core: bump github.com/grafana/pyroscope-go from 1.2.8 to 1.3.0 (#22349 )

Bumps [github.com/grafana/pyroscope-go](https://github.com/grafana/pyroscope-go) from 1.2.8 to 1.3.0. - [Release notes](https://github.com/grafana/pyroscope-go/releases) - [Commits](https://github.com/grafana/pyroscope-go/compare/v1.2.8...v1.3.0) --- updated-dependencies: - dependency-name: github.com/grafana/pyroscope-go dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
web: bump @typescript/native-preview from 7.0.0-dev.20260421.2 to 7.0.0-dev.20260506.1 in /web (#22355 )
2026-05-14 19:06:39 +02:00 · 2026-05-14 14:01:03 +02:00 · 2026-05-14 14:00:40 +02:00 · 2026-05-14 14:00:13 +02:00 · 2026-05-14 13:59:57 +02:00 · 2026-05-14 13:59:43 +02:00
116 changed files with 23260 additions and 3653 deletions
--- a/.github/actions/setup-node/action.yml
+++ b/.github/actions/setup-node/action.yml
@@ -0,0 +1,77 @@
+name: "Setup Node.js and NPM"
+description: "Sets up Node.js with a specific NPM version via Corepack"
+inputs:
+  working-directory:
+    description: "Path to the working directory containing the package.json file"
+    required: false
+    default: "."
+  dependencies:
+    required: false
+    description: "List of dependencies to setup"
+    default: "monorepo,working-directory"
+  node-version-file:
+    description: "Path to file containing the Node.js version"
+    required: false
+    default: "package.json"
+  cache-dependency-path:
+    description: "Path to dependency lock file for caching"
+    required: false
+    default: "package-lock.json"
+  cache:
+    description: "Package manager to cache"
+    default: "npm"
+  registry-url:
+    description: "npm registry URL"
+    default: "https://registry.npmjs.org"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Node.js (Corepack bootstrap)
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
+      with:
+        node-version-file: ${{ inputs.node-version-file }}
+        registry-url: ${{ inputs.registry-url }}
+        cache: ${{ inputs.cache }}
+        cache-dependency-path: |
+          ${{ inputs.cache-dependency-path }}
+          ${{ inputs.working-directory }}/${{ inputs.cache-dependency-path }}
+
+    - name: Install Corepack
+      working-directory: ${{ github.workspace}}
+      shell: bash
+      run: | #shell
+        node ./scripts/node/setup-corepack.mjs --force
+        corepack enable
+    - name: Lint Node.js and NPM versions
+      shell: bash
+      run: node ./scripts/node/lint-runtime.mjs
+    - name: Setup Node.js (Monorepo Root)
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
+      with:
+        node-version-file: ${{ inputs.node-version-file }}
+        registry-url: ${{ inputs.registry-url }}
+    - name: Install monorepo dependencies
+      if: ${{ contains(inputs.dependencies, 'monorepo') }}
+      shell: bash
+      run: | #shell
+        node ./scripts/node/lint-lockfile.mjs
+        corepack npm ci
+    - name: Setup Node.js (Working Directory)
+      if: ${{ contains(inputs.dependencies, 'working-directory') }}
+      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
+      with:
+        node-version-file: ${{ inputs.working-directory }}/${{ inputs.node-version-file }}
+        registry-url: ${{ inputs.registry-url }}
+
+    - name: Install working directory dependencies
+      if: ${{ contains(inputs.dependencies, 'working-directory') }}
+      shell: bash
+      run: | # shell
+        corepack install
+
+        echo "node version: $(node --version)"
+        echo "npm version: $(corepack npm --version)"
+
+        node ./scripts/node/lint-lockfile.mjs ${{ inputs.working-directory }}
+        corepack npm ci --prefix ${{ inputs.working-directory }}
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -64,30 +64,14 @@ runs:
        rustflags: ""
    - name: Setup rust dependencies
      if: ${{ contains(inputs.dependencies, 'rust') }}
-      uses: taiki-e/install-action@e3134ec54b36203e18f2d1e80652058bd078dd91 # v2
+      uses: taiki-e/install-action@c070f87102a1c75b3183910f391c1cb887fe13c8 # v2
      with:
        tool: cargo-deny cargo-machete cargo-llvm-cov nextest
-    - name: Setup node (web)
+    - name: Setup node (root, web)
      if: ${{ contains(inputs.dependencies, 'node') }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
+      uses: ./.github/actions/setup-node
      with:
-        node-version-file: "${{ inputs.working-directory }}web/package.json"
-        cache: "npm"
-        cache-dependency-path: "${{ inputs.working-directory }}web/package-lock.json"
-        registry-url: "https://registry.npmjs.org"
-    - name: Setup node (root)
-      if: ${{ contains(inputs.dependencies, 'node') }}
-      uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v4
-      with:
-        node-version-file: "${{ inputs.working-directory }}package.json"
-        cache: "npm"
-        cache-dependency-path: "${{ inputs.working-directory }}package-lock.json"
-        registry-url: "https://registry.npmjs.org"
-    - name: Install Node deps
-      if: ${{ contains(inputs.dependencies, 'node') }}
-      shell: bash
-      working-directory: ${{ inputs.working-directory }}
-      run: npm ci
+        working-directory: web
    - name: Setup go
      if: ${{ contains(inputs.dependencies, 'go') }}
      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5
@@ -105,7 +89,7 @@ runs:
      run: |
        export PSQL_TAG=${{ inputs.postgresql_version }}
        docker compose -f .github/actions/setup/compose.yml up -d --wait
-        cd web && npm ci
+        corepack npm ci --prefix web
    - name: Generate config
      if: ${{ contains(inputs.dependencies, 'python') }}
      shell: uv run python {0}
--- a/.github/codecov.yml
+++ b/.github/codecov.yml
@@ -1,3 +1,6 @@
+codecov:
+  notify:
+    wait_for_ci: true
 coverage:
  status:
    project:
--- a/.github/workflows/_reusable-docker-build-single.yml
+++ b/.github/workflows/_reusable-docker-build-single.yml
@@ -67,6 +67,16 @@ jobs:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ./.github/actions/setup-node
+        with:
+          working-directory: web
+          dependencies: "monorepo"
+      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
+        with:
+          go-version-file: "go.mod"
+      - name: Generate API Clients
+        run: |
+          make gen-client-ts
      - name: Build Docker Image
        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        id: push
--- a/.github/workflows/ci-api-docs.yml
+++ b/.github/workflows/ci-api-docs.yml
@@ -22,25 +22,19 @@ jobs:
          - prettier-check
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - name: Install Dependencies
-        working-directory: website/
-        run: npm ci
+      - uses: ./.github/actions/setup-node
+        with:
+          working-directory: website
      - name: Lint
-        working-directory: website/
-        run: npm run ${{ matrix.command }}
+        run: corepack npm run ${{ matrix.command }} --prefix website
  build:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: website/package.json
-          cache: "npm"
-          cache-dependency-path: website/package-lock.json
-      - working-directory: website/
-        name: Install Dependencies
-        run: npm ci
+          working-directory: website
      - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
        with:
          path: |
@@ -54,7 +48,7 @@ jobs:
        working-directory: website
        env:
          NODE_ENV: production
-        run: npm run build -w api
+        run: corepack npm run build -w api
      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v4
        with:
          name: api-docs
@@ -71,11 +65,9 @@ jobs:
        with:
          name: api-docs
          path: website/api/build
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: website/package.json
-          cache: "npm"
-          cache-dependency-path: website/package-lock.json
+          working-directory: website
      - name: Deploy Netlify (Production)
        working-directory: website/api
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
--- a/.github/workflows/ci-aws-cfn.yml
+++ b/.github/workflows/ci-aws-cfn.yml
@@ -24,14 +24,9 @@ jobs:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
      - name: Setup authentik env
        uses: ./.github/actions/setup
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: lifecycle/aws/package.json
-          cache: "npm"
-          cache-dependency-path: lifecycle/aws/package-lock.json
-      - working-directory: lifecycle/aws/
-        run: |
-          npm ci
+          working-directory: lifecycle/aws
      - name: Check changes have been applied
        run: |
          uv run make aws-cfn
--- a/.github/workflows/ci-docs.yml
+++ b/.github/workflows/ci-docs.yml
@@ -24,46 +24,34 @@ jobs:
          - prettier-check
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - name: Install dependencies
-        working-directory: website/
-        run: npm ci
+      - uses: ./.github/actions/setup-node
+        with:
+          working-directory: website
      - name: Lint
-        working-directory: website/
-        run: npm run ${{ matrix.command }}
+        run: corepack npm run ${{ matrix.command }} --prefix website
  build-docs:
    runs-on: ubuntu-latest
    env:
      NODE_ENV: production
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
+        name: Setup Node.js
        with:
-          node-version-file: website/package.json
-          cache: "npm"
-          cache-dependency-path: website/package-lock.json
-      - working-directory: website/
-        name: Install Dependencies
-        run: npm ci
+          working-directory: website
      - name: Build Documentation via Docusaurus
-        working-directory: website/
-        run: npm run build
+        run: corepack npm run build --prefix website
  build-integrations:
    runs-on: ubuntu-latest
    env:
      NODE_ENV: production
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: website/package.json
-          cache: "npm"
-          cache-dependency-path: website/package-lock.json
-      - working-directory: website/
-        name: Install Dependencies
-        run: npm ci
+          working-directory: website
      - name: Build Integrations via Docusaurus
-        working-directory: website/
-        run: npm run build -w integrations
+        run: corepack npm run build -w integrations --prefix website
  build-container:
    runs-on: ubuntu-latest
    permissions:
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -109,8 +109,13 @@ jobs:
      - name: checkout stable
        run: |
          set -e -o pipefail
+
          cp -R .github ..
          cp -R scripts ..
+
+          mkdir -p ../packages
+          cp -R packages/logger-js ../packages/logger-js
+
          # Previous stable tag
          prev_stable=$(git tag --sort=version:refname | grep '^version/' | grep -vE -- '-rc[0-9]+$' | tail -n1)
          # Current version family based on
@@ -118,10 +123,13 @@ jobs:
          if [[ -n $current_version_family ]]; then
              prev_stable="version/${current_version_family}"
          fi
+
          echo "::notice::Checking out ${prev_stable} as stable version..."
          git checkout ${prev_stable}
-          rm -rf .github/ scripts/
+
+          rm -rf .github/ scripts/ packages/logger-js/
          mv ../.github ../scripts .
+          mv ../packages/logger-js ./packages/
      - name: Setup authentik env (stable)
        uses: ./.github/actions/setup
        with:
@@ -252,6 +260,7 @@ jobs:
          COMPOSE_PROFILES: ${{ matrix.job.profiles }}
        run: |
          docker compose -f tests/e2e/compose.yml up -d --quiet-pull
+      - uses: ./.github/actions/setup-node
      - id: cache-web
        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
        if: contains(matrix.job.profiles, 'selenium')
@@ -261,10 +270,12 @@ jobs:
      - name: prepare web ui
        if: steps.cache-web.outputs.cache-hit != 'true' && contains(matrix.job.profiles, 'selenium')
        working-directory: web
+        env:
+          NODE_ENV: "production"
        run: |
-          npm ci
-          npm run build
-          npm run build:sfe
+          corepack npm ci
+          corepack npm run build
+          corepack npm run build:sfe
      - name: run e2e
        run: |
          uv run coverage run manage.py test ${{ matrix.job.glob }}
@@ -313,11 +324,12 @@ jobs:
          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/src/**', 'web/packages/sfe/src/**') }}-b
      - name: prepare web ui
        if: steps.cache-web.outputs.cache-hit != 'true'
-        working-directory: web
+        env:
+          NODE_ENV: "production"
        run: |
-          npm ci
-          npm run build
-          npm run build:sfe
+          corepack npm ci --prefix web
+          corepack npm run build --prefix web
+          corepack npm run build:sfe --prefix web
      - name: run conformance
        run: |
          uv run coverage run manage.py test ${{ matrix.job.glob }}
--- a/.github/workflows/ci-outpost.yml
+++ b/.github/workflows/ci-outpost.yml
@@ -145,16 +145,11 @@ jobs:
      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
        with:
          go-version-file: "go.mod"
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: web/package.json
-          cache: "npm"
-          cache-dependency-path: web/package-lock.json
+          working-directory: web
      - name: Build web
-        working-directory: web/
-        run: |
-          npm ci
-          npm run build-proxy
+        run: corepack npm run build-proxy --prefix web
      - name: Build outpost
        run: |
          set -x
--- a/.github/workflows/ci-web.yml
+++ b/.github/workflows/ci-web.yml
@@ -15,48 +15,34 @@ on:
 jobs:
  lint:
    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        command:
-          - lint
-          - lint:lockfile
-          - tsc
-          - prettier-check
-        project:
-          - web
-        include:
-          - command: tsc
-            project: web
-          - command: lit-analyse
-            project: web
+    timeout-minutes: 15
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: ${{ matrix.project }}/package.json
-          cache: "npm"
-          cache-dependency-path: ${{ matrix.project }}/package-lock.json
-      - working-directory: ${{ matrix.project }}/
-        run: |
-          npm ci
+          working-directory: web
      - name: Lint
-        working-directory: ${{ matrix.project }}/
-        run: npm run ${{ matrix.command }}
+        run: corepack npm run lint-check --prefix web
+      - name: Check types
+        run: corepack npm run tsc --prefix web
+      - name: Check formatting
+        run: corepack npm run prettier-check --prefix web
+      - name: Lit analyse
+        run: corepack npm run lit-analyse --prefix web
+
  build:
    runs-on: ubuntu-latest
+    timeout-minutes: 15
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: web/package.json
-          cache: "npm"
-          cache-dependency-path: web/package-lock.json
-      - working-directory: web/
-        run: npm ci
+          working-directory: web
      - name: build
+        env:
+          NODE_ENV: "production"
        working-directory: web/
-        run: npm run build
+        run: corepack npm run build
  ci-web-mark:
    if: always()
    needs:
@@ -71,15 +57,12 @@ jobs:
    needs:
      - ci-web-mark
    runs-on: ubuntu-latest
+    timeout-minutes: 30
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: web/package.json
-          cache: "npm"
-          cache-dependency-path: web/package-lock.json
-      - working-directory: web/
-        run: npm ci
+          working-directory: web
      - name: test
        working-directory: web/
-        run: npm run test || exit 0
+        run: corepack npm run test || exit 0
--- a/.github/workflows/packages-npm-publish.yml
+++ b/.github/workflows/packages-npm-publish.yml
@@ -35,22 +35,19 @@ jobs:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
        with:
          fetch-depth: 2
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: ${{ matrix.package }}/package.json
-          registry-url: "https://registry.npmjs.org"
+          working-directory: ${{ matrix.package }}
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # 24d32ffd492484c1d75e0c0b894501ddb9d30d62
        with:
          files: |
            ${{ matrix.package }}/package.json
-      - name: Install Dependencies
-        run: npm ci
      - name: Publish package
        if: steps.changed-files.outputs.any_changed == 'true'
        working-directory: ${{ matrix.package }}
        run: |
-          npm ci
-          npm run build
-          npm publish
+          corepack npm ci
+          corepack npm run build
+          corepack npm publish
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -87,11 +87,9 @@ jobs:
      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
        with:
          go-version-file: "go.mod"
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: web/package.json
-          cache: "npm"
-          cache-dependency-path: web/package-lock.json
+          working-directory: web
      - name: Set up QEMU
        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
      - name: Set up Docker Buildx
@@ -151,15 +149,9 @@ jobs:
      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
        with:
          go-version-file: "go.mod"
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
+      - uses: ./.github/actions/setup-node
        with:
-          node-version-file: web/package.json
-          cache: "npm"
-          cache-dependency-path: web/package-lock.json
-      - name: Install web dependencies
-        working-directory: web/
-        run: |
-          npm ci
+          working-directory: web
      - name: Build web
        working-directory: web/
        run: |
--- a/.github/workflows/repo-stale.yml
+++ b/.github/workflows/repo-stale.yml
@@ -27,8 +27,6 @@ jobs:
          exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question,status/reviewing
          stale-issue-label: status/stale
          stale-issue-message: >
-            This issue has been automatically marked as stale because it has not had
-            recent activity. It will be closed if no further activity occurs. Thank you
-            for your contributions.
+            This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
          # Don't stale PRs, so only apply to PRs with a non-existent label
          only-pr-labels: foo
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,8 @@ media
 # Node

 node_modules
+corepack.tgz
+.corepack

 .cspellcache
 cspell-report.*
--- a/.npmrc
+++ b/.npmrc
@@ -0,0 +1,20 @@
+# Block lifecycle scripts (preinstall/install/postinstall/prepare) from dependencies.
+# This neutralizes the dominant npm supply-chain attack vector.
+#
+# Packages that legitimately need a build step (e.g. esbuild, chromedriver, tree-sitter)
+# must be rebuilt explicitly:
+#
+#   npm rebuild --foreground-scripts esbuild chromedriver tree-sitter tree-sitter-json
+ignore-scripts=true
+
+# Fail fast if the active Node/npm doesn't match the "engines" field.
+engine-strict=true
+
+# Pin exact versions so `npm install <pkg>` writes "1.2.3" not "^1.2.3".
+save-exact=true
+
+# Surface CVE warnings during install; doesn't block.
+audit=true
+
+# Suppress funding banners.
+fund=false
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -20,6 +20,9 @@
    },
    "todo-tree.tree.showCountsInTree": true,
    "todo-tree.tree.showBadges": true,
+    "yaml.format.printWidth": 200,
+    "yaml.format.singleQuote": true,
+    "yaml.format.bracketSpacing": false,
    "yaml.customTags": [
        "!Condition sequence",
        "!Context scalar",
--- a/1
+++ b/1
@@ -34,6 +34,7 @@ packages/django-channels-postgres       @goauthentik/backend
 packages/django-postgres-cache          @goauthentik/backend
 packages/django-dramatiq-postgres       @goauthentik/backend
 # Web packages
+.npmrc                                  @goauthentik/frontend
 tsconfig.json                           @goauthentik/frontend
 package.json                            @goauthentik/frontend
 package-lock.json                       @goauthentik/frontend
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -288,9 +288,9 @@ dependencies = [

 [[package]]
 name = "aws-lc-rs"
-version = "1.16.3"
+version = "1.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ec6fb3fe69024a75fa7e1bfb48aa6cf59706a101658ea01bfd33b2b248a038f"
+checksum = "5ec2f1fc3ec205783a5da9a7e6c1509cc69dedf09a1949e412c1e18469326d00"
 dependencies = [
 "aws-lc-fips-sys",
 "aws-lc-sys",
@@ -300,9 +300,9 @@ dependencies = [

 [[package]]
 name = "aws-lc-sys"
-version = "0.40.0"
+version = "0.41.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f50037ee5e1e41e7b8f9d161680a725bd1626cb6f8c7e901f91f942850852fe7"
+checksum = "1a2f9779ce85b93ab6170dd940ad0169b5766ff848247aff13bb788b832fe3f4"
 dependencies = [
 "cc",
 "cmake",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -22,7 +22,7 @@ publish = false
 arc-swap = "= 1.9.1"
 argh = "= 0.1.19"
 axum-server = { version = "= 0.8.0", features = ["tls-rustls-no-provider"] }
-aws-lc-rs = { version = "= 1.16.3", features = ["fips"] }
+aws-lc-rs = { version = "= 1.17.0", features = ["fips"] }
 axum = { version = "= 0.8.9", features = ["http2", "macros", "ws"] }
 clap = { version = "= 4.6.1", features = ["derive", "env"] }
 client-ip = { version = "0.2.1", features = ["forwarded-header"] }
--- a/70
+++ b/70
@@ -106,8 +106,9 @@ migrate: ## Run the Authentik Django server's migrations

 i18n-extract: core-i18n-extract web-i18n-extract  ## Extract strings that require translation into files to send to a translation service

-aws-cfn:
-	cd lifecycle/aws && npm i && $(UV) run npm run aws-cfn
+aws-cfn: node-install
+	corepack npm install --prefix lifecycle/aws
+	$(UV) run corepack npm run aws-cfn --prefix lifecycle/aws

 run:  ## Run the main authentik server and worker processes
 	$(UV) run ak allinone
@@ -125,7 +126,7 @@ core-i18n-extract:
 		--ignore website \
 		-l en

-install: node-install docs-install core-install  ## Install all requires dependencies for `node`, `docs` and `core`
+install: node-install web-install core-install  ## Install all requires dependencies for `node`, `web` and `core`

 dev-drop-db:
 	$(eval pg_user := $(shell $(UV) run python -m authentik.lib.config postgresql.user 2>/dev/null))
@@ -228,39 +229,55 @@ gen-dev-config:  ## Generate a local development config file
 ## Node.js
 #########################

-node-install:  ## Install the necessary libraries to build Node.js packages
-	npm ci
-	npm ci --prefix web
+# Packages whose install/postinstall scripts are required for correct
+# operation (binary downloads, native bindings). The root .npmrc sets
+# `ignore-scripts=true` to block dependency lifecycle scripts by default;
+# this list is rebuilt explicitly with scripts re-enabled. Audit any
+# additions: each entry runs arbitrary code at install time.
+TRUSTED_INSTALL_SCRIPTS := esbuild chromedriver tree-sitter tree-sitter-json
+
+node-preinstall: ## Install corepack and lint the runtime to ensure the correct Node.js version is being used before installing dependencies.
+	node ./scripts/node/setup-corepack.mjs
+	node ./scripts/node/lint-runtime.mjs
+
+node-install: node-preinstall ## Install the necessary libraries to build Node.js packages
+	corepack npm ci

 #########################
 ## Web
 #########################

+web-install: ## Install the necessary libraries to build the Authentik UI
+	corepack npm ci --prefix web
+
+web-postinstall:  ## Trigger postinstall scripts for packages with native bindings or binary downloads, which are blocked by default for security reasons.
+	corepack npm rebuild --prefix web --ignore-scripts=false --foreground-scripts $(TRUSTED_INSTALL_SCRIPTS)
+
 web-build: node-install  ## Build the Authentik UI
-	npm run --prefix web build
+	corepack npm run --prefix web build

 web: web-lint-fix web-lint web-check-compile  ## Automatically fix formatting issues in the Authentik UI source code, lint the code, and compile it

 web-test: ## Run tests for the Authentik UI
-	npm run --prefix web test
+	corepack npm run --prefix web test

 web-watch:  ## Build and watch the Authentik UI for changes, updating automatically
-	npm run --prefix web watch
+	corepack npm run --prefix web watch
 web-storybook-watch:  ## Build and run the storybook documentation server
-	npm run --prefix web storybook
+	corepack npm run --prefix web storybook

 web-lint-fix:
-	npm run --prefix web prettier
+	corepack npm run --prefix web prettier

 web-lint:
-	npm run --prefix web lint
-	npm run --prefix web lit-analyse
+	corepack npm run --prefix web lint
+	corepack npm run --prefix web lit-analyse

 web-check-compile:
-	npm run --prefix web tsc
+	corepack npm run --prefix web tsc

 web-i18n-extract:
-	npm run --prefix web extract-locales
+	corepack npm run --prefix web extract-locales

 #########################
 ## Docs
@@ -268,35 +285,36 @@ web-i18n-extract:

 docs: docs-lint-fix docs-build  ## Automatically fix formatting issues in the Authentik docs source code, lint the code, and compile it

-docs-install:
-	npm ci --prefix website
+docs-install: node-install  ## Install the necessary libraries to build the Authentik documentation
+	corepack npm ci --prefix website

 docs-lint-fix: lint-spellcheck
-	npm run --prefix website prettier
+	corepack npm run --prefix website prettier

 docs-build:
-	npm run --prefix website build
+	node ./scripts/node/lint-runtime.mjs website
+	corepack npm run --prefix website build

 docs-watch:  ## Build and watch the topics documentation
-	npm run --prefix website start
+	corepack npm run --prefix website start

 integrations: docs-lint-fix integrations-build ## Fix formatting issues in the integrations source code, lint the code, and compile it

 integrations-build:
-	npm run --prefix website -w integrations build
+	corepack npm run --prefix website -w integrations build

 integrations-watch:  ## Build and watch the Integrations documentation
-	npm run --prefix website -w integrations start
+	corepack npm run --prefix website -w integrations start

 docs-api-build:
-	npm run --prefix website -w api build
+	corepack npm run --prefix website -w api build

 docs-api-watch:  ## Build and watch the API documentation
-	npm run --prefix website -w api generate
-	npm run --prefix website -w api start
+	corepack npm run --prefix website -w api generate
+	corepack npm run --prefix website -w api start

 docs-api-clean: ## Clean generated API documentation
-	npm run --prefix website -w api build:api:clean
+	corepack npm run --prefix website -w api build:api:clean

 #########################
 ## Docker
--- a/authentik/endpoints/connectors/agent/auth.py
+++ b/authentik/endpoints/connectors/agent/auth.py
@@ -31,7 +31,6 @@ class DeviceUser(VirtualUser):
    username = "authentik:endpoints:device"

    def has_perm(self, perm: str, obj: Model | None = None) -> bool:
-        print(perm)
        if perm in [
            "authentik_core.view_user",
            "authentik_core.view_group",
--- a/authentik/enterprise/providers/scim/api.py
+++ b/authentik/enterprise/providers/scim/api.py
@@ -1,14 +1,72 @@
+from datetime import datetime
+
+from django.urls import reverse
 from django.utils.translation import gettext as _
 from rest_framework.exceptions import ValidationError

 from authentik.enterprise.license import LicenseKey
-from authentik.providers.scim.models import SCIMAuthenticationMode
+from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMProvider
+from authentik.sources.oauth.models import UserOAuthSourceConnection


 class SCIMProviderSerializerMixin:

+    def _get_token(self, instance: SCIMProvider) -> UserOAuthSourceConnection | None:
+        user = instance.auth_oauth_user
+        conn = UserOAuthSourceConnection.objects.filter(
+            user=user, source=instance.auth_oauth
+        ).first()
+        return conn
+
+    def get_auth_oauth_token_last_updated(self, instance: SCIMProvider) -> datetime | None:
+        conn = self._get_token(instance)
+        return conn.last_updated if conn else None
+
+    def get_auth_oauth_token_expires(self, instance: SCIMProvider) -> datetime | None:
+        conn = self._get_token(instance)
+        return conn.expires if conn else None
+
+    def get_auth_oauth_url_callback(self, instance: SCIMProvider) -> str | None:
+        if (
+            instance.auth_mode
+            in [
+                SCIMAuthenticationMode.TOKEN,
+                SCIMAuthenticationMode.OAUTH_SILENT,
+            ]
+            or not instance.backchannel_application
+        ):
+            return None
+        relative_url = reverse(
+            "authentik_enterprise_providers_scim:callback",
+            kwargs={"application_slug": instance.backchannel_application.slug},
+        )
+        if "request" not in self.context:
+            return relative_url
+        return self.context["request"].build_absolute_uri(relative_url)
+
+    def get_auth_oauth_url_start(self, instance: SCIMProvider) -> str | None:
+        if (
+            instance.auth_mode
+            in [
+                SCIMAuthenticationMode.TOKEN,
+                SCIMAuthenticationMode.OAUTH_SILENT,
+            ]
+            or not instance.backchannel_application
+        ):
+            return None
+        relative_url = reverse(
+            "authentik_enterprise_providers_scim:start",
+            kwargs={"application_slug": instance.backchannel_application.slug},
+        )
+        if "request" not in self.context:
+            return relative_url
+        return self.context["request"].build_absolute_uri(relative_url)
+
    def validate_auth_mode(self, auth_mode: SCIMAuthenticationMode) -> SCIMAuthenticationMode:
-        if auth_mode == SCIMAuthenticationMode.OAUTH:
+        if auth_mode in [
+            SCIMAuthenticationMode.OAUTH_SILENT,
+            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
+        ]:
            if not LicenseKey.cached_summary().status.is_valid:
                raise ValidationError(_("Enterprise is required to use the OAuth mode."))
        return auth_mode
--- a/authentik/enterprise/providers/scim/apps.py
+++ b/authentik/enterprise/providers/scim/apps.py
@@ -7,3 +7,4 @@ class AuthentikEnterpriseProviderSCIMConfig(EnterpriseConfig):
    label = "authentik_enterprise_providers_scim"
    verbose_name = "authentik Enterprise.Providers.SCIM"
    default = True
+    mountpoint = "application/scim/"
--- a/authentik/enterprise/providers/scim/auth_oauth2.py
+++ b/authentik/enterprise/providers/scim/auth_oauth2.py
@@ -1,12 +1,14 @@
 from datetime import timedelta
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Any

 from django.utils.timezone import now
 from requests import Request, RequestException
 from structlog.stdlib import get_logger

+from authentik.common.oauth.constants import GRANT_TYPE_PASSWORD, GRANT_TYPE_REFRESH_TOKEN
 from authentik.providers.scim.clients.exceptions import SCIMRequestException
-from authentik.sources.oauth.clients.oauth2 import OAuth2Client
+from authentik.providers.scim.models import SCIMAuthenticationMode
+from authentik.sources.oauth.clients.base import BaseOAuthClient
 from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection

 if TYPE_CHECKING:
@@ -18,23 +20,26 @@ class SCIMOAuthException(SCIMRequestException):


 class SCIMOAuthAuth:
-
    def __init__(self, provider: SCIMProvider):
        self.provider = provider
        self.user = provider.auth_oauth_user
        self.logger = get_logger().bind()
        self.connection = self.get_connection()

-    def retrieve_token(self):
-        if not self.provider.auth_oauth:
-            return None
+    def retrieve_token(self, conn: UserOAuthSourceConnection | None) -> dict[str, Any]:
        source: OAuthSource = self.provider.auth_oauth
-        client = OAuth2Client(source, None)
+        client: BaseOAuthClient = source.source_type.callback_view(request=None).get_client(source)
        access_token_url = source.source_type.access_token_url or ""
        if source.source_type.urls_customizable and source.access_token_url:
            access_token_url = source.access_token_url
        data = client.get_access_token_args(None, None)
-        data["grant_type"] = "password"
+        if self.provider.auth_mode == SCIMAuthenticationMode.OAUTH_SILENT:
+            data["grant_type"] = GRANT_TYPE_PASSWORD
+        elif self.provider.auth_mode == SCIMAuthenticationMode.OAUTH_INTERACTIVE:
+            data["grant_type"] = GRANT_TYPE_REFRESH_TOKEN
+            if not conn:
+                raise SCIMOAuthException(None, "Could not refresh SCIM OAuth token")
+            data["refresh_token"] = conn.refresh_token
        data.update(self.provider.auth_oauth_params)
        try:
            response = client.do_request(
@@ -54,12 +59,14 @@ class SCIMOAuthAuth:
            raise SCIMOAuthException(exc.response, message="Failed to get OAuth token") from exc

    def get_connection(self):
-        token = UserOAuthSourceConnection.objects.filter(
-            source=self.provider.auth_oauth, user=self.user, expires__gt=now()
+        if not self.provider.auth_oauth:
+            return None
+        conn = UserOAuthSourceConnection.objects.filter(
+            source=self.provider.auth_oauth, user=self.user
        ).first()
-        if token and token.access_token:
-            return token
-        token = self.retrieve_token()
+        if conn and conn.access_token and conn.expires > now():
+            return conn
+        token = self.retrieve_token(conn)
        access_token = token["access_token"]
        expires_in = int(token.get("expires_in", 0))
        token, _ = UserOAuthSourceConnection.objects.update_or_create(
@@ -67,7 +74,10 @@ class SCIMOAuthAuth:
            user=self.user,
            defaults={
                "access_token": access_token,
+                "refresh_token": token.get("refresh_token"),
                "expires": now() + timedelta(seconds=expires_in),
+                # When using `update_or_create`, `last_updated` is not updated
+                "last_updated": now(),
            },
        )
        return token
--- a/authentik/enterprise/providers/scim/signals.py
+++ b/authentik/enterprise/providers/scim/signals.py
@@ -14,7 +14,10 @@ def scim_provider_post_save(sender: type[Model], instance: SCIMProvider, created
    """Create service account before provider is saved"""
    identifier = f"ak-providers-scim-{instance.pk}"
    with audit_ignore():
-        if instance.auth_mode == SCIMAuthenticationMode.OAUTH:
+        if instance.auth_mode in [
+            SCIMAuthenticationMode.OAUTH_SILENT,
+            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
+        ]:
            user, user_created = User.objects.update_or_create(
                username=identifier,
                defaults={
--- a/authentik/enterprise/providers/scim/tests/init.py
+++ b/authentik/enterprise/providers/scim/tests/init.py
--- a/authentik/enterprise/providers/scim/tests/test_api.py
+++ b/authentik/enterprise/providers/scim/tests/test_api.py
@@ -0,0 +1,73 @@
+"""SCIM OAuth tests"""
+
+from unittest.mock import MagicMock, PropertyMock, patch
+
+from django.urls import reverse
+from rest_framework.test import APITestCase
+
+from authentik.core.tests.utils import create_test_admin_user
+from authentik.enterprise.license import LicenseKey
+from authentik.enterprise.models import License
+from authentik.enterprise.tests.test_license import expiry_valid
+from authentik.lib.generators import generate_id
+from authentik.sources.oauth.models import OAuthSource
+
+
+class TestSCIMOAuthAPI(APITestCase):
+    """SCIM User tests"""
+
+    def setUp(self):
+        self.source = OAuthSource.objects.create(
+            name=generate_id(),
+            slug=generate_id(),
+            access_token_url="http://localhost/token",  # nosec
+            consumer_key=generate_id(),
+            consumer_secret=generate_id(),
+            provider_type="openidconnect",
+        )
+
+    @patch(
+        "authentik.enterprise.license.LicenseKey.validate",
+        MagicMock(
+            return_value=LicenseKey(
+                aud="",
+                exp=expiry_valid,
+                name=generate_id(),
+                internal_users=100,
+                external_users=100,
+            )
+        ),
+    )
+    def test_api_create(self):
+        License.objects.create(key=generate_id())
+        self.client.force_login(create_test_admin_user())
+        res = self.client.post(
+            reverse("authentik_api:scimprovider-list"),
+            {
+                "name": generate_id(),
+                "url": "http://localhost",
+                "auth_mode": "oauth",
+                "auth_oauth": str(self.source.pk),
+            },
+        )
+        self.assertEqual(res.status_code, 201)
+
+    @patch(
+        "authentik.enterprise.models.LicenseUsageStatus.is_valid",
+        PropertyMock(return_value=False),
+    )
+    def test_api_create_no_license(self):
+        self.client.force_login(create_test_admin_user())
+        res = self.client.post(
+            reverse("authentik_api:scimprovider-list"),
+            {
+                "name": generate_id(),
+                "url": "http://localhost",
+                "auth_mode": "oauth",
+                "auth_oauth": str(self.source.pk),
+            },
+        )
+        self.assertEqual(res.status_code, 400)
+        self.assertJSONEqual(
+            res.content, {"auth_mode": ["Enterprise is required to use the OAuth mode."]}
+        )
--- a/authentik/enterprise/providers/scim/tests/test_auth.py
+++ b/authentik/enterprise/providers/scim/tests/test_auth.py
@@ -0,0 +1,100 @@
+"""SCIM OAuth tests"""
+
+from requests_mock import Mocker
+from rest_framework.test import APITestCase
+
+from authentik.blueprints.tests import apply_blueprint
+from authentik.core.models import Application, Group, User
+from authentik.lib.generators import generate_id
+from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMMapping, SCIMProvider
+from authentik.sources.oauth.models import OAuthSource
+from authentik.tenants.models import Tenant
+
+
+class TestSCIMOAuthAuth(APITestCase):
+    """SCIM User tests"""
+
+    @apply_blueprint("system/providers-scim.yaml")
+    def setUp(self) -> None:
+        # Delete all users and groups as the mocked HTTP responses only return one ID
+        # which will cause errors with multiple users
+        Tenant.objects.update(avatars="none")
+        User.objects.all().exclude_anonymous().delete()
+        Group.objects.all().delete()
+        self.source = OAuthSource.objects.create(
+            name=generate_id(),
+            slug=generate_id(),
+            access_token_url="http://localhost/token",  # nosec
+            consumer_key=generate_id(),
+            consumer_secret=generate_id(),
+            provider_type="openidconnect",
+        )
+        self.provider = SCIMProvider.objects.create(
+            name=generate_id(),
+            url="https://localhost",
+            auth_mode=SCIMAuthenticationMode.OAUTH_SILENT,
+            auth_oauth=self.source,
+            auth_oauth_params={
+                "foo": "bar",
+            },
+            exclude_users_service_account=True,
+        )
+        self.app: Application = Application.objects.create(
+            name=generate_id(),
+            slug=generate_id(),
+        )
+        self.app.backchannel_providers.add(self.provider)
+        self.provider.property_mappings.add(
+            SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/user")
+        )
+        self.provider.property_mappings_group.add(
+            SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group")
+        )
+
+    @Mocker()
+    def test_user_create(self, mock: Mocker):
+        """Test user creation"""
+        scim_id = generate_id()
+        token = generate_id()
+        mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
+        mock.get(
+            "https://localhost/ServiceProviderConfig",
+            json={},
+        )
+        mock.post(
+            "https://localhost/Users",
+            json={
+                "id": scim_id,
+            },
+        )
+        uid = generate_id()
+        user = User.objects.create(
+            username=uid,
+            name=f"{uid} {uid}",
+            email=f"{uid}@goauthentik.io",
+        )
+        self.assertEqual(mock.call_count, 3)
+        self.assertEqual(mock.request_history[1].method, "GET")
+        self.assertEqual(mock.request_history[2].method, "POST")
+        self.assertJSONEqual(
+            mock.request_history[2].body,
+            {
+                "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
+                "active": True,
+                "emails": [
+                    {
+                        "primary": True,
+                        "type": "other",
+                        "value": f"{uid}@goauthentik.io",
+                    }
+                ],
+                "externalId": user.uid,
+                "name": {
+                    "familyName": uid,
+                    "formatted": f"{uid} {uid}",
+                    "givenName": uid,
+                },
+                "displayName": f"{uid} {uid}",
+                "userName": uid,
+            },
+        )
--- a/authentik/enterprise/providers/scim/tests/test_token.py
+++ b/authentik/enterprise/providers/scim/tests/test_token.py
@@ -2,7 +2,7 @@

 from base64 import b64encode
 from datetime import timedelta
-from unittest.mock import MagicMock, PropertyMock, patch
+from urllib.parse import parse_qs, urlencode, urlparse

 from django.urls import reverse
 from django.utils.timezone import now
@@ -11,17 +11,14 @@ from rest_framework.test import APITestCase

 from authentik.blueprints.tests import apply_blueprint
 from authentik.core.models import Application, Group, User
-from authentik.core.tests.utils import create_test_admin_user
-from authentik.enterprise.license import LicenseKey
-from authentik.enterprise.models import License
-from authentik.enterprise.tests.test_license import expiry_valid
 from authentik.lib.generators import generate_id
 from authentik.providers.scim.models import SCIMAuthenticationMode, SCIMMapping, SCIMProvider
 from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
 from authentik.tenants.models import Tenant
+from tests.live import create_test_admin_user


-class SCIMOAuthTests(APITestCase):
+class TestSCIMOAuthToken(APITestCase):
    """SCIM User tests"""

    @apply_blueprint("system/providers-scim.yaml")
@@ -42,7 +39,7 @@ class SCIMOAuthTests(APITestCase):
        self.provider = SCIMProvider.objects.create(
            name=generate_id(),
            url="https://localhost",
-            auth_mode=SCIMAuthenticationMode.OAUTH,
+            auth_mode=SCIMAuthenticationMode.OAUTH_SILENT,
            auth_oauth=self.source,
            auth_oauth_params={
                "foo": "bar",
@@ -60,8 +57,9 @@ class SCIMOAuthTests(APITestCase):
        self.provider.property_mappings_group.add(
            SCIMMapping.objects.get(managed="goauthentik.io/providers/scim/group")
        )
+        self.admin = create_test_admin_user()

-    def test_retrieve_token(self):
+    def test_retrieve_token_silent(self):
        """Test token retrieval"""
        with Mocker() as mocker:
            token = generate_id()
@@ -86,6 +84,44 @@ class SCIMOAuthTests(APITestCase):
        )
        self.assertEqual(mocker.request_history[0].body, "grant_type=password&foo=bar")

+    def test_retrieve_token_interactive(self):
+        """Test token retrieval"""
+        self.provider.auth_mode = SCIMAuthenticationMode.OAUTH_INTERACTIVE
+        self.provider.save()
+        refresh_token = generate_id()
+        access_token = generate_id()
+        UserOAuthSourceConnection.objects.create(
+            user=self.provider.auth_oauth_user,
+            source=self.source,
+            refresh_token=refresh_token,
+            access_token=access_token,
+        )
+        with Mocker() as mocker:
+            token = generate_id()
+            mocker.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
+            self.provider.scim_auth()
+        conn = UserOAuthSourceConnection.objects.filter(
+            source=self.source,
+            user=self.provider.auth_oauth_user,
+        ).first()
+        self.assertIsNotNone(conn)
+        self.assertTrue(conn.is_valid)
+        auth = (
+            b64encode(
+                b":".join((self.source.consumer_key.encode(), self.source.consumer_secret.encode()))
+            )
+            .strip()
+            .decode()
+        )
+        self.assertEqual(
+            mocker.request_history[0].headers["Authorization"],
+            f"Basic {auth}",
+        )
+        self.assertEqual(
+            mocker.request_history[0].body,
+            f"grant_type=refresh_token&refresh_token={refresh_token}&foo=bar",
+        )
+
    def test_existing_token(self):
        """Test existing token"""
        UserOAuthSourceConnection.objects.create(
@@ -98,96 +134,54 @@ class SCIMOAuthTests(APITestCase):
            self.provider.scim_auth()
            self.assertEqual(len(mocker.request_history), 0)

-    @Mocker()
-    def test_user_create(self, mock: Mocker):
-        """Test user creation"""
-        scim_id = generate_id()
-        token = generate_id()
-        mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
-        mock.get(
-            "https://localhost/ServiceProviderConfig",
-            json={},
-        )
-        mock.post(
-            "https://localhost/Users",
-            json={
-                "id": scim_id,
-            },
-        )
-        uid = generate_id()
-        user = User.objects.create(
-            username=uid,
-            name=f"{uid} {uid}",
-            email=f"{uid}@goauthentik.io",
-        )
-        self.assertEqual(mock.call_count, 3)
-        self.assertEqual(mock.request_history[1].method, "GET")
-        self.assertEqual(mock.request_history[2].method, "POST")
-        self.assertJSONEqual(
-            mock.request_history[2].body,
-            {
-                "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
-                "active": True,
-                "emails": [
-                    {
-                        "primary": True,
-                        "type": "other",
-                        "value": f"{uid}@goauthentik.io",
-                    }
-                ],
-                "externalId": user.uid,
-                "name": {
-                    "familyName": uid,
-                    "formatted": f"{uid} {uid}",
-                    "givenName": uid,
+    def test_interactive_start(self):
+        self.client.force_login(self.admin)
+        res = self.client.get(
+            reverse(
+                "authentik_enterprise_providers_scim:start",
+                kwargs={
+                    "application_slug": self.app.slug,
                },
-                "displayName": f"{uid} {uid}",
-                "userName": uid,
-            },
-        )
-
-    @patch(
-        "authentik.enterprise.license.LicenseKey.validate",
-        MagicMock(
-            return_value=LicenseKey(
-                aud="",
-                exp=expiry_valid,
-                name=generate_id(),
-                internal_users=100,
-                external_users=100,
            )
-        ),
-    )
-    def test_api_create(self):
-        License.objects.create(key=generate_id())
-        self.client.force_login(create_test_admin_user())
-        res = self.client.post(
-            reverse("authentik_api:scimprovider-list"),
-            {
-                "name": generate_id(),
-                "url": "http://localhost",
-                "auth_mode": "oauth",
-                "auth_oauth": str(self.source.pk),
-            },
        )
-        self.assertEqual(res.status_code, 201)
+        self.assertEqual(res.status_code, 302)
+        query = parse_qs(urlparse(res.url).query)
+        self.assertEqual(query["client_id"], [self.source.consumer_key])
+        self.assertEqual(
+            query["redirect_uri"],
+            [f"http://testserver/application/scim/{self.app.slug}/oauth2/callback/"],
+        )
+        self.assertEqual(query["response_type"], ["code"])

-    @patch(
-        "authentik.enterprise.models.LicenseUsageStatus.is_valid",
-        PropertyMock(return_value=False),
-    )
-    def test_api_create_no_license(self):
-        self.client.force_login(create_test_admin_user())
-        res = self.client.post(
-            reverse("authentik_api:scimprovider-list"),
-            {
-                "name": generate_id(),
-                "url": "http://localhost",
-                "auth_mode": "oauth",
-                "auth_oauth": str(self.source.pk),
-            },
-        )
-        self.assertEqual(res.status_code, 400)
-        self.assertJSONEqual(
-            res.content, {"auth_mode": ["Enterprise is required to use the OAuth mode."]}
+    def test_interactive_callback(self):
+        self.client.force_login(self.admin)
+        res = self.client.get(
+            reverse(
+                "authentik_enterprise_providers_scim:start",
+                kwargs={
+                    "application_slug": self.app.slug,
+                },
+            )
        )
+        self.assertEqual(res.status_code, 302)
+        query = parse_qs(urlparse(res.url).query)
+
+        with Mocker() as mock:
+            token = generate_id()
+            mock.post("http://localhost/token", json={"access_token": token, "expires_in": 3600})
+
+            res = self.client.get(
+                reverse(
+                    "authentik_enterprise_providers_scim:callback",
+                    kwargs={
+                        "application_slug": self.app.slug,
+                    },
+                )
+                + "?"
+                + urlencode({"state": query["state"][0], "code": generate_id()})
+            )
+            self.assertEqual(res.status_code, 302)
+
+        conn = UserOAuthSourceConnection.objects.filter(source=self.source).first()
+        self.assertIsNotNone(conn)
+        self.assertTrue(conn.is_valid)
--- a/authentik/enterprise/providers/scim/urls.py
+++ b/authentik/enterprise/providers/scim/urls.py
@@ -0,0 +1,10 @@
+from django.urls import path
+
+from authentik.enterprise.providers.scim.views import SCIMOAuthStart, SCIMRedirectCallback
+
+urlpatterns = [
+    path("<slug:application_slug>/oauth2/start/", SCIMOAuthStart.as_view(), name="start"),
+    path(
+        "<slug:application_slug>/oauth2/callback/", SCIMRedirectCallback.as_view(), name="callback"
+    ),
+]
--- a/authentik/enterprise/providers/scim/views.py
+++ b/authentik/enterprise/providers/scim/views.py
@@ -0,0 +1,70 @@
+from datetime import timedelta
+
+from django.core.exceptions import PermissionDenied
+from django.http import HttpRequest
+from django.shortcuts import redirect
+from django.urls import reverse
+from django.utils.timezone import now
+
+from authentik.core.models import Application
+from authentik.providers.scim.models import SCIMProvider
+from authentik.sources.oauth.clients.base import BaseOAuthClient
+from authentik.sources.oauth.models import OAuthSource, UserOAuthSourceConnection
+from authentik.sources.oauth.types.registry import RequestKind, registry
+from authentik.sources.oauth.views.callback import OAuthCallback
+from authentik.sources.oauth.views.redirect import OAuthRedirect
+
+
+class SCIMOAuthViewMixin:
+
+    provider: SCIMProvider
+
+    def get_client(self, source: OAuthSource, **kwargs) -> BaseOAuthClient:
+        source: OAuthSource = self.provider.auth_oauth
+        source_cls = registry.find(source.provider_type, kind=RequestKind.CALLBACK)
+        if not source_cls.client_class:
+            return super().get_client(source, **kwargs)
+        return source_cls.client_class(source, self.request, **kwargs)
+
+    def _get_scim_provider(self, app_slug: str):
+        app = Application.objects.filter(slug=app_slug).first()
+        if not app:
+            return None
+        provider = SCIMProvider.objects.filter(backchannel_application=app)
+        return provider.first()
+
+    def dispatch(self, request: HttpRequest, application_slug: str):
+        if not request.user.is_authenticated:
+            raise PermissionDenied()
+        provider = self._get_scim_provider(application_slug)
+        if not provider or not provider.auth_oauth:
+            raise PermissionDenied()
+        if not request.user.has_perm(
+            "authentik_providers_scim.change_scimprovider",
+            provider,
+        ):
+            raise PermissionDenied()
+        self.provider = provider
+        return super().dispatch(request, source_slug=provider.auth_oauth.slug)
+
+
+class SCIMOAuthStart(SCIMOAuthViewMixin, OAuthRedirect):
+
+    def get_callback_url(self, source: OAuthSource):
+        return reverse("authentik_enterprise_providers_scim:callback", kwargs=self.kwargs)
+
+
+class SCIMRedirectCallback(SCIMOAuthViewMixin, OAuthCallback):
+
+    def redirect_flow_manager(self, client: BaseOAuthClient):
+        expires_in = int(self.token.get("expires_in", 0))
+        UserOAuthSourceConnection.objects.update_or_create(
+            source=self.provider.auth_oauth,
+            user=self.provider.auth_oauth_user,
+            defaults={
+                "access_token": self.token.get("access_token"),
+                "refresh_token": self.token.get("refresh_token"),
+                "expires": now() + timedelta(seconds=expires_in),
+            },
+        )
+        return redirect("authentik_core:if-admin")
--- a/authentik/providers/scim/api/providers.py
+++ b/authentik/providers/scim/api/providers.py
@@ -1,5 +1,6 @@
 """SCIM Provider API Views"""

+from rest_framework.fields import SerializerMethodField
 from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.providers import ProviderSerializer
@@ -16,6 +17,11 @@ class SCIMProviderSerializer(
 ):
    """SCIMProvider Serializer"""

+    auth_oauth_token_last_updated = SerializerMethodField()
+    auth_oauth_token_expires = SerializerMethodField()
+    auth_oauth_url_callback = SerializerMethodField()
+    auth_oauth_url_start = SerializerMethodField()
+
    class Meta:
        model = SCIMProvider
        fields = [
@@ -35,6 +41,10 @@ class SCIMProviderSerializer(
            "auth_mode",
            "auth_oauth",
            "auth_oauth_params",
+            "auth_oauth_token_last_updated",
+            "auth_oauth_token_expires",
+            "auth_oauth_url_callback",
+            "auth_oauth_url_start",
            "compatibility_mode",
            "service_provider_config_cache_timeout",
            "exclude_users_service_account",
--- a/authentik/providers/scim/migrations/0019_scimprovider_group_filters_and_more.py
+++ b/authentik/providers/scim/migrations/0019_scimprovider_group_filters_and_more.py
@@ -102,4 +102,16 @@ class Migration(migrations.Migration):
                verbose_name="SCIM Compatibility Mode",
            ),
        ),
+        migrations.AlterField(
+            model_name="scimprovider",
+            name="auth_mode",
+            field=models.TextField(
+                choices=[
+                    ("token", "Token"),
+                    ("oauth", "OAuth (Silent)"),
+                    ("oauth_interactive", "OAuth (interactive)"),
+                ],
+                default="token",
+            ),
+        ),
    ]
--- a/authentik/providers/scim/models.py
+++ b/authentik/providers/scim/models.py
@@ -72,7 +72,8 @@ class SCIMAuthenticationMode(models.TextChoices):
    """SCIM authentication modes"""

    TOKEN = "token", _("Token")
-    OAUTH = "oauth", _("OAuth")
+    OAUTH_SILENT = "oauth", _("OAuth (Silent)")
+    OAUTH_INTERACTIVE = "oauth_interactive", _("OAuth (interactive)")


 class SCIMCompatibilityMode(models.TextChoices):
@@ -144,7 +145,10 @@ class SCIMProvider(OutgoingSyncProvider, BackchannelProvider):
    )

    def scim_auth(self) -> AuthBase:
-        if self.auth_mode == SCIMAuthenticationMode.OAUTH:
+        if self.auth_mode in [
+            SCIMAuthenticationMode.OAUTH_SILENT,
+            SCIMAuthenticationMode.OAUTH_INTERACTIVE,
+        ]:
            try:
                from authentik.enterprise.providers.scim.auth_oauth2 import SCIMOAuthAuth

--- a/authentik/sources/oauth/types/registry.py
+++ b/authentik/sources/oauth/types/registry.py
@@ -1,6 +1,5 @@
 """Source type manager"""

-from collections.abc import Callable
 from enum import Enum
 from typing import Any

@@ -114,7 +113,7 @@ class SourceTypeRegistry:
            )
        return found_type

-    def find(self, type_name: str, kind: RequestKind) -> Callable:
+    def find(self, type_name: str, kind: RequestKind) -> type[OAuthCallback | OAuthRedirect]:
        """Find fitting Source Type"""
        found_type = self.find_type(type_name)
        if kind == RequestKind.CALLBACK:
--- a/authentik/sources/oauth/views/callback.py
+++ b/authentik/sources/oauth/views/callback.py
@@ -15,6 +15,7 @@ from structlog.stdlib import get_logger

 from authentik.core.sources.flow_manager import SourceFlowManager
 from authentik.events.models import Event, EventAction
+from authentik.sources.oauth.clients.base import BaseOAuthClient
 from authentik.sources.oauth.models import (
    GroupOAuthSourceConnection,
    OAuthSource,
@@ -29,7 +30,7 @@ class OAuthCallback(OAuthClientMixin, View):
    "Base OAuth callback view."

    source: OAuthSource
-    token: dict | None = None
+    token: dict[str, Any] | None = None

    def dispatch(self, request: HttpRequest, *_, **kwargs) -> HttpResponse:
        """View Get handler"""
@@ -49,20 +50,31 @@ class OAuthCallback(OAuthClientMixin, View):
        if "error" in self.token:
            return self.handle_login_failure(self.token["error"])
        # Fetch profile info
+        try:
+            res = self.redirect_flow_manager(client)
+        except ValueError as exc:
+            # if we're authenticated and not in a source stage and this new flag is enabled,
+            # just continue
+            if self.request.user.is_authenticated:
+                pass
+            return self.handle_login_failure(exc.args[0])
+        return res
+
+    def redirect_flow_manager(self, client: BaseOAuthClient) -> HttpResponse:
        try:
            raw_info = client.get_profile_info(self.token)
            if raw_info is None:
-                return self.handle_login_failure("Could not retrieve profile.")
+                raise ValueError("Could not retrieve profile.")
        except JSONDecodeError as exc:
            Event.new(
                EventAction.CONFIGURATION_ERROR,
                message="Failed to JSON-decode profile.",
                raw_profile=exc.doc,
            ).from_http(self.request)
-            return self.handle_login_failure("Could not retrieve profile.")
+            raise ValueError("Could not retrieve profile.") from None
        identifier = self.get_user_id(info=raw_info)
        if identifier is None:
-            return self.handle_login_failure("Could not determine id.")
+            raise ValueError("Could not determine id.")
        sfm = OAuthSourceFlowManager(
            source=self.source,
            request=self.request,
--- a/blueprints/schema.json
+++ b/blueprints/schema.json
@@ -11203,7 +11203,8 @@
                    "type": "string",
                    "enum": [
                        "token",
-                        "oauth"
+                        "oauth",
+                        "oauth_interactive"
                    ],
                    "title": "Auth mode"
                },
--- a/go.mod
+++ b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/gorilla/securecookie v1.1.2
 	github.com/gorilla/sessions v1.4.0
 	github.com/gorilla/websocket v1.5.3
-	github.com/grafana/pyroscope-go v1.2.8
+	github.com/grafana/pyroscope-go v1.3.0
 	github.com/jackc/pgx/v5 v5.9.2
 	github.com/jellydator/ttlcache/v3 v3.4.0
 	github.com/mitchellh/mapstructure v1.5.0
@@ -69,14 +69,14 @@ require (
 	github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
 	github.com/go-openapi/validate v0.25.2 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
-	github.com/grafana/pyroscope-go/godeltaprof v0.1.9 // indirect
+	github.com/grafana/pyroscope-go/godeltaprof v0.1.10 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
-	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/compress v1.18.6 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/ulid/v2 v2.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -105,10 +105,10 @@ github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2e
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/grafana/pyroscope-go v1.2.8 h1:UvCwIhlx9DeV7F6TW/z8q1Mi4PIm3vuUJ2ZlCEvmA4M=
-github.com/grafana/pyroscope-go v1.2.8/go.mod h1:SSi59eQ1/zmKoY/BKwa5rSFsJaq+242Bcrr4wPix1g8=
-github.com/grafana/pyroscope-go/godeltaprof v0.1.9 h1:c1Us8i6eSmkW+Ez05d3co8kasnuOY813tbMN8i/a3Og=
-github.com/grafana/pyroscope-go/godeltaprof v0.1.9/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU=
+github.com/grafana/pyroscope-go v1.3.0 h1:t3Jehad8vvqN4oRAB0LdmfQ5ZSUXQw3asoft+K4GAT8=
+github.com/grafana/pyroscope-go v1.3.0/go.mod h1:XA7I3usNx+UdjOZfQnl1WV8y924vsJo9KIVrKB+9jx4=
+github.com/grafana/pyroscope-go/godeltaprof v0.1.10 h1:dvhndEbyavTb59vFCd6PsrAG5qi69/qZZtegh/TJKSY=
+github.com/grafana/pyroscope-go/godeltaprof v0.1.10/go.mod h1:XnWRGg2XO5uxZdiz1rfeJH6w1eZ+YICCBVXNWOfH86g=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -139,8 +139,8 @@ github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
 github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao=
+github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
--- a/lifecycle/aws/package-lock.json
+++ b/lifecycle/aws/package-lock.json
@@ -9,12 +9,12 @@
            "version": "0.0.0",
            "license": "MIT",
            "devDependencies": {
-                "aws-cdk": "^2.1120.0",
+                "aws-cdk": "^2.1121.0",
                "cross-env": "^10.1.0"
            },
            "engines": {
-                "node": ">=20",
-                "npm": ">=11.6.2"
+                "node": ">=24",
+                "npm": ">=11.14.1"
            }
        },
        "node_modules/@epic-web/invariant": {
@@ -25,9 +25,9 @@
            "license": "MIT"
        },
        "node_modules/aws-cdk": {
-            "version": "2.1120.0",
-            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1120.0.tgz",
-            "integrity": "sha512-vDVa0IX0FhizARdY/GLSParFglKbdHCIhM8IDmynrAv9w8uLLljzWMeLUOhC1XpMErDZ/npYEihAOjfKxTaMIw==",
+            "version": "2.1121.0",
+            "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.1121.0.tgz",
+            "integrity": "sha512-cG7CHt/SytYTfwrK+BUNQpqmS1dwhjt8z6ExKL6GK4n+8/6ZCwFzxlZWA/jUd2+Y9xPc+Q8cLKfMqGmgxEXbkg==",
            "dev": true,
            "license": "Apache-2.0",
            "bin": {
--- a/lifecycle/aws/package.json
+++ b/lifecycle/aws/package.json
@@ -7,11 +7,24 @@
        "aws-cfn": "cross-env CI=false cdk synth --version-reporting=false > template.yaml"
    },
    "devDependencies": {
-        "aws-cdk": "^2.1120.0",
+        "aws-cdk": "^2.1121.0",
        "cross-env": "^10.1.0"
    },
    "engines": {
-        "node": ">=20",
-        "npm": ">=11.6.2"
-    }
+        "node": ">=24",
+        "npm": ">=11.14.1"
+    },
+    "devEngines": {
+        "runtime": {
+            "name": "node",
+            "onFail": "warn",
+            "version": ">=24"
+        },
+        "packageManager": {
+            "name": "npm",
+            "version": ">=11.14.1",
+            "onFail": "warn"
+        }
+    },
+    "packageManager": "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367"
 }
--- a/lifecycle/container/Dockerfile
+++ b/lifecycle/container/Dockerfile
@@ -7,6 +7,17 @@ ARG GIT_BUILD_HASH
 ENV GIT_BUILD_HASH=$GIT_BUILD_HASH
 ENV NODE_ENV=production

+WORKDIR /work
+
+RUN --mount=type=bind,target=/work/package.json,src=./package.json \
+    --mount=type=bind,target=/work/package-lock.json,src=./package-lock.json \
+    --mount=type=bind,target=/work/web/package.json,src=./web/package.json \
+    --mount=type=bind,target=/work/web/package-lock.json,src=./web/package-lock.json \
+    --mount=type=bind,target=/work/scripts/node/,src=./scripts/node/ \
+    --mount=type=bind,target=/work/packages/logger-js/,src=./packages/logger-js/ \
+    node ./scripts/node/setup-corepack.mjs --force && \
+    node ./scripts/node/lint-runtime.mjs ./web
+
 WORKDIR /work/web

 # These files need to be copied and cannot be mounted as `npm ci` will build the client's typescript
@@ -18,7 +29,7 @@ RUN --mount=type=bind,target=/work/web/package.json,src=./web/package.json \
    --mount=type=bind,target=/work/web/packages/sfe/package.json,src=./web/packages/sfe/package.json \
    --mount=type=bind,target=/work/web/scripts,src=./web/scripts \
    --mount=type=cache,id=npm-ak,sharing=shared,target=/root/.npm \
-    npm ci
+    corepack npm ci

 COPY ./package.json /work
 COPY ./web /work/web/
--- a/lifecycle/container/proxy.Dockerfile
+++ b/lifecycle/container/proxy.Dockerfile
@@ -10,12 +10,22 @@ WORKDIR /static
 COPY ./packages /packages
 COPY ./web/packages /static/packages

+RUN --mount=type=bind,target=/static/package.json,src=./package.json \
+    --mount=type=bind,target=/static/package-lock.json,src=./package-lock.json \
+    --mount=type=bind,target=/static/web/package.json,src=./web/package.json \
+    --mount=type=bind,target=/static/web/package-lock.json,src=./web/package-lock.json \
+    --mount=type=bind,target=/static/scripts/node/,src=./scripts/node/ \
+    --mount=type=bind,target=/static/packages/logger-js/,src=./packages/logger-js/ \
+    node ./scripts/node/setup-corepack.mjs --force && \
+    node ./scripts/node/lint-runtime.mjs ./web
+
 COPY package.json /
+
 RUN --mount=type=bind,target=/static/package.json,src=./web/package.json \
    --mount=type=bind,target=/static/package-lock.json,src=./web/package-lock.json \
    --mount=type=bind,target=/static/scripts,src=./web/scripts \
    --mount=type=cache,target=/root/.npm \
-    npm ci
+    corepack npm ci

 COPY web .
 RUN npm run build-proxy
--- a/locale/en/LC_MESSAGES/django.po
+++ b/locale/en/LC_MESSAGES/django.po
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-05-13 05:39+0000\n"
+"POT-Creation-Date: 2026-05-14 00:33+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -2801,7 +2801,11 @@ msgid "SAML Sessions"
 msgstr ""

 #: authentik/providers/scim/models.py
-msgid "OAuth"
+msgid "OAuth (Silent)"
+msgstr ""
+
+#: authentik/providers/scim/models.py
+msgid "OAuth (interactive)"
 msgstr ""

 #: authentik/providers/scim/models.py
--- a/locale/pt_PT/LC_MESSAGES/django.mo
+++ b/locale/pt_PT/LC_MESSAGES/django.mo
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -3,9 +3,9 @@
    "version": "2026.8.0-rc1",
    "private": true,
    "scripts": {
-        "lint": "run-s lint:spellcheck lint:lockfile",
-        "lint:lockfile": "echo 'Skipping lockfile linting'",
-        "lint:node": "echo 'Skipping node linting'",
+        "lint": "run-s lint:runtime lint:spellcheck lint:lockfile",
+        "lint:lockfile": "node ./scripts/node/lint-lockfile.mjs",
+        "lint:runtime": "node ./scripts/node/lint-runtime.mjs",
        "lint:spellcheck": "cspell . --config cspell.config.jsonc"
    },
    "type": "module",
@@ -14,6 +14,7 @@
    },
    "dependencies": {
        "@eslint/js": "^9.39.3",
+        "@goauthentik/docusaurus-config": "./packages/docusaurus-config",
        "@goauthentik/eslint-config": "./packages/eslint-config",
        "@goauthentik/logger-js": "./packages/logger-js",
        "@goauthentik/prettier-config": "./packages/prettier-config",
@@ -23,15 +24,15 @@
        "npm-run-all": "^4.1.5",
        "pino": "^10.3.1",
        "pino-pretty": "^13.1.2",
-        "prettier": "^3.8.1",
+        "prettier": "^3.8.3",
        "prettier-plugin-packagejson": "^3.0.0",
-        "typescript": "^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "typescript": "^6.0.3",
+        "typescript-eslint": "^8.59.3"
    },
    "workspaces": [],
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -41,11 +42,11 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
-    "packageManager": "npm@11.11.0+sha512.f36811c4aae1fde639527368ae44c571d050006a608d67a191f195a801a52637a312d259186254aa3a3799b05335b7390539cf28656d18f0591a1125ba35f973",
+    "packageManager": "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367",
    "prettier": "@goauthentik/prettier-config",
    "overrides": {
        "@typescript-eslint/eslint-plugin": {
--- a/packages/client-ts/src/models/SCIMAuthenticationModeEnum.ts
+++ b/packages/client-ts/src/models/SCIMAuthenticationModeEnum.ts
@@ -19,6 +19,7 @@
 export const SCIMAuthenticationModeEnum = {
    Token: "token",
    Oauth: "oauth",
+    OauthInteractive: "oauth_interactive",
    UnknownDefaultOpenApi: "11184809",
 } as const;
 export type SCIMAuthenticationModeEnum =
--- a/packages/client-ts/src/models/SCIMProvider.ts
+++ b/packages/client-ts/src/models/SCIMProvider.ts
@@ -125,6 +125,30 @@ export interface SCIMProvider {
     * @memberof SCIMProvider
     */
    authOauthParams?: { [key: string]: any };
+    /**
+     *
+     * @type {Date}
+     * @memberof SCIMProvider
+     */
+    readonly authOauthTokenLastUpdated: Date | null;
+    /**
+     *
+     * @type {Date}
+     * @memberof SCIMProvider
+     */
+    readonly authOauthTokenExpires: Date | null;
+    /**
+     *
+     * @type {string}
+     * @memberof SCIMProvider
+     */
+    readonly authOauthUrlCallback: string | null;
+    /**
+     *
+     * @type {string}
+     * @memberof SCIMProvider
+     */
+    readonly authOauthUrlStart: string | null;
    /**
     * Alter authentik behavior for vendor-specific SCIM implementations.
     * @type {CompatibilityModeEnum}
@@ -190,6 +214,13 @@ export function instanceOfSCIMProvider(value: object): value is SCIMProvider {
    if (!("verboseNamePlural" in value) || value["verboseNamePlural"] === undefined) return false;
    if (!("metaModelName" in value) || value["metaModelName"] === undefined) return false;
    if (!("url" in value) || value["url"] === undefined) return false;
+    if (!("authOauthTokenLastUpdated" in value) || value["authOauthTokenLastUpdated"] === undefined)
+        return false;
+    if (!("authOauthTokenExpires" in value) || value["authOauthTokenExpires"] === undefined)
+        return false;
+    if (!("authOauthUrlCallback" in value) || value["authOauthUrlCallback"] === undefined)
+        return false;
+    if (!("authOauthUrlStart" in value) || value["authOauthUrlStart"] === undefined) return false;
    return true;
 }

@@ -223,6 +254,16 @@ export function SCIMProviderFromJSONTyped(json: any, ignoreDiscriminator: boolea
                : SCIMAuthenticationModeEnumFromJSON(json["auth_mode"]),
        authOauth: json["auth_oauth"] == null ? undefined : json["auth_oauth"],
        authOauthParams: json["auth_oauth_params"] == null ? undefined : json["auth_oauth_params"],
+        authOauthTokenLastUpdated:
+            json["auth_oauth_token_last_updated"] == null
+                ? null
+                : new Date(json["auth_oauth_token_last_updated"]),
+        authOauthTokenExpires:
+            json["auth_oauth_token_expires"] == null
+                ? null
+                : new Date(json["auth_oauth_token_expires"]),
+        authOauthUrlCallback: json["auth_oauth_url_callback"],
+        authOauthUrlStart: json["auth_oauth_url_start"],
        compatibilityMode:
            json["compatibility_mode"] == null
                ? undefined
@@ -256,6 +297,10 @@ export function SCIMProviderToJSONTyped(
        | "verbose_name"
        | "verbose_name_plural"
        | "meta_model_name"
+        | "auth_oauth_token_last_updated"
+        | "auth_oauth_token_expires"
+        | "auth_oauth_url_callback"
+        | "auth_oauth_url_start"
    > | null,
    ignoreDiscriminator: boolean = false,
 ): any {
--- a/packages/docusaurus-config/package-lock.json
+++ b/packages/docusaurus-config/package-lock.json
--- a/packages/docusaurus-config/package.json
+++ b/packages/docusaurus-config/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/docusaurus-config",
-    "version": "2.7.0",
+    "version": "3.0.0",
    "description": "authentik's Docusaurus config",
    "license": "MIT",
    "repository": {
@@ -30,33 +30,33 @@
        "prism-react-renderer": "^2.4.1"
    },
    "devDependencies": {
-        "@docusaurus/theme-common": "3.10.0",
+        "@docusaurus/theme-common": "^3.10.0",
        "@docusaurus/theme-search-algolia": "^3.10.0",
        "@docusaurus/types": "^3.10.0",
        "@eslint/js": "^9.39.3",
        "@goauthentik/eslint-config": "../eslint-config",
        "@goauthentik/prettier-config": "../prettier-config",
        "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.5.0",
+        "@types/node": "^25.7.0",
        "@types/react": "^19.2.14",
        "@types/react-dom": "^19.2.3",
        "eslint": "^9.39.3",
        "pino": "^10.3.1",
-        "prettier": "^3.8.1",
+        "prettier": "^3.8.3",
        "prettier-plugin-packagejson": "^3.0.2",
-        "typescript": "^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "typescript": "^6.0.3",
+        "typescript-eslint": "^8.59.3"
    },
    "peerDependencies": {
-        "@docusaurus/theme-common": "^3.9.2",
-        "@docusaurus/theme-search-algolia": "^3.9.2",
-        "@docusaurus/types": "^3.9.2",
-        "react": ">=18",
-        "react-dom": ">=18"
+        "@docusaurus/theme-common": "^3.10.1",
+        "@docusaurus/theme-search-algolia": "^3.10.1",
+        "@docusaurus/types": "^3.10.1",
+        "react": ">=19",
+        "react-dom": ">=19"
    },
    "optionalDependencies": {
-        "react": ">=18",
-        "react-dom": ">=18"
+        "react": ">=19",
+        "react-dom": ">=19"
    },
    "files": [
        "./index.js",
@@ -66,7 +66,7 @@
    ],
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -76,7 +76,7 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
--- a/packages/esbuild-plugin-live-reload/package-lock.json
+++ b/packages/esbuild-plugin-live-reload/package-lock.json
@@ -17,20 +17,20 @@
                "@goauthentik/logger-js": "../logger-js",
                "@goauthentik/prettier-config": "../prettier-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.3.0",
+                "@types/node": "^25.7.0",
                "esbuild": "^0.27.4",
                "eslint": "^9.39.3",
                "pino": "^10.3.1",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
                "typedoc": "^0.28.18",
                "typedoc-plugin-markdown": "^4.11.0",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
                "@goauthentik/logger-js": "^1.0.1",
@@ -44,7 +44,7 @@
        },
        "../eslint-config": {
            "name": "@goauthentik/eslint-config",
-            "version": "1.3.0",
+            "version": "2.0.0",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -52,26 +52,26 @@
                "eslint-plugin-import": "^2.32.0",
                "eslint-plugin-lit": "^2.2.1",
                "eslint-plugin-react": "^7.37.5",
-                "eslint-plugin-react-hooks": "^7.0.1",
+                "eslint-plugin-react-hooks": "^7.1.1",
                "eslint-plugin-wc": "^3.1.0"
            },
            "devDependencies": {
                "@goauthentik/prettier-config": "../prettier-config",
                "@goauthentik/tsconfig": "../tsconfig",
                "@types/eslint": "^9.6.1",
-                "@types/node": "^25.5.0",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "@types/node": "^25.7.0",
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
                "react": "^18.0.0 || ^19.0.0",
                "react-dom": "^18.0.0 || ^19.0.0",
-                "typescript": "^5.9.3 || ^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3 || ^7.0.0",
+                "typescript-eslint": "^8.59.3"
            },
            "peerDependenciesMeta": {
                "react": {
@@ -84,25 +84,25 @@
        },
        "../logger-js": {
            "name": "@goauthentik/logger-js",
-            "version": "1.1.1",
+            "version": "2.0.0",
            "dev": true,
            "license": "MIT",
            "devDependencies": {
                "@eslint/js": "^9.39.3",
                "@goauthentik/prettier-config": "../prettier-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.5.0",
+                "@types/node": "^25.7.0",
                "eslint": "^9.39.3",
                "pino": "^10.3.1",
                "pino-pretty": "^13.1.2",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
                "pino": "^10.3.1",
@@ -119,7 +119,7 @@
        },
        "../prettier-config": {
            "name": "@goauthentik/prettier-config",
-            "version": "3.5.0",
+            "version": "4.0.0",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -129,30 +129,30 @@
                "@eslint/js": "^9.39.3",
                "@goauthentik/eslint-config": "../eslint-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.0.0",
+                "@types/node": "^25.7.0",
                "eslint": "^9.39.3",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2"
            }
        },
        "../tsconfig": {
            "name": "@goauthentik/tsconfig",
-            "version": "1.0.8",
+            "version": "1.0.9",
            "dev": true,
            "license": "MIT",
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            }
        },
        "node_modules/@esbuild/aix-ppc64": {
@@ -904,13 +904,13 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "25.5.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
-            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+            "version": "25.7.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
+            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.18.0"
+                "undici-types": "~7.21.0"
            }
        },
        "node_modules/@types/unist": {
@@ -921,20 +921,20 @@
            "license": "MIT"
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
-            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
+            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/type-utils": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/type-utils": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "ignore": "^7.0.5",
                "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -944,9 +944,9 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.57.2",
+                "@typescript-eslint/parser": "^8.59.3",
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -960,16 +960,16 @@
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
-            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
+            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -981,18 +981,18 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
-            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
+            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.57.2",
-                "@typescript-eslint/types": "^8.57.2",
+                "@typescript-eslint/tsconfig-utils": "^8.59.3",
+                "@typescript-eslint/types": "^8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -1003,18 +1003,18 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
-            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
+            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2"
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1025,9 +1025,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
-            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
+            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -1038,21 +1038,21 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
-            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
+            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
                "debug": "^4.4.3",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1063,13 +1063,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
-            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
+            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -1081,21 +1081,21 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
-            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
+            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.57.2",
-                "@typescript-eslint/tsconfig-utils": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/project-service": "8.59.3",
+                "@typescript-eslint/tsconfig-utils": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3",
                "minimatch": "^10.2.2",
                "semver": "^7.7.3",
                "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1105,7 +1105,7 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -1119,9 +1119,9 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.5",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+            "version": "5.0.6",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -1132,13 +1132,13 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.4",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+            "version": "10.2.5",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
            "dev": true,
            "license": "BlueOak-1.0.0",
            "dependencies": {
-                "brace-expansion": "^5.0.2"
+                "brace-expansion": "^5.0.5"
            },
            "engines": {
                "node": "18 || 20 || >=22"
@@ -1148,16 +1148,16 @@
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
-            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
+            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2"
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1168,17 +1168,17 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
-            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
+            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
                "eslint-visitor-keys": "^5.0.0"
            },
            "engines": {
@@ -2164,9 +2164,9 @@
            }
        },
        "node_modules/prettier": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
-            "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
+            "version": "3.8.3",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
+            "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
            "dev": true,
            "license": "MIT",
            "bin": {
@@ -2515,9 +2515,9 @@
            }
        },
        "node_modules/typescript": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
-            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
+            "version": "6.0.3",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
+            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
            "dev": true,
            "license": "Apache-2.0",
            "bin": {
@@ -2529,16 +2529,16 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
-            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
+            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.57.2",
-                "@typescript-eslint/parser": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2"
+                "@typescript-eslint/eslint-plugin": "8.59.3",
+                "@typescript-eslint/parser": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2549,7 +2549,7 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/uc.micro": {
@@ -2560,9 +2560,9 @@
            "license": "MIT"
        },
        "node_modules/undici-types": {
-            "version": "7.18.2",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+            "version": "7.21.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
+            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
            "dev": true,
            "license": "MIT"
        },
--- a/packages/esbuild-plugin-live-reload/package.json
+++ b/packages/esbuild-plugin-live-reload/package.json
@@ -49,16 +49,16 @@
        "@goauthentik/logger-js": "../logger-js",
        "@goauthentik/prettier-config": "../prettier-config",
        "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.3.0",
+        "@types/node": "^25.7.0",
        "esbuild": "^0.27.4",
        "eslint": "^9.39.3",
        "pino": "^10.3.1",
-        "prettier": "^3.8.1",
+        "prettier": "^3.8.3",
        "prettier-plugin-packagejson": "^3.0.2",
        "typedoc": "^0.28.18",
        "typedoc-plugin-markdown": "^4.11.0",
-        "typescript": "^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "typescript": "^6.0.3",
+        "typescript-eslint": "^8.59.3"
    },
    "peerDependencies": {
        "@goauthentik/logger-js": "^1.0.1",
@@ -73,7 +73,7 @@
    ],
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -83,7 +83,7 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
--- a/packages/eslint-config/package-lock.json
+++ b/packages/eslint-config/package-lock.json
@@ -1,38 +1,38 @@
 {
    "name": "@goauthentik/eslint-config",
-    "version": "1.3.0",
+    "version": "2.0.0",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "@goauthentik/eslint-config",
-            "version": "1.3.0",
+            "version": "2.0.0",
            "license": "MIT",
            "dependencies": {
                "eslint": "^9.39.3",
                "eslint-plugin-import": "^2.32.0",
-                "eslint-plugin-lit": "^2.2.1",
+                "eslint-plugin-lit": "^2.3.1",
                "eslint-plugin-react": "^7.37.5",
-                "eslint-plugin-react-hooks": "^7.0.1",
+                "eslint-plugin-react-hooks": "^7.1.1",
                "eslint-plugin-wc": "^3.1.0"
            },
            "devDependencies": {
                "@goauthentik/prettier-config": "../prettier-config",
                "@goauthentik/tsconfig": "../tsconfig",
                "@types/eslint": "^9.6.1",
-                "@types/node": "^25.5.0",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "@types/node": "^25.7.0",
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
                "react": "^18.0.0 || ^19.0.0",
                "react-dom": "^18.0.0 || ^19.0.0",
-                "typescