
+            "QueryPaginationPage",
+            {
+                "name": "page",
+                "required": False,
+                "in": "query",
+                "description": "A page number within the paginated result set.",
+                "schema": {"type": "integer"},
+            },
+            ResolvedComponent.PARAMETER,
+        ),
+        "page_size": create_component(
+            generator,
+            "QueryPaginationPageSize",
+            {
+                "name": "page_size",
+                "required": False,
+                "in": "query",
+                "description": "Number of results to return per page.",
+                "schema": {"type": "integer"},
+            },
+            ResolvedComponent.PARAMETER,
+        ),
+        "search": create_component(
+            generator,
+            "QuerySearch",
+            {
+                "name": "search",
+                "required": False,
+                "in": "query",
+                "description": "A search term.",
+                "schema": {"type": "string"},
+            },
+            ResolvedComponent.PARAMETER,
+        ),
+    }
+    for path in result["paths"].values():
+        for method in path.values():
+            # print(method["parameters"])
+            for idx, param in enumerate(method.get("parameters", [])):
+                for replace_name, replace_ref in to_replace.items():
+                    if param["name"] == replace_name:
+                        method["parameters"][idx] = replace_ref.ref
+            # print(method["parameters"])
+    return result
+
+
 def preprocess_schema_exclude_non_api(endpoints, **kwargs):
     """Filter out all API Views which are not mounted under /api"""
     return [

authentik/blueprints/v1/importer.py

@@ -76,6 +76,7 @@ from authentik.providers.scim.models import SCIMProviderGroup, SCIMProviderUser
 from authentik.rbac.models import Role
 from authentik.sources.scim.models import SCIMSourceGroup, SCIMSourceUser
 from authentik.stages.authenticator_webauthn.models import WebAuthnDeviceType
+from authentik.stages.consent.models import UserConsent
 from authentik.tasks.models import Task
 from authentik.tenants.models import Tenant
 
@@ -135,6 +136,7 @@ def excluded_models() -> list[type[Model]]:
         EndpointDeviceConnection,
         DeviceToken,
         StreamEvent,
+        UserConsent,
     )
 
 

authentik/blueprints/v1/tasks.py

@@ -38,6 +38,7 @@ from authentik.blueprints.v1.oci import OCI_PREFIX
 from authentik.events.logs import capture_logs
 from authentik.events.utils import sanitize_dict
 from authentik.lib.config import CONFIG
+from authentik.tasks.apps import PRIORITY_HIGH
 from authentik.tasks.models import Task
 from authentik.tasks.schedules.models import Schedule
 from authentik.tenants.models import Tenant
@@ -111,6 +112,7 @@ class BlueprintEventHandler(FileSystemEventHandler):
 @actor(
     description=_("Find blueprints as `blueprints_find` does, but return a safe dict."),
     throws=(DatabaseError, ProgrammingError, InternalError),
+    priority=PRIORITY_HIGH,
 )
 def blueprints_find_dict():
     blueprints = []

authentik/core/api/groups.py

@@ -295,7 +295,7 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
     @extend_schema(
         request=UserAccountSerializer,
         responses={
-            204: OpenApiResponse(description="User added"),
+            204: OpenApiResponse(description="User removed"),
             404: OpenApiResponse(description="User not found"),
         },
     )
@@ -307,7 +307,7 @@ class GroupViewSet(UsedByMixin, ModelViewSet):
         permission_classes=[],
     )
     def remove_user(self, request: Request, pk: str) -> Response:
-        """Add user to group"""
+        """Remove user from group"""
         group: Group = self.get_object()
         user: User = (
             get_objects_for_user(request.user, "authentik_core.view_user")

authentik/core/api/users.py

@@ -681,8 +681,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
             },
         ),
         responses={
-            "204": OpenApiResponse(description="Successfully started impersonation"),
-            "401": OpenApiResponse(description="Access denied"),
+            204: OpenApiResponse(description="Successfully started impersonation"),
         },
     )
     @action(detail=True, methods=["POST"], permission_classes=[])
@@ -701,7 +700,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
                 "User attempted to impersonate without permissions",
                 user=request.user,
             )
-            return Response(status=401)
+            return Response(status=403)
         if user_to_be.pk == self.request.user.pk:
             LOGGER.debug("User attempted to impersonate themselves", user=request.user)
             return Response(status=401)
@@ -710,19 +709,19 @@ class UserViewSet(UsedByMixin, ModelViewSet):
                 "User attempted to impersonate without providing a reason",
                 user=request.user,
             )
-            return Response(status=401)
+            raise ValidationError({"reason": _("This field is required.")})
 
         request.session[SESSION_KEY_IMPERSONATE_ORIGINAL_USER] = request.user
         request.session[SESSION_KEY_IMPERSONATE_USER] = user_to_be
 
         Event.new(EventAction.IMPERSONATION_STARTED, reason=reason).from_http(request, user_to_be)
 
-        return Response(status=201)
+        return Response(status=204)
 
     @extend_schema(
         request=OpenApiTypes.NONE,
         responses={
-            "204": OpenApiResponse(description="Successfully started impersonation"),
+            "204": OpenApiResponse(description="Successfully ended impersonation"),
         },
     )
     @action(detail=False, methods=["GET"])

authentik/core/management/commands/dev_server.py

@@ -1,6 +1,6 @@
 """custom runserver command"""
 
-from typing import TextIO
+from io import StringIO
 
 from daphne.management.commands.runserver import Command as RunServer
 from daphne.server import Server
@@ -33,4 +33,4 @@ class Command(RunServer):
         super().__init__(*args, **kwargs)
         # Redirect standard stdout banner from Daphne into the void
         # as there are a couple more steps that happen before startup is fully done
-        self.stdout = TextIO()
+        self.stdout = StringIO()

authentik/core/models.py

@@ -114,15 +114,21 @@ class AttributesMixin(models.Model):
 
     def update_attributes(self, properties: dict[str, Any]):
         """Update fields and attributes, but correctly by merging dicts"""
+        needs_update = False
         for key, value in properties.items():
             if key == "attributes":
                 continue
-            setattr(self, key, value)
+            if getattr(self, key, None) != value:
+                setattr(self, key, value)
+                needs_update = True
         final_attributes = {}
         MERGE_LIST_UNIQUE.merge(final_attributes, self.attributes)
         MERGE_LIST_UNIQUE.merge(final_attributes, properties.get("attributes", {}))
-        self.attributes = final_attributes
-        self.save()
+        if self.attributes != final_attributes:
+            self.attributes = final_attributes
+            needs_update = True
+        if needs_update:
+            self.save()
 
     @classmethod
     def update_or_create_attributes(

authentik/core/signals.py

@@ -2,10 +2,9 @@
 
 from django.contrib.auth.signals import user_logged_in
 from django.core.cache import cache
-from django.core.signals import Signal
 from django.db.models import Model
 from django.db.models.signals import post_delete, post_save, pre_save
-from django.dispatch import receiver
+from django.dispatch import Signal, receiver
 from django.http.request import HttpRequest
 from structlog.stdlib import get_logger
 

authentik/core/tests/test_impersonation.py

@@ -59,7 +59,7 @@ class TestImpersonation(APITestCase):
             ),
             data={"reason": "some reason"},
         )
-        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response.status_code, 204)
 
         response = self.client.get(reverse("authentik_api:user-me"))
         response_body = loads(response.content.decode())
@@ -80,7 +80,7 @@ class TestImpersonation(APITestCase):
             ),
             data={"reason": "some reason"},
         )
-        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response.status_code, 204)
 
         response = self.client.get(reverse("authentik_api:user-me"))
         response_body = loads(response.content.decode())
@@ -137,10 +137,10 @@ class TestImpersonation(APITestCase):
         self.client.force_login(self.user)
 
         response = self.client.post(
-            reverse("authentik_api:user-impersonate", kwargs={"pk": self.user.pk}),
+            reverse("authentik_api:user-impersonate", kwargs={"pk": self.other_user.pk}),
             data={"reason": ""},
         )
-        self.assertEqual(response.status_code, 401)
+        self.assertEqual(response.status_code, 400)
 
         response = self.client.get(reverse("authentik_api:user-me"))
         response_body = loads(response.content.decode())

authentik/enterprise/search/settings.py

@@ -1,6 +1,7 @@
 SPECTACULAR_SETTINGS = {
     "POSTPROCESSING_HOOKS": [
         "authentik.api.schema.postprocess_schema_responses",
+        "authentik.api.schema.postprocess_schema_pagination",
         "authentik.enterprise.search.schema.postprocess_schema_search_autocomplete",
         "drf_spectacular.hooks.postprocess_schema_enums",
     ],

authentik/enterprise/stages/authenticator_endpoint_gdtc/migrations/0002_alter_authenticatorendpointgdtcstage_friendly_name.py

@@ -0,0 +1,19 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_stages_authenticator_endpoint_gdtc", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatorendpointgdtcstage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/events/context_processors/asn.py

@@ -19,7 +19,7 @@ if TYPE_CHECKING:
 class ASNDict(TypedDict):
     """ASN Details"""
 
-    asn: int
+    asn: int | None
     as_org: str | None
     network: str | None
 
@@ -60,7 +60,7 @@ class ASNContextProcessor(MMDBContextProcessor):
             except (GeoIP2Error, ValueError):
                 return None
 
-    def asn_to_dict(self, asn: ASN | None) -> ASNDict:
+    def asn_to_dict(self, asn: ASN | None) -> ASNDict | dict:
         """Convert ASN to dict"""
         if not asn:
             return {}

authentik/events/context_processors/geoip.py

@@ -19,10 +19,10 @@ if TYPE_CHECKING:
 class GeoIPDict(TypedDict):
     """GeoIP Details"""
 
-    continent: str
-    country: str
-    lat: float
-    long: float
+    continent: str | None
+    country: str | None
+    lat: float | None
+    long: float | None
     city: str
 
 
@@ -61,7 +61,7 @@ class GeoIPContextProcessor(MMDBContextProcessor):
             except (GeoIP2Error, ValueError):
                 return None
 
-    def city_to_dict(self, city: City | None) -> GeoIPDict:
+    def city_to_dict(self, city: City | None) -> GeoIPDict | dict:
         """Convert City to dict"""
         if not city:
             return {}

authentik/events/middleware.py

@@ -197,7 +197,8 @@ class AuditMiddleware:
             return
         if _CTX_IGNORE.get():
             return
-        if request.request_id != _CTX_REQUEST.get().request_id:
+        current_request = _CTX_REQUEST.get()
+        if current_request is None or request.request_id != current_request.request_id:
             return
         user = self.get_user(request)
 
@@ -212,7 +213,8 @@ class AuditMiddleware:
             return
         if _CTX_IGNORE.get():
             return
-        if request.request_id != _CTX_REQUEST.get().request_id:
+        current_request = _CTX_REQUEST.get()
+        if current_request is None or request.request_id != current_request.request_id:
             return
         user = self.get_user(request)
 
@@ -239,7 +241,8 @@ class AuditMiddleware:
             return
         if _CTX_IGNORE.get():
             return
-        if request.request_id != _CTX_REQUEST.get().request_id:
+        current_request = _CTX_REQUEST.get()
+        if current_request is None or request.request_id != current_request.request_id:
             return
         user = self.get_user(request)
 

authentik/events/migrations/0013_delete_systemtask.py

@@ -0,0 +1,16 @@
+# Generated by Django 5.1.11 on 2025-07-28 15:05
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_events", "0012_notificationtransport_email_subject_prefix_and_more"),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name="SystemTask",
+        ),
+    ]

authentik/events/models.py

@@ -632,45 +632,3 @@ class NotificationWebhookMapping(PropertyMapping):
     class Meta:
         verbose_name = _("Webhook Mapping")
         verbose_name_plural = _("Webhook Mappings")
-
-
-class TaskStatus(models.TextChoices):
-    """DEPRECATED do not use"""
-
-    UNKNOWN = "unknown"
-    SUCCESSFUL = "successful"
-    WARNING = "warning"
-    ERROR = "error"
-
-
-class SystemTask(ExpiringModel):
-    """DEPRECATED do not use"""
-
-    uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
-    name = models.TextField()
-    uid = models.TextField(null=True)
-
-    start_timestamp = models.DateTimeField(default=now)
-    finish_timestamp = models.DateTimeField(default=now)
-    duration = models.FloatField(default=0)
-
-    status = models.TextField(choices=TaskStatus.choices)
-
-    description = models.TextField(null=True)
-    messages = models.JSONField()
-
-    task_call_module = models.TextField()
-    task_call_func = models.TextField()
-    task_call_args = models.JSONField(default=list)
-    task_call_kwargs = models.JSONField(default=dict)
-
-    def __str__(self) -> str:
-        return f"System Task {self.name}"
-
-    class Meta:
-        unique_together = (("name", "uid"),)
-        default_permissions = ()
-        permissions = ()
-        verbose_name = _("System Task")
-        verbose_name_plural = _("System Tasks")
-        indexes = ExpiringModel.Meta.indexes

authentik/flows/models.py

@@ -291,7 +291,7 @@ class ConfigurableStage(models.Model):
 class FriendlyNamedStage(models.Model):
     """Abstract base class for a Stage that can have a user friendly name configured."""
 
-    friendly_name = models.TextField(null=True)
+    friendly_name = models.TextField(blank=True)
 
     class Meta:
         abstract = True

authentik/lib/logging.py

@@ -43,7 +43,9 @@ def structlog_configure():
             structlog.stdlib.PositionalArgumentsFormatter(),
             structlog.processors.TimeStamper(fmt="iso", utc=False),
             structlog.processors.StackInfoRenderer(),
-            structlog.processors.dict_tracebacks,
+            structlog.processors.ExceptionRenderer(
+                structlog.processors.ExceptionDictTransformer(show_locals=CONFIG.get_bool("debug"))
+            ),
             structlog.stdlib.ProcessorFormatter.wrap_for_formatter,
         ],
         logger_factory=structlog.stdlib.LoggerFactory(),
@@ -65,7 +67,14 @@ def get_logger_config():
             "json": {
                 "()": structlog.stdlib.ProcessorFormatter,
                 "processor": structlog.processors.JSONRenderer(sort_keys=True),
-                "foreign_pre_chain": LOG_PRE_CHAIN + [structlog.processors.dict_tracebacks],
+                "foreign_pre_chain": LOG_PRE_CHAIN
+                + [
+                    structlog.processors.ExceptionRenderer(
+                        structlog.processors.ExceptionDictTransformer(
+                            show_locals=CONFIG.get_bool("debug")
+                        )
+                    ),
+                ],
             },
             "console": {
                 "()": structlog.stdlib.ProcessorFormatter,

authentik/lib/sync/outgoing/tasks.py

@@ -20,6 +20,7 @@ from authentik.lib.sync.outgoing.exceptions import (
     TransientSyncException,
 )
 from authentik.lib.sync.outgoing.models import OutgoingSyncProvider
+from authentik.lib.utils.errors import exception_to_dict
 from authentik.lib.utils.reflection import class_to_path, path_to_class
 from authentik.tasks.models import Task
 
@@ -164,16 +165,17 @@ class SyncTasks:
             except BadRequestSyncException as exc:
                 self.logger.warning("failed to sync object", exc=exc, obj=obj)
                 task.warning(
-                    f"Failed to sync {obj._meta.verbose_name} {str(obj)} due to error: {str(exc)}",
+                    f"Failed to sync {str(obj)} due to error: {str(exc)}",
                     arguments=exc.args[1:],
                     obj=sanitize_item(obj),
+                    exception=exception_to_dict(exc),
                 )
             except TransientSyncException as exc:
                 self.logger.warning("failed to sync object", exc=exc, user=obj)
                 task.warning(
-                    f"Failed to sync {obj._meta.verbose_name} {str(obj)} due to "
-                    f"transient error: {str(exc)}",
+                    f"Failed to sync {str(obj)} due to " f"transient error: {str(exc)}",
                     obj=sanitize_item(obj),
+                    exception=exception_to_dict(exc),
                 )
             except StopSync as exc:
                 self.logger.warning("Stopping sync", exc=exc)

authentik/providers/oauth2/utils.py

@@ -4,17 +4,18 @@ import re
 import uuid
 from base64 import b64decode
 from binascii import Error
-from time import time
 from typing import Any
 from urllib.parse import urlparse
 
 from django.http import HttpRequest, HttpResponse, JsonResponse
 from django.http.response import HttpResponseRedirect
 from django.utils.cache import patch_vary_headers
+from django.utils.timezone import now
 from structlog.stdlib import get_logger
 
 from authentik.core.middleware import CTX_AUTH_VIA, KEY_USER
 from authentik.events.models import Event, EventAction
+from authentik.lib.utils.time import timedelta_from_string
 from authentik.providers.oauth2.errors import BearerTokenError
 from authentik.providers.oauth2.id_token import hash_session_key
 from authentik.providers.oauth2.models import AccessToken, OAuth2Provider
@@ -229,11 +230,13 @@ def create_logout_token(
 
     LOGGER.debug("Creating logout token", provider=provider, sub=sub)
 
+    _now = now()
     # Create the logout token payload
     payload = {
         "iss": str(iss),
         "aud": provider.client_id,
-        "iat": int(time()),
+        "iat": int(_now.timestamp()),
+        "exp": int((_now + timedelta_from_string(provider.access_token_validity)).timestamp()),
         "jti": str(uuid.uuid4()),
         "events": {
             "http://schemas.openid.net/event/backchannel-logout": {},

authentik/providers/oauth2/views/userinfo.py

@@ -60,7 +60,7 @@ class UserInfoView(View):
         for scope in scopes:
             if scope in special_scope_map:
                 scope_descriptions.append(
-                    PermissionDict(id=scope, name=str(special_scope_map[scope]))
+                    PermissionDict(id=str(scope), name=str(special_scope_map[scope]))
                 )
         return scope_descriptions
 

authentik/providers/saml/processors/assertion.py

@@ -239,32 +239,33 @@ class AssertionProcessor:
                 ).from_http(self.http_request)
                 LOGGER.warning("Failed to evaluate property mapping", exc=exc)
                 return name_id
-        if name_id.attrib["Format"] == SAML_NAME_ID_FORMAT_EMAIL:
+        if self.auth_n_request.name_id_policy == SAML_NAME_ID_FORMAT_EMAIL:
             name_id.text = self.http_request.user.email
             return name_id
-        if name_id.attrib["Format"] in [
+        if self.auth_n_request.name_id_policy in [
             SAML_NAME_ID_FORMAT_PERSISTENT,
             SAML_NAME_ID_FORMAT_UNSPECIFIED,
         ]:
             name_id.text = persistent
             return name_id
-        if name_id.attrib["Format"] == SAML_NAME_ID_FORMAT_X509:
+        if self.auth_n_request.name_id_policy == SAML_NAME_ID_FORMAT_X509:
             # This attribute is statically set by the LDAP source
             name_id.text = self.http_request.user.attributes.get(
                 LDAP_DISTINGUISHED_NAME, persistent
             )
             return name_id
-        if name_id.attrib["Format"] == SAML_NAME_ID_FORMAT_WINDOWS:
+        if self.auth_n_request.name_id_policy == SAML_NAME_ID_FORMAT_WINDOWS:
             # This attribute is statically set by the LDAP source
             name_id.text = self.http_request.user.attributes.get("upn", persistent)
             return name_id
-        if name_id.attrib["Format"] == SAML_NAME_ID_FORMAT_TRANSIENT:
+        if self.auth_n_request.name_id_policy == SAML_NAME_ID_FORMAT_TRANSIENT:
             # Use the hash of the user's session, which changes every session
             session_key: str = self.http_request.session.session_key
             name_id.text = sha256(session_key.encode()).hexdigest()
             return name_id
         raise UnsupportedNameIDFormat(
-            f"Assertion contains NameID with unsupported format {name_id.attrib['Format']}."
+            "Assertion contains NameID with unsupported "
+            f"format {self.auth_n_request.name_id_policy}."
         )
 
     def get_assertion_subject(self) -> Element:

authentik/providers/scim/clients/exceptions.py

@@ -27,3 +27,8 @@ class SCIMRequestException(TransientSyncException):
         except ValidationError:
             pass
         return self._message
+
+    def __str__(self):
+        if self._response:
+            return self._response.text
+        return super().__str__()

authentik/providers/scim/clients/users.py

@@ -72,7 +72,8 @@ class SCIMUserClient(SCIMClient[User, SCIMProviderUser, SCIMUserSchema]):
                 if not self._config.filter.supported:
                     raise exc
                 users = self._request(
-                    "GET", f"/Users?{urlencode({'filter': f'userName eq {scim_user.userName}'})}"
+                    "GET",
+                    f"/Users?{urlencode({'filter': f'userName eq \"{scim_user.userName}\"'})}",
                 )
                 users_res = users.get("Resources", [])
                 if len(users_res) < 1:

authentik/rbac/middleware.py

@@ -61,7 +61,8 @@ class InitialPermissionsMiddleware:
     ):
         if not created:
             return
-        if request.request_id != _CTX_REQUEST.get().request_id:
+        current_request = _CTX_REQUEST.get()
+        if current_request is None or request.request_id != current_request.request_id:
             return
         user: User = request.user
         if not user or user.is_anonymous:

authentik/root/settings.py

@@ -183,6 +183,7 @@ SPECTACULAR_SETTINGS = {
     ],
     "POSTPROCESSING_HOOKS": [
         "authentik.api.schema.postprocess_schema_responses",
+        "authentik.api.schema.postprocess_schema_pagination",
         "drf_spectacular.hooks.postprocess_schema_enums",
     ],
 }
@@ -255,6 +256,7 @@ MIDDLEWARE = [
     "authentik.root.middleware.LoggingMiddleware",
     "authentik.root.middleware.ClientIPMiddleware",
     "authentik.stages.user_login.middleware.BoundSessionMiddleware",
+    "django.middleware.locale.LocaleMiddleware",
     "authentik.core.middleware.AuthenticationMiddleware",
     "authentik.core.middleware.RequestIDMiddleware",
     "authentik.brands.middleware.BrandMiddleware",

authentik/root/signals.py

@@ -1,7 +1,6 @@
 from datetime import timedelta
 
-from django.core.signals import Signal
-from django.dispatch import receiver
+from django.dispatch import Signal, receiver
 from django.utils.timezone import now
 from structlog.stdlib import get_logger
 

authentik/sources/ldap/sync/membership.py

@@ -5,6 +5,7 @@ from typing import Any
 
 from django.db.models import Q
 from ldap3 import SUBTREE
+from ldap3.utils.conv import escape_filter_chars
 
 from authentik.core.models import Group, User
 from authentik.sources.ldap.models import LDAP_DISTINGUISHED_NAME, LDAP_UNIQUENESS, LDAPSource
@@ -52,7 +53,8 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
         for group in page_data:
             if self._source.lookup_groups_from_user:
                 group_dn = group.get("dn", {})
-                group_filter = f"({self._source.group_membership_field}={group_dn})"
+                escaped_dn = escape_filter_chars(group_dn)
+                group_filter = f"({self._source.group_membership_field}={escaped_dn})"
                 group_members = self._source.connection().extend.standard.paged_search(
                     search_base=self.base_dn_users,
                     search_filter=group_filter,

authentik/sources/ldap/tests/test_sync.py

@@ -4,6 +4,8 @@ from unittest.mock import MagicMock, patch
 
 from django.db.models import Q
 from django.test import TestCase
+from ldap3.core.exceptions import LDAPInvalidFilterError
+from ldap3.utils.conv import escape_filter_chars
 
 from authentik.blueprints.tests import apply_blueprint
 from authentik.core.models import Group, User
@@ -519,3 +521,89 @@ class LDAPSyncTests(TestCase):
 
         self.assertFalse(User.objects.filter(username__startswith="not-in-the-source").exists())
         self.assertFalse(Group.objects.filter(name__startswith="not-in-the-source").exists())
+
+    def test_membership_sync_special_chars_in_group_dn(self):
+        """Test membership synchronization with special characters in group DN"""
+        self.source.object_uniqueness_field = "uid"
+        self.source.group_object_filter = "(objectClass=groupOfNames)"
+        self.source.lookup_groups_from_user = True
+        self.source.group_membership_field = "memberOf"
+
+        # Mock connection with group DN containing special characters
+        mock_conn = MagicMock()
+
+        # Simulate group with special characters in DN: parentheses, backslashes, asterisks
+        special_group_dn = "cn=test(group),ou=groups,dc=example,dc=com"
+        backslash_group_dn = "cn=test\\group,ou=groups,dc=example,dc=com"
+        asterisk_group_dn = "cn=test*group,ou=groups,dc=example,dc=com"
+
+        # Mock the paged_search method that would be called with the filter
+        mock_standard = MagicMock()
+        mock_conn.extend.standard = mock_standard
+
+        # Test case 1: Group DN with parentheses
+        with patch("authentik.sources.ldap.models.LDAPSource.connection", return_value=mock_conn):
+            membership_sync = MembershipLDAPSynchronizer(self.source, Task())
+
+            # Simulate group data with special characters in DN
+            page_data = [{"dn": special_group_dn}]
+
+            # This should not raise LDAPInvalidFilterError anymore
+            try:
+                membership_sync.sync(page_data)
+                # Verify that the filter was properly escaped
+                # The call should have been made with escaped characters
+                mock_standard.paged_search.assert_called()
+                call_args = mock_standard.paged_search.call_args
+                search_filter = call_args[1]["search_filter"]
+                # The parentheses should be escaped as \28 and \29
+                self.assertIn("\\28", search_filter)  # Escaped (
+                self.assertIn("\\29", search_filter)  # Escaped )
+            except LDAPInvalidFilterError:
+                self.fail("LDAPInvalidFilterError should not be raised with escaped filter")
+
+        # Test case 2: Group DN with backslashes
+        with patch("authentik.sources.ldap.models.LDAPSource.connection", return_value=mock_conn):
+            membership_sync = MembershipLDAPSynchronizer(self.source, Task())
+            page_data = [{"dn": backslash_group_dn}]
+
+            try:
+                membership_sync.sync(page_data)
+                call_args = mock_standard.paged_search.call_args
+                search_filter = call_args[1]["search_filter"]
+                # The backslash should be escaped as \5c
+                self.assertIn("\\5c", search_filter)  # Escaped \
+            except LDAPInvalidFilterError:
+                self.fail("LDAPInvalidFilterError should not be raised with escaped filter")
+
+        # Test case 3: Group DN with asterisks
+        with patch("authentik.sources.ldap.models.LDAPSource.connection", return_value=mock_conn):
+            membership_sync = MembershipLDAPSynchronizer(self.source, Task())
+            page_data = [{"dn": asterisk_group_dn}]
+
+            try:
+                membership_sync.sync(page_data)
+                call_args = mock_standard.paged_search.call_args
+                search_filter = call_args[1]["search_filter"]
+                # The asterisk should be escaped as \2a
+                self.assertIn("\\2a", search_filter)  # Escaped *
+            except LDAPInvalidFilterError:
+                self.fail("LDAPInvalidFilterError should not be raised with escaped filter")
+
+    def test_escape_filter_chars_function(self):
+        """Test the escape_filter_chars function directly"""
+
+        # Test various special characters that need escaping
+        test_cases = [
+            ("test(group)", "test\\28group\\29"),  # parentheses
+            ("test\\group", "test\\5cgroup"),  # backslash
+            ("test*group", "test\\2agroup"),  # asterisk
+            ("test(*)group", "test\\28\\2a\\29group"),  # multiple special chars
+            ("normalgroup", "normalgroup"),  # no special chars
+            ("", ""),  # empty string
+        ]
+
+        for input_str, expected in test_cases:
+            with self.subTest(input_str=input_str):
+                result = escape_filter_chars(input_str)
+                self.assertEqual(result, expected)

authentik/sources/oauth/types/entra_id.py

@@ -96,7 +96,11 @@ class EntraIDType(SourceType):
         }
 
     def get_base_group_properties(self, source, group_id, **kwargs):
-        raw_group = kwargs["info"]["raw_groups"][group_id]
+        raw_groups = kwargs["info"]["raw_groups"]
+        if group_id in raw_groups:
+            name = raw_groups[group_id]["displayName"]
+        else:
+            name = group_id
         return {
-            "name": raw_group["displayName"],
+            "name": name,
         }

authentik/sources/saml/exceptions.py

@@ -6,22 +6,39 @@ from authentik.lib.sentry import SentryIgnoredException
 class SAMLException(SentryIgnoredException):
     """Base SAML Exception"""
 
+    default_message = "An unspecified SAML error occurred."
+
+    def __str__(self):
+        if self.args:
+            return super().__str__()
+        return self.default_message
+
 
 class MissingSAMLResponse(SAMLException):
     """Exception raised when request does not contain SAML Response."""
 
+    default_message = "Request does not contain a SAML response."
+
 
 class UnsupportedNameIDFormat(SAMLException):
     """Exception raised when SAML Response contains NameID Format not supported."""
 
+    default_message = "The NameID Format in the SAML Response is not supported."
+
 
 class MismatchedRequestID(SAMLException):
     """Exception raised when the returned request ID doesn't match the saved ID."""
 
+    default_message = "The SAML Response ID does not match the original request ID."
+
 
 class InvalidEncryption(SAMLException):
-    """Encryption of XML Object is either missing or invalid"""
+    """Encryption of XML Object is either missing or invalid."""
+
+    default_message = "The encryption of the SAML object is either missing or invalid."
 
 
 class InvalidSignature(SAMLException):
-    """Signature of XML Object is either missing or invalid"""
+    """Signature of XML Object is either missing or invalid."""
+
+    default_message = "The signature of the SAML object is either missing or invalid."

authentik/stages/authenticator_duo/migrations/0007_alter_authenticatorduostage_friendly_name.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "authentik_stages_authenticator_duo",
+            "0006_duodevice_created_duodevice_last_updated_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatorduostage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/stages/authenticator_email/migrations/0002_alter_authenticatoremailstage_friendly_name.py

@@ -0,0 +1,19 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_stages_authenticator_email", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatoremailstage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/stages/authenticator_email/stage.py

@@ -142,6 +142,11 @@ class AuthenticatorEmailStageView(ChallengeStageView):
         user = self.get_pending_user()
 
         stage: AuthenticatorEmailStage = self.executor.current_stage
+        # For the moment we only allow one email device per user
+        if EmailDevice.objects.filter(Q(user=user), stage=stage.pk).exists():
+            return self.executor.stage_invalid(
+                _("The user already has an email address registered for MFA.")
+            )
         if SESSION_KEY_EMAIL_DEVICE not in self.request.session:
             device = EmailDevice(user=user, confirmed=False, stage=stage, name="Email Device")
             valid_secs: int = timedelta_from_string(stage.token_expiry).total_seconds()

authentik/stages/authenticator_email/tests.py

@@ -108,6 +108,17 @@ class TestAuthenticatorEmailStage(FlowTestCase):
     )
     def test_stage_submit(self):
         """Test stage email submission"""
+        # test fail because of existing device
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
+        )
+        self.assertStageResponse(
+            response,
+            self.flow,
+            self.user,
+            component="ak-stage-access-denied",
+        )
+        self.device.delete()
         # Initialize the flow
         response = self.client.get(
             reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
@@ -232,6 +243,7 @@ class TestAuthenticatorEmailStage(FlowTestCase):
     def test_challenge_generation(self):
         """Test challenge generation"""
         # Test with masked email
+        self.device.delete()
         response = self.client.get(
             reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
         )

authentik/stages/authenticator_sms/migrations/0008_alter_authenticatorsmsstage_friendly_name.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "authentik_stages_authenticator_sms",
+            "0007_smsdevice_created_smsdevice_last_updated_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatorsmsstage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/stages/authenticator_static/migrations/0011_alter_authenticatorstaticstage_friendly_name.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "authentik_stages_authenticator_static",
+            "0010_staticdevice_created_staticdevice_last_updated_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatorstaticstage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/stages/authenticator_totp/migrations/0012_alter_authenticatortotpstage_friendly_name.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        (
+            "authentik_stages_authenticator_totp",
+            "0011_totpdevice_created_totpdevice_last_updated_and_more",
+        ),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatortotpstage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/stages/authenticator_webauthn/mds/aaguid.json

@@ -161,5 +161,10 @@
         "name": "Microsoft Password Manager",
         "icon_dark": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzIiIGhlaWdodD0iMzIiIHZpZXdCb3g9IjAgMCAzMiAzMiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTE1IDIzVjI0QzE1IDI0LjU1MjMgMTQuNTUyMyAyNSAxNCAyNUgxMlYyNkMxMiAyNy4xMDQ2IDExLjEwNDYgMjggMTAgMjhINkM0Ljg5NTQzIDI4IDQgMjcuMTA0NiA0IDI2VjIzLjQxNDJDNCAyMi44ODM4IDQuMjEwNzEgMjIuMzc1MSA0LjU4NTc5IDIyTDEyLjMyNDQgMTQuMjYxNEMxMi4xMTMxIDEzLjU0MzQgMTIgMTIuNzg0MiAxMiAxMkMxMiA3LjU4MTcyIDE1LjU4MTcgNCAyMCA0QzI0LjQxODMgNCAyOCA3LjU4MTcyIDI4IDEyQzI4IDE2LjQxODMgMjQuNDE4MyAyMCAyMCAyMEgxOFYyMkMxOCAyMi41NTIzIDE3LjU1MjMgMjMgMTcgMjNIMTVaTTIyIDEyQzIzLjEwNDYgMTIgMjQgMTEuMTA0NiAyNCAxMEMyNCA4Ljg5NTQzIDIzLjEwNDYgOCAyMiA4QzIwLjg5NTQgOCAyMCA4Ljg5NTQzIDIwIDEwQzIwIDExLjEwNDYgMjAuODk1NCAxMiAyMiAxMloiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8zMl8xMzcpIi8+CjxwYXRoIGQ9Ik0yNS40MDA0IDYuMDk4NjNDMjYuOTk3OCA3LjU2MTI2IDI4IDkuNjYzNDEgMjggMTJDMjggMTYuNDE4MyAyNC40MTgzIDIwIDIwIDIwSDE4VjIyQzE4IDIyLjU1MjMgMTcuNTUyMyAyMyAxNyAyM0gxNVYyNEMxNSAyNC41NTIzIDE0LjU1MjMgMjUgMTQgMjVIMTJWMjZDMTIgMjcuMTA0NiAxMS4xMDQ2IDI4IDEwIDI4SDZDNS4zMTk2IDI4IDQuNzIwNjYgMjcuNjU4OCA0LjM1OTM4IDI3LjEzOTZMMjAuMzU4NCAxMS4xMzk2QzIwLjcxOTYgMTEuNjU5IDIxLjMxOTQgMTIgMjIgMTJDMjMuMTA0NiAxMiAyNCAxMS4xMDQ2IDI0IDEwQzI0IDkuMzE5NCAyMy42NTkgOC43MTk2NSAyMy4xMzk2IDguMzU4NEwyNS40MDA0IDYuMDk4NjNaIiBmaWxsPSJ1cmwoI3BhaW50MV9yYWRpYWxfMzJfMTM3KSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzMyXzEzNyIgeDE9IjkuMzMzMzMiIHkxPSI4IiB4Mj0iMjYuNjY2NyIgeTI9IjI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMyOUMzRkYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMjA1MkNCIi8+CjwvbGluZWFyR3JhZGllbnQ+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQxX3JhZGlhbF8zMl8xMzciIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoNC44Njc3OCAyMC44ODI2KSByb3RhdGUoNTEuNzkwMSkgc2NhbGUoMTcuMjE1NyAxOC41MDAxKSI+CjxzdG9wIHN0b3AtY29sb3I9IiMyMzZGRDkiLz4KPHN0b3Agb2Zmc2V0PSIwLjc2Nzc4MiIgc3RvcC1jb2xvcj0iIzIzNkZEOSIgc3RvcC1vcGFjaXR5PSIwIi8+CjwvcmFkaWFsR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg==",
         "icon_light": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMzIiIGhlaWdodD0iMzIiIHZpZXdCb3g9IjAgMCAzMiAzMiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTE1IDIzVjI0QzE1IDI0LjU1MjMgMTQuNTUyMyAyNSAxNCAyNUgxMlYyNkMxMiAyNy4xMDQ2IDExLjEwNDYgMjggMTAgMjhINkM0Ljg5NTQzIDI4IDQgMjcuMTA0NiA0IDI2VjIzLjQxNDJDNCAyMi44ODM4IDQuMjEwNzEgMjIuMzc1MSA0LjU4NTc5IDIyTDEyLjMyNDQgMTQuMjYxNEMxMi4xMTMxIDEzLjU0MzQgMTIgMTIuNzg0MiAxMiAxMkMxMiA3LjU4MTcyIDE1LjU4MTcgNCAyMCA0QzI0LjQxODMgNCAyOCA3LjU4MTcyIDI4IDEyQzI4IDE2LjQxODMgMjQuNDE4MyAyMCAyMCAyMEgxOFYyMkMxOCAyMi41NTIzIDE3LjU1MjMgMjMgMTcgMjNIMTVaTTIyIDEyQzIzLjEwNDYgMTIgMjQgMTEuMTA0NiAyNCAxMEMyNCA4Ljg5NTQzIDIzLjEwNDYgOCAyMiA4QzIwLjg5NTQgOCAyMCA4Ljg5NTQzIDIwIDEwQzIwIDExLjEwNDYgMjAuODk1NCAxMiAyMiAxMloiIGZpbGw9InVybCgjcGFpbnQwX2xpbmVhcl8zMl8xMzcpIi8+CjxwYXRoIGQ9Ik0yNS40MDA0IDYuMDk4NjNDMjYuOTk3OCA3LjU2MTI2IDI4IDkuNjYzNDEgMjggMTJDMjggMTYuNDE4MyAyNC40MTgzIDIwIDIwIDIwSDE4VjIyQzE4IDIyLjU1MjMgMTcuNTUyMyAyMyAxNyAyM0gxNVYyNEMxNSAyNC41NTIzIDE0LjU1MjMgMjUgMTQgMjVIMTJWMjZDMTIgMjcuMTA0NiAxMS4xMDQ2IDI4IDEwIDI4SDZDNS4zMTk2IDI4IDQuNzIwNjYgMjcuNjU4OCA0LjM1OTM4IDI3LjEzOTZMMjAuMzU4NCAxMS4xMzk2QzIwLjcxOTYgMTEuNjU5IDIxLjMxOTQgMTIgMjIgMTJDMjMuMTA0NiAxMiAyNCAxMS4xMDQ2IDI0IDEwQzI0IDkuMzE5NCAyMy42NTkgOC43MTk2NSAyMy4xMzk2IDguMzU4NEwyNS40MDA0IDYuMDk4NjNaIiBmaWxsPSJ1cmwoI3BhaW50MV9yYWRpYWxfMzJfMTM3KSIvPgo8ZGVmcz4KPGxpbmVhckdyYWRpZW50IGlkPSJwYWludDBfbGluZWFyXzMyXzEzNyIgeDE9IjkuMzMzMzMiIHkxPSI4IiB4Mj0iMjYuNjY2NyIgeTI9IjI0IiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+CjxzdG9wIHN0b3AtY29sb3I9IiMyOUMzRkYiLz4KPHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjMjA1MkNCIi8+CjwvbGluZWFyR3JhZGllbnQ+CjxyYWRpYWxHcmFkaWVudCBpZD0icGFpbnQxX3JhZGlhbF8zMl8xMzciIGN4PSIwIiBjeT0iMCIgcj0iMSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiIGdyYWRpZW50VHJhbnNmb3JtPSJ0cmFuc2xhdGUoNC44Njc3OCAyMC44ODI2KSByb3RhdGUoNTEuNzkwMSkgc2NhbGUoMTcuMjE1NyAxOC41MDAxKSI+CjxzdG9wIHN0b3AtY29sb3I9IiMyMzZGRDkiLz4KPHN0b3Agb2Zmc2V0PSIwLjc2Nzc4MiIgc3RvcC1jb2xvcj0iIzIzNkZEOSIgc3RvcC1vcGFjaXR5PSIwIi8+CjwvcmFkaWFsR3JhZGllbnQ+CjwvZGVmcz4KPC9zdmc+Cg=="
+    },
+    "6d212b28-a2c1-4638-b375-5932070f62e9": {
+        "name": "initial",
+        "icon_dark": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiB2aWV3Qm94PSIwIDAgMTAyNCAxMDI0IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cmVjdCB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiBmaWxsPSIjNTc3RkZGIi8+CjxwYXRoIGQ9Ik01MTIgMzk2QzU1Ni43MzUgMzk2IDU5MyAzNTkuNzM1IDU5MyAzMTVDNTkzIDI3MC4yNjUgNTU2LjczNSAyMzQgNTEyIDIzNEM0NjcuMjY1IDIzNCA0MzEgMjcwLjI2NSA0MzEgMzE1QzQzMSAzNTkuNzM1IDQ2Ny4yNjUgMzk2IDUxMiAzOTZaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjE2Ii8+CjxwYXRoIGQ9Ik01OTAgNDU4SDQzNFY3OThINTkwVjQ1OFoiIGZpbGw9IndoaXRlIi8+Cjwvc3ZnPgo=",
+        "icon_light": "data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiB2aWV3Qm94PSIwIDAgMTAyNCAxMDI0IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cmVjdCB3aWR0aD0iMTAyNCIgaGVpZ2h0PSIxMDI0IiBmaWxsPSIjNTc3RkZGIi8+CjxwYXRoIGQ9Ik01MTIgMzk2QzU1Ni43MzUgMzk2IDU5MyAzNTkuNzM1IDU5MyAzMTVDNTkzIDI3MC4yNjUgNTU2LjczNSAyMzQgNTEyIDIzNEM0NjcuMjY1IDIzNCA0MzEgMjcwLjI2NSA0MzEgMzE1QzQzMSAzNTkuNzM1IDQ2Ny4yNjUgMzk2IDUxMiAzOTZaIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjE2Ii8+CjxwYXRoIGQ9Ik01OTAgNDU4SDQzNFY3OThINTkwVjQ1OFoiIGZpbGw9IndoaXRlIi8+Cjwvc3ZnPgo="
     }
 }

authentik/stages/authenticator_webauthn/migrations/0014_alter_authenticatorwebauthnstage_friendly_name.py

@@ -0,0 +1,19 @@
+# Generated by Django 5.1.12 on 2025-09-08 19:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_stages_authenticator_webauthn", "0013_authenticatorwebauthnstage_max_attempts"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="authenticatorwebauthnstage",
+            name="friendly_name",
+            field=models.TextField(blank=True, default=""),
+            preserve_default=False,
+        ),
+    ]

authentik/stages/identification/signals.py

@@ -1,6 +1,6 @@
 """authentik identification signals"""
 
-from django.core.signals import Signal
+from django.dispatch import Signal
 
 # Arguments: request: HttpRequest, uid_field: Value entered by user
 identification_failed = Signal()

authentik/stages/identification/stage.py

@@ -140,7 +140,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
             # when `pretend` is enabled, continue regardless
             if current_stage.pretend_user_exists and not current_stage.password_stage:
                 return attrs
-            raise ValidationError("Failed to authenticate.")
+            raise ValidationError(_("Failed to authenticate."))
         self.pre_user = pre_user
 
         # Captcha check
@@ -171,7 +171,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
                     password=password,
                 )
             if not user:
-                raise ValidationError("Failed to authenticate.")
+                raise ValidationError(_("Failed to authenticate."))
             self.pre_user = user
         except PermissionDenied as exc:
             raise ValidationError(str(exc)) from exc

authentik/stages/invitation/signals.py

@@ -1,6 +1,6 @@
 """authentik invitation signals"""
 
-from django.core.signals import Signal
+from django.dispatch import Signal
 
 # Arguments: request: HttpRequest, invitation: Invitation
 invitation_used = Signal()

authentik/stages/prompt/signals.py

@@ -1,6 +1,6 @@
 """authentik prompt stage signals"""
 
-from django.core.signals import Signal
+from django.dispatch import Signal
 
 # Arguments: password: str, plan_context: dict[str, Any]
 password_validate = Signal()

authentik/stages/user_write/signals.py

@@ -1,6 +1,6 @@
 """authentik user_write signals"""
 
-from django.core.signals import Signal
+from django.dispatch import Signal
 
 # Arguments: request: HttpRequest, user: User, data: dict[str, Any], created: bool
 user_write = Signal()

authentik/tasks/apps.py

@@ -2,6 +2,8 @@ from authentik.blueprints.apps import ManagedAppConfig
 from authentik.lib.utils.time import fqdn_rand
 from authentik.tasks.schedules.common import ScheduleSpec
 
+PRIORITY_HIGH = 1000
+
 
 class AuthentikTasksConfig(ManagedAppConfig):
     name = "authentik.tasks"

authentik/tasks/middleware.py

@@ -14,6 +14,7 @@ from django_redis import get_redis_connection
 from dramatiq.broker import Broker
 from dramatiq.message import Message
 from dramatiq.middleware import Middleware
+from psycopg.errors import Error
 from redis.exceptions import RedisError
 from structlog.stdlib import get_logger
 
@@ -26,6 +27,7 @@ from authentik.tenants.utils import get_current_tenant
 
 LOGGER = get_logger()
 HEALTHCHECK_LOGGER = get_logger("authentik.worker").bind()
+DB_ERRORS = (OperationalError, Error, RedisError)
 
 
 class TenantMiddleware(Middleware):
@@ -175,7 +177,7 @@ class _healthcheck_handler(BaseHTTPRequestHandler):
             redis_conn = get_redis_connection()
             redis_conn.ping()
             self.send_response(200)
-        except (OperationalError, RedisError):  # pragma: no cover
+        except DB_ERRORS:  # pragma: no cover
             self.send_response(503)
         self.send_header("Content-Type", "text/plain; charset=utf-8")
         self.send_header("Content-Length", "0")
@@ -216,6 +218,14 @@ class WorkerStatusMiddleware(Middleware):
             hostname=socket.gethostname(),
             version=authentik_full_version(),
         )
+        while True:
+            try:
+                WorkerStatusMiddleware.keep(status)
+            except DB_ERRORS:  # pragma: no cover
+                sleep(10)
+                pass
+
+    def keep(status: WorkerStatus):
         lock_id = f"goauthentik.io/worker/status/{status.pk}"
         with pglock.advisory(lock_id, side_effect=pglock.Raise):
             while True:

blueprints/schema.json

@@ -3616,46 +3616,6 @@
                         }
                     }
                 },
-                {
-                    "type": "object",
-                    "required": [
-                        "model",
-                        "identifiers"
-                    ],
-                    "properties": {
-                        "model": {
-                            "const": "authentik_stages_consent.userconsent"
-                        },
-                        "id": {
-                            "type": "string"
-                        },
-                        "state": {
-                            "type": "string",
-                            "enum": [
-                                "absent",
-                                "created",
-                                "must_created",
-                                "present"
-                            ],
-                            "default": "present"
-                        },
-                        "conditions": {
-                            "type": "array",
-                            "items": {
-                                "type": "boolean"
-                            }
-                        },
-                        "permissions": {
-                            "$ref": "#/$defs/model_authentik_stages_consent.userconsent_permissions"
-                        },
-                        "attrs": {
-                            "$ref": "#/$defs/model_authentik_stages_consent.userconsent"
-                        },
-                        "identifiers": {
-                            "$ref": "#/$defs/model_authentik_stages_consent.userconsent"
-                        }
-                    }
-                },
                 {
                     "type": "object",
                     "required": [
@@ -6118,11 +6078,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "credentials": {
@@ -7503,7 +7459,6 @@
                         "authentik_stages_authenticator_webauthn.webauthndevice",
                         "authentik_stages_captcha.captchastage",
                         "authentik_stages_consent.consentstage",
-                        "authentik_stages_consent.userconsent",
                         "authentik_stages_deny.denystage",
                         "authentik_stages_dummy.dummystage",
                         "authentik_stages_email.emailstage",
@@ -12165,11 +12120,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "client_id": {
@@ -12360,11 +12311,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "use_global_settings": {
@@ -12593,11 +12540,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "provider": {
@@ -12810,11 +12753,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "token_count": {
@@ -12994,11 +12933,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "digits": {
@@ -13353,11 +13288,7 @@
                     "description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
                 },
                 "friendly_name": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "minLength": 1,
+                    "type": "string",
                     "title": "Friendly name"
                 },
                 "user_verification": {
@@ -13763,187 +13694,6 @@
                 }
             }
         },
-        "model_authentik_stages_consent.userconsent": {
-            "type": "object",
-            "properties": {
-                "expires": {
-                    "type": [
-                        "string",
-                        "null"
-                    ],
-                    "format": "date-time",
-                    "title": "Expires"
-                },
-                "expiring": {
-                    "type": "boolean",
-                    "title": "Expiring"
-                },
-                "user": {
-                    "type": "object",
-                    "properties": {
-                        "username": {
-                            "type": "string",
-                            "maxLength": 150,
-                            "minLength": 1,
-                            "title": "Username"
-                        },
-                        "name": {
-                            "type": "string",
-                            "title": "Name",
-                            "description": "User's display name."
-                        },
-                        "is_active": {
-                            "type": "boolean",
-                            "title": "Active",
-                            "description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts."
-                        },
-                        "last_login": {
-                            "type": [
-                                "string",
-                                "null"
-                            ],
-                            "format": "date-time",
-                            "title": "Last login"
-                        },
-                        "groups": {
-                            "type": "array",
-                            "items": {
-                                "type": "string",
-                                "format": "uuid"
-                            },
-                            "title": "Groups"
-                        },
-                        "email": {
-                            "type": "string",
-                            "format": "email",
-                            "maxLength": 254,
-                            "title": "Email address"
-                        },
-                        "attributes": {
-                            "type": "object",
-                            "additionalProperties": true,
-                            "title": "Attributes"
-                        },
-                        "path": {
-                            "type": "string",
-                            "minLength": 1,
-                            "title": "Path"
-                        },
-                        "type": {
-                            "type": "string",
-                            "enum": [
-                                "internal",
-                                "external",
-                                "service_account",
-                                "internal_service_account"
-                            ],
-                            "title": "Type"
-                        }
-                    },
-                    "required": [
-                        "username",
-                        "name"
-                    ],
-                    "title": "User"
-                },
-                "application": {
-                    "type": "object",
-                    "properties": {
-                        "name": {
-                            "type": "string",
-                            "minLength": 1,
-                            "title": "Name",
-                            "description": "Application's display Name."
-                        },
-                        "slug": {
-                            "type": "string",
-                            "maxLength": 50,
-                            "minLength": 1,
-                            "pattern": "^[-a-zA-Z0-9_]+$",
-                            "title": "Slug",
-                            "description": "Internal application name, used in URLs."
-                        },
-                        "provider": {
-                            "type": "integer",
-                            "title": "Provider"
-                        },
-                        "backchannel_providers": {
-                            "type": "array",
-                            "items": {
-                                "type": "integer"
-                            },
-                            "title": "Backchannel providers"
-                        },
-                        "open_in_new_tab": {
-                            "type": "boolean",
-                            "title": "Open in new tab",
-                            "description": "Open launch URL in a new browser tab or window."
-                        },
-                        "meta_launch_url": {
-                            "type": "string",
-                            "title": "Meta launch url"
-                        },
-                        "meta_description": {
-                            "type": "string",
-                            "title": "Meta description"
-                        },
-                        "meta_publisher": {
-                            "type": "string",
-                            "title": "Meta publisher"
-                        },
-                        "policy_engine_mode": {
-                            "type": "string",
-                            "enum": [
-                                "all",
-                                "any"
-                            ],
-                            "title": "Policy engine mode"
-                        },
-                        "group": {
-                            "type": "string",
-                            "title": "Group"
-                        }
-                    },
-                    "required": [
-                        "name",
-                        "slug"
-                    ],
-                    "title": "Application"
-                },
-                "permissions": {
-                    "type": "string",
-                    "minLength": 1,
-                    "title": "Permissions"
-                }
-            },
-            "required": []
-        },
-        "model_authentik_stages_consent.userconsent_permissions": {
-            "type": "array",
-            "items": {
-                "type": "object",
-                "required": [
-                    "permission"
-                ],
-                "properties": {
-                    "permission": {
-                        "type": "string",
-                        "enum": [
-                            "add_userconsent",
-                            "change_userconsent",
-                            "delete_userconsent",
-                            "view_userconsent"
-                        ]
-                    },
-                    "user": {
-                        "type": "integer"
-                    },
-                    "role": {
-                        "type": "string"
-                    }
-                }
-            }
-        },
         "model_authentik_stages_deny.denystage": {
             "type": "object",
             "properties": {

blueprints/system/providers-oauth2.yaml

@@ -24,7 +24,7 @@ entries:
       expression: |
         return {
             "email": request.user.email,
-            "email_verified": True
+            "email_verified": False
         }
   - identifiers:
       managed: goauthentik.io/providers/oauth2/scope-profile

go.mod

@@ -6,7 +6,7 @@ require (
 	beryju.io/ldap v0.1.0
 	github.com/avast/retry-go/v4 v4.6.1
 	github.com/coreos/go-oidc/v3 v3.15.0
-	github.com/getsentry/sentry-go v0.35.1
+	github.com/getsentry/sentry-go v0.35.3
 	github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1
 	github.com/go-ldap/ldap/v3 v3.4.11
 	github.com/go-openapi/runtime v0.28.0
@@ -22,17 +22,17 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/pires/go-proxyproto v0.8.1
-	github.com/prometheus/client_golang v1.23.0
-	github.com/redis/go-redis/v9 v9.12.1
+	github.com/prometheus/client_golang v1.23.2
+	github.com/redis/go-redis/v9 v9.14.0
 	github.com/sethvargo/go-envconfig v1.3.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	github.com/wwt/guac v1.3.2
-	goauthentik.io/api/v3 v3.2025100.3
+	goauthentik.io/api/v3 v3.2025100.8
 	golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
-	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.16.0
+	golang.org/x/oauth2 v0.31.0
+	golang.org/x/sync v0.17.0
 	gopkg.in/yaml.v2 v2.4.0
 	layeh.com/radius v0.0.0-20210819152912-ad72663a72ab
 )
@@ -70,16 +70,17 @@ require (
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.65.0 // indirect
+	github.com/prometheus/common v0.66.1 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/spf13/pflag v1.0.9 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	golang.org/x/crypto v0.38.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.25.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	google.golang.org/protobuf v1.36.8 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -26,8 +26,8 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
 github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/getsentry/sentry-go v0.35.1 h1:iopow6UVLE2aXu46xKVIs8Z9D/YZkJrHkgozrxa+tOQ=
-github.com/getsentry/sentry-go v0.35.1/go.mod h1:C55omcY9ChRQIUcVcGcs+Zdy4ZpQGvNJ7JYHIoSWOtE=
+github.com/getsentry/sentry-go v0.35.3 h1:u5IJaEqZyPdWqe/hKlBKBBnMTSxB/HenCqF3QLabeds=
+github.com/getsentry/sentry-go v0.35.3/go.mod h1:mdL49ixwT2yi57k5eh7mpnDyPybixPzlzEJFu0Z76QA=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
@@ -140,16 +140,16 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
-github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
+github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
+github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
-github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
+github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
 github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
 github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
-github.com/redis/go-redis/v9 v9.12.1 h1:k5iquqv27aBtnTm2tIkROUDp8JBXhXZIVu1InSgvovg=
-github.com/redis/go-redis/v9 v9.12.1/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
+github.com/redis/go-redis/v9 v9.14.0 h1:u4tNCjXOyzfgeLN+vAZaW1xUooqWDqVEsZN0U01jfAE=
+github.com/redis/go-redis/v9 v9.14.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -185,8 +185,10 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-goauthentik.io/api/v3 v3.2025100.3 h1:XBP4geoM3kED47N/kobP8ZVDqBAVmFNkKtU3xCNngJ8=
-goauthentik.io/api/v3 v3.2025100.3/go.mod h1:82lqAz4jxzl6Cg0YDbhNtvvTG2rm6605ZhdJFnbbsl8=
+go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
+go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+goauthentik.io/api/v3 v3.2025100.8 h1:Uc9NYSrbUVwcAIO4XRpf1DhnZRAU+QDwHaFuI+U5nlk=
+goauthentik.io/api/v3 v3.2025100.8/go.mod h1:82lqAz4jxzl6Cg0YDbhNtvvTG2rm6605ZhdJFnbbsl8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
@@ -194,25 +196,25 @@ golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqj
 golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab h1:628ME69lBm9C6JY2wXhAph/yjN3jezx1z7BIDLUwxjo=
 golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
-golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
+golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc=
+google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=

lifecycle/ak

@@ -2,6 +2,10 @@
 set -e -o pipefail
 MODE_FILE="${TMPDIR}/authentik-mode"
 
+if [[ -z "${PROMETHEUS_MULTIPROC_DIR}" ]]; then
+    export PROMETHEUS_MULTIPROC_DIR="${TMPDIR:-/tmp}/authentik_prometheus_tmp"
+fi
+
 function log {
     printf '{"event": "%s", "level": "info", "logger": "bootstrap"}\n' "$@" >/dev/stderr
 }
@@ -31,7 +35,7 @@ function check_if_root {
         GROUP="authentik:${GROUP_NAME}"
     fi
     # Fix permissions of certs and media
-    chown -R authentik:authentik /media /certs
+    chown -R authentik:authentik /media /certs "${PROMETHEUS_MULTIPROC_DIR}"
     chmod ug+rwx /media
     chmod ug+rx /certs
     exec chpst -u authentik:$GROUP env HOME=/authentik $1
@@ -68,9 +72,6 @@ function prepare_debug {
     chown authentik:authentik /unittest.xml
 }
 
-if [[ -z "${PROMETHEUS_MULTIPROC_DIR}" ]]; then
-    export PROMETHEUS_MULTIPROC_DIR="${TMPDIR:-/tmp}/authentik_prometheus_tmp"
-fi
 mkdir -p "${PROMETHEUS_MULTIPROC_DIR}"
 
 if [[ "$(python -m authentik.lib.config debugger 2>/dev/null)" == "True" ]]; then

lifecycle/aws/package-lock.json

@@ -9,7 +9,7 @@
             "version": "0.0.0",
             "license": "MIT",
             "devDependencies": {
-                "aws-cdk": "^2.1027.0",
+                "aws-cdk": "^2.1029.2",
                 "cross-env": "^10.0.0"
             },
             "engines": {
@@ -24,9 +24,9 @@
             "license": "MIT"
         },
         "node_modules/aws-cdk": {
-            "version": "2.1027.0",
-            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1027.0.tgz",
-            "integrity": "sha512-oo2d1o8L1GBmAG4cDzIloEBOkijf1VzpZKJJguAodUCffDDOaAd6zjEbQbedb3SY+Vg+8m9OUOEXzeLMMg3GPQ==",
+            "version": "2.1029.2",
+            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1029.2.tgz",
+            "integrity": "sha512-VkgxcbDLygHtnIuZHDYosQSlYwqmnYogzgB4zq+n6prHUP3Q9R8b/eOeo5bG+5OhE+r6+ZXrrVSmfISyaxA0og==",
             "dev": true,
             "license": "Apache-2.0",
             "bin": {

lifecycle/aws/package.json

@@ -10,7 +10,7 @@
         "node": ">=20"
     },
     "devDependencies": {
-        "aws-cdk": "^2.1027.0",
+        "aws-cdk": "^2.1029.2",
         "cross-env": "^10.0.0"
     }
 }

locale/de/LC_MESSAGES/django.po

@@ -40,7 +40,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-08-30 00:10+0000\n"
+"POT-Creation-Date: 2025-09-04 00:09+0000\n"
 "PO-Revision-Date: 2022-09-26 16:47+0000\n"
 "Last-Translator: datenschmutz, 2025\n"
 "Language-Team: German (https://app.transifex.com/authentik/teams/119923/de/)\n"
@@ -205,6 +205,10 @@ msgstr "Es sind keine führenden oder abschließenden Schrägstriche erlaubt."
 msgid "No empty segments in user path allowed."
 msgstr "Im Benutzerpfad sind keine leeren Segmente erlaubt."
 
+#: authentik/core/api/users.py
+msgid "This field is required."
+msgstr "Dieses Feld ist erforderlich."
+
 #: authentik/core/models.py
 msgid "name"
 msgstr "Name"

locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-08-30 00:10+0000\n"
+"POT-Creation-Date: 2025-09-17 17:04+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -152,6 +152,10 @@ msgstr ""
 msgid "No empty segments in user path allowed."
 msgstr ""
 
+#: authentik/core/api/users.py
+msgid "This field is required."
+msgstr ""
+
 #: authentik/core/models.py
 msgid "name"
 msgstr ""
@@ -2957,6 +2961,10 @@ msgstr ""
 msgid "Invalid email"
 msgstr ""
 
+#: authentik/stages/authenticator_email/stage.py
+msgid "The user already has an email address registered for MFA."
+msgstr ""
+
 #: authentik/stages/authenticator_email/templates/email/email_otp.html
 #: authentik/stages/email/templates/email/password_reset.html
 #, python-format
@@ -3493,6 +3501,10 @@ msgstr ""
 msgid "Identification Stages"
 msgstr ""
 
+#: authentik/stages/identification/stage.py
+msgid "Failed to authenticate."
+msgstr ""
+
 #: authentik/stages/identification/stage.py
 msgid "Log in"
 msgstr ""

packages/docusaurus-config/lib/theme.js

@@ -58,6 +58,7 @@ export function createPrismConfig(overrides = {}) {
             "nginx",
             "python",
             "bash",
+            "powershell",
         ],
     };
 

packages/docusaurus-config/package-lock.json

@@ -1,12 +1,12 @@
 {
     "name": "@goauthentik/docusaurus-config",
-    "version": "2.1.1",
+    "version": "2.1.2",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/docusaurus-config",
-            "version": "2.1.1",
+            "version": "2.1.2",
             "license": "MIT",
             "dependencies": {
                 "deepmerge-ts": "^7.1.5",
@@ -4646,9 +4646,9 @@
             "license": "MIT"
         },
         "node_modules/@types/react": {
-            "version": "19.1.12",
-            "resolved": "https://registry.npmjs.org/@types/react/-/react-19.1.12.tgz",
-            "integrity": "sha512-cMoR+FoAf/Jyq6+Df2/Z41jISvGZZ2eTlnsaJRptmZ76Caldwy1odD4xTr/gNV9VLj0AWgg/nmkevIyUfIIq5w==",
+            "version": "19.1.13",
+            "resolved": "https://registry.npmjs.org/@types/react/-/react-19.1.13.tgz",
+            "integrity": "sha512-hHkbU/eoO3EG5/MZkuFSKmYqPbSVk5byPFa3e7y/8TybHiLMACgI8seVYlicwk7H5K/rI2px9xrQp/C+AUDTiQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {

packages/docusaurus-config/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/docusaurus-config",
-    "version": "2.1.1",
+    "version": "2.1.2",
     "description": "authentik's Docusaurus config",
     "license": "MIT",
     "scripts": {

packages/esbuild-plugin-live-reload/.github/README.md

@@ -12,6 +12,7 @@ yarn add -D @goauthentik/esbuild-plugin-live-reload
 
 ```js
 import { liveReloadPlugin } from "@goauthentik/esbuild-plugin-live-reload";
+
 import esbuild from "esbuild";
 
 const NodeEnvironment = process.env.NODE_ENV || "development";

packages/esbuild-plugin-live-reload/client/ESBuildObserver.js

@@ -1,13 +1,17 @@
-/// <reference types="./types.js" />
-
 /**
  * @file Client-side observer for ESBuild events.
  *
+ * @import { Logger } from "@goauthentik/esbuild-plugin-live-reload/shared";
  * @import { Message as ESBuildMessage } from "esbuild";
  */
 
-const logPrefix = "authentik/dev/web: ";
-const log = console.debug.bind(console, logPrefix);
+/// <reference types="./types.js" />
+
+import { createLogger } from "@goauthentik/esbuild-plugin-live-reload/shared";
+
+if (typeof EventSource === "undefined") {
+    throw new TypeError("Environment doesn't appear to have an EventSource constructor");
+}
 
 /**
  * @template {unknown} [Data=unknown]
@@ -32,6 +36,11 @@ const log = console.debug.bind(console, logPrefix);
  * runtime browser
  */
 export class ESBuildObserver extends EventSource {
+    /**
+     * @type {Logger}
+     */
+    #logger;
+
     /**
      * Whether the watcher has a recent connection to the server.
      */
@@ -78,7 +87,7 @@ export class ESBuildObserver extends EventSource {
      */
     #startListener = () => {
         this.#trackActivity();
-        log("⏰ Build started...");
+        this.#logger.info("⏰ Build started...");
     };
 
     #internalErrorListener = () => {
@@ -88,7 +97,7 @@ export class ESBuildObserver extends EventSource {
             clearTimeout(this.#keepAliveInterval);
 
             this.close();
-            log("⛔️ Closing connection");
+            this.#logger.info("⛔️ Closing connection");
         }
     };
 
@@ -98,7 +107,7 @@ export class ESBuildObserver extends EventSource {
     #errorListener = (event) => {
         this.#trackActivity();
 
-        console.group(logPrefix, "⛔️⛔️⛔️  Build error...");
+        this.#logger.warn("⛔️⛔️⛔️  Build error...");
 
         /**
          * @type {ESBuildMessage[]}
@@ -106,17 +115,15 @@ export class ESBuildObserver extends EventSource {
         const esbuildErrorMessages = JSON.parse(event.data);
 
         for (const error of esbuildErrorMessages) {
-            console.warn(error.text);
+            this.#logger.warn(error.text);
 
             if (error.location) {
-                console.debug(
+                this.#logger.debug(
                     `file://${error.location.file}:${error.location.line}:${error.location.column}`,
                 );
-                console.debug(error.location.lineText);
+                this.#logger.debug(error.location.lineText);
             }
         }
-
-        console.groupEnd();
     };
 
     /**
@@ -128,13 +135,13 @@ export class ESBuildObserver extends EventSource {
         this.#trackActivity();
 
         if (!this.online) {
-            log("🚫 Build finished while offline.");
+            this.#logger.info("🚫 Build finished while offline.");
             this.deferredReload = true;
 
             return;
         }
 
-        log("🛎️ Build completed! Reloading...");
+        this.#logger.info("🛎️ Build completed! Reloading...");
 
         // We use an animation frame to keep the reload from happening before the
         // event loop has a chance to process the message.
@@ -148,7 +155,7 @@ export class ESBuildObserver extends EventSource {
      */
     #keepAliveListener = () => {
         this.#trackActivity();
-        log("🏓 Keep-alive");
+        this.#logger.info("🏓 Keep-alive");
     };
 
     /**
@@ -167,14 +174,17 @@ export class ESBuildObserver extends EventSource {
     /**
      *
      * @param {string | URL} [url]
+     * @param {Logger} [logger]
      */
-    constructor(url) {
+    constructor(url, logger = createLogger()) {
         if (!url) {
             throw new TypeError("ESBuildObserver: Cannot construct without a URL");
         }
 
         super(url);
 
+        this.#logger = logger;
+
         this.addEventListener("esbuild:start", this.#startListener);
         this.addEventListener("esbuild:end", this.#endListener);
         this.addEventListener("esbuild:error", this.#errorListener);
@@ -191,13 +201,13 @@ export class ESBuildObserver extends EventSource {
 
             if (!this.deferredReload) return;
 
-            log("🛎️ Reloading after offline build...");
+            this.#logger.info("🛎️ Reloading after offline build...");
             this.deferredReload = false;
 
             window.location.reload();
         });
 
-        log("🛎️ Listening for build changes...");
+        this.#logger.info("🛎️ Listening for build changes...");
 
         this.#keepAliveInterval = setInterval(() => {
             const now = Date.now();
@@ -205,7 +215,7 @@ export class ESBuildObserver extends EventSource {
             if (now - this.lastUpdatedAt < 10_000) return;
 
             this.alive = false;
-            log("👋 Waiting for build to start...");
+            this.#logger.info("👋 Waiting for build to start...");
         }, 15_000);
     }
 

packages/esbuild-plugin-live-reload/client/index.js

@@ -1,7 +1,7 @@
-/// <reference types="./types.js" />
 /**
  * @file Entry point for the ESBuild client-side observer.
  */
+/// <reference types="./types.js" />
 import { ESBuildObserver } from "./ESBuildObserver.js";
 
 if (import.meta.env?.ESBUILD_WATCHER_URL) {

packages/esbuild-plugin-live-reload/package-lock.json

@@ -1,32 +1,33 @@
 {
     "name": "@goauthentik/esbuild-plugin-live-reload",
-    "version": "1.1.0",
+    "version": "1.2.2",
     "lockfileVersion": 3,
     "requires": true,
     "packages": {
         "": {
             "name": "@goauthentik/esbuild-plugin-live-reload",
-            "version": "1.1.0",
+            "version": "1.2.2",
             "license": "MIT",
             "dependencies": {
                 "find-free-ports": "^3.1.1"
             },
             "devDependencies": {
-                "@goauthentik/prettier-config": "^3.0.0",
+                "@goauthentik/prettier-config": "^3.1.0",
                 "@goauthentik/tsconfig": "^1.0.4",
-                "@types/node": "^24.0.10",
-                "esbuild": "^0.25.5",
+                "@types/node": "^24.3.1",
+                "esbuild": "^0.25.9",
+                "pino": "^9.9.5",
                 "prettier": "^3.6.2",
-                "prettier-plugin-packagejson": "^2.5.17",
-                "typedoc": "^0.28.7",
-                "typedoc-plugin-markdown": "^4.7.0",
-                "typescript": "^5.8.3"
+                "prettier-plugin-packagejson": "^2.5.19",
+                "typedoc": "^0.28.12",
+                "typedoc-plugin-markdown": "^4.8.1",
+                "typescript": "^5.9.2"
             },
             "engines": {
-                "node": ">=22"
+                "node": ">=24"
             },
             "peerDependencies": {
-                "esbuild": "^0.25.5"
+                "esbuild": "^0.25.9"
             }
         },
         "node_modules/@babel/helper-string-parser": {
@@ -132,9 +133,9 @@
             }
         },
         "node_modules/@esbuild/aix-ppc64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.9.tgz",
-            "integrity": "sha512-OaGtL73Jck6pBKjNIe24BnFE6agGl+6KxDtTfHhy1HmhthfKouEcOhqpSL64K4/0WCtbKFLOdzD/44cJ4k9opA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.10.tgz",
+            "integrity": "sha512-0NFWnA+7l41irNuaSVlLfgNT12caWJVLzp5eAVhZ0z1qpxbockccEt3s+149rE64VUI3Ml2zt8Nv5JVc4QXTsw==",
             "cpu": [
                 "ppc64"
             ],
@@ -149,9 +150,9 @@
             }
         },
         "node_modules/@esbuild/android-arm": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.9.tgz",
-            "integrity": "sha512-5WNI1DaMtxQ7t7B6xa572XMXpHAaI/9Hnhk8lcxF4zVN4xstUgTlvuGDorBguKEnZO70qwEcLpfifMLoxiPqHQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.10.tgz",
+            "integrity": "sha512-dQAxF1dW1C3zpeCDc5KqIYuZ1tgAdRXNoZP7vkBIRtKZPYe2xVr/d3SkirklCHudW1B45tGiUlz2pUWDfbDD4w==",
             "cpu": [
                 "arm"
             ],
@@ -166,9 +167,9 @@
             }
         },
         "node_modules/@esbuild/android-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.9.tgz",
-            "integrity": "sha512-IDrddSmpSv51ftWslJMvl3Q2ZT98fUSL2/rlUXuVqRXHCs5EUF1/f+jbjF5+NG9UffUDMCiTyh8iec7u8RlTLg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.10.tgz",
+            "integrity": "sha512-LSQa7eDahypv/VO6WKohZGPSJDq5OVOo3UoFR1E4t4Gj1W7zEQMUhI+lo81H+DtB+kP+tDgBp+M4oNCwp6kffg==",
             "cpu": [
                 "arm64"
             ],
@@ -183,9 +184,9 @@
             }
         },
         "node_modules/@esbuild/android-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.9.tgz",
-            "integrity": "sha512-I853iMZ1hWZdNllhVZKm34f4wErd4lMyeV7BLzEExGEIZYsOzqDWDf+y082izYUE8gtJnYHdeDpN/6tUdwvfiw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.10.tgz",
+            "integrity": "sha512-MiC9CWdPrfhibcXwr39p9ha1x0lZJ9KaVfvzA0Wxwz9ETX4v5CHfF09bx935nHlhi+MxhA63dKRRQLiVgSUtEg==",
             "cpu": [
                 "x64"
             ],
@@ -200,9 +201,9 @@
             }
         },
         "node_modules/@esbuild/darwin-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.9.tgz",
-            "integrity": "sha512-XIpIDMAjOELi/9PB30vEbVMs3GV1v2zkkPnuyRRURbhqjyzIINwj+nbQATh4H9GxUgH1kFsEyQMxwiLFKUS6Rg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.10.tgz",
+            "integrity": "sha512-JC74bdXcQEpW9KkV326WpZZjLguSZ3DfS8wrrvPMHgQOIEIG/sPXEN/V8IssoJhbefLRcRqw6RQH2NnpdprtMA==",
             "cpu": [
                 "arm64"
             ],
@@ -217,9 +218,9 @@
             }
         },
         "node_modules/@esbuild/darwin-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.9.tgz",
-            "integrity": "sha512-jhHfBzjYTA1IQu8VyrjCX4ApJDnH+ez+IYVEoJHeqJm9VhG9Dh2BYaJritkYK3vMaXrf7Ogr/0MQ8/MeIefsPQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.10.tgz",
+            "integrity": "sha512-tguWg1olF6DGqzws97pKZ8G2L7Ig1vjDmGTwcTuYHbuU6TTjJe5FXbgs5C1BBzHbJ2bo1m3WkQDbWO2PvamRcg==",
             "cpu": [
                 "x64"
             ],
@@ -234,9 +235,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.9.tgz",
-            "integrity": "sha512-z93DmbnY6fX9+KdD4Ue/H6sYs+bhFQJNCPZsi4XWJoYblUqT06MQUdBCpcSfuiN72AbqeBFu5LVQTjfXDE2A6Q==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.10.tgz",
+            "integrity": "sha512-3ZioSQSg1HT2N05YxeJWYR+Libe3bREVSdWhEEgExWaDtyFbbXWb49QgPvFH8u03vUPX10JhJPcz7s9t9+boWg==",
             "cpu": [
                 "arm64"
             ],
@@ -251,9 +252,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.9.tgz",
-            "integrity": "sha512-mrKX6H/vOyo5v71YfXWJxLVxgy1kyt1MQaD8wZJgJfG4gq4DpQGpgTB74e5yBeQdyMTbgxp0YtNj7NuHN0PoZg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.10.tgz",
+            "integrity": "sha512-LLgJfHJk014Aa4anGDbh8bmI5Lk+QidDmGzuC2D+vP7mv/GeSN+H39zOf7pN5N8p059FcOfs2bVlrRr4SK9WxA==",
             "cpu": [
                 "x64"
             ],
@@ -268,9 +269,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.9.tgz",
-            "integrity": "sha512-HBU2Xv78SMgaydBmdor38lg8YDnFKSARg1Q6AT0/y2ezUAKiZvc211RDFHlEZRFNRVhcMamiToo7bDx3VEOYQw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.10.tgz",
+            "integrity": "sha512-oR31GtBTFYCqEBALI9r6WxoU/ZofZl962pouZRTEYECvNF/dtXKku8YXcJkhgK/beU+zedXfIzHijSRapJY3vg==",
             "cpu": [
                 "arm"
             ],
@@ -285,9 +286,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.9.tgz",
-            "integrity": "sha512-BlB7bIcLT3G26urh5Dmse7fiLmLXnRlopw4s8DalgZ8ef79Jj4aUcYbk90g8iCa2467HX8SAIidbL7gsqXHdRw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.10.tgz",
+            "integrity": "sha512-5luJWN6YKBsawd5f9i4+c+geYiVEw20FVW5x0v1kEMWNq8UctFjDiMATBxLvmmHA4bf7F6hTRaJgtghFr9iziQ==",
             "cpu": [
                 "arm64"
             ],
@@ -302,9 +303,9 @@
             }
         },
         "node_modules/@esbuild/linux-ia32": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.9.tgz",
-            "integrity": "sha512-e7S3MOJPZGp2QW6AK6+Ly81rC7oOSerQ+P8L0ta4FhVi+/j/v2yZzx5CqqDaWjtPFfYz21Vi1S0auHrap3Ma3A==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.10.tgz",
+            "integrity": "sha512-NrSCx2Kim3EnnWgS4Txn0QGt0Xipoumb6z6sUtl5bOEZIVKhzfyp/Lyw4C1DIYvzeW/5mWYPBFJU3a/8Yr75DQ==",
             "cpu": [
                 "ia32"
             ],
@@ -319,9 +320,9 @@
             }
         },
         "node_modules/@esbuild/linux-loong64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.9.tgz",
-            "integrity": "sha512-Sbe10Bnn0oUAB2AalYztvGcK+o6YFFA/9829PhOCUS9vkJElXGdphz0A3DbMdP8gmKkqPmPcMJmJOrI3VYB1JQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.10.tgz",
+            "integrity": "sha512-xoSphrd4AZda8+rUDDfD9J6FUMjrkTz8itpTITM4/xgerAZZcFW7Dv+sun7333IfKxGG8gAq+3NbfEMJfiY+Eg==",
             "cpu": [
                 "loong64"
             ],
@@ -336,9 +337,9 @@
             }
         },
         "node_modules/@esbuild/linux-mips64el": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.9.tgz",
-            "integrity": "sha512-YcM5br0mVyZw2jcQeLIkhWtKPeVfAerES5PvOzaDxVtIyZ2NUBZKNLjC5z3/fUlDgT6w89VsxP2qzNipOaaDyA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.10.tgz",
+            "integrity": "sha512-ab6eiuCwoMmYDyTnyptoKkVS3k8fy/1Uvq7Dj5czXI6DF2GqD2ToInBI0SHOp5/X1BdZ26RKc5+qjQNGRBelRA==",
             "cpu": [
                 "mips64el"
             ],
@@ -353,9 +354,9 @@
             }
         },
         "node_modules/@esbuild/linux-ppc64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.9.tgz",
-            "integrity": "sha512-++0HQvasdo20JytyDpFvQtNrEsAgNG2CY1CLMwGXfFTKGBGQT3bOeLSYE2l1fYdvML5KUuwn9Z8L1EWe2tzs1w==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.10.tgz",
+            "integrity": "sha512-NLinzzOgZQsGpsTkEbdJTCanwA5/wozN9dSgEl12haXJBzMTpssebuXR42bthOF3z7zXFWH1AmvWunUCkBE4EA==",
             "cpu": [
                 "ppc64"
             ],
@@ -370,9 +371,9 @@
             }
         },
         "node_modules/@esbuild/linux-riscv64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.9.tgz",
-            "integrity": "sha512-uNIBa279Y3fkjV+2cUjx36xkx7eSjb8IvnL01eXUKXez/CBHNRw5ekCGMPM0BcmqBxBcdgUWuUXmVWwm4CH9kg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.10.tgz",
+            "integrity": "sha512-FE557XdZDrtX8NMIeA8LBJX3dC2M8VGXwfrQWU7LB5SLOajfJIxmSdyL/gU1m64Zs9CBKvm4UAuBp5aJ8OgnrA==",
             "cpu": [
                 "riscv64"
             ],
@@ -387,9 +388,9 @@
             }
         },
         "node_modules/@esbuild/linux-s390x": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.9.tgz",
-            "integrity": "sha512-Mfiphvp3MjC/lctb+7D287Xw1DGzqJPb/J2aHHcHxflUo+8tmN/6d4k6I2yFR7BVo5/g7x2Monq4+Yew0EHRIA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.10.tgz",
+            "integrity": "sha512-3BBSbgzuB9ajLoVZk0mGu+EHlBwkusRmeNYdqmznmMc9zGASFjSsxgkNsqmXugpPk00gJ0JNKh/97nxmjctdew==",
             "cpu": [
                 "s390x"
             ],
@@ -404,9 +405,9 @@
             }
         },
         "node_modules/@esbuild/linux-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.9.tgz",
-            "integrity": "sha512-iSwByxzRe48YVkmpbgoxVzn76BXjlYFXC7NvLYq+b+kDjyyk30J0JY47DIn8z1MO3K0oSl9fZoRmZPQI4Hklzg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.10.tgz",
+            "integrity": "sha512-QSX81KhFoZGwenVyPoberggdW1nrQZSvfVDAIUXr3WqLRZGZqWk/P4T8p2SP+de2Sr5HPcvjhcJzEiulKgnxtA==",
             "cpu": [
                 "x64"
             ],
@@ -421,9 +422,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.9.tgz",
-            "integrity": "sha512-9jNJl6FqaUG+COdQMjSCGW4QiMHH88xWbvZ+kRVblZsWrkXlABuGdFJ1E9L7HK+T0Yqd4akKNa/lO0+jDxQD4Q==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.10.tgz",
+            "integrity": "sha512-AKQM3gfYfSW8XRk8DdMCzaLUFB15dTrZfnX8WXQoOUpUBQ+NaAFCP1kPS/ykbbGYz7rxn0WS48/81l9hFl3u4A==",
             "cpu": [
                 "arm64"
             ],
@@ -438,9 +439,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.9.tgz",
-            "integrity": "sha512-RLLdkflmqRG8KanPGOU7Rpg829ZHu8nFy5Pqdi9U01VYtG9Y0zOG6Vr2z4/S+/3zIyOxiK6cCeYNWOFR9QP87g==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.10.tgz",
+            "integrity": "sha512-7RTytDPGU6fek/hWuN9qQpeGPBZFfB4zZgcz2VK2Z5VpdUxEI8JKYsg3JfO0n/Z1E/6l05n0unDCNc4HnhQGig==",
             "cpu": [
                 "x64"
             ],
@@ -455,9 +456,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.9.tgz",
-            "integrity": "sha512-YaFBlPGeDasft5IIM+CQAhJAqS3St3nJzDEgsgFixcfZeyGPCd6eJBWzke5piZuZ7CtL656eOSYKk4Ls2C0FRQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.10.tgz",
+            "integrity": "sha512-5Se0VM9Wtq797YFn+dLimf2Zx6McttsH2olUBsDml+lm0GOCRVebRWUvDtkY4BWYv/3NgzS8b/UM3jQNh5hYyw==",
             "cpu": [
                 "arm64"
             ],
@@ -472,9 +473,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.9.tgz",
-            "integrity": "sha512-1MkgTCuvMGWuqVtAvkpkXFmtL8XhWy+j4jaSO2wxfJtilVCi0ZE37b8uOdMItIHz4I6z1bWWtEX4CJwcKYLcuA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.10.tgz",
+            "integrity": "sha512-XkA4frq1TLj4bEMB+2HnI0+4RnjbuGZfet2gs/LNs5Hc7D89ZQBHQ0gL2ND6Lzu1+QVkjp3x1gIcPKzRNP8bXw==",
             "cpu": [
                 "x64"
             ],
@@ -489,9 +490,9 @@
             }
         },
         "node_modules/@esbuild/openharmony-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.9.tgz",
-            "integrity": "sha512-4Xd0xNiMVXKh6Fa7HEJQbrpP3m3DDn43jKxMjxLLRjWnRsfxjORYJlXPO4JNcXtOyfajXorRKY9NkOpTHptErg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.10.tgz",
+            "integrity": "sha512-AVTSBhTX8Y/Fz6OmIVBip9tJzZEUcY8WLh7I59+upa5/GPhh2/aM6bvOMQySspnCCHvFi79kMtdJS1w0DXAeag==",
             "cpu": [
                 "arm64"
             ],
@@ -506,9 +507,9 @@
             }
         },
         "node_modules/@esbuild/sunos-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.9.tgz",
-            "integrity": "sha512-WjH4s6hzo00nNezhp3wFIAfmGZ8U7KtrJNlFMRKxiI9mxEK1scOMAaa9i4crUtu+tBr+0IN6JCuAcSBJZfnphw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.10.tgz",
+            "integrity": "sha512-fswk3XT0Uf2pGJmOpDB7yknqhVkJQkAQOcW/ccVOtfx05LkbWOaRAtn5SaqXypeKQra1QaEa841PgrSL9ubSPQ==",
             "cpu": [
                 "x64"
             ],
@@ -523,9 +524,9 @@
             }
         },
         "node_modules/@esbuild/win32-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.9.tgz",
-            "integrity": "sha512-mGFrVJHmZiRqmP8xFOc6b84/7xa5y5YvR1x8djzXpJBSv/UsNK6aqec+6JDjConTgvvQefdGhFDAs2DLAds6gQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.10.tgz",
+            "integrity": "sha512-ah+9b59KDTSfpaCg6VdJoOQvKjI33nTaQr4UluQwW7aEwZQsbMCfTmfEO4VyewOxx4RaDT/xCy9ra2GPWmO7Kw==",
             "cpu": [
                 "arm64"
             ],
@@ -540,9 +541,9 @@
             }
         },
         "node_modules/@esbuild/win32-ia32": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.9.tgz",
-            "integrity": "sha512-b33gLVU2k11nVx1OhX3C8QQP6UHQK4ZtN56oFWvVXvz2VkDoe6fbG8TOgHFxEvqeqohmRnIHe5A1+HADk4OQww==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.10.tgz",
+            "integrity": "sha512-QHPDbKkrGO8/cz9LKVnJU22HOi4pxZnZhhA2HYHez5Pz4JeffhDjf85E57Oyco163GnzNCVkZK0b/n4Y0UHcSw==",
             "cpu": [
                 "ia32"
             ],
@@ -557,9 +558,9 @@
             }
         },
         "node_modules/@esbuild/win32-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.9.tgz",
-            "integrity": "sha512-PPOl1mi6lpLNQxnGoyAfschAodRFYXJ+9fs6WHXz7CSWKbOqiMZsubC+BQsVKuul+3vKLuwTHsS2c2y9EoKwxQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.10.tgz",
+            "integrity": "sha512-9KpxSVFCu0iK1owoez6aC/s/EdUQLDN3adTxGCqxMVhrPDj6bt5dbrHDXUuq+Bs2vATFBBrQS5vdQ/Ed2P+nbw==",
             "cpu": [
                 "x64"
             ],
@@ -904,13 +905,13 @@
             }
         },
         "node_modules/@types/node": {
-            "version": "24.3.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.3.0.tgz",
-            "integrity": "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow==",
+            "version": "24.5.2",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
+            "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.10.0"
+                "undici-types": "~7.12.0"
             }
         },
         "node_modules/@types/unist": {
@@ -1075,6 +1076,16 @@
             "dev": true,
             "license": "Python-2.0"
         },
+        "node_modules/atomic-sleep": {
+            "version": "1.0.0",
+            "resolved": "https://registry.npmjs.org/atomic-sleep/-/atomic-sleep-1.0.0.tgz",
+            "integrity": "sha512-kNOjDqAh7px0XWNI+4QbzoiR/nTkHAWNud2uvnJquD1/x5a7EQZMJT0AczqK0Qn67oY/TTQ1LbUKajZpp3I9tQ==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">=8.0.0"
+            }
+        },
         "node_modules/balanced-match": {
             "version": "1.0.2",
             "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
@@ -1269,9 +1280,9 @@
             }
         },
         "node_modules/esbuild": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.9.tgz",
-            "integrity": "sha512-CRbODhYyQx3qp7ZEwzxOk4JBqmD/seJrzPa/cGjY1VtIn5E09Oi9/dB4JwctnfZ8Q8iT7rioVv5k/FNT/uf54g==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz",
+            "integrity": "sha512-9RiGKvCwaqxO2owP61uQ4BgNborAQskMR6QusfWzQqv7AZOg5oGehdY2pRJMTKuwxd1IDBP4rSbI5lHzU7SMsQ==",
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
@@ -1282,32 +1293,32 @@
                 "node": ">=18"
             },
             "optionalDependencies": {
-                "@esbuild/aix-ppc64": "0.25.9",
-                "@esbuild/android-arm": "0.25.9",
-                "@esbuild/android-arm64": "0.25.9",
-                "@esbuild/android-x64": "0.25.9",
-                "@esbuild/darwin-arm64": "0.25.9",
-                "@esbuild/darwin-x64": "0.25.9",
-                "@esbuild/freebsd-arm64": "0.25.9",
-                "@esbuild/freebsd-x64": "0.25.9",
-                "@esbuild/linux-arm": "0.25.9",
-                "@esbuild/linux-arm64": "0.25.9",
-                "@esbuild/linux-ia32": "0.25.9",
-                "@esbuild/linux-loong64": "0.25.9",
-                "@esbuild/linux-mips64el": "0.25.9",
-                "@esbuild/linux-ppc64": "0.25.9",
-                "@esbuild/linux-riscv64": "0.25.9",
-                "@esbuild/linux-s390x": "0.25.9",
-                "@esbuild/linux-x64": "0.25.9",
-                "@esbuild/netbsd-arm64": "0.25.9",
-                "@esbuild/netbsd-x64": "0.25.9",
-                "@esbuild/openbsd-arm64": "0.25.9",
-                "@esbuild/openbsd-x64": "0.25.9",
-                "@esbuild/openharmony-arm64": "0.25.9",
-                "@esbuild/sunos-x64": "0.25.9",
-                "@esbuild/win32-arm64": "0.25.9",
-                "@esbuild/win32-ia32": "0.25.9",
-                "@esbuild/win32-x64": "0.25.9"
+                "@esbuild/aix-ppc64": "0.25.10",
+                "@esbuild/android-arm": "0.25.10",
+                "@esbuild/android-arm64": "0.25.10",
+                "@esbuild/android-x64": "0.25.10",
+                "@esbuild/darwin-arm64": "0.25.10",
+                "@esbuild/darwin-x64": "0.25.10",
+                "@esbuild/freebsd-arm64": "0.25.10",
+                "@esbuild/freebsd-x64": "0.25.10",
+                "@esbuild/linux-arm": "0.25.10",
+                "@esbuild/linux-arm64": "0.25.10",
+                "@esbuild/linux-ia32": "0.25.10",
+                "@esbuild/linux-loong64": "0.25.10",
+                "@esbuild/linux-mips64el": "0.25.10",
+                "@esbuild/linux-ppc64": "0.25.10",
+                "@esbuild/linux-riscv64": "0.25.10",
+                "@esbuild/linux-s390x": "0.25.10",
+                "@esbuild/linux-x64": "0.25.10",
+                "@esbuild/netbsd-arm64": "0.25.10",
+                "@esbuild/netbsd-x64": "0.25.10",
+                "@esbuild/openbsd-arm64": "0.25.10",
+                "@esbuild/openbsd-x64": "0.25.10",
+                "@esbuild/openharmony-arm64": "0.25.10",
+                "@esbuild/sunos-x64": "0.25.10",
+                "@esbuild/win32-arm64": "0.25.10",
+                "@esbuild/win32-ia32": "0.25.10",
+                "@esbuild/win32-x64": "0.25.10"
             }
         },
         "node_modules/escape-string-regexp": {
@@ -1526,6 +1537,16 @@
             "dev": true,
             "license": "MIT"
         },
+        "node_modules/fast-redact": {
+            "version": "3.5.0",
+            "resolved": "https://registry.npmjs.org/fast-redact/-/fast-redact-3.5.0.tgz",
+            "integrity": "sha512-dwsoQlS7h9hMeYUq1W++23NDcBLV4KqONnITDV9DjfS3q1SgDGVrBdvvTLUotWtPSD7asWDV9/CmsZPy8Hf70A==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">=6"
+            }
+        },
         "node_modules/fastq": {
             "version": "1.19.1",
             "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz",
@@ -2149,6 +2170,16 @@
                 "node": ">= 8.0.0"
             }
         },
+        "node_modules/on-exit-leak-free": {
+            "version": "2.1.2",
+            "resolved": "https://registry.npmjs.org/on-exit-leak-free/-/on-exit-leak-free-2.1.2.tgz",
+            "integrity": "sha512-0eJJY6hXLGf1udHwfNftBqH+g73EU4B504nZeKpz1sYRKafAghwxEJunB2O7rDZkL4PGfsMVnTXZ2EjibbqcsA==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
         "node_modules/once": {
             "version": "1.4.0",
             "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
@@ -2272,6 +2303,46 @@
                 "url": "https://github.com/sponsors/jonschlinkert"
             }
         },
+        "node_modules/pino": {
+            "version": "9.11.0",
+            "resolved": "https://registry.npmjs.org/pino/-/pino-9.11.0.tgz",
+            "integrity": "sha512-+YIodBB9sxcWeR8PrXC2K3gEDyfkUuVEITOcbqrfcj+z5QW4ioIcqZfYFbrLTYLsmAwunbS7nfU/dpBB6PZc1g==",
+            "dev": true,
+            "license": "MIT",
+            "dependencies": {
+                "atomic-sleep": "^1.0.0",
+                "fast-redact": "^3.1.1",
+                "on-exit-leak-free": "^2.1.0",
+                "pino-abstract-transport": "^2.0.0",
+                "pino-std-serializers": "^7.0.0",
+                "process-warning": "^5.0.0",
+                "quick-format-unescaped": "^4.0.3",
+                "real-require": "^0.2.0",
+                "safe-stable-stringify": "^2.3.1",
+                "sonic-boom": "^4.0.1",
+                "thread-stream": "^3.0.0"
+            },
+            "bin": {
+                "pino": "bin.js"
+            }
+        },
+        "node_modules/pino-abstract-transport": {
+            "version": "2.0.0",
+            "resolved": "https://registry.npmjs.org/pino-abstract-transport/-/pino-abstract-transport-2.0.0.tgz",
+            "integrity": "sha512-F63x5tizV6WCh4R6RHyi2Ml+M70DNRXt/+HANowMflpgGFMAym/VKm6G7ZOQRjqN7XbGxK1Lg9t6ZrtzOaivMw==",
+            "dev": true,
+            "license": "MIT",
+            "dependencies": {
+                "split2": "^4.0.0"
+            }
+        },
+        "node_modules/pino-std-serializers": {
+            "version": "7.0.0",
+            "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.0.0.tgz",
+            "integrity": "sha512-e906FRY0+tV27iq4juKzSYPbUj2do2X2JX4EzSca1631EB2QJQUqGbDuERal7LCtOpxl6x3+nvo9NPZcmjkiFA==",
+            "dev": true,
+            "license": "MIT"
+        },
         "node_modules/postcss": {
             "version": "8.5.6",
             "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
@@ -2346,6 +2417,23 @@
                 }
             }
         },
+        "node_modules/process-warning": {
+            "version": "5.0.0",
+            "resolved": "https://registry.npmjs.org/process-warning/-/process-warning-5.0.0.tgz",
+            "integrity": "sha512-a39t9ApHNx2L4+HBnQKqxxHNs1r7KF+Intd8Q/g1bUh6q0WIp9voPXJ/x0j+ZL45KF1pJd9+q2jLIRMfvEshkA==",
+            "dev": true,
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/fastify"
+                },
+                {
+                    "type": "opencollective",
+                    "url": "https://opencollective.com/fastify"
+                }
+            ],
+            "license": "MIT"
+        },
         "node_modules/punycode": {
             "version": "2.3.1",
             "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
@@ -2387,6 +2475,23 @@
             ],
             "license": "MIT"
         },
+        "node_modules/quick-format-unescaped": {
+            "version": "4.0.4",
+            "resolved": "https://registry.npmjs.org/quick-format-unescaped/-/quick-format-unescaped-4.0.4.tgz",
+            "integrity": "sha512-tYC1Q1hgyRuHgloV/YXs2w15unPVh8qfu/qCTfhTYamaw7fyhumKa2yGpdSo87vY32rIclj+4fWYQXUMs9EHvg==",
+            "dev": true,
+            "license": "MIT"
+        },
+        "node_modules/real-require": {
+            "version": "0.2.0",
+            "resolved": "https://registry.npmjs.org/real-require/-/real-require-0.2.0.tgz",
+            "integrity": "sha512-57frrGM/OCTLqLOAh0mhVA9VBMHd+9U7Zb2THMGdBUoZVOtGbJzjxsYGDJ3A9AYYCP4hn6y1TVbaOfzWtm5GFg==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">= 12.13.0"
+            }
+        },
         "node_modules/resolve-from": {
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
@@ -2456,6 +2561,16 @@
                 "queue-microtask": "^1.2.2"
             }
         },
+        "node_modules/safe-stable-stringify": {
+            "version": "2.5.0",
+            "resolved": "https://registry.npmjs.org/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz",
+            "integrity": "sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">=10"
+            }
+        },
         "node_modules/segment-sort": {
             "version": "1.0.8",
             "resolved": "https://registry.npmjs.org/segment-sort/-/segment-sort-1.0.8.tgz",
@@ -2499,6 +2614,16 @@
                 "node": ">=8"
             }
         },
+        "node_modules/sonic-boom": {
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/sonic-boom/-/sonic-boom-4.2.0.tgz",
+            "integrity": "sha512-INb7TM37/mAcsGmc9hyyI6+QR3rR1zVRu36B0NeGXKnOOLiZOfER5SA+N7X7k3yUYRzLWafduTDvJAfDswwEww==",
+            "dev": true,
+            "license": "MIT",
+            "dependencies": {
+                "atomic-sleep": "^1.0.0"
+            }
+        },
         "node_modules/sort-object-keys": {
             "version": "1.1.3",
             "resolved": "https://registry.npmjs.org/sort-object-keys/-/sort-object-keys-1.1.3.tgz",
@@ -2538,6 +2663,16 @@
                 "node": ">=0.10.0"
             }
         },
+        "node_modules/split2": {
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz",
+            "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==",
+            "dev": true,
+            "license": "ISC",
+            "engines": {
+                "node": ">= 10.x"
+            }
+        },
         "node_modules/streamroller": {
             "version": "3.1.5",
             "resolved": "https://registry.npmjs.org/streamroller/-/streamroller-3.1.5.tgz",
@@ -2650,6 +2785,16 @@
             "dev": true,
             "license": "MIT"
         },
+        "node_modules/thread-stream": {
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-3.1.0.tgz",
+            "integrity": "sha512-OqyPZ9u96VohAyMfJykzmivOrY2wfMSf3C5TtFJVgN+Hm6aj+voFhlK+kZEIv2FBh1X6Xp3DlnCOfEQ3B2J86A==",
+            "dev": true,
+            "license": "MIT",
+            "dependencies": {
+                "real-require": "^0.2.0"
+            }
+        },
         "node_modules/tinyglobby": {
             "version": "0.2.14",
             "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.14.tgz",
@@ -2704,9 +2849,9 @@
             }
         },
         "node_modules/typedoc": {
-            "version": "0.28.12",
-            "resolved": "https://registry.npmjs.org/typedoc/-/typedoc-0.28.12.tgz",
-            "integrity": "sha512-H5ODu4f7N+myG4MfuSp2Vh6wV+WLoZaEYxKPt2y8hmmqNEMVrH69DAjjdmYivF4tP/C2jrIZCZhPalZlTU/ipA==",
+            "version": "0.28.13",
+            "resolved": "https://registry.npmjs.org/typedoc/-/typedoc-0.28.13.tgz",
+            "integrity": "sha512-dNWY8msnYB2a+7Audha+aTF1Pu3euiE7ySp53w8kEsXoYw7dMouV5A1UsTUY345aB152RHnmRMDiovuBi7BD+w==",
             "dev": true,
             "license": "Apache-2.0",
             "dependencies": {
@@ -2728,9 +2873,9 @@
             }
         },
         "node_modules/typedoc-plugin-markdown": {
-            "version": "4.8.1",
-            "resolved": "https://registry.npmjs.org/typedoc-plugin-markdown/-/typedoc-plugin-markdown-4.8.1.tgz",
-            "integrity": "sha512-ug7fc4j0SiJxSwBGLncpSo8tLvrT9VONvPUQqQDTKPxCoFQBADLli832RGPtj6sfSVJebNSrHZQRUdEryYH/7g==",
+            "version": "4.9.0",
+            "resolved": "https://registry.npmjs.org/typedoc-plugin-markdown/-/typedoc-plugin-markdown-4.9.0.tgz",
+            "integrity": "sha512-9Uu4WR9L7ZBgAl60N/h+jqmPxxvnC9nQAlnnO/OujtG2ubjnKTVUFY1XDhcMY+pCqlX3N2HsQM2QTYZIU9tJuw==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -2762,9 +2907,9 @@
             "license": "MIT"
         },
         "node_modules/undici-types": {
-            "version": "7.10.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.10.0.tgz",
-            "integrity": "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag==",
+            "version": "7.12.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
+            "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==",
             "dev": true,
             "license": "MIT"
         },

packages/esbuild-plugin-live-reload/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@goauthentik/esbuild-plugin-live-reload",
-    "version": "1.1.0",
+    "version": "1.2.2",
     "description": "ESBuild + browser refresh. Build completes, page reloads.",
     "license": "MIT",
     "scripts": {
@@ -18,6 +18,10 @@
             "types": "./out/index.d.ts",
             "import": "./index.js"
         },
+        "./shared": {
+            "types": "./out/shared/index.d.ts",
+            "import": "./shared/index.js"
+        },
         "./client": {
             "types": "./out/client/index.d.ts",
             "import": "./client/index.js"
@@ -31,21 +35,22 @@
         "find-free-ports": "^3.1.1"
     },
     "devDependencies": {
-        "@goauthentik/prettier-config": "^3.0.0",
+        "@goauthentik/prettier-config": "^3.1.0",
         "@goauthentik/tsconfig": "^1.0.4",
-        "@types/node": "^24.0.10",
-        "esbuild": "^0.25.5",
+        "@types/node": "^24.3.1",
+        "esbuild": "^0.25.9",
+        "pino": "^9.9.5",
         "prettier": "^3.6.2",
-        "prettier-plugin-packagejson": "^2.5.17",
-        "typedoc": "^0.28.7",
-        "typedoc-plugin-markdown": "^4.7.0",
-        "typescript": "^5.8.3"
+        "prettier-plugin-packagejson": "^2.5.19",
+        "typedoc": "^0.28.12",
+        "typedoc-plugin-markdown": "^4.8.1",
+        "typescript": "^5.9.2"
     },
     "peerDependencies": {
-        "esbuild": "^0.25.5"
+        "esbuild": "^0.25.9"
     },
     "engines": {
-        "node": ">=22"
+        "node": ">=24"
     },
     "keywords": [
         "esbuild",
@@ -58,13 +63,14 @@
     "repository": {
         "type": "git",
         "url": "git+https://github.com/goauthentik/authentik.git",
-        "directory": "web/packages/esbuild-plugin-live-reload"
+        "directory": "packages/esbuild-plugin-live-reload"
     },
     "types": "./out/index.d.ts",
     "files": [
         "./index.js",
         "client/**/*",
         "plugin/**/*",
+        "shared/**/*",
         "out/**/*"
     ],
     "prettier": "@goauthentik/prettier-config",

packages/esbuild-plugin-live-reload/plugin/index.js

@@ -4,11 +4,16 @@
  * @import { ListenOptions } from "node:net";
  * @import {Server as HTTPServer} from "node:http";
  * @import {Server as HTTPSServer} from "node:https";
+ * @import { Logger } from "@goauthentik/esbuild-plugin-live-reload/shared";
  */
-import { findFreePorts } from "find-free-ports";
+
 import * as http from "node:http";
 import { resolve as resolvePath } from "node:path";
 
+import { createLogger } from "@goauthentik/esbuild-plugin-live-reload/shared";
+
+import { findFreePorts } from "find-free-ports";
+
 /**
  * Serializes a custom event to a text stream.
  *
@@ -59,7 +64,7 @@ async function findDisparatePort() {
  *
  * @property {string} pathname
  * @property {EventTarget} dispatcher
- * @property {string} [logPrefix]
+ * @property {Logger} [logger]
  *
  * @category Server API
  * @runtime node
@@ -81,9 +86,7 @@ async function findDisparatePort() {
  * @category Server API
  * @runtime node
  */
-export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build Observer" }) {
-    const log = console.log.bind(console, `[${logPrefix}]`);
-
+export function createRequestHandler({ pathname, dispatcher, logger = createLogger() }) {
     /**
      * @type {RequestHandler}
      */
@@ -93,13 +96,13 @@ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build
         res.setHeader("Access-Control-Allow-Headers", "Content-Type");
 
         if (req.url !== pathname) {
-            log(`🚫 Invalid request to ${req.url}`);
+            logger.warn(`🚫 Invalid request to ${req.url}`);
             res.writeHead(404);
             res.end();
             return;
         }
 
-        log("🔌 Client connected");
+        logger.debug("🔌 Client connected");
 
         res.writeHead(200, {
             "Content-Type": "text/event-stream",
@@ -121,7 +124,7 @@ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build
         dispatcher.addEventListener("esbuild:end", listener);
 
         req.on("close", () => {
-            log("🔌 Client disconnected");
+            logger.debug("🔌 Client disconnected");
 
             clearInterval(keepAliveInterval);
 
@@ -131,7 +134,7 @@ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build
         });
 
         const keepAliveInterval = setInterval(() => {
-            console.timeStamp("🏓 Keep-alive");
+            logger.debug("🏓 Keep-alive");
 
             res.write("event: keep-alive\n\n");
             res.write(serializeCustomEventToStream(new CustomEvent("esbuild:keep-alive")));
@@ -152,7 +155,7 @@ export function createRequestHandler({ pathname, dispatcher, logPrefix = "Build
  * @property {HTTPServer | HTTPSServer} [server] A server to listen on. If not provided, a new server will be created.
  * @property {ListenOptions} [listenOptions] Options for the server's listen method.
  * @property {string | URL} [publicURL] A URL to listen on. If not provided, a random port will be used.
- * @property {string} [logPrefix] A prefix to use for log messages.
+ * @property {Logger} [logger] A console-like logger.
  * @property {string} [relativeRoot] A relative path to the root of the project. This is used to resolve build errors, line numbers, and file paths.
  */
 
@@ -166,9 +169,8 @@ export function liveReloadPlugin(options = {}) {
     return {
         name: "build-watcher",
         setup: async (build) => {
-            const logPrefix = options.logPrefix || "Build Observer";
+            const logger = options.logger || createLogger();
 
-            const timerLabel = `[${logPrefix}] 🏁`;
             const relativeRoot = options.relativeRoot || process.cwd();
 
             const dispatcher = new EventTarget();
@@ -201,7 +203,7 @@ export function liveReloadPlugin(options = {}) {
             const requestHandler = createRequestHandler({
                 pathname: publicURL.pathname,
                 dispatcher,
-                logPrefix,
+                logger,
             });
 
             const server = options.server || http.createServer(requestHandler);
@@ -212,7 +214,7 @@ export function liveReloadPlugin(options = {}) {
             };
 
             server.listen(listenOptions, () => {
-                console.log(`[${logPrefix}] Listening`);
+                logger.info("Listening for build events");
             });
 
             build.onDispose(() => {
@@ -220,8 +222,6 @@ export function liveReloadPlugin(options = {}) {
             });
 
             build.onStart(() => {
-                console.time(timerLabel);
-
                 dispatcher.dispatchEvent(
                     new CustomEvent("esbuild:start", {
                         detail: new Date().toISOString(),
@@ -230,8 +230,6 @@ export function liveReloadPlugin(options = {}) {
             });
 
             build.onEnd((buildResult) => {
-                console.timeEnd(timerLabel);
-
                 if (!buildResult.errors.length) {
                     dispatcher.dispatchEvent(
                         new CustomEvent("esbuild:end", {
@@ -242,7 +240,7 @@ export function liveReloadPlugin(options = {}) {
                     return;
                 }
 
-                console.warn(`Build ended with ${buildResult.errors.length} errors`);
+                logger.warn(`Build ended with ${buildResult.errors.length} errors`);
 
                 dispatcher.dispatchEvent(
                     new CustomEvent("esbuild:error", {

packages/esbuild-plugin-live-reload/shared/index.js

@@ -0,0 +1,24 @@
+/**
+ * @file Shared utilities for the live reload plugin.
+ *
+ * @import { BaseLogger } from "pino";
+ */
+
+/**
+ * @typedef {Pick<BaseLogger, "info" | "warn" | "error" | "debug">} Logger
+ */
+
+/**
+ * Creates a logger with the given prefix.
+ *
+ * @param {string} [prefix]
+ * @returns {Logger}
+ */
+export function createLogger(prefix = "[Build Observer]") {
+    return {
+        info: console.log.bind(console, prefix),
+        warn: console.warn.bind(console, prefix),
+        error: console.error.bind(console, prefix),
+        debug: console.debug.bind(console, prefix),
+    };
+}

packages/eslint-config/package-lock.json

@@ -144,9 +144,9 @@
             }
         },
         "node_modules/@eslint-community/eslint-utils": {
-            "version": "4.7.0",
-            "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
-            "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
+            "version": "4.9.0",
+            "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz",
+            "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==",
             "license": "MIT",
             "dependencies": {
                 "eslint-visitor-keys": "^3.4.3"
@@ -240,9 +240,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "9.34.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.34.0.tgz",
-            "integrity": "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw==",
+            "version": "9.36.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz",
+            "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -502,17 +502,17 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.41.0.tgz",
-            "integrity": "sha512-8fz6oa6wEKZrhXWro/S3n2eRJqlRcIa6SlDh59FXJ5Wp5XRZ8B9ixpJDcjadHq47hMx0u+HW6SNa6LjJQ6NLtw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.0.tgz",
+            "integrity": "sha512-EGDAOGX+uwwekcS0iyxVDmRV9HX6FLSM5kzrAToLTsr9OWCIKG/y3lQheCq18yZ5Xh78rRKJiEpP0ZaCs4ryOQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.41.0",
-                "@typescript-eslint/type-utils": "8.41.0",
-                "@typescript-eslint/utils": "8.41.0",
-                "@typescript-eslint/visitor-keys": "8.41.0",
+                "@typescript-eslint/scope-manager": "8.44.0",
+                "@typescript-eslint/type-utils": "8.44.0",
+                "@typescript-eslint/utils": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -526,7 +526,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.41.0",
+                "@typescript-eslint/parser": "^8.44.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <6.0.0"
             }
@@ -542,16 +542,16 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.41.0.tgz",
-            "integrity": "sha512-gTtSdWX9xiMPA/7MV9STjJOOYtWwIJIYxkQxnSV1U3xcE+mnJSH3f6zI0RYP+ew66WSlZ5ed+h0VCxsvdC1jJg==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.0.tgz",
+            "integrity": "sha512-VGMpFQGUQWYT9LfnPcX8ouFojyrZ/2w3K5BucvxL/spdNehccKhB4jUyB1yBCXpr2XFm0jkECxgrpXBW2ipoAw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.41.0",
-                "@typescript-eslint/types": "8.41.0",
-                "@typescript-eslint/typescript-estree": "8.41.0",
-                "@typescript-eslint/visitor-keys": "8.41.0",
+                "@typescript-eslint/scope-manager": "8.44.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -567,14 +567,14 @@
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.41.0.tgz",
-            "integrity": "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.0.tgz",
+            "integrity": "sha512-ZeaGNraRsq10GuEohKTo4295Z/SuGcSq2LzfGlqiuEvfArzo/VRrT0ZaJsVPuKZ55lVbNk8U6FcL+ZMH8CoyVA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.41.0",
-                "@typescript-eslint/types": "^8.41.0",
+                "@typescript-eslint/tsconfig-utils": "^8.44.0",
+                "@typescript-eslint/types": "^8.44.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -589,14 +589,14 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.41.0.tgz",
-            "integrity": "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.0.tgz",
+            "integrity": "sha512-87Jv3E+al8wpD+rIdVJm/ItDBe/Im09zXIjFoipOjr5gHUhJmTzfFLuTJ/nPTMc2Srsroy4IBXwcTCHyRR7KzA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.41.0",
-                "@typescript-eslint/visitor-keys": "8.41.0"
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -607,9 +607,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.41.0.tgz",
-            "integrity": "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.0.tgz",
+            "integrity": "sha512-x5Y0+AuEPqAInc6yd0n5DAcvtoQ/vyaGwuX5HE9n6qAefk1GaedqrLQF8kQGylLUb9pnZyLf+iEiL9fr8APDtQ==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -624,15 +624,15 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.41.0.tgz",
-            "integrity": "sha512-63qt1h91vg3KsjVVonFJWjgSK7pZHSQFKH6uwqxAH9bBrsyRhO6ONoKyXxyVBzG1lJnFAJcKAcxLS54N1ee1OQ==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.0.tgz",
+            "integrity": "sha512-9cwsoSxJ8Sak67Be/hD2RNt/fsqmWnNE1iHohG8lxqLSNY8xNfyY7wloo5zpW3Nu9hxVgURevqfcH6vvKCt6yg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.41.0",
-                "@typescript-eslint/typescript-estree": "8.41.0",
-                "@typescript-eslint/utils": "8.41.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0",
+                "@typescript-eslint/utils": "8.44.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -649,9 +649,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.41.0.tgz",
-            "integrity": "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.0.tgz",
+            "integrity": "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -663,16 +663,16 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.41.0.tgz",
-            "integrity": "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.0.tgz",
+            "integrity": "sha512-lqNj6SgnGcQZwL4/SBJ3xdPEfcBuhCG8zdcwCPgYcmiPLgokiNDKlbPzCwEwu7m279J/lBYWtDYL+87OEfn8Jw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.41.0",
-                "@typescript-eslint/tsconfig-utils": "8.41.0",
-                "@typescript-eslint/types": "8.41.0",
-                "@typescript-eslint/visitor-keys": "8.41.0",
+                "@typescript-eslint/project-service": "8.44.0",
+                "@typescript-eslint/tsconfig-utils": "8.44.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -731,16 +731,16 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.41.0.tgz",
-            "integrity": "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.0.tgz",
+            "integrity": "sha512-nktOlVcg3ALo0mYlV+L7sWUD58KG4CMj1rb2HUVOO4aL3K/6wcD+NERqd0rrA5Vg06b42YhF6cFxeixsp9Riqg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.41.0",
-                "@typescript-eslint/types": "8.41.0",
-                "@typescript-eslint/typescript-estree": "8.41.0"
+                "@typescript-eslint/scope-manager": "8.44.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -755,13 +755,13 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.41.0.tgz",
-            "integrity": "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.0.tgz",
+            "integrity": "sha512-zaz9u8EJ4GBmnehlrpoKvj/E3dNbuQ7q0ucyZImm3cLqJ8INTc970B1qEqDX/Rzq65r3TvVTN7kHWPBoyW7DWw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.41.0",
+                "@typescript-eslint/types": "8.44.0",
                 "eslint-visitor-keys": "^4.2.1"
             },
             "engines": {
@@ -1611,18 +1611,18 @@
             }
         },
         "node_modules/eslint": {
-            "version": "9.34.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.34.0.tgz",
-            "integrity": "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg==",
+            "version": "9.36.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.36.0.tgz",
+            "integrity": "sha512-hB4FIzXovouYzwzECDcUkJ4OcfOEkXTv2zRY6B9bkwjx/cprAq0uvm1nl7zvQ0/TsUk0zQiN4uPfJpB9m+rPMQ==",
             "license": "MIT",
             "dependencies": {
-                "@eslint-community/eslint-utils": "^4.2.0",
+                "@eslint-community/eslint-utils": "^4.8.0",
                 "@eslint-community/regexpp": "^4.12.1",
                 "@eslint/config-array": "^0.21.0",
                 "@eslint/config-helpers": "^0.3.1",
                 "@eslint/core": "^0.15.2",
                 "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.34.0",
+                "@eslint/js": "9.36.0",
                 "@eslint/plugin-kit": "^0.3.5",
                 "@humanfs/node": "^0.16.6",
                 "@humanwhocodes/module-importer": "^1.0.1",
@@ -4709,16 +4709,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.41.0",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.41.0.tgz",
-            "integrity": "sha512-n66rzs5OBXW3SFSnZHr2T685q1i4ODm2nulFJhMZBotaTavsS8TrI3d7bDlRSs9yWo7HmyWrN9qDu14Qv7Y0Dw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.44.0.tgz",
+            "integrity": "sha512-ib7mCkYuIzYonCq9XWF5XNw+fkj2zg629PSa9KNIQ47RXFF763S5BIX4wqz1+FLPogTZoiw8KmCiRPRa8bL3qw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.41.0",
-                "@typescript-eslint/parser": "8.41.0",
-                "@typescript-eslint/typescript-estree": "8.41.0",
-                "@typescript-eslint/utils": "8.41.0"
+                "@typescript-eslint/eslint-plugin": "8.44.0",
+                "@typescript-eslint/parser": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0",
+                "@typescript-eslint/utils": "8.44.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"

packages/prettier-config/package-lock.json

@@ -119,9 +119,9 @@
             }
         },
         "node_modules/@eslint-community/eslint-utils": {
-            "version": "4.7.0",
-            "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
-            "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
+            "version": "4.9.0",
+            "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz",
+            "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==",
             "license": "MIT",
             "dependencies": {
                 "eslint-visitor-keys": "^3.4.3"
@@ -228,9 +228,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "9.34.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.34.0.tgz",
-            "integrity": "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw==",
+            "version": "9.36.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz",
+            "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -385,13 +385,13 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.3.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.3.0.tgz",
-            "integrity": "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow==",
+            "version": "24.5.2",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
+            "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.10.0"
+                "undici-types": "~7.12.0"
             }
         },
         "node_modules/@vue/compiler-core": {
@@ -689,18 +689,18 @@
             }
         },
         "node_modules/eslint": {
-            "version": "9.34.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.34.0.tgz",
-            "integrity": "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg==",
+            "version": "9.36.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.36.0.tgz",
+            "integrity": "sha512-hB4FIzXovouYzwzECDcUkJ4OcfOEkXTv2zRY6B9bkwjx/cprAq0uvm1nl7zvQ0/TsUk0zQiN4uPfJpB9m+rPMQ==",
             "license": "MIT",
             "dependencies": {
-                "@eslint-community/eslint-utils": "^4.2.0",
+                "@eslint-community/eslint-utils": "^4.8.0",
                 "@eslint-community/regexpp": "^4.12.1",
                 "@eslint/config-array": "^0.21.0",
                 "@eslint/config-helpers": "^0.3.1",
                 "@eslint/core": "^0.15.2",
                 "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.34.0",
+                "@eslint/js": "9.36.0",
                 "@eslint/plugin-kit": "^0.3.5",
                 "@humanfs/node": "^0.16.6",
                 "@humanwhocodes/module-importer": "^1.0.1",
@@ -1724,9 +1724,9 @@
             }
         },
         "node_modules/undici-types": {
-            "version": "7.10.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.10.0.tgz",
-            "integrity": "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag==",
+            "version": "7.12.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
+            "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==",
             "dev": true,
             "license": "MIT"
         },

pyproject.toml

@@ -12,7 +12,7 @@ dependencies = [
   "dacite==1.9.2",
   "deepmerge==2.0",
   "defusedxml==0.7.1",
-  "django==5.1.11",
+  "django==5.1.12",
   "django-countries==7.6.1",
   "django-cte==2.0.0",
   "django-dramatiq-postgres",
@@ -85,19 +85,24 @@ dev = [
   "constructs==10.4.2",
   "coverage[toml]==7.8.0",
   "debugpy==1.8.14",
+  "django-stubs[compatible-mypy]==5.2.5",
+  "djangorestframework-stubs[compatible-mypy]==3.16.3",
   "drf-jsonschema-serializer==3.0.0",
   "freezegun==1.5.1",
   "importlib-metadata==8.6.1",
   "k5test==0.10.4",
+  "lxml-stubs==0.5.1",
+  "mypy==1.18.2",
   "pdoc==15.0.3",
-  "pytest==8.3.5",
   "pytest-django==4.11.1",
   "pytest-github-actions-annotate-failures==0.3.0",
   "pytest-randomly==3.16.0",
   "pytest-timeout==2.4.0",
+  "pytest==8.3.5",
   "requests-mock==1.12.1",
   "ruff==0.11.9",
   "selenium==4.32.0",
+  "types-ldap3==2.9.13.20250622",
 ]
 
 [tool.uv]
@@ -143,6 +148,7 @@ skip = [
   "**/dist",                    # Distributed build output
   "**/storybook-static",
   "**/web/xliff",
+  "**/playwright-report",       # Playwright test output
   "**/out",                     # TypeScript type-checking output
   "./web/custom-elements.json", # TypeScript custom element definitions
   "./website/build",            # TODO: Remove this after moving website to docs
@@ -171,20 +177,13 @@ exclude = ["**/migrations/**", "**/node_modules/**"]
 
 [tool.ruff.lint]
 select = [
-  # pycodestyle
-  "E",
-  # Pyflakes
-  "F",
-  # isort
-  "I",
-  # pyupgrade
-  "UP",
-  # flake8-bugbear
-  "B",
-  # django
-  "DJ",
-  # pylint
-  "PL",
+  "E",  # pycodestyle
+  "F",  # Pyflakes
+  "I",  # isort
+  "UP", # pyupgrade
+  "B",  # flake8-bugbear
+  "DJ", # django
+  "PL", # pylint
 ]
 ignore = [
   "DJ001", # Avoid using `null=True` on string-based fields,
@@ -195,6 +194,82 @@ max-args = 7
 max-branches = 18
 max-returns = 10
 
+[tool.mypy]
+plugins = ["mypy_django_plugin.main", "mypy_drf_plugin.main", "pydantic.mypy"]
+exclude = ['^gen-py-api/']
+
+[[tool.mypy.overrides]]
+module = [
+  "authentik.admin.*",
+  "authentik.api.*",
+  "authentik.blueprints.*",
+  "authentik.brands.*",
+  "authentik.core.*",
+  "authentik.crypto.*",
+  "authentik.enterprise.*",
+  "authentik.events.*",
+  "authentik.flows.*",
+  "authentik.lib.*",
+  "authentik.outposts.*",
+  "authentik.policies.*",
+  "authentik.policies.dummy.*",
+  "authentik.policies.event_matcher.*",
+  "authentik.policies.expiry.*",
+  "authentik.policies.expression.*",
+  "authentik.policies.geoip.*",
+  "authentik.policies.password.*",
+  "authentik.policies.reputation.*",
+  "authentik.providers.ldap.*",
+  "authentik.providers.oauth2.*",
+  "authentik.providers.proxy.*",
+  "authentik.providers.rac.*",
+  "authentik.providers.radius.*",
+  "authentik.providers.saml.*",
+  "authentik.providers.scim.*",
+  "authentik.rbac.*",
+  "authentik.recovery.*",
+  "authentik.root.*",
+  "authentik.sources.kerberos.*",
+  "authentik.sources.ldap.*",
+  "authentik.sources.oauth.*",
+  "authentik.sources.plex.*",
+  "authentik.sources.saml.*",
+  "authentik.sources.scim.*",
+  "authentik.stages.authenticator_duo.*",
+  "authentik.stages.authenticator_email.*",
+  "authentik.stages.authenticator_sms.*",
+  "authentik.stages.authenticator_static.*",
+  "authentik.stages.authenticator_totp.*",
+  "authentik.stages.authenticator_validate.*",
+  "authentik.stages.authenticator_webauthn.*",
+  "authentik.stages.authenticator.*",
+  "authentik.stages.captcha.*",
+  "authentik.stages.consent.*",
+  "authentik.stages.deny.*",
+  "authentik.stages.dummy.*",
+  "authentik.stages.email.*",
+  "authentik.stages.identification.*",
+  "authentik.stages.invitation.*",
+  "authentik.stages.password.*",
+  "authentik.stages.prompt.*",
+  "authentik.stages.redirect.*",
+  "authentik.stages.user_delete.*",
+  "authentik.stages.user_login.*",
+  "authentik.stages.user_logout.*",
+  "authentik.stages.user_write.*",
+  "authentik.tasks.*",
+  "authentik.tasks.schedules.*",
+  "authentik.tenants.*",
+  "django_dramatiq_postgres.*",
+  "lifecycle.*",
+  "tests.e2e.*",
+  "tests.integration.*",
+]
+ignore_errors = true
+
+[tool.django-stubs]
+django_settings_module = "authentik.root.settings"
+
 [tool.coverage.run]
 source = ["authentik"]
 relative_files = true

scripts/generate_config.py

@@ -1,12 +1,14 @@
 #!/usr/bin/env python3
 """Generate config for development"""
 
+from typing import Any
+
 from yaml import safe_dump
 
 from authentik.lib.generators import generate_id
 
 
-def generate_local_config():
+def generate_local_config() -> dict[str, Any]:
     """Generate a local development configuration"""
     # TODO: This should be generated and validated against a schema, such as Pydantic.
 

tests/e2e/docker-compose.yml

@@ -1,13 +1,13 @@
 services:
   chrome:
     platform: linux/x86_64
-    image: docker.io/selenium/standalone-chrome:139.0
+    image: docker.io/selenium/standalone-chrome:140.0
     volumes:
       - /dev/shm:/dev/shm
     network_mode: host
     restart: always
   mailpit:
-    image: docker.io/axllent/mailpit:v1.27.7
+    image: docker.io/axllent/mailpit:v1.27.8
     ports:
       - 1025:1025
       - 8025:8025

uv.lock

@@ -242,10 +242,14 @@ dev = [
     { name = "constructs" },
     { name = "coverage" },
     { name = "debugpy" },
+    { name = "django-stubs", extra = ["compatible-mypy"] },
+    { name = "djangorestframework-stubs", extra = ["compatible-mypy"] },
     { name = "drf-jsonschema-serializer" },
     { name = "freezegun" },
     { name = "importlib-metadata" },
     { name = "k5test" },
+    { name = "lxml-stubs" },
+    { name = "mypy" },
     { name = "pdoc" },
     { name = "pytest" },
     { name = "pytest-django" },
@@ -255,6 +259,7 @@ dev = [
     { name = "requests-mock" },
     { name = "ruff" },
     { name = "selenium" },
+    { name = "types-ldap3" },
 ]
 
 [package.metadata]
@@ -266,7 +271,7 @@ requires-dist = [
     { name = "dacite", specifier = "==1.9.2" },
     { name = "deepmerge", specifier = "==2.0" },
     { name = "defusedxml", specifier = "==0.7.1" },
-    { name = "django", specifier = "==5.1.11" },
+    { name = "django", specifier = "==5.1.12" },
     { name = "django-countries", specifier = "==7.6.1" },
     { name = "django-cte", specifier = "==2.0.0" },
     { name = "django-dramatiq-postgres", editable = "packages/django-dramatiq-postgres" },
@@ -339,10 +344,14 @@ dev = [
     { name = "constructs", specifier = "==10.4.2" },
     { name = "coverage", extras = ["toml"], specifier = "==7.8.0" },
     { name = "debugpy", specifier = "==1.8.14" },
+    { name = "django-stubs", extras = ["compatible-mypy"], specifier = "==5.2.5" },
+    { name = "djangorestframework-stubs", extras = ["compatible-mypy"], specifier = "==3.16.3" },
     { name = "drf-jsonschema-serializer", specifier = "==3.0.0" },
     { name = "freezegun", specifier = "==1.5.1" },
     { name = "importlib-metadata", specifier = "==8.6.1" },
     { name = "k5test", specifier = "==0.10.4" },
+    { name = "lxml-stubs", specifier = "==0.5.1" },
+    { name = "mypy", specifier = "==1.18.2" },
     { name = "pdoc", specifier = "==15.0.3" },
     { name = "pytest", specifier = "==8.3.5" },
     { name = "pytest-django", specifier = "==4.11.1" },
@@ -352,6 +361,7 @@ dev = [
     { name = "requests-mock", specifier = "==1.12.1" },
     { name = "ruff", specifier = "==0.11.9" },
     { name = "selenium", specifier = "==4.32.0" },
+    { name = "types-ldap3", specifier = "==2.9.13.20250622" },
 ]
 
 [[package]]
@@ -440,21 +450,21 @@ wheels = [
 
 [[package]]
 name = "azure-core"
-version = "1.35.0"
+version = "1.35.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "requests" },
     { name = "six" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/ce/89/f53968635b1b2e53e4aad2dd641488929fef4ca9dfb0b97927fa7697ddf3/azure_core-1.35.0.tar.gz", hash = "sha256:c0be528489485e9ede59b6971eb63c1eaacf83ef53001bfe3904e475e972be5c", size = 339689, upload-time = "2025-07-03T00:55:23.496Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/15/6b/2653adc0f33adba8f11b1903701e6b1c10d34ce5d8e25dfa13a422f832b0/azure_core-1.35.1.tar.gz", hash = "sha256:435d05d6df0fff2f73fb3c15493bb4721ede14203f1ff1382aa6b6b2bdd7e562", size = 345290, upload-time = "2025-09-11T22:58:04.481Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/d4/78/bf94897361fdd650850f0f2e405b2293e2f12808239046232bdedf554301/azure_core-1.35.0-py3-none-any.whl", hash = "sha256:8db78c72868a58f3de8991eb4d22c4d368fae226dac1002998d6c50437e7dad1", size = 210708, upload-time = "2025-07-03T00:55:25.238Z" },
+    { url = "https://files.pythonhosted.org/packages/27/52/805980aa1ba18282077c484dba634ef0ede1e84eec8be9c92b2e162d0ed6/azure_core-1.35.1-py3-none-any.whl", hash = "sha256:12da0c9e08e48e198f9158b56ddbe33b421477e1dc98c2e1c8f9e254d92c468b", size = 211800, upload-time = "2025-09-11T22:58:06.281Z" },
 ]
 
 [[package]]
 name = "azure-identity"
-version = "1.24.0"
+version = "1.25.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "azure-core" },
@@ -463,9 +473,9 @@ dependencies = [
     { name = "msal-extensions" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/b5/44/f3ee20bacb220b6b4a2b0a6cf7e742eecb383a5ccf604dd79ec27c286b7e/azure_identity-1.24.0.tar.gz", hash = "sha256:6c3a40b2a70af831e920b89e6421e8dcd4af78a0cb38b9642d86c67643d4930c", size = 271630, upload-time = "2025-08-07T22:27:36.258Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/4e/9e/4c9682a286c3c89e437579bd9f64f311020e5125c1321fd3a653166b5716/azure_identity-1.25.0.tar.gz", hash = "sha256:4177df34d684cddc026e6cf684e1abb57767aa9d84e7f2129b080ec45eee7733", size = 278507, upload-time = "2025-09-12T01:30:04.418Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/a9/74/17428cb429e8d52f6d0d69ed685f4760a545cb0156594963a9337b53b6c9/azure_identity-1.24.0-py3-none-any.whl", hash = "sha256:9e04997cde0ab02ed66422c74748548e620b7b29361c72ce622acab0267ff7c4", size = 187890, upload-time = "2025-08-07T22:27:38.033Z" },
+    { url = "https://files.pythonhosted.org/packages/75/54/81683b6756676a22e037b209695b08008258e603f7e47c56834029c5922a/azure_identity-1.25.0-py3-none-any.whl", hash = "sha256:becaec086bbdf8d1a6aa4fb080c2772a0f824a97d50c29637ec8cc4933f1e82d", size = 190861, upload-time = "2025-09-12T01:30:06.474Z" },
 ]
 
 [[package]]
@@ -555,30 +565,30 @@ wheels = [
 
 [[package]]
 name = "boto3"
-version = "1.40.21"
+version = "1.40.31"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "botocore" },
     { name = "jmespath" },
     { name = "s3transfer" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/d8/54/5ba3f69a892ff486f5925008da21618665cf321880f279e9605399d9cec3/boto3-1.40.21.tar.gz", hash = "sha256:876ccc0b25517b992bd27976282510773a11ebc771aa5b836a238ea426c82187", size = 111590, upload-time = "2025-08-29T19:20:57.901Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/9c/e6/1a8b1710245aac792ea283051727f4e7f29b4bfb85fd887f4c25aa85b4eb/boto3-1.40.31.tar.gz", hash = "sha256:8c5f1270f09431694412f326cfb5ac9786d41ea3bc6ac54cbb7161d40afc660d", size = 111606, upload-time = "2025-09-15T19:38:46.136Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/86/76/48b982bb504ffbff8eb5522df8c144b98cdc38d574b3c55db1d82b5c0c7f/boto3-1.40.21-py3-none-any.whl", hash = "sha256:3772fb828864d3b7046c8bdf2f4860aaca4a79f25b7b060206c6a5f4944ea7f9", size = 139322, upload-time = "2025-08-29T19:20:55.888Z" },
+    { url = "https://files.pythonhosted.org/packages/ee/79/22fd4a4a61cb87f893804d8a36a834c69849a8fe2b0d9e28c2676824bff1/boto3-1.40.31-py3-none-any.whl", hash = "sha256:61d5f9975c54ff919a24ff9d472c6c09c8a443a083fe56d30c04fc22d22ac42b", size = 139343, upload-time = "2025-09-15T19:38:44.707Z" },
 ]
 
 [[package]]
 name = "botocore"
-version = "1.40.21"
+version = "1.40.31"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "jmespath" },
     { name = "python-dateutil" },
     { name = "urllib3" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/50/11/d9a500a0e86b74017854e3ff12fd943f74f4358337799e0b272eaa6b4e27/botocore-1.40.21.tar.gz", hash = "sha256:f77e9c199df0252b14ea739a9ac99723940f6bde90f4c2e7802701553a62827b", size = 14321194, upload-time = "2025-08-29T19:20:46.892Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/42/8a/6ed2ccd9f6b8930ed15e755667f8f5f32a568cf4e3bf31a8526dcf4ce562/botocore-1.40.31.tar.gz", hash = "sha256:9496b91bbe40ed01d341dc8f6ff0492d7f546e80f1a862b00ec5bc9045fa3324", size = 14340752, upload-time = "2025-09-15T19:38:35.659Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/df/6a/effb671afa31d35805d0760b45676136fd1209e263641861456b4566ae9b/botocore-1.40.21-py3-none-any.whl", hash = "sha256:574ecf9b68c1721650024a27e00e0080b6f141c281ebfce49e0d302969270ef4", size = 13993859, upload-time = "2025-08-29T19:20:41.404Z" },
+    { url = "https://files.pythonhosted.org/packages/42/98/0f6cfbc627a87d84cfc66ceb7d9b71d694313a32cddbe415b9f298c9e50b/botocore-1.40.31-py3-none-any.whl", hash = "sha256:4033a00f8c6a4b5c3acb30af9283963123917227a437e5fc165189d07bd3cf8a", size = 14013342, upload-time = "2025-09-15T19:38:32.098Z" },
 ]
 
 [[package]]
@@ -631,24 +641,25 @@ wheels = [
 
 [[package]]
 name = "cffi"
-version = "1.17.1"
+version = "2.0.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
-    { name = "pycparser" },
+    { name = "pycparser", marker = "implementation_name != 'PyPy'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/fc/97/c783634659c2920c3fc70419e3af40972dbaf758daa229a7d6ea6135c90d/cffi-1.17.1.tar.gz", hash = "sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824", size = 516621, upload-time = "2024-09-04T20:45:21.852Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/eb/56/b1ba7935a17738ae8453301356628e8147c79dbb825bcbc73dc7401f9846/cffi-2.0.0.tar.gz", hash = "sha256:44d1b5909021139fe36001ae048dbdde8214afa20200eda0f64c068cac5d5529", size = 523588, upload-time = "2025-09-08T23:24:04.541Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/8d/f8/dd6c246b148639254dad4d6803eb6a54e8c85c6e11ec9df2cffa87571dbe/cffi-1.17.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e", size = 182989, upload-time = "2024-09-04T20:44:28.956Z" },
-    { url = "https://files.pythonhosted.org/packages/8b/f1/672d303ddf17c24fc83afd712316fda78dc6fce1cd53011b839483e1ecc8/cffi-1.17.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2", size = 178802, upload-time = "2024-09-04T20:44:30.289Z" },
-    { url = "https://files.pythonhosted.org/packages/0e/2d/eab2e858a91fdff70533cab61dcff4a1f55ec60425832ddfdc9cd36bc8af/cffi-1.17.1-cp313-cp313-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3", size = 454792, upload-time = "2024-09-04T20:44:32.01Z" },
-    { url = "https://files.pythonhosted.org/packages/75/b2/fbaec7c4455c604e29388d55599b99ebcc250a60050610fadde58932b7ee/cffi-1.17.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683", size = 478893, upload-time = "2024-09-04T20:44:33.606Z" },
-    { url = "https://files.pythonhosted.org/packages/4f/b7/6e4a2162178bf1935c336d4da8a9352cccab4d3a5d7914065490f08c0690/cffi-1.17.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5", size = 485810, upload-time = "2024-09-04T20:44:35.191Z" },
-    { url = "https://files.pythonhosted.org/packages/c7/8a/1d0e4a9c26e54746dc08c2c6c037889124d4f59dffd853a659fa545f1b40/cffi-1.17.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4", size = 471200, upload-time = "2024-09-04T20:44:36.743Z" },
-    { url = "https://files.pythonhosted.org/packages/26/9f/1aab65a6c0db35f43c4d1b4f580e8df53914310afc10ae0397d29d697af4/cffi-1.17.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd", size = 479447, upload-time = "2024-09-04T20:44:38.492Z" },
-    { url = "https://files.pythonhosted.org/packages/5f/e4/fb8b3dd8dc0e98edf1135ff067ae070bb32ef9d509d6cb0f538cd6f7483f/cffi-1.17.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed", size = 484358, upload-time = "2024-09-04T20:44:40.046Z" },
-    { url = "https://files.pythonhosted.org/packages/f1/47/d7145bf2dc04684935d57d67dff9d6d795b2ba2796806bb109864be3a151/cffi-1.17.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9", size = 488469, upload-time = "2024-09-04T20:44:41.616Z" },
-    { url = "https://files.pythonhosted.org/packages/bf/ee/f94057fa6426481d663b88637a9a10e859e492c73d0384514a17d78ee205/cffi-1.17.1-cp313-cp313-win32.whl", hash = "sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d", size = 172475, upload-time = "2024-09-04T20:44:43.733Z" },
-    { url = "https://files.pythonhosted.org/packages/7c/fc/6a8cb64e5f0324877d503c854da15d76c1e50eb722e320b15345c4d0c6de/cffi-1.17.1-cp313-cp313-win_amd64.whl", hash = "sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a", size = 182009, upload-time = "2024-09-04T20:44:45.309Z" },
+    { url = "https://files.pythonhosted.org/packages/4b/8d/a0a47a0c9e413a658623d014e91e74a50cdd2c423f7ccfd44086ef767f90/cffi-2.0.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:00bdf7acc5f795150faa6957054fbbca2439db2f775ce831222b66f192f03beb", size = 185230, upload-time = "2025-09-08T23:23:00.879Z" },
+    { url = "https://files.pythonhosted.org/packages/4a/d2/a6c0296814556c68ee32009d9c2ad4f85f2707cdecfd7727951ec228005d/cffi-2.0.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:45d5e886156860dc35862657e1494b9bae8dfa63bf56796f2fb56e1679fc0bca", size = 181043, upload-time = "2025-09-08T23:23:02.231Z" },
+    { url = "https://files.pythonhosted.org/packages/b0/1e/d22cc63332bd59b06481ceaac49d6c507598642e2230f201649058a7e704/cffi-2.0.0-cp313-cp313-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:07b271772c100085dd28b74fa0cd81c8fb1a3ba18b21e03d7c27f3436a10606b", size = 212446, upload-time = "2025-09-08T23:23:03.472Z" },
+    { url = "https://files.pythonhosted.org/packages/a9/f5/a2c23eb03b61a0b8747f211eb716446c826ad66818ddc7810cc2cc19b3f2/cffi-2.0.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:d48a880098c96020b02d5a1f7d9251308510ce8858940e6fa99ece33f610838b", size = 220101, upload-time = "2025-09-08T23:23:04.792Z" },
+    { url = "https://files.pythonhosted.org/packages/f2/7f/e6647792fc5850d634695bc0e6ab4111ae88e89981d35ac269956605feba/cffi-2.0.0-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.whl", hash = "sha256:f93fd8e5c8c0a4aa1f424d6173f14a892044054871c771f8566e4008eaa359d2", size = 207948, upload-time = "2025-09-08T23:23:06.127Z" },
+    { url = "https://files.pythonhosted.org/packages/cb/1e/a5a1bd6f1fb30f22573f76533de12a00bf274abcdc55c8edab639078abb6/cffi-2.0.0-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.whl", hash = "sha256:dd4f05f54a52fb558f1ba9f528228066954fee3ebe629fc1660d874d040ae5a3", size = 206422, upload-time = "2025-09-08T23:23:07.753Z" },
+    { url = "https://files.pythonhosted.org/packages/98/df/0a1755e750013a2081e863e7cd37e0cdd02664372c754e5560099eb7aa44/cffi-2.0.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c8d3b5532fc71b7a77c09192b4a5a200ea992702734a2e9279a37f2478236f26", size = 219499, upload-time = "2025-09-08T23:23:09.648Z" },
+    { url = "https://files.pythonhosted.org/packages/50/e1/a969e687fcf9ea58e6e2a928ad5e2dd88cc12f6f0ab477e9971f2309b57c/cffi-2.0.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:d9b29c1f0ae438d5ee9acb31cadee00a58c46cc9c0b2f9038c6b0b3470877a8c", size = 222928, upload-time = "2025-09-08T23:23:10.928Z" },
+    { url = "https://files.pythonhosted.org/packages/36/54/0362578dd2c9e557a28ac77698ed67323ed5b9775ca9d3fe73fe191bb5d8/cffi-2.0.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:6d50360be4546678fc1b79ffe7a66265e28667840010348dd69a314145807a1b", size = 221302, upload-time = "2025-09-08T23:23:12.42Z" },
+    { url = "https://files.pythonhosted.org/packages/eb/6d/bf9bda840d5f1dfdbf0feca87fbdb64a918a69bca42cfa0ba7b137c48cb8/cffi-2.0.0-cp313-cp313-win32.whl", hash = "sha256:74a03b9698e198d47562765773b4a8309919089150a0bb17d829ad7b44b60d27", size = 172909, upload-time = "2025-09-08T23:23:14.32Z" },
+    { url = "https://files.pythonhosted.org/packages/37/18/6519e1ee6f5a1e579e04b9ddb6f1676c17368a7aba48299c3759bbc3c8b3/cffi-2.0.0-cp313-cp313-win_amd64.whl", hash = "sha256:19f705ada2530c1167abacb171925dd886168931e0a7b78f5bffcae5c6b5be75", size = 183402, upload-time = "2025-09-08T23:23:15.535Z" },
+    { url = "https://files.pythonhosted.org/packages/cb/0e/02ceeec9a7d6ee63bb596121c2c8e9b3a9e150936f4fbef6ca1943e6137c/cffi-2.0.0-cp313-cp313-win_arm64.whl", hash = "sha256:256f80b80ca3853f90c21b23ee78cd008713787b1b1e93eae9f3d6a7134abd91", size = 177780, upload-time = "2025-09-08T23:23:16.761Z" },
 ]
 
 [[package]]
@@ -898,16 +909,16 @@ wheels = [
 
 [[package]]
 name = "django"
-version = "5.1.11"
+version = "5.1.12"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "asgiref" },
     { name = "sqlparse" },
     { name = "tzdata", marker = "sys_platform == 'win32'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/83/80/bf0f9b0aa434fca2b46fc6a31c39b08ea714b87a0a72a16566f053fb05a8/django-5.1.11.tar.gz", hash = "sha256:3bcdbd40e4d4623b5e04f59c28834323f3086df583058e65ebce99f9982385ce", size = 10734926, upload-time = "2025-06-10T10:12:48.229Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f0/99/a951d93a27a5bc59fb96edbcdbc03fb9bfac51177f1bc0110888de85af3f/django-5.1.12.tar.gz", hash = "sha256:8a8991b1ec052ef6a44fefd1ef336ab8daa221287bcb91a4a17d5e1abec5bbcc", size = 10737777, upload-time = "2025-09-03T13:09:45.855Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/59/91/2972ce330c6c0bd5b3200d4c2ad5cbf47eecff5243220c5a56444d3267a0/django-5.1.11-py3-none-any.whl", hash = "sha256:e48091f364007068728aca938e7450fbfe3f2217079bfd2b8af45122585acf64", size = 8277453, upload-time = "2025-06-10T10:12:42.236Z" },
+    { url = "https://files.pythonhosted.org/packages/1e/1c/a9520c8263e980b0b9933c9b5ce8f22c9ddf007b062e4eb428b557ff0932/django-5.1.12-py3-none-any.whl", hash = "sha256:9eb695636cea3601b65690f1596993c042206729afb320ca0960b55f8ed4477b", size = 8277454, upload-time = "2025-09-03T13:09:30.997Z" },
 ]
 
 [[package]]
@@ -1074,6 +1085,39 @@ s3 = [
     { name = "boto3" },
 ]
 
+[[package]]
+name = "django-stubs"
+version = "5.2.5"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "django" },
+    { name = "django-stubs-ext" },
+    { name = "types-pyyaml" },
+    { name = "typing-extensions" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/e1/8e/286150f593481c33f54d14efb58d72178f159d57d31043529d38bbc98e2f/django_stubs-5.2.5.tar.gz", hash = "sha256:fc78384e28d8c5292d60983075a5934f644f7c304c25ae2793fc57aa66d5018b", size = 247794, upload-time = "2025-09-12T19:29:49.636Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/2f/02/cdbf7652ef2c9a7a1fed7c279484b7f3806f15b1bb34aec9fef8e8cfacbf/django_stubs-5.2.5-py3-none-any.whl", hash = "sha256:223c1a3324cd4873b7629dec6e9adbe224a94508284c1926b25fddff7a92252b", size = 490196, upload-time = "2025-09-12T19:29:47.954Z" },
+]
+
+[package.optional-dependencies]
+compatible-mypy = [
+    { name = "mypy" },
+]
+
+[[package]]
+name = "django-stubs-ext"
+version = "5.2.5"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "django" },
+    { name = "typing-extensions" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/16/94/c9b8f4c47084a0fa666da9066c36771098101932688adf2c17a40fab79c2/django_stubs_ext-5.2.5.tar.gz", hash = "sha256:ecc628df29d36cede638567c4e33ff485dd7a99f1552ad0cece8c60e9c3a8872", size = 6489, upload-time = "2025-09-12T19:29:06.008Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/e0/fe/a85a105fddffadb4a8d50e500caeee87d836b679d51a19d52dfa0cc6c660/django_stubs_ext-5.2.5-py3-none-any.whl", hash = "sha256:9b4b8ac9d32f7e6c304fd05477f8688fae6ed57f6a0f9f4d074f9e55b5a3da14", size = 9310, upload-time = "2025-09-12T19:29:04.62Z" },
+]
+
 [[package]]
 name = "django-tenants"
 version = "3.8.0"
@@ -1117,12 +1161,34 @@ wheels = [
 ]
 
 [[package]]
-name = "dnspython"
-version = "2.7.0"
+name = "djangorestframework-stubs"
+version = "3.16.3"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/b5/4a/263763cb2ba3816dd94b08ad3a33d5fdae34ecb856678773cc40a3605829/dnspython-2.7.0.tar.gz", hash = "sha256:ce9c432eda0dc91cf618a5cedf1a4e142651196bbcd2c80e89ed5a907e5cfaf1", size = 345197, upload-time = "2024-10-05T20:14:59.362Z" }
+dependencies = [
+    { name = "django-stubs" },
+    { name = "requests" },
+    { name = "types-pyyaml" },
+    { name = "types-requests" },
+    { name = "typing-extensions" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/c7/90/4512c9a464fec3fc6879f60c6ab1925da013bc5d6fa1a6951c750b02c89d/djangorestframework_stubs-3.16.3.tar.gz", hash = "sha256:200c620192da20a50a85b3e7d35cc7ec795aa9a58371a7f91368d4023e1b78f7", size = 34820, upload-time = "2025-09-18T18:06:01.989Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/68/1b/e0a87d256e40e8c888847551b20a017a6b98139178505dc7ffb96f04e954/dnspython-2.7.0-py3-none-any.whl", hash = "sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86", size = 313632, upload-time = "2024-10-05T20:14:57.687Z" },
+    { url = "https://files.pythonhosted.org/packages/a2/64/00ff39218f80e7e9411ff1950c13b179d96e033a08dfb4048d5b90bc54fa/djangorestframework_stubs-3.16.3-py3-none-any.whl", hash = "sha256:d6e77922c2489aa6b5716d321b592b8aab047d5fd7ae9293a52c5cf1640e62c6", size = 54618, upload-time = "2025-09-18T18:06:00.265Z" },
+]
+
+[package.optional-dependencies]
+compatible-mypy = [
+    { name = "django-stubs", extra = ["compatible-mypy"] },
+    { name = "mypy" },
+]
+
+[[package]]
+name = "dnspython"
+version = "2.8.0"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/8c/8b/57666417c0f90f08bcafa776861060426765fdb422eb10212086fb811d26/dnspython-2.8.0.tar.gz", hash = "sha256:181d3c6996452cb1189c4046c61599b84a5a86e099562ffde77d26984ff26d0f", size = 368251, upload-time = "2025-09-07T18:58:00.022Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/ba/5a/18ad964b0086c6e62e2e7500f7edc89e3faa45033c71c1893d34eed2b2de/dnspython-2.8.0-py3-none-any.whl", hash = "sha256:01d9bbc4a2d76bf0db7c1f729812ded6d912bd318d3b1cf81d30c0f845dbf3af", size = 331094, upload-time = "2025-09-07T18:57:58.071Z" },
 ]
 
 [[package]]
@@ -1533,14 +1599,14 @@ wheels = [
 
 [[package]]
 name = "httplib2"
-version = "0.30.0"
+version = "0.31.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "pyparsing" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/5b/75/1d10a90b3411f707c10c226fa918cf4f5e0578113caa223369130f702b6b/httplib2-0.30.0.tar.gz", hash = "sha256:d5b23c11fcf8e57e00ff91b7008656af0f6242c8886fd97065c97509e4e548c5", size = 249764, upload-time = "2025-08-29T18:58:36.497Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/52/77/6653db69c1f7ecfe5e3f9726fdadc981794656fcd7d98c4209fecfea9993/httplib2-0.31.0.tar.gz", hash = "sha256:ac7ab497c50975147d4f7b1ade44becc7df2f8954d42b38b3d69c515f531135c", size = 250759, upload-time = "2025-09-11T12:16:03.403Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/87/7c/f35bd530a35654ef3ff81f5e102572b8b620361659e090beb85a73a3bcc9/httplib2-0.30.0-py3-none-any.whl", hash = "sha256:d10443a2bdfe0ea5dbb17e016726146d48b574208dafd41e854cf34e7d78842c", size = 91101, upload-time = "2025-08-29T18:58:33.224Z" },
+    { url = "https://files.pythonhosted.org/packages/8c/a2/0d269db0f6163be503775dc8b6a6fa15820cc9fdc866f6ba608d86b721f2/httplib2-0.31.0-py3-none-any.whl", hash = "sha256:b9cd78abea9b4e43a7714c6e0f8b6b8561a6fc1e95d5dbd367f5bf0ef35f5d24", size = 91148, upload-time = "2025-09-11T12:16:01.803Z" },
 ]
 
 [[package]]
@@ -1682,7 +1748,7 @@ wheels = [
 
 [[package]]
 name = "jsii"
-version = "1.113.0"
+version = "1.114.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "attrs" },
@@ -1693,9 +1759,9 @@ dependencies = [
     { name = "typeguard" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/37/9b/ff11800e2edc2860c9eddd7ea7c7a8849f69cbb16b1aae803dae7dafa86e/jsii-1.113.0.tar.gz", hash = "sha256:2dedea9d6006af53467a7a67f1d35a56ab3f75a3d6ed4b4536fffc3e1d1fe476", size = 623541, upload-time = "2025-07-31T12:55:42.888Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f7/f7/6c3763ee3b88f07d0de3c7ed11aa8492a83801b9b2360bb3ee9065829e60/jsii-1.114.1.tar.gz", hash = "sha256:bd3a9ab7aa3f3971aea638e02ae079599f70ff2fe80a0bd8a6e38759f1235d78", size = 625605, upload-time = "2025-09-04T13:16:17.279Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/4f/59/bbbdcc7e0adc32e2362dbb2398949ac013f79dc3468cdf2b5ac411b0f5e8/jsii-1.113.0-py3-none-any.whl", hash = "sha256:62377c651554234ea945693f7c03cb96a969ba425a686950c88d43b0d4d76b07", size = 599669, upload-time = "2025-07-31T12:55:40.874Z" },
+    { url = "https://files.pythonhosted.org/packages/18/f0/b7c5488c8f8628a2e468d63583f0a0aab490cbba1c1e143e990a49e4795b/jsii-1.114.1-py3-none-any.whl", hash = "sha256:e8e6a2fb6117af734803b709cbbb74745548e4d70248417f14724c9f6d4945dd", size = 601796, upload-time = "2025-09-04T13:16:15.936Z" },
 ]
 
 [[package]]
@@ -1736,14 +1802,14 @@ wheels = [
 
 [[package]]
 name = "jsonschema-specifications"
-version = "2025.4.1"
+version = "2025.9.1"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "referencing" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/bf/ce/46fbd9c8119cfc3581ee5643ea49464d168028cfb5caff5fc0596d0cf914/jsonschema_specifications-2025.4.1.tar.gz", hash = "sha256:630159c9f4dbea161a6a2205c3011cc4f18ff381b189fff48bb39b9bf26ae608", size = 15513, upload-time = "2025-04-23T12:34:07.418Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/19/74/a633ee74eb36c44aa6d1095e7cc5569bebf04342ee146178e2d36600708b/jsonschema_specifications-2025.9.1.tar.gz", hash = "sha256:b540987f239e745613c7a9176f3edb72b832a4ac465cf02712288397832b5e8d", size = 32855, upload-time = "2025-09-08T01:34:59.186Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/01/0e/b27cdbaccf30b890c40ed1da9fd4a3593a5cf94dae54fb34f8a4b74fcd3f/jsonschema_specifications-2025.4.1-py3-none-any.whl", hash = "sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af", size = 18437, upload-time = "2025-04-23T12:34:05.422Z" },
+    { url = "https://files.pythonhosted.org/packages/41/45/1a4ed80516f02155c51f51e8cedb3c1902296743db0bbc66608a0db2814f/jsonschema_specifications-2025.9.1-py3-none-any.whl", hash = "sha256:98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe", size = 18437, upload-time = "2025-09-08T01:34:57.871Z" },
 ]
 
 [[package]]
@@ -1826,6 +1892,15 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/b7/42/85b3aa8f06ca0d24962f8100f001828e1f1f1a38c954c16e71154ed7d53a/lxml-6.0.0-cp313-cp313-win_arm64.whl", hash = "sha256:21db1ec5525780fd07251636eb5f7acb84003e9382c72c18c542a87c416ade03", size = 3672642, upload-time = "2025-06-26T16:27:09.888Z" },
 ]
 
+[[package]]
+name = "lxml-stubs"
+version = "0.5.1"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/99/da/1a3a3e5d159b249fc2970d73437496b908de8e4716a089c69591b4ffa6fd/lxml-stubs-0.5.1.tar.gz", hash = "sha256:e0ec2aa1ce92d91278b719091ce4515c12adc1d564359dfaf81efa7d4feab79d", size = 14778, upload-time = "2024-01-10T09:37:46.521Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/1f/c9/e0f8e4e6e8a69e5959b06499582dca6349db6769cc7fdfb8a02a7c75a9ae/lxml_stubs-0.5.1-py3-none-any.whl", hash = "sha256:1f689e5dbc4b9247cb09ae820c7d34daeb1fdbd1db06123814b856dae7787272", size = 13584, upload-time = "2024-01-10T09:37:44.931Z" },
+]
+
 [[package]]
 name = "markdown-it-py"
 version = "4.0.0"
@@ -1899,21 +1974,21 @@ wheels = [
 
 [[package]]
 name = "microsoft-kiota-abstractions"
-version = "1.9.6"
+version = "1.9.7"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "opentelemetry-api" },
     { name = "opentelemetry-sdk" },
     { name = "std-uritemplate" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/47/7d/f0a9666ae6a359ed2eb1b78c9ec83750eeebd4e8be366d2b77491af5a889/microsoft_kiota_abstractions-1.9.6.tar.gz", hash = "sha256:56904f74b4c83eaa26e4a640619404b66aedc82c75485a591e18c02e696eb142", size = 24452, upload-time = "2025-08-21T12:47:35.677Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/6d/6c/fd855a03545ae261b28d179b206e5f80a0e7c95fac5a580514c4dabedca0/microsoft_kiota_abstractions-1.9.7.tar.gz", hash = "sha256:731ed60c2df74ca80d1bf36d40a4c390aab353db3a76796c63ea9e9a220ce65c", size = 24447, upload-time = "2025-09-09T13:53:42.631Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/f5/2a/ac15c4d1d4d5021ce2f7e84dff53060ec16fdfa2db837fcee334e8d3fca7/microsoft_kiota_abstractions-1.9.6-py3-none-any.whl", hash = "sha256:04de8211e2efb941581a69169f3ae0f37a747001acbaa933b5f8f532645862d6", size = 44407, upload-time = "2025-08-21T12:47:34.507Z" },
+    { url = "https://files.pythonhosted.org/packages/37/d8/d699a2cb209c72f1258af5f582a7868d1b006e57cc4394b68b0f996ba370/microsoft_kiota_abstractions-1.9.7-py3-none-any.whl", hash = "sha256:8add66c38d05ab9a496c1c843bb16e04b70edc4651dc290b9629b14009f5c0c0", size = 44404, upload-time = "2025-09-09T13:53:41.312Z" },
 ]
 
 [[package]]
 name = "microsoft-kiota-authentication-azure"
-version = "1.9.5"
+version = "1.9.6"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "aiohttp" },
@@ -1922,14 +1997,14 @@ dependencies = [
     { name = "opentelemetry-api" },
     { name = "opentelemetry-sdk" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/38/c5/34b916965efcc47106c7d6ef809a1b347f4cdda7b7b04527a16b8e8a16da/microsoft_kiota_authentication_azure-1.9.5.tar.gz", hash = "sha256:5a66d95bc337d10d64ef91a9e9fce0de279f7c3ee6b85baf847327ad658d595f", size = 4985, upload-time = "2025-07-18T12:20:20.767Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/34/0b/e5b0537438002409bd7c4f7f6d8afbc949dca77a805ead73684b605a1e5f/microsoft_kiota_authentication_azure-1.9.6.tar.gz", hash = "sha256:93598ebd475735c5170001a9ac01ceaba7f78bf4039067567b6d79b142ca13b8", size = 4987, upload-time = "2025-08-21T12:47:45.115Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/63/e1/01d953418051a6ae9014b7cfbc0056bb1a1442aac5ca6a3bb7e4d1d979ed/microsoft_kiota_authentication_azure-1.9.5-py3-none-any.whl", hash = "sha256:52e045c0080400cb1199d1538d5e4794b1ec8e695ac24be9377e72278c01d37d", size = 6908, upload-time = "2025-07-18T12:20:20.058Z" },
+    { url = "https://files.pythonhosted.org/packages/b2/f1/e3291441f437110d8ff0b97d21791b7955520e0fb3f43e136030b64d5247/microsoft_kiota_authentication_azure-1.9.6-py3-none-any.whl", hash = "sha256:5b34e989b97aa84d26fb8244254de0137df48dfbd567e869b8b5bf294638923b", size = 6907, upload-time = "2025-08-21T12:47:43.973Z" },
 ]
 
 [[package]]
 name = "microsoft-kiota-http"
-version = "1.9.5"
+version = "1.9.6"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "httpx", extra = ["http2"] },
@@ -1937,57 +2012,57 @@ dependencies = [
     { name = "opentelemetry-api" },
     { name = "opentelemetry-sdk" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/b9/67/743e60b7e793fc4d5e0ef719efa167b93734a784b2786fa702ddd511cbe8/microsoft_kiota_http-1.9.5.tar.gz", hash = "sha256:65cfd02ba811b0adfa60f20218b09433603fbd8e3d7aaeb8d412b0aaef4cc9fd", size = 21239, upload-time = "2025-07-18T12:20:29.936Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f4/de/3c4626ce108f5ca511464548c7eb6e36c48b7506c527f7c90ba65a424fc3/microsoft_kiota_http-1.9.6.tar.gz", hash = "sha256:dc14658af4158ba1d5910448c61a07a6c06b87d3a87a63652b9299eb6a1caad2", size = 21252, upload-time = "2025-08-21T12:47:53.238Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e6/e8/617b4d5be528e0aaa59aefe3b62718f582300b6f4564bdd6f384573afb69/microsoft_kiota_http-1.9.5-py3-none-any.whl", hash = "sha256:ef170b7b9a5b7a7d00a7e329f6e4ec5809630f638fb026d6940789092d2bbc25", size = 31554, upload-time = "2025-07-18T12:20:28.761Z" },
+    { url = "https://files.pythonhosted.org/packages/c3/f7/46e3ff523c5c7ae35fef3440f6f3d8491c5695fcd54e266edd3db1e1a1ec/microsoft_kiota_http-1.9.6-py3-none-any.whl", hash = "sha256:756b7b197340f15603a88921ff878792052de5dcb02623cc6b570634ba3b97fd", size = 31578, upload-time = "2025-08-21T12:47:52.354Z" },
 ]
 
 [[package]]
 name = "microsoft-kiota-serialization-form"
-version = "1.9.6"
+version = "1.9.7"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "microsoft-kiota-abstractions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/fe/96/600a9454dd48ac1075db40efe8bb10e0e12d1b9f96183d839bc1ca7b99de/microsoft_kiota_serialization_form-1.9.6.tar.gz", hash = "sha256:0e0960067d3ef7893af76e6cee9b28a744ca5c99d76d10015bf754812ef28228", size = 8999, upload-time = "2025-08-21T12:48:01.517Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/0a/d7/dc6d782f75608be4b1733df6592e4c7e819b6e32b290ac45304f74c0c0cf/microsoft_kiota_serialization_form-1.9.7.tar.gz", hash = "sha256:d3297a60778c0437513334b703225ce108fd109f13c1993afea599b85dc5a528", size = 8999, upload-time = "2025-09-09T13:54:08.924Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/21/b8/35671f6fc9e97af05db8b03fdf486b1f17ffe851401c83ec26b780fe3867/microsoft_kiota_serialization_form-1.9.6-py3-none-any.whl", hash = "sha256:66d666d5285fa453275d0e60085a277c8dd68efb7c6f0b18080d193ea464ba33", size = 10671, upload-time = "2025-08-21T12:48:00.412Z" },
+    { url = "https://files.pythonhosted.org/packages/97/62/9929fc1fe0ff76af5ff6dd8179b71c58105675465536141cd491e03f5a1d/microsoft_kiota_serialization_form-1.9.7-py3-none-any.whl", hash = "sha256:72d2dc5e57a993145702870ad89c85cebe3336d4d34f231d951ee1bc83ad11b9", size = 10671, upload-time = "2025-09-09T13:54:08.169Z" },
 ]
 
 [[package]]
 name = "microsoft-kiota-serialization-json"
-version = "1.9.6"
+version = "1.9.7"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "microsoft-kiota-abstractions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/f4/15/6565db86a7f5976f15f17bba00b5d1ae7d75db3712cc00b663b5d651acfe/microsoft_kiota_serialization_json-1.9.6.tar.gz", hash = "sha256:af5fda8455ede82f5dac446ae4ef4878e0c70913707ee3e51724ae958c04a346", size = 9405, upload-time = "2025-08-21T12:48:09.467Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/b9/f8/e13c48e610a00f2abfa9fa19f03e2cf21fe98486dfc5a453ce6c0490d3f2/microsoft_kiota_serialization_json-1.9.7.tar.gz", hash = "sha256:1e54ff90b185fe21cca94ebbf8468bf44a2ca5f082c4cf04dbd2d42a9472837a", size = 9416, upload-time = "2025-09-09T13:54:18.299Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/cc/40/f3ec7766e2fd86cbf9c6ae8b0df18356a0df4fa9435e7d291b6a576da10c/microsoft_kiota_serialization_json-1.9.6-py3-none-any.whl", hash = "sha256:7e1800c18fe2bbd0bd871a2648ad617ef228350b5ef15e84a4a4a213ece818f6", size = 11042, upload-time = "2025-08-21T12:48:08.351Z" },
+    { url = "https://files.pythonhosted.org/packages/11/6b/761e45c91086fb45e69ee1b85d538f6e5fc89b86f6ade148e8c5575259ce/microsoft_kiota_serialization_json-1.9.7-py3-none-any.whl", hash = "sha256:6f44012f00cf7c4c4d8b9195e7f8a691d186021b5d9a20e791a77c800b5be531", size = 11056, upload-time = "2025-09-09T13:54:17.395Z" },
 ]
 
 [[package]]
 name = "microsoft-kiota-serialization-multipart"
-version = "1.9.6"
+version = "1.9.7"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "microsoft-kiota-abstractions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/d8/13/eff16eca00a6e03a3014c8c2d5e9eace20f713848e8007c31956306f547c/microsoft_kiota_serialization_multipart-1.9.6.tar.gz", hash = "sha256:79758f2144befaeb6cfec98efb7970a208d537a6ac46049e6ba34d593bcd5964", size = 5150, upload-time = "2025-08-21T12:48:25.619Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/9d/23/31b11fd0e44bb79923ea8310c2f3d0bc1e16f56d35d2fc73203a260a0a73/microsoft_kiota_serialization_multipart-1.9.7.tar.gz", hash = "sha256:1a13d193d078dea86711d8c6e89ac142aff5033079c7be4061279b2da5c83ef8", size = 5150, upload-time = "2025-09-09T13:54:35.551Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/93/55/71cc21a0baa48424926ed9c0146916705145f8c9f540b14671dadef4173a/microsoft_kiota_serialization_multipart-1.9.6-py3-none-any.whl", hash = "sha256:4c527e78572dcd98acff22672b796d2e4cadec1681779df9c897ee664f5ebc90", size = 6650, upload-time = "2025-08-21T12:48:24.526Z" },
+    { url = "https://files.pythonhosted.org/packages/b1/ca/98efd66c8e7180928fe2901f4c766799991836e536a8a0aca9186b5d7c7a/microsoft_kiota_serialization_multipart-1.9.7-py3-none-any.whl", hash = "sha256:cd72ee004039ee64a35bd5254afd3f8bc89877e948282ab0fe0a7efab75f68bb", size = 6651, upload-time = "2025-09-09T13:54:34.811Z" },
 ]
 
 [[package]]
 name = "microsoft-kiota-serialization-text"
-version = "1.9.6"
+version = "1.9.7"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "microsoft-kiota-abstractions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/95/b1/4b0326389d08b0b19fc3802676fd9c75a6e8e13501058d8fa13394e915a1/microsoft_kiota_serialization_text-1.9.6.tar.gz", hash = "sha256:cec03e30924470766f5486a1a42e86d995493a44bb28724858579e67beb93012", size = 7306, upload-time = "2025-08-21T12:48:16.755Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/24/5c/479378981c7b8fb22d6ba693f07db457a18d3efc86dd083ebe31d6192d37/microsoft_kiota_serialization_text-1.9.7.tar.gz", hash = "sha256:d57a082d5c6ea1e650286314cac9a9e7a2662aa4beb80635bf4addd33d252bd5", size = 7306, upload-time = "2025-09-09T13:54:26.45Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/5b/4a/2ddaf9ff96487addbb599c7272a56da1c653453f997a45653f90494cbdff/microsoft_kiota_serialization_text-1.9.6-py3-none-any.whl", hash = "sha256:40f9533dbf6191afe522c685d38fb14fcf33d27cf04d793e5dd0e3e103f06707", size = 8840, upload-time = "2025-08-21T12:48:15.942Z" },
+    { url = "https://files.pythonhosted.org/packages/d9/8b/b8b6482719d9ecc4d87f07aa8726d33c18004e0630ef5cd2891ee8bf2ada/microsoft_kiota_serialization_text-1.9.7-py3-none-any.whl", hash = "sha256:47c4d774883bec269a6eb077a5ca2f26ae6715986c8defa374d536a9664dc43e", size = 8840, upload-time = "2025-09-09T13:54:25.642Z" },
 ]
 
 [[package]]
@@ -2036,7 +2111,7 @@ wheels = [
 
 [[package]]
 name = "msgraph-core"
-version = "1.3.5"
+version = "1.3.8"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "httpx", extra = ["http2"] },
@@ -2044,9 +2119,9 @@ dependencies = [
     { name = "microsoft-kiota-authentication-azure" },
     { name = "microsoft-kiota-http" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/c1/cf/29f4e0fd63b815cdb52cb14bfe7fb90764b857dfd5bd6332e94f2297ec24/msgraph_core-1.3.5.tar.gz", hash = "sha256:43aec9df1c011f1c6a1e14f2b5e9266c05a723ed750a5d3ea1eb0c0f1deb9975", size = 26242, upload-time = "2025-06-27T15:54:53.599Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/68/4e/123f9530ec43b306c597bb830c62bedab830ffa76e0edf33ea88a26f756e/msgraph_core-1.3.8.tar.gz", hash = "sha256:6e883f9d4c4ad57501234749e07b010478c1a5f19550ef4cf005bbcac4a63ae7", size = 25506, upload-time = "2025-09-11T22:46:57.267Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/7a/1b/dd1766af23bdbc448a16c7f1103b11f1b376cf5f1db7d323f27eff45a7c4/msgraph_core-1.3.5-py3-none-any.whl", hash = "sha256:bc496c6f99c626bc534012c6fe9afa35c37bcdce0f92acf26e4210f4ff9bb154", size = 35098, upload-time = "2025-06-27T15:54:52.744Z" },
+    { url = "https://files.pythonhosted.org/packages/cf/4d/01432f60727ae452787014cad0d5bc9e035c6e11a670f12c23f7fc926d90/msgraph_core-1.3.8-py3-none-any.whl", hash = "sha256:86d83edcf62119946f201d13b7e857c947ef67addb088883940197081de85bea", size = 34473, upload-time = "2025-09-11T22:46:56.026Z" },
 ]
 
 [[package]]
@@ -2111,6 +2186,26 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/fd/69/b547032297c7e63ba2af494edba695d781af8a0c6e89e4d06cf848b21d80/multidict-6.6.4-py3-none-any.whl", hash = "sha256:27d8f8e125c07cb954e54d75d04905a9bba8a439c1d84aca94949d4d03d8601c", size = 12313, upload-time = "2025-08-11T12:08:46.891Z" },
 ]
 
+[[package]]
+name = "mypy"
+version = "1.18.2"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "mypy-extensions" },
+    { name = "pathspec" },
+    { name = "typing-extensions" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/c0/77/8f0d0001ffad290cef2f7f216f96c814866248a0b92a722365ed54648e7e/mypy-1.18.2.tar.gz", hash = "sha256:06a398102a5f203d7477b2923dda3634c36727fa5c237d8f859ef90c42a9924b", size = 3448846, upload-time = "2025-09-19T00:11:10.519Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/5f/04/7f462e6fbba87a72bc8097b93f6842499c428a6ff0c81dd46948d175afe8/mypy-1.18.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:07b8b0f580ca6d289e69209ec9d3911b4a26e5abfde32228a288eb79df129fcc", size = 12898728, upload-time = "2025-09-19T00:10:01.33Z" },
+    { url = "https://files.pythonhosted.org/packages/99/5b/61ed4efb64f1871b41fd0b82d29a64640f3516078f6c7905b68ab1ad8b13/mypy-1.18.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:ed4482847168439651d3feee5833ccedbf6657e964572706a2adb1f7fa4dfe2e", size = 11910758, upload-time = "2025-09-19T00:10:42.607Z" },
+    { url = "https://files.pythonhosted.org/packages/3c/46/d297d4b683cc89a6e4108c4250a6a6b717f5fa96e1a30a7944a6da44da35/mypy-1.18.2-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c3ad2afadd1e9fea5cf99a45a822346971ede8685cc581ed9cd4d42eaf940986", size = 12475342, upload-time = "2025-09-19T00:11:00.371Z" },
+    { url = "https://files.pythonhosted.org/packages/83/45/4798f4d00df13eae3bfdf726c9244bcb495ab5bd588c0eed93a2f2dd67f3/mypy-1.18.2-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a431a6f1ef14cf8c144c6b14793a23ec4eae3db28277c358136e79d7d062f62d", size = 13338709, upload-time = "2025-09-19T00:11:03.358Z" },
+    { url = "https://files.pythonhosted.org/packages/d7/09/479f7358d9625172521a87a9271ddd2441e1dab16a09708f056e97007207/mypy-1.18.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:7ab28cc197f1dd77a67e1c6f35cd1f8e8b73ed2217e4fc005f9e6a504e46e7ba", size = 13529806, upload-time = "2025-09-19T00:10:26.073Z" },
+    { url = "https://files.pythonhosted.org/packages/71/cf/ac0f2c7e9d0ea3c75cd99dff7aec1c9df4a1376537cb90e4c882267ee7e9/mypy-1.18.2-cp313-cp313-win_amd64.whl", hash = "sha256:0e2785a84b34a72ba55fb5daf079a1003a34c05b22238da94fcae2bbe46f3544", size = 9833262, upload-time = "2025-09-19T00:10:40.035Z" },
+    { url = "https://files.pythonhosted.org/packages/87/e3/be76d87158ebafa0309946c4a73831974d4d6ab4f4ef40c3b53a385a66fd/mypy-1.18.2-py3-none-any.whl", hash = "sha256:22a1748707dd62b58d2ae53562ffc4d7f8bcc727e8ac7cbc69c053ddc874d47e", size = 2352367, upload-time = "2025-09-19T00:10:15.489Z" },
+]
+
 [[package]]
 name = "mypy-extensions"
 version = "1.1.0"
@@ -2145,42 +2240,42 @@ source = { git = "https://github.com/vsoch/oci-python?rev=ceb4fcc090851717a3069d
 
 [[package]]
 name = "opentelemetry-api"
-version = "1.36.0"
+version = "1.37.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "importlib-metadata" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/27/d2/c782c88b8afbf961d6972428821c302bd1e9e7bc361352172f0ca31296e2/opentelemetry_api-1.36.0.tar.gz", hash = "sha256:9a72572b9c416d004d492cbc6e61962c0501eaf945ece9b5a0f56597d8348aa0", size = 64780, upload-time = "2025-07-29T15:12:06.02Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/63/04/05040d7ce33a907a2a02257e601992f0cdf11c73b33f13c4492bf6c3d6d5/opentelemetry_api-1.37.0.tar.gz", hash = "sha256:540735b120355bd5112738ea53621f8d5edb35ebcd6fe21ada3ab1c61d1cd9a7", size = 64923, upload-time = "2025-09-11T10:29:01.662Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/bb/ee/6b08dde0a022c463b88f55ae81149584b125a42183407dc1045c486cc870/opentelemetry_api-1.36.0-py3-none-any.whl", hash = "sha256:02f20bcacf666e1333b6b1f04e647dc1d5111f86b8e510238fcc56d7762cda8c", size = 65564, upload-time = "2025-07-29T15:11:47.998Z" },
+    { url = "https://files.pythonhosted.org/packages/91/48/28ed9e55dcf2f453128df738210a980e09f4e468a456fa3c763dbc8be70a/opentelemetry_api-1.37.0-py3-none-any.whl", hash = "sha256:accf2024d3e89faec14302213bc39550ec0f4095d1cf5ca688e1bfb1c8612f47", size = 65732, upload-time = "2025-09-11T10:28:41.826Z" },
 ]
 
 [[package]]
 name = "opentelemetry-sdk"
-version = "1.36.0"
+version = "1.37.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "opentelemetry-api" },
     { name = "opentelemetry-semantic-conventions" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/4c/85/8567a966b85a2d3f971c4d42f781c305b2b91c043724fa08fd37d158e9dc/opentelemetry_sdk-1.36.0.tar.gz", hash = "sha256:19c8c81599f51b71670661ff7495c905d8fdf6976e41622d5245b791b06fa581", size = 162557, upload-time = "2025-07-29T15:12:16.76Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f4/62/2e0ca80d7fe94f0b193135375da92c640d15fe81f636658d2acf373086bc/opentelemetry_sdk-1.37.0.tar.gz", hash = "sha256:cc8e089c10953ded765b5ab5669b198bbe0af1b3f89f1007d19acd32dc46dda5", size = 170404, upload-time = "2025-09-11T10:29:11.779Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/0b/59/7bed362ad1137ba5886dac8439e84cd2df6d087be7c09574ece47ae9b22c/opentelemetry_sdk-1.36.0-py3-none-any.whl", hash = "sha256:19fe048b42e98c5c1ffe85b569b7073576ad4ce0bcb6e9b4c6a39e890a6c45fb", size = 119995, upload-time = "2025-07-29T15:12:03.181Z" },
+    { url = "https://files.pythonhosted.org/packages/9f/62/9f4ad6a54126fb00f7ed4bb5034964c6e4f00fcd5a905e115bd22707e20d/opentelemetry_sdk-1.37.0-py3-none-any.whl", hash = "sha256:8f3c3c22063e52475c5dbced7209495c2c16723d016d39287dfc215d1771257c", size = 131941, upload-time = "2025-09-11T10:28:57.83Z" },
 ]
 
 [[package]]
 name = "opentelemetry-semantic-conventions"
-version = "0.57b0"
+version = "0.58b0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "opentelemetry-api" },
     { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/7e/31/67dfa252ee88476a29200b0255bda8dfc2cf07b56ad66dc9a6221f7dc787/opentelemetry_semantic_conventions-0.57b0.tar.gz", hash = "sha256:609a4a79c7891b4620d64c7aac6898f872d790d75f22019913a660756f27ff32", size = 124225, upload-time = "2025-07-29T15:12:17.873Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/aa/1b/90701d91e6300d9f2fb352153fb1721ed99ed1f6ea14fa992c756016e63a/opentelemetry_semantic_conventions-0.58b0.tar.gz", hash = "sha256:6bd46f51264279c433755767bb44ad00f1c9e2367e1b42af563372c5a6fa0c25", size = 129867, upload-time = "2025-09-11T10:29:12.597Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/05/75/7d591371c6c39c73de5ce5da5a2cc7b72d1d1cd3f8f4638f553c01c37b11/opentelemetry_semantic_conventions-0.57b0-py3-none-any.whl", hash = "sha256:757f7e76293294f124c827e514c2a3144f191ef175b069ce8d1211e1e38e9e78", size = 201627, upload-time = "2025-07-29T15:12:04.174Z" },
+    { url = "https://files.pythonhosted.org/packages/07/90/68152b7465f50285d3ce2481b3aec2f82822e3f52e5152eeeaf516bab841/opentelemetry_semantic_conventions-0.58b0-py3-none-any.whl", hash = "sha256:5564905ab1458b96684db1340232729fce3b5375a06e140e8904c78e4f815b28", size = 207954, upload-time = "2025-09-11T10:28:59.218Z" },
 ]
 
 [[package]]
@@ -2355,16 +2450,16 @@ wheels = [
 
 [[package]]
 name = "protobuf"
-version = "6.32.0"
+version = "6.32.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/c0/df/fb4a8eeea482eca989b51cffd274aac2ee24e825f0bf3cbce5281fa1567b/protobuf-6.32.0.tar.gz", hash = "sha256:a81439049127067fc49ec1d36e25c6ee1d1a2b7be930675f919258d03c04e7d2", size = 440614, upload-time = "2025-08-14T21:21:25.015Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/fa/a4/cc17347aa2897568beece2e674674359f911d6fe21b0b8d6268cd42727ac/protobuf-6.32.1.tar.gz", hash = "sha256:ee2469e4a021474ab9baafea6cd070e5bf27c7d29433504ddea1a4ee5850f68d", size = 440635, upload-time = "2025-09-11T21:38:42.935Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/33/18/df8c87da2e47f4f1dcc5153a81cd6bca4e429803f4069a299e236e4dd510/protobuf-6.32.0-cp310-abi3-win32.whl", hash = "sha256:84f9e3c1ff6fb0308dbacb0950d8aa90694b0d0ee68e75719cb044b7078fe741", size = 424409, upload-time = "2025-08-14T21:21:12.366Z" },
-    { url = "https://files.pythonhosted.org/packages/e1/59/0a820b7310f8139bd8d5a9388e6a38e1786d179d6f33998448609296c229/protobuf-6.32.0-cp310-abi3-win_amd64.whl", hash = "sha256:a8bdbb2f009cfc22a36d031f22a625a38b615b5e19e558a7b756b3279723e68e", size = 435735, upload-time = "2025-08-14T21:21:15.046Z" },
-    { url = "https://files.pythonhosted.org/packages/cc/5b/0d421533c59c789e9c9894683efac582c06246bf24bb26b753b149bd88e4/protobuf-6.32.0-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:d52691e5bee6c860fff9a1c86ad26a13afbeb4b168cd4445c922b7e2cf85aaf0", size = 426449, upload-time = "2025-08-14T21:21:16.687Z" },
-    { url = "https://files.pythonhosted.org/packages/ec/7b/607764ebe6c7a23dcee06e054fd1de3d5841b7648a90fd6def9a3bb58c5e/protobuf-6.32.0-cp39-abi3-manylinux2014_aarch64.whl", hash = "sha256:501fe6372fd1c8ea2a30b4d9be8f87955a64d6be9c88a973996cef5ef6f0abf1", size = 322869, upload-time = "2025-08-14T21:21:18.282Z" },
-    { url = "https://files.pythonhosted.org/packages/40/01/2e730bd1c25392fc32e3268e02446f0d77cb51a2c3a8486b1798e34d5805/protobuf-6.32.0-cp39-abi3-manylinux2014_x86_64.whl", hash = "sha256:75a2aab2bd1aeb1f5dc7c5f33bcb11d82ea8c055c9becbb41c26a8c43fd7092c", size = 322009, upload-time = "2025-08-14T21:21:19.893Z" },
-    { url = "https://files.pythonhosted.org/packages/9c/f2/80ffc4677aac1bc3519b26bc7f7f5de7fce0ee2f7e36e59e27d8beb32dd1/protobuf-6.32.0-py3-none-any.whl", hash = "sha256:ba377e5b67b908c8f3072a57b63e2c6a4cbd18aea4ed98d2584350dbf46f2783", size = 169287, upload-time = "2025-08-14T21:21:23.515Z" },
+    { url = "https://files.pythonhosted.org/packages/c0/98/645183ea03ab3995d29086b8bf4f7562ebd3d10c9a4b14ee3f20d47cfe50/protobuf-6.32.1-cp310-abi3-win32.whl", hash = "sha256:a8a32a84bc9f2aad712041b8b366190f71dde248926da517bde9e832e4412085", size = 424411, upload-time = "2025-09-11T21:38:27.427Z" },
+    { url = "https://files.pythonhosted.org/packages/8c/f3/6f58f841f6ebafe076cebeae33fc336e900619d34b1c93e4b5c97a81fdfa/protobuf-6.32.1-cp310-abi3-win_amd64.whl", hash = "sha256:b00a7d8c25fa471f16bc8153d0e53d6c9e827f0953f3c09aaa4331c718cae5e1", size = 435738, upload-time = "2025-09-11T21:38:30.959Z" },
+    { url = "https://files.pythonhosted.org/packages/10/56/a8a3f4e7190837139e68c7002ec749190a163af3e330f65d90309145a210/protobuf-6.32.1-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:d8c7e6eb619ffdf105ee4ab76af5a68b60a9d0f66da3ea12d1640e6d8dab7281", size = 426454, upload-time = "2025-09-11T21:38:34.076Z" },
+    { url = "https://files.pythonhosted.org/packages/3f/be/8dd0a927c559b37d7a6c8ab79034fd167dcc1f851595f2e641ad62be8643/protobuf-6.32.1-cp39-abi3-manylinux2014_aarch64.whl", hash = "sha256:2f5b80a49e1eb7b86d85fcd23fe92df154b9730a725c3b38c4e43b9d77018bf4", size = 322874, upload-time = "2025-09-11T21:38:35.509Z" },
+    { url = "https://files.pythonhosted.org/packages/5c/f6/88d77011b605ef979aace37b7703e4eefad066f7e84d935e5a696515c2dd/protobuf-6.32.1-cp39-abi3-manylinux2014_x86_64.whl", hash = "sha256:b1864818300c297265c83a4982fd3169f97122c299f56a56e2445c3698d34710", size = 322013, upload-time = "2025-09-11T21:38:37.017Z" },
+    { url = "https://files.pythonhosted.org/packages/97/b7/15cc7d93443d6c6a84626ae3258a91f4c6ac8c0edd5df35ea7658f71b79c/protobuf-6.32.1-py3-none-any.whl", hash = "sha256:2601b779fc7d32a866c6b4404f9d42a3f67c5b9f3f15b4db3cccabe06b95c346", size = 169289, upload-time = "2025-09-11T21:38:41.234Z" },
 ]
 
 [[package]]
@@ -2437,11 +2532,11 @@ wheels = [
 
 [[package]]
 name = "pycparser"
-version = "2.22"
+version = "2.23"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/1d/b2/31537cf4b1ca988837256c910a668b553fceb8f069bedc4b1c826024b52c/pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6", size = 172736, upload-time = "2024-03-30T13:22:22.564Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/fe/cf/d2d3b9f5699fb1e4615c8e32ff220203e43b248e1dfcc6736ad9057731ca/pycparser-2.23.tar.gz", hash = "sha256:78816d4f24add8f10a06d6f05b4d424ad9e96cfebf68a4ddc99c65c0720d00c2", size = 173734, upload-time = "2025-09-09T13:23:47.91Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc", size = 117552, upload-time = "2024-03-30T13:22:20.476Z" },
+    { url = "https://files.pythonhosted.org/packages/a0/e3/59cd50310fc9b59512193629e1984c1f95e5c8ae6e5d8c69532ccc65a7fe/pycparser-2.23-py3-none-any.whl", hash = "sha256:e5c6e8d3fbad53479cab09ac03729e0a9faf2bee3db8208a550daf5af81a5934", size = 118140, upload-time = "2025-09-09T13:23:46.651Z" },
 ]
 
 [[package]]
@@ -2529,22 +2624,27 @@ crypto = [
 
 [[package]]
 name = "pynacl"
-version = "1.5.0"
+version = "1.6.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
-    { name = "cffi" },
+    { name = "cffi", marker = "platform_python_implementation != 'PyPy'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/a7/22/27582568be639dfe22ddb3902225f91f2f17ceff88ce80e4db396c8986da/PyNaCl-1.5.0.tar.gz", hash = "sha256:8ac7448f09ab85811607bdd21ec2464495ac8b7c66d146bf545b0f08fb9220ba", size = 3392854, upload-time = "2022-01-07T22:05:41.134Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/06/c6/a3124dee667a423f2c637cfd262a54d67d8ccf3e160f3c50f622a85b7723/pynacl-1.6.0.tar.gz", hash = "sha256:cb36deafe6e2bce3b286e5d1f3e1c246e0ccdb8808ddb4550bb2792f2df298f2", size = 3505641, upload-time = "2025-09-10T23:39:22.308Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/ce/75/0b8ede18506041c0bf23ac4d8e2971b4161cd6ce630b177d0a08eb0d8857/PyNaCl-1.5.0-cp36-abi3-macosx_10_10_universal2.whl", hash = "sha256:401002a4aaa07c9414132aaed7f6836ff98f59277a234704ff66878c2ee4a0d1", size = 349920, upload-time = "2022-01-07T22:05:49.156Z" },
-    { url = "https://files.pythonhosted.org/packages/59/bb/fddf10acd09637327a97ef89d2a9d621328850a72f1fdc8c08bdf72e385f/PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:52cb72a79269189d4e0dc537556f4740f7f0a9ec41c1322598799b0bdad4ef92", size = 601722, upload-time = "2022-01-07T22:05:50.989Z" },
-    { url = "https://files.pythonhosted.org/packages/5d/70/87a065c37cca41a75f2ce113a5a2c2aa7533be648b184ade58971b5f7ccc/PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a36d4a9dda1f19ce6e03c9a784a2921a4b726b02e1c736600ca9c22029474394", size = 680087, upload-time = "2022-01-07T22:05:52.539Z" },
-    { url = "https://files.pythonhosted.org/packages/ee/87/f1bb6a595f14a327e8285b9eb54d41fef76c585a0edef0a45f6fc95de125/PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:0c84947a22519e013607c9be43706dd42513f9e6ae5d39d3613ca1e142fba44d", size = 856678, upload-time = "2022-01-07T22:05:54.251Z" },
-    { url = "https://files.pythonhosted.org/packages/66/28/ca86676b69bf9f90e710571b67450508484388bfce09acf8a46f0b8c785f/PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:06b8f6fa7f5de8d5d2f7573fe8c863c051225a27b61e6860fd047b1775807858", size = 1133660, upload-time = "2022-01-07T22:05:56.056Z" },
-    { url = "https://files.pythonhosted.org/packages/3d/85/c262db650e86812585e2bc59e497a8f59948a005325a11bbbc9ecd3fe26b/PyNaCl-1.5.0-cp36-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:a422368fc821589c228f4c49438a368831cb5bbc0eab5ebe1d7fac9dded6567b", size = 663824, upload-time = "2022-01-07T22:05:57.434Z" },
-    { url = "https://files.pythonhosted.org/packages/fd/1a/cc308a884bd299b651f1633acb978e8596c71c33ca85e9dc9fa33a5399b9/PyNaCl-1.5.0-cp36-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:61f642bf2378713e2c2e1de73444a3778e5f0a38be6fee0fe532fe30060282ff", size = 1117912, upload-time = "2022-01-07T22:05:58.665Z" },
-    { url = "https://files.pythonhosted.org/packages/25/2d/b7df6ddb0c2a33afdb358f8af6ea3b8c4d1196ca45497dd37a56f0c122be/PyNaCl-1.5.0-cp36-abi3-win32.whl", hash = "sha256:e46dae94e34b085175f8abb3b0aaa7da40767865ac82c928eeb9e57e1ea8a543", size = 204624, upload-time = "2022-01-07T22:06:00.085Z" },
-    { url = "https://files.pythonhosted.org/packages/5e/22/d3db169895faaf3e2eda892f005f433a62db2decbcfbc2f61e6517adfa87/PyNaCl-1.5.0-cp36-abi3-win_amd64.whl", hash = "sha256:20f42270d27e1b6a29f54032090b972d97f0a1b0948cc52392041ef7831fee93", size = 212141, upload-time = "2022-01-07T22:06:01.861Z" },
+    { url = "https://files.pythonhosted.org/packages/63/37/87c72df19857c5b3b47ace6f211a26eb862ada495cc96daa372d96048fca/pynacl-1.6.0-cp38-abi3-macosx_10_10_universal2.whl", hash = "sha256:f4b3824920e206b4f52abd7de621ea7a44fd3cb5c8daceb7c3612345dfc54f2e", size = 382610, upload-time = "2025-09-10T23:38:49.459Z" },
+    { url = "https://files.pythonhosted.org/packages/0c/64/3ce958a5817fd3cc6df4ec14441c43fd9854405668d73babccf77f9597a3/pynacl-1.6.0-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:16dd347cdc8ae0b0f6187a2608c0af1c8b7ecbbe6b4a06bff8253c192f696990", size = 798744, upload-time = "2025-09-10T23:38:58.531Z" },
+    { url = "https://files.pythonhosted.org/packages/e4/8a/3f0dd297a0a33fa3739c255feebd0206bb1df0b44c52fbe2caf8e8bc4425/pynacl-1.6.0-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:16c60daceee88d04f8d41d0a4004a7ed8d9a5126b997efd2933e08e93a3bd850", size = 1397879, upload-time = "2025-09-10T23:39:00.44Z" },
+    { url = "https://files.pythonhosted.org/packages/41/94/028ff0434a69448f61348d50d2c147dda51aabdd4fbc93ec61343332174d/pynacl-1.6.0-cp38-abi3-manylinux_2_26_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:25720bad35dfac34a2bcdd61d9e08d6bfc6041bebc7751d9c9f2446cf1e77d64", size = 833907, upload-time = "2025-09-10T23:38:50.936Z" },
+    { url = "https://files.pythonhosted.org/packages/52/bc/a5cff7f8c30d5f4c26a07dfb0bcda1176ab8b2de86dda3106c00a02ad787/pynacl-1.6.0-cp38-abi3-manylinux_2_26_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8bfaa0a28a1ab718bad6239979a5a57a8d1506d0caf2fba17e524dbb409441cf", size = 1436649, upload-time = "2025-09-10T23:38:52.783Z" },
+    { url = "https://files.pythonhosted.org/packages/7a/20/c397be374fd5d84295046e398de4ba5f0722dc14450f65db76a43c121471/pynacl-1.6.0-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:ef214b90556bb46a485b7da8258e59204c244b1b5b576fb71848819b468c44a7", size = 817142, upload-time = "2025-09-10T23:38:54.4Z" },
+    { url = "https://files.pythonhosted.org/packages/12/30/5efcef3406940cda75296c6d884090b8a9aad2dcc0c304daebb5ae99fb4a/pynacl-1.6.0-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:49c336dd80ea54780bcff6a03ee1a476be1612423010472e60af83452aa0f442", size = 1401794, upload-time = "2025-09-10T23:38:56.614Z" },
+    { url = "https://files.pythonhosted.org/packages/be/e1/a8fe1248cc17ccb03b676d80fa90763760a6d1247da434844ea388d0816c/pynacl-1.6.0-cp38-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:f3482abf0f9815e7246d461fab597aa179b7524628a4bc36f86a7dc418d2608d", size = 772161, upload-time = "2025-09-10T23:39:01.93Z" },
+    { url = "https://files.pythonhosted.org/packages/a3/76/8a62702fb657d6d9104ce13449db221a345665d05e6a3fdefb5a7cafd2ad/pynacl-1.6.0-cp38-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:140373378e34a1f6977e573033d1dd1de88d2a5d90ec6958c9485b2fd9f3eb90", size = 1370720, upload-time = "2025-09-10T23:39:03.531Z" },
+    { url = "https://files.pythonhosted.org/packages/6d/38/9e9e9b777a1c4c8204053733e1a0269672c0bd40852908c9ad6b6eaba82c/pynacl-1.6.0-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:6b393bc5e5a0eb86bb85b533deb2d2c815666665f840a09e0aa3362bb6088736", size = 791252, upload-time = "2025-09-10T23:39:05.058Z" },
+    { url = "https://files.pythonhosted.org/packages/63/ef/d972ce3d92ae05c9091363cf185e8646933f91c376e97b8be79ea6e96c22/pynacl-1.6.0-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:4a25cfede801f01e54179b8ff9514bd7b5944da560b7040939732d1804d25419", size = 1362910, upload-time = "2025-09-10T23:39:06.924Z" },
+    { url = "https://files.pythonhosted.org/packages/35/2c/ee0b373a1861f66a7ca8bdb999331525615061320dd628527a50ba8e8a60/pynacl-1.6.0-cp38-abi3-win32.whl", hash = "sha256:dcdeb41c22ff3c66eef5e63049abf7639e0db4edee57ba70531fc1b6b133185d", size = 226461, upload-time = "2025-09-10T23:39:11.894Z" },
+    { url = "https://files.pythonhosted.org/packages/75/f7/41b6c0b9dd9970173b6acc026bab7b4c187e4e5beef2756d419ad65482da/pynacl-1.6.0-cp38-abi3-win_amd64.whl", hash = "sha256:cf831615cc16ba324240de79d925eacae8265b7691412ac6b24221db157f6bd1", size = 238802, upload-time = "2025-09-10T23:39:08.966Z" },
+    { url = "https://files.pythonhosted.org/packages/8e/0f/462326910c6172fa2c6ed07922b22ffc8e77432b3affffd9e18f444dbfbb/pynacl-1.6.0-cp38-abi3-win_arm64.whl", hash = "sha256:84709cea8f888e618c21ed9a0efdb1a59cc63141c403db8bf56c469b71ad56f2", size = 183846, upload-time = "2025-09-10T23:39:10.552Z" },
 ]
 
 [[package]]
@@ -2561,11 +2661,11 @@ wheels = [
 
 [[package]]
 name = "pyparsing"
-version = "3.2.3"
+version = "3.2.4"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/bb/22/f1129e69d94ffff626bdb5c835506b3a5b4f3d070f17ea295e12c2c6f60f/pyparsing-3.2.3.tar.gz", hash = "sha256:b9c13f1ab8b3b542f72e28f634bad4de758ab3ce4546e4301970ad6fa77c38be", size = 1088608, upload-time = "2025-03-25T05:01:28.114Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/98/c9/b4594e6a81371dfa9eb7a2c110ad682acf985d96115ae8b25a1d63b4bf3b/pyparsing-3.2.4.tar.gz", hash = "sha256:fff89494f45559d0f2ce46613b419f632bbb6afbdaed49696d322bcf98a58e99", size = 1098809, upload-time = "2025-09-13T05:47:19.732Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/05/e7/df2285f3d08fee213f2d041540fa4fc9ca6c2d44cf36d3a035bf2a8d2bcc/pyparsing-3.2.3-py3-none-any.whl", hash = "sha256:a749938e02d6fd0b59b356ca504a24982314bb090c383e3cf201c95ef7e2bfcf", size = 111120, upload-time = "2025-03-25T05:01:24.908Z" },
+    { url = "https://files.pythonhosted.org/packages/53/b8/fbab973592e23ae313042d450fc26fa24282ebffba21ba373786e1ce63b4/pyparsing-3.2.4-py3-none-any.whl", hash = "sha256:91d0fcde680d42cd031daf3a6ba20da3107e08a75de50da58360e7d94ab24d36", size = 113869, upload-time = "2025-09-13T05:47:17.863Z" },
 ]
 
 [[package]]
@@ -2872,14 +2972,14 @@ wheels = [
 
 [[package]]
 name = "s3transfer"
-version = "0.13.1"
+version = "0.14.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "botocore" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/6d/05/d52bf1e65044b4e5e27d4e63e8d1579dbdec54fce685908ae09bc3720030/s3transfer-0.13.1.tar.gz", hash = "sha256:c3fdba22ba1bd367922f27ec8032d6a1cf5f10c934fb5d68cf60fd5a23d936cf", size = 150589, upload-time = "2025-07-18T19:22:42.31Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/62/74/8d69dcb7a9efe8baa2046891735e5dfe433ad558ae23d9e3c14c633d1d58/s3transfer-0.14.0.tar.gz", hash = "sha256:eff12264e7c8b4985074ccce27a3b38a485bb7f7422cc8046fee9be4983e4125", size = 151547, upload-time = "2025-09-09T19:23:31.089Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/6d/4f/d073e09df851cfa251ef7840007d04db3293a0482ce607d2b993926089be/s3transfer-0.13.1-py3-none-any.whl", hash = "sha256:a981aa7429be23fe6dfc13e80e4020057cbab622b08c0315288758d67cabc724", size = 85308, upload-time = "2025-07-18T19:22:40.947Z" },
+    { url = "https://files.pythonhosted.org/packages/48/f0/ae7ca09223a81a1d890b2557186ea015f6e0502e9b8cb8e1813f1d8cfa4e/s3transfer-0.14.0-py3-none-any.whl", hash = "sha256:ea3b790c7077558ed1f02a3072fb3cb992bbbd253392f4b6e9e8976941c7d456", size = 85712, upload-time = "2025-09-09T19:23:30.041Z" },
 ]
 
 [[package]]
@@ -3078,7 +3178,7 @@ wheels = [
 
 [[package]]
 name = "trio"
-version = "0.30.0"
+version = "0.31.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "attrs" },
@@ -3088,9 +3188,9 @@ dependencies = [
     { name = "sniffio" },
     { name = "sortedcontainers" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/01/c1/68d582b4d3a1c1f8118e18042464bb12a7c1b75d64d75111b297687041e3/trio-0.30.0.tar.gz", hash = "sha256:0781c857c0c81f8f51e0089929a26b5bb63d57f927728a5586f7e36171f064df", size = 593776, upload-time = "2025-04-21T00:48:19.507Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/76/8f/c6e36dd11201e2a565977d8b13f0b027ba4593c1a80bed5185489178e257/trio-0.31.0.tar.gz", hash = "sha256:f71d551ccaa79d0cb73017a33ef3264fde8335728eb4c6391451fe5d253a9d5b", size = 605825, upload-time = "2025-09-09T15:17:15.242Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/69/8e/3f6dfda475ecd940e786defe6df6c500734e686c9cd0a0f8ef6821e9b2f2/trio-0.30.0-py3-none-any.whl", hash = "sha256:3bf4f06b8decf8d3cf00af85f40a89824669e2d033bb32469d34840edcfc22a5", size = 499194, upload-time = "2025-04-21T00:48:17.167Z" },
+    { url = "https://files.pythonhosted.org/packages/31/5b/94237a3485620dbff9741df02ff6d8acaa5fdec67d81ab3f62e4d8511bf7/trio-0.31.0-py3-none-any.whl", hash = "sha256:b5d14cd6293d79298b49c3485ffd9c07e3ce03a6da8c7dfbe0cb3dd7dc9a4774", size = 512679, upload-time = "2025-09-09T15:17:13.821Z" },
 ]
 
 [[package]]
@@ -3165,6 +3265,48 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/9a/bb/d43e5c75054e53efce310e79d63df0ac3f25e34c926be5dffb7d283fb2a8/typeguard-2.13.3-py3-none-any.whl", hash = "sha256:5e3e3be01e887e7eafae5af63d1f36c849aaa94e3a0112097312aabfa16284f1", size = 17605, upload-time = "2021-12-10T21:09:37.844Z" },
 ]
 
+[[package]]
+name = "types-ldap3"
+version = "2.9.13.20250622"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "types-pyasn1" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/51/aa/238da23c20f48359c667b69c932a45bdcc325149042f677dc420a721844c/types_ldap3-2.9.13.20250622.tar.gz", hash = "sha256:4770a8701daddf1ee936d46414205a329211b6f6e655c2764f6b70c89b023c47", size = 33634, upload-time = "2025-06-22T03:19:16.32Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/d4/fd/0339a618985d19d9b0630f78822d1becb0661be6abe8adbadd9569b875e1/types_ldap3-2.9.13.20250622-py3-none-any.whl", hash = "sha256:c18d0320327fa0017eb3d95acdf38921542d80939255e4ba130ca2d13ca3375f", size = 56498, upload-time = "2025-06-22T03:19:15.495Z" },
+]
+
+[[package]]
+name = "types-pyasn1"
+version = "0.6.0.20250914"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/69/92/bfe2385ee347c9d528adbd0fd8e5d7da6bcd18572cc42fd94e44c182dd69/types_pyasn1-0.6.0.20250914.tar.gz", hash = "sha256:236102553b76c938953037b7ae93d11d395d9413b7f2f8083d3b19d740f7eda6", size = 17109, upload-time = "2025-09-14T02:56:08.041Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/6c/9d/5eb611d0db5b980cbb7d3eaca5baf187d5346f6371fdb6c708847539cea6/types_pyasn1-0.6.0.20250914-py3-none-any.whl", hash = "sha256:68ffeef3c28e1ed120b8b81a242f238f137543e68d466d84a97edcf3e4203b5b", size = 24052, upload-time = "2025-09-14T02:56:07.247Z" },
+]
+
+[[package]]
+name = "types-pyyaml"
+version = "6.0.12.20250915"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/7e/69/3c51b36d04da19b92f9e815be12753125bd8bc247ba0470a982e6979e71c/types_pyyaml-6.0.12.20250915.tar.gz", hash = "sha256:0f8b54a528c303f0e6f7165687dd33fafa81c807fcac23f632b63aa624ced1d3", size = 17522, upload-time = "2025-09-15T03:01:00.728Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/bd/e0/1eed384f02555dde685fff1a1ac805c1c7dcb6dd019c916fe659b1c1f9ec/types_pyyaml-6.0.12.20250915-py3-none-any.whl", hash = "sha256:e7d4d9e064e89a3b3cae120b4990cd370874d2bf12fa5f46c97018dd5d3c9ab6", size = 20338, upload-time = "2025-09-15T03:00:59.218Z" },
+]
+
+[[package]]
+name = "types-requests"
+version = "2.32.4.20250913"
+source = { registry = "https://pypi.org/simple" }
+dependencies = [
+    { name = "urllib3" },
+]
+sdist = { url = "https://files.pythonhosted.org/packages/36/27/489922f4505975b11de2b5ad07b4fe1dca0bca9be81a703f26c5f3acfce5/types_requests-2.32.4.20250913.tar.gz", hash = "sha256:abd6d4f9ce3a9383f269775a9835a4c24e5cd6b9f647d64f88aa4613c33def5d", size = 23113, upload-time = "2025-09-13T02:40:02.309Z" }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/2a/20/9a227ea57c1285986c4cf78400d0a91615d25b24e257fd9e2969606bdfae/types_requests-2.32.4.20250913-py3-none-any.whl", hash = "sha256:78c9c1fffebbe0fa487a418e0fa5252017e9c60d1a2da394077f1780f655d7e1", size = 20658, upload-time = "2025-09-13T02:40:01.115Z" },
+]
+
 [[package]]
 name = "typing-extensions"
 version = "4.15.0"
@@ -3488,31 +3630,31 @@ wheels = [
 
 [[package]]
 name = "zope-event"
-version = "5.1.1"
+version = "6.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "setuptools" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/5a/9f/c443569a68d3844c044d9fa9711e08adb33649b527b4d432433f4c2a6a02/zope_event-5.1.1.tar.gz", hash = "sha256:c1ac931abf57efba71a2a313c5f4d57768a19b15c37e3f02f50eb1536be12d4e", size = 18811, upload-time = "2025-07-22T07:04:00.924Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/c2/d8/9c8b0c6bb1db09725395618f68d3b8a08089fca0aed28437500caaf713ee/zope_event-6.0.tar.gz", hash = "sha256:0ebac894fa7c5f8b7a89141c272133d8c1de6ddc75ea4b1f327f00d1f890df92", size = 18731, upload-time = "2025-09-12T07:10:13.551Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/e9/04/fd55695f6448abd22295fc68b2d3a135389558f0f49a24b0dffe019d0ecb/zope_event-5.1.1-py3-none-any.whl", hash = "sha256:8d5ea7b992c42ce73a6fa9c2ba99a004c52cd9f05d87f3220768ef0329b92df7", size = 7014, upload-time = "2025-07-22T07:03:59.9Z" },
+    { url = "https://files.pythonhosted.org/packages/d1/b5/1abb5a8b443314c978617bf46d5d9ad648bdf21058074e817d7efbb257db/zope_event-6.0-py3-none-any.whl", hash = "sha256:6f0922593407cc673e7d8766b492c519f91bdc99f3080fe43dcec0a800d682a3", size = 6409, upload-time = "2025-09-12T07:10:12.316Z" },
 ]
 
 [[package]]
 name = "zope-interface"
-version = "7.2"
+version = "8.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "setuptools" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/30/93/9210e7606be57a2dfc6277ac97dcc864fd8d39f142ca194fdc186d596fda/zope.interface-7.2.tar.gz", hash = "sha256:8b49f1a3d1ee4cdaf5b32d2e738362c7f5e40ac8b46dd7d1a65e82a4872728fe", size = 252960, upload-time = "2024-11-28T08:45:39.224Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/68/21/a6af230243831459f7238764acb3086a9cf96dbf405d8084d30add1ee2e7/zope_interface-8.0.tar.gz", hash = "sha256:b14d5aac547e635af749ce20bf49a3f5f93b8a854d2a6b1e95d4d5e5dc618f7d", size = 253397, upload-time = "2025-09-12T07:17:13.571Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/c6/3b/e309d731712c1a1866d61b5356a069dd44e5b01e394b6cb49848fa2efbff/zope.interface-7.2-cp313-cp313-macosx_10_9_x86_64.whl", hash = "sha256:3e0350b51e88658d5ad126c6a57502b19d5f559f6cb0a628e3dc90442b53dd98", size = 208961, upload-time = "2024-11-28T08:48:29.865Z" },
-    { url = "https://files.pythonhosted.org/packages/49/65/78e7cebca6be07c8fc4032bfbb123e500d60efdf7b86727bb8a071992108/zope.interface-7.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:15398c000c094b8855d7d74f4fdc9e73aa02d4d0d5c775acdef98cdb1119768d", size = 209356, upload-time = "2024-11-28T08:48:33.297Z" },
-    { url = "https://files.pythonhosted.org/packages/11/b1/627384b745310d082d29e3695db5f5a9188186676912c14b61a78bbc6afe/zope.interface-7.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:802176a9f99bd8cc276dcd3b8512808716492f6f557c11196d42e26c01a69a4c", size = 264196, upload-time = "2024-11-28T09:18:17.584Z" },
-    { url = "https://files.pythonhosted.org/packages/b8/f6/54548df6dc73e30ac6c8a7ff1da73ac9007ba38f866397091d5a82237bd3/zope.interface-7.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eb23f58a446a7f09db85eda09521a498e109f137b85fb278edb2e34841055398", size = 259237, upload-time = "2024-11-28T08:48:31.71Z" },
-    { url = "https://files.pythonhosted.org/packages/b6/66/ac05b741c2129fdf668b85631d2268421c5cd1a9ff99be1674371139d665/zope.interface-7.2-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a71a5b541078d0ebe373a81a3b7e71432c61d12e660f1d67896ca62d9628045b", size = 264696, upload-time = "2024-11-28T08:48:41.161Z" },
-    { url = "https://files.pythonhosted.org/packages/0a/2f/1bccc6f4cc882662162a1158cda1a7f616add2ffe322b28c99cb031b4ffc/zope.interface-7.2-cp313-cp313-win_amd64.whl", hash = "sha256:4893395d5dd2ba655c38ceb13014fd65667740f09fa5bb01caa1e6284e48c0cd", size = 212472, upload-time = "2024-11-28T08:49:56.587Z" },
+    { url = "https://files.pythonhosted.org/packages/f2/7a/1093db3af58fe48299659a7e0bc17cb2be72bf8bf7ea54a429556c816e50/zope_interface-8.0-cp313-cp313-macosx_10_9_x86_64.whl", hash = "sha256:ee9ecad04269c2da4b1be403a47993981531ffd557064b870eab4094730e5062", size = 208743, upload-time = "2025-09-12T07:24:14.397Z" },
+    { url = "https://files.pythonhosted.org/packages/fe/ec/63003ea86eb37b423ad85575b77b445ca26baa4b15f431d0c2319642ffeb/zope_interface-8.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:a9a8a71c38628af82a9ea1f7be58e5d19360a38067080c8896f6cbabe167e4f8", size = 208803, upload-time = "2025-09-12T07:24:15.918Z" },
+    { url = "https://files.pythonhosted.org/packages/d9/0e/e19352096e2933e0047b954d861d74dce34c61283a9c3150aac163a182d9/zope_interface-8.0-cp313-cp313-manylinux1_i686.manylinux2014_i686.manylinux_2_17_i686.manylinux_2_5_i686.whl", hash = "sha256:c0cc51ebd984945362fd3abdc1e140dbd837c3e3b680942b3fa24fe3aac26ef8", size = 258964, upload-time = "2025-09-12T07:58:22.829Z" },
+    { url = "https://files.pythonhosted.org/packages/32/a5/ec1578b838f364c889746a03960624a8781c9a1cd1b8cc29c57ec8d16df9/zope_interface-8.0-cp313-cp313-manylinux1_x86_64.manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:07405019f635a93b318807cb2ec7b05a5ef30f67cf913d11eb2f156ddbcead0d", size = 264435, upload-time = "2025-09-12T08:00:30.255Z" },
+    { url = "https://files.pythonhosted.org/packages/e7/8e/4a8b167481cada8b82b2212eb0003d425a30d1699d3604052e6c66817545/zope_interface-8.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:450ab3357799eed6093f3a9f1fa22761b3a9de9ebaf57f416da2c9fb7122cdcb", size = 263942, upload-time = "2025-09-12T08:29:22.416Z" },
+    { url = "https://files.pythonhosted.org/packages/38/bd/f9da62983480ecfc5a1147fafbc762bb76e5e8528611c4cf8b9d72b4de13/zope_interface-8.0-cp313-cp313-win_amd64.whl", hash = "sha256:e38bb30a58887d63b80b01115ab5e8be6158b44d00b67197186385ec7efe44c7", size = 212034, upload-time = "2025-09-12T07:22:57.241Z" },
 ]
 
 [[package]]

web/bundler/utils/node.js

@@ -3,7 +3,12 @@
  */
 
 import { NodeEnvironment, serializeEnvironmentVars } from "@goauthentik/core/environment/node";
-import { AuthentikVersion } from "@goauthentik/core/version/node";
+import {
+    AuthentikVersion,
+    CurrentReleaseDocsURL,
+    PreReleaseDocsURL,
+    ReleaseNotesURL,
+} from "@goauthentik/core/version/node";
 
 /**
  * Creates a mapping of environment variables to their respective runtime constants.
@@ -18,6 +23,9 @@ export function createBundleDefinitions() {
      */
     const envRecord = {
         AK_VERSION: AuthentikVersion,
+        AK_DOCS_URL: CurrentReleaseDocsURL.href,
+        AK_DOCS_RELEASE_NOTES_URL: ReleaseNotesURL.href,
+        AK_DOCS_PRE_RELEASE_URL: PreReleaseDocsURL.href,
         AK_API_BASE_PATH: process.env.AK_API_BASE_PATH ?? "",
     };
 

web/commands.mjs

@@ -1,40 +0,0 @@
-/// <reference types="@wdio/globals/types" />
-/// <reference types="./types/webdriver.js" />
-
-/**
- *
- * @param {WebdriverIO.Browser} browser
- */
-export function addCommands(browser) {
-    /**
-     * @file Custom WDIO browser commands
-     */
-
-    browser.addCommand(
-        "focus",
-        /**
-         * @this {HTMLElement}
-         */
-        // @ts-ignore
-        function () {
-            this.focus();
-
-            return this;
-        },
-        /* attachToElement */ true,
-    );
-
-    browser.addCommand(
-        "blur",
-        /**
-         * @this {HTMLElement}
-         */
-        // @ts-ignore
-        function () {
-            this.blur();
-
-            return this;
-        },
-        /* attachToElement */ true,
-    );
-}

web/e2e/fixtures/FormFixture.ts

@@ -31,8 +31,7 @@ export class FormFixture extends PageFixture {
                 parent.getByRole("spinbutton", {
                     name: fieldName,
                 }),
-            )
-            .first();
+            );
 
         await expect(control, `Field (${fieldName}) should be visible`).toBeVisible();
 
@@ -80,14 +79,12 @@ export class FormFixture extends PageFixture {
         fieldName: string,
         parent: LocatorContext = this.page,
     ): Promise<void> => {
-        const group = parent.getByRole("group", { name: groupName });
+        const group = parent.getByRole("radiogroup", { name: groupName });
 
         await expect(group, `Field "${groupName}" should be visible`).toBeVisible();
         const control = parent.getByRole("radio", { name: fieldName });
 
-        await control.setChecked(true, {
-            force: true,
-        });
+        await control.setChecked(true);
     };
 
     /**

web/e2e/fixtures/SessionFixture.ts

@@ -91,7 +91,11 @@ export class SessionFixture extends PageFixture {
 
         const expectedPathname = typeof to === "string" ? to : to.pathname;
 
-        await this.page.waitForURL(`**${expectedPathname}`);
+        this.logger.info(`Waiting for URL to change to ${expectedPathname}`);
+
+        await this.page.waitForURL(`**${expectedPathname}**`);
+
+        this.logger.info(`URL changed to ${this.page.url()}`);
     }
 
     //#endregion

web/e2e/utils/dictionaries/adjectives.txt

@@ -0,0 +1,596 @@
+abundant
+acceptable
+accessible
+acclaimed
+accomplished
+accurate
+achievable
+activated
+active
+adaptable
+adequate
+adjusted
+admirable
+adorable
+advanced
+advantageous
+aesthetic
+affordable
+agile
+agreeable
+alert
+aligned
+amazing
+ambitious
+ample
+analytical
+ancient
+animated
+apparent
+appealing
+applicable
+appreciated
+appropriate
+approved
+artistic
+assured
+athletic
+attentive
+authorized
+automatic
+available
+balanced
+basic
+beneficial
+best
+better
+big
+bold
+brief
+bright
+brilliant
+broad
+business
+busy
+calm
+capable
+capital
+careful
+casual
+central
+certain
+certified
+challenging
+changing
+characteristic
+charming
+cheap
+cheerful
+classic
+clean
+clear
+clever
+close
+coastal
+cold
+colorful
+comfortable
+commercial
+committed
+common
+compact
+comparative
+compatible
+competitive
+complete
+complex
+comprehensive
+computational
+concentrated
+concrete
+confident
+connected
+conscious
+consecutive
+considerable
+consistent
+constant
+constructive
+contemporary
+content
+continued
+continuous
+convenient
+conventional
+cool
+cooperative
+coordinated
+correct
+corresponding
+creative
+crisp
+critical
+crucial
+cultural
+curious
+current
+custom
+daily
+dark
+dear
+decent
+dedicated
+deep
+definite
+delicate
+dense
+dependable
+dependent
+detailed
+determined
+developed
+developmental
+different
+difficult
+digital
+dimensional
+direct
+distinct
+distinctive
+distinguished
+diverse
+domestic
+dominant
+double
+dramatic
+dry
+dual
+dynamic
+eager
+early
+east
+eastern
+easy
+economic
+educational
+effective
+efficient
+electric
+electronic
+elegant
+elementary
+elevated
+emotional
+empty
+enabled
+endless
+energetic
+engaging
+enhanced
+enjoyable
+enormous
+enough
+entire
+environmental
+equal
+equipped
+equivalent
+especially
+essential
+established
+estimated
+ethical
+evening
+eventual
+every
+exact
+excellent
+exceptional
+exciting
+exclusive
+existing
+expanded
+expected
+expensive
+experienced
+experimental
+expert
+express
+extended
+extensive
+external
+extra
+extreme
+fair
+familiar
+famous
+far
+fast
+favorable
+favorite
+featured
+federal
+few
+final
+financial
+fine
+firm
+first
+fit
+fixed
+flat
+flexible
+fluent
+focused
+following
+formal
+former
+forward
+foundational
+frank
+free
+fresh
+friendly
+front
+full
+functional
+fundamental
+future
+general
+generous
+gentle
+genuine
+given
+global
+good
+governing
+graceful
+grand
+great
+greater
+greatest
+green
+gross
+growing
+guaranteed
+half
+handy
+happy
+hard
+healthy
+eavy
+helpful
+high
+higher
+highest
+historical
+honest
+hot
+huge
+human
+ideal
+identical
+immediate
+immense
+important
+improved
+increased
+independent
+individual
+industrial
+inevitable
+informal
+initial
+innovative
+instant
+institutional
+integrated
+intelligent
+intended
+intense
+interactive
+interested
+interesting
+internal
+international
+involved
+isolated
+key
+kind
+known
+last
+late
+later
+latest
+leading
+lean
+learned
+least
+left
+legal
+less
+level
+light
+like
+likely
+limited
+linear
+little
+live
+living
+local
+logical
+long
+longer
+longest
+low
+lower
+main
+major
+managed
+manual
+marked
+mass
+massive
+matching
+material
+mathematical
+maximum
+meaningful
+measured
+mechanical
+medical
+medium
+mental
+middle
+mild
+minimum
+minor
+mobile
+moderate
+modern
+modest
+molecular
+more
+most
+multiple
+municipal
+narrow
+national
+native
+natural
+near
+nearby
+neat
+necessary
+negative
+neighboring
+net
+neutral
+new
+newer
+newest
+next
+nice
+nominal
+non-profit
+normal
+north
+northern
+notable
+noted
+numerous
+objective
+obvious
+occasional
+odd
+off
+official
+old
+older
+oldest
+ongoing
+online
+only
+open
+operational
+optimal
+optional
+ordinary
+organic
+organized
+original
+other
+outstanding
+overall
+own
+particular
+past
+patient
+perfect
+permanent
+plain
+planned
+pleasant
+plus
+political
+popular
+portable
+positive
+possible
+potential
+powerful
+practical
+precious
+precise
+preferred
+preliminary
+premium
+prepared
+present
+pretty
+previous
+primary
+prime
+principal
+prior
+private
+probable
+professional
+progressive
+proper
+proposed
+proud
+proven
+public
+pure
+qualified
+quality
+quick
+quiet
+random
+rapid
+rare
+raw
+ready
+real
+reasonable
+recent
+recommended
+reduced
+regular
+related
+relative
+relevant
+reliable
+remaining
+remarkable
+remote
+renewable
+repeated
+representative
+required
+residential
+responsible
+resulting
+rich
+right
+robust
+rough
+round
+routine
+rural
+safe
+same
+satisfactory
+scientific
+secondary
+secure
+selected
+senior
+separate
+serious
+several
+severe
+shared
+sharp
+short
+significant
+similar
+simple
+single
+small
+smaller
+smallest
+smart
+smooth
+social
+soft
+solid
+southern
+spatial
+special
+specific
+stable
+standard
+steady
+straight
+strategic
+strong
+structural
+substantial
+successful
+sufficient
+suitable
+summary
+super
+superior
+supported
+sure
+sustainable
+sweet
+swift
+systematic
+tall
+technical
+temporary
+territorial
+thick
+thin
+thorough
+tight
+tiny
+top
+total
+tough
+traditional
+trained
+transparent
+typical
+ultimate
+underlying
+unique
+united
+universal
+unknown
+unlimited
+updated
+upper
+urban
+useful
+valid
+valuable
+veritable
+varied
+various
+vast
+vertical
+viable
+vital
+warm
+weekly
+western
+wet
+wide
+wild
+willing
+wonderful
+wooden
+working
+worldwide
+worthy
+written
+yare
+yerning
+yarely
+zappy
+zazzy
+zealous
+zestful
+zesty
+zingy
+zippy
+zonal
+zooty
+zowie
+zuperb

web/e2e/utils/dictionaries/colors.txt

@@ -0,0 +1,277 @@
+alabaster
+alizarin
+alloy
+almond
+amaranth
+amber
+amethyst
+apricot
+aqua
+aquamarine
+arylide
+asparagus
+auburn
+aureolin
+avocado
+azure
+beige
+bistre
+black
+blue
+bluish
+blurple
+blush
+brick
+bright
+bronze
+brown
+buff
+burgundy
+butterscotch
+byzantium
+cadmium
+canary
+capri
+caramel
+cardinal
+carmine
+carnation
+carnelian
+carrot
+celadon
+celeste
+celestial
+cerise
+cerulean
+chamoisee
+champagne
+charcoal
+chartreuse
+cherry
+chestnut
+chili
+chocolate
+chrome
+cinereous
+cinnabar
+citrine
+citron
+claret
+cobalt
+cocoa
+coffee
+copper
+coquelicot
+coral
+cordovan
+corn
+cornsilk
+cosmic
+cream
+crimson
+cyan
+cyclamen
+desert
+drab
+earth
+earthen
+ebony
+ecru
+eggplant
+eggshell
+emerald
+eminence
+fawn
+feijoa
+feldspar
+fir
+fire
+fizz
+flame
+flamingo
+flavescent
+flax
+fleece
+floral
+fluorescent
+folly
+forest
+frond
+fuchsia
+fulvous
+gamboge
+garnet
+glaucous
+gold
+golden
+goldenrod
+grain
+granite
+grape
+green
+harvest
+heliotrope
+honeydew
+icterine
+indigo
+iris
+isabelline
+ivory
+jade
+jasmine
+jasper
+jazzberry
+jet
+jonquil
+keppel
+khaki
+kobicha
+lapis
+latte
+lavender
+lemon
+licorice
+lilac
+lime
+linen
+lion
+liver
+madder
+magenta
+magnolia
+mahogany
+maize
+majorelle
+malachite
+manatee
+mantis
+marigold
+maroon
+marrs
+mauve
+mauveine
+mauvelous
+melon
+metallic
+midnight
+mikado
+mindaro
+mint
+mist
+moonstone
+mulberry
+mustard
+myrtle
+neon
+oatmeal
+ochre
+olive
+olivine
+onyx
+orange
+orchid
+oxblood
+oxide
+papaya
+parchment
+peach
+pear
+pearl
+periwinkle
+persimmon
+petunia
+phlox
+pine
+pink
+pistachio
+platinum
+plum
+poppy
+puce
+pumpkin
+purple
+purpureus
+raisin
+raspberry
+razzmatazz
+red
+redwood
+reseda
+riptide
+rose
+rosewood
+rosso
+rosy
+ruby
+rufous
+russet
+rust
+rusty
+saffron
+sage
+salmon
+sand
+sandy
+sap
+sapphire
+scarlet
+sea
+seal
+seasalt
+seashell
+sepia
+sherbert
+shimmer
+sienna
+silken
+silver
+sinopia
+sky
+slate
+smalt
+snow
+soap
+spring
+straw
+sunglow
+sunset
+sunshine
+tan
+tangelo
+tangerine
+taupe
+tawny
+tea
+teal
+thistle
+timber
+titian
+tomato
+turquoise
+ube
+ultramarine
+umber
+vanilla
+verdigris
+vermilion
+violet
+viridian
+walnut
+wenge
+wheat
+white
+wine
+xanthic
+xanthous
+xiketic
+xingren
+yam
+yasmin
+yellow
+yolk
+yucca
+zaffre
+zinc
+zinnia
+zinnwaldite
+zomp

web/e2e/utils/generators.ts

@@ -1,60 +1,81 @@
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { fileURLToPath } from "node:url";
+
 import { IDGenerator } from "@goauthentik/core/id";
 
-import {
-    adjectives,
-    colors,
-    Config as NameConfig,
-    uniqueNamesGenerator,
-} from "unique-names-generator";
+import { capitalCase } from "change-case";
+
+const __dirname = fileURLToPath(new URL(".", import.meta.url));
+
+const dictionaries = join(__dirname, "dictionaries");
+
+function simpleHash(seed: string) {
+    let hash = 0;
+
+    for (let i = 0; i < seed.length; i++) {
+        hash = (hash * 31 + seed.charCodeAt(i)) | 0; // keep it 32-bit
+    }
+    return Math.abs(hash);
+}
+
+class LazyDictionary {
+    #entries: string[] = [];
+    #filePath: string;
+    #loaded = false;
+
+    constructor(filePath: string) {
+        this.#filePath = filePath;
+    }
+
+    public load() {
+        if (this.#loaded) return;
+
+        this.#entries = readFileSync(this.#filePath, "utf8").split("\n").filter(Boolean);
+        this.#loaded = true;
+
+        return this.#entries;
+    }
+
+    public random(seed: string) {
+        this.load();
+
+        // We use modulo to ensure that the seed is always within the range of the dictionary
+        const index = Math.floor(simpleHash(seed) % this.#entries.length);
+
+        return this.#entries[index];
+    }
+}
+
+const Adjectives = new LazyDictionary(join(dictionaries, "adjectives.txt"));
+const Colors = new LazyDictionary(join(dictionaries, "colors.txt"));
 
 /**
- * Given a dictionary of words, slice the dictionary to only include words that start with the given letter.
+ * Generate a random phrase consisting of an two adjectives and a color.
+ *
+ * @param seeds Seeds to use for the random number generator.
  */
-export function alliterate(dictionary: string[], letter: string): string[] {
-    let firstIndex = 0;
+export function randomPhrases(...seeds: string[]) {
+    const [
+        adjectiveSeed1 = IDGenerator.randomID(),
+        adjectiveSeed2 = IDGenerator.randomID(),
+        // Ensure a pairing of the first adjective and color is always used
+        // allow for a more predictable result.
+        colorSeed = adjectiveSeed1,
+    ] = seeds;
 
-    for (let i = 0; i < dictionary.length; i++) {
-        if (dictionary[i][0] === letter) {
-            firstIndex = i;
-            break;
-        }
-    }
+    const adjective1 = Adjectives.random(adjectiveSeed1);
+    const adjective2 = Adjectives.random(adjectiveSeed2);
+    const color = Colors.random(colorSeed);
 
-    let lastIndex = firstIndex;
-
-    for (let i = firstIndex; i < dictionary.length; i++) {
-        if (dictionary[i][0] !== letter) {
-            lastIndex = i;
-            break;
-        }
-    }
-
-    return dictionary.slice(firstIndex, lastIndex);
+    return [adjective1, adjective2, color];
 }
 
-export function createRandomName({
-    seed = IDGenerator.randomID(),
-    ...config
-}: Partial<NameConfig> = {}) {
-    const randomLetterIndex =
-        typeof seed === "number"
-            ? seed
-            : Array.from(seed).reduce((acc, char) => acc + char.charCodeAt(0), 0);
-
-    const letter = adjectives[randomLetterIndex % adjectives.length][0];
-
-    const availableAdjectives = alliterate(adjectives, letter);
-
-    const availableColors = alliterate(colors, letter);
-
-    const name = uniqueNamesGenerator({
-        dictionaries: [availableAdjectives, availableAdjectives, availableColors],
-        style: "capital",
-        separator: " ",
-        length: 3,
-        seed,
-        ...config,
-    });
-
-    return name;
+/**
+ * Generate a random name consisting of an adjective, a color, and a phrase.
+ *
+ * @param seeds Seeds to use for the random number generator.
+ */
+export function randomName(...seeds: string[]) {
+    return capitalCase(randomPhrases(...seeds).join(" "));
 }

web/package.json

@@ -24,12 +24,8 @@
         "pseudolocalize": "node ./scripts/pseudolocalize.mjs",
         "storybook": "storybook dev -p 6006",
         "storybook:build": "wireit",
-        "test": "wireit",
-        "test:e2e": "wireit",
-        "test:e2e:next": "playwright test",
-        "test:e2e:watch": "wireit",
-        "test:next": "vitest",
-        "test:watch": "wireit",
+        "test": "vitest",
+        "test:e2e": "playwright test",
         "tsc": "wireit",
         "watch": "run-s build-locales esbuild:watch"
     },
@@ -89,7 +85,7 @@
     },
     "dependencies": {
         "@codemirror/lang-css": "^6.3.1",
-        "@codemirror/lang-html": "^6.4.9",
+        "@codemirror/lang-html": "^6.4.10",
         "@codemirror/lang-javascript": "^6.2.4",
         "@codemirror/lang-python": "^6.2.1",
         "@codemirror/lang-xml": "^6.1.0",
@@ -98,10 +94,10 @@
         "@eslint/js": "^9.31.0",
         "@floating-ui/dom": "^1.7.4",
         "@formatjs/intl-listformat": "^7.7.11",
-        "@fortawesome/fontawesome-free": "^7.0.0",
-        "@goauthentik/api": "^2025.10.0-rc1-1756472879",
+        "@fortawesome/fontawesome-free": "^7.0.1",
+        "@goauthentik/api": "^2025.10.0-rc1-1758298561",
         "@goauthentik/core": "^1.0.0",
-        "@goauthentik/esbuild-plugin-live-reload": "^1.1.0",
+        "@goauthentik/esbuild-plugin-live-reload": "^1.2.2",
         "@goauthentik/eslint-config": "^1.0.5",
         "@goauthentik/prettier-config": "^3.1.0",
         "@goauthentik/tsconfig": "^1.0.4",
@@ -119,18 +115,18 @@
         "@patternfly/elements": "^4.2.0",
         "@patternfly/patternfly": "^4.224.2",
         "@playwright/test": "^1.55.0",
-        "@sentry/browser": "^10.8.0",
+        "@sentry/browser": "^10.12.0",
         "@spotlightjs/spotlight": "^3.0.2",
-        "@storybook/addon-docs": "^9.1.3",
-        "@storybook/addon-links": "^9.1.3",
-        "@storybook/web-components": "^9.1.3",
-        "@storybook/web-components-vite": "^9.1.3",
+        "@storybook/addon-docs": "^9.1.7",
+        "@storybook/addon-links": "^9.1.7",
+        "@storybook/web-components": "^9.1.7",
+        "@storybook/web-components-vite": "^9.1.7",
         "@types/codemirror": "^5.60.16",
         "@types/grecaptcha": "^3.0.9",
         "@types/guacamole-common-js": "^1.5.4",
         "@types/mocha": "^10.0.10",
-        "@types/node": "^24.3.0",
-        "@types/react": "^19.1.12",
+        "@types/node": "^24.5.2",
+        "@types/react": "^19.1.13",
         "@types/react-dom": "^19.1.9",
         "@typescript-eslint/eslint-plugin": "^8.38.0",
         "@typescript-eslint/parser": "^8.38.0",
@@ -141,31 +137,27 @@
         "chart.js": "^4.5.0",
         "chartjs-adapter-date-fns": "^3.0.0",
         "codemirror": "^6.0.2",
-        "construct-style-sheets-polyfill": "^3.1.0",
         "core-js": "^3.45.1",
-        "country-flag-icons": "^1.5.19",
+        "country-flag-icons": "^1.5.20",
         "date-fns": "^4.1.0",
         "deepmerge-ts": "^7.1.5",
-        "dompurify": "^3.2.6",
-        "esbuild": "^0.25.9",
+        "dompurify": "^3.2.7",
+        "esbuild": "^0.25.10",
         "esbuild-plugin-copy": "^2.1.1",
-        "esbuild-plugin-polyfill-node": "^0.3.0",
-        "esbuild-plugins-node-modules-polyfill": "^1.7.1",
-        "eslint": "^9.34.0",
+        "eslint": "^9.36.0",
         "eslint-plugin-lit": "^2.1.1",
         "eslint-plugin-wc": "^3.0.1",
         "fuse.js": "^7.1.0",
-        "github-slugger": "^2.0.0",
-        "globals": "^16.3.0",
+        "globals": "^16.4.0",
         "guacamole-common-js": "^1.5.0",
         "hastscript": "^9.0.1",
-        "knip": "^5.63.0",
+        "knip": "^5.63.1",
         "lit": "^3.3.1",
         "lit-analyzer": "^2.0.3",
         "md-front-matter": "^1.0.4",
-        "mermaid": "^11.10.1",
+        "mermaid": "^11.12.0",
         "npm-run-all": "^4.1.5",
-        "pino": "^9.7.0",
+        "pino": "^9.11.0",
         "pino-pretty": "^13.1.1",
         "playwright": "^1.55.0",
         "prettier": "^3.6.2",
@@ -186,11 +178,11 @@
         "trusted-types": "^2.0.0",
         "ts-pattern": "^5.8.0",
         "turnstile-types": "^1.2.3",
+        "type-fest": "^5.0.1",
         "typescript": "^5.8.3",
-        "typescript-eslint": "^8.41.0",
-        "unique-names-generator": "^4.7.1",
+        "typescript-eslint": "^8.44.0",
         "unist-util-visit": "^5.0.0",
-        "vite": "^7.1.4",
+        "vite": "^7.1.6",
         "vitest": "^3.2.4",
         "webcomponent-qr-code": "^1.3.0",
         "wireit": "^0.14.12",
@@ -200,14 +192,10 @@
         "@esbuild/darwin-arm64": "^0.25.4",
         "@esbuild/linux-arm64": "^0.25.4",
         "@esbuild/linux-x64": "^0.25.4",
-        "@rollup/rollup-darwin-arm64": "^4.50.0",
-        "@rollup/rollup-linux-arm64-gnu": "^4.50.0",
-        "@rollup/rollup-linux-x64-gnu": "^4.50.0",
-        "@wdio/browser-runner": "^9.19.2",
-        "@wdio/cli": "^9.19.2",
-        "@wdio/spec-reporter": "^9.19.2",
-        "@web/test-runner": "^0.20.2",
-        "chromedriver": "^139.0.3",
+        "@rollup/rollup-darwin-arm64": "^4.52.0",
+        "@rollup/rollup-linux-arm64-gnu": "^4.52.0",
+        "@rollup/rollup-linux-x64-gnu": "^4.52.0",
+        "chromedriver": "^140.0.3",
         "p-iteration": "^1.1.8"
     },
     "wireit": {
@@ -280,17 +268,13 @@
         "lint:components": {
             "command": "lit-analyzer src"
         },
-        "lint:types:tests": {
-            "command": "tsc --noEmit -p ./tests"
-        },
         "lint:types": {
             "command": "tsc -p .",
             "env": {
                 "NODE_OPTIONS": "--max_old_space_size=8192"
             },
             "dependencies": [
-                "build-locales",
-                "lint:types:tests"
+                "build-locales"
             ]
         },
         "lint:lockfile": {
@@ -316,41 +300,6 @@
                 "NODE_OPTIONS": "--max_old_space_size=8192"
             }
         },
-        "test": {
-            "command": "wdio ./wdio.conf.mjs --logLevel=warn",
-            "env": {
-                "CI": "true",
-                "TS_NODE_PROJECT": "tsconfig.test.json"
-            }
-        },
-        "test:e2e": {
-            "command": "wdio run ./tests/wdio.conf.mjs",
-            "dependencies": [
-                "build"
-            ],
-            "env": {
-                "CI": "true",
-                "TS_NODE_PROJECT": "./tests/tsconfig.test.json"
-            }
-        },
-        "test:e2e:watch": {
-            "command": "wdio run ./tests/wdio.conf.mjs",
-            "dependencies": [
-                "build"
-            ],
-            "env": {
-                "TS_NODE_PROJECT": "./tests/tsconfig.test.json"
-            }
-        },
-        "test:watch": {
-            "command": "wdio run ./wdio.conf.mjs",
-            "dependencies": [
-                "build"
-            ],
-            "env": {
-                "TS_NODE_PROJECT": "tsconfig.test.json"
-            }
-        },
         "tsc": {
             "command": "tsc -p .",
             "env": {

web/packages/core/package.json

@@ -47,8 +47,10 @@
     "dependencies": {
         "@goauthentik/prettier-config": "^3.1.0",
         "@goauthentik/tsconfig": "^1.0.4",
-        "@types/node": "^24.3.0",
+        "@types/node": "^24.5.2",
+        "@types/semver": "^7.7.1",
         "prettier": "^3.6.2",
+        "semver": "^7.7.2",
         "typescript": "^5.8.3"
     },
     "engines": {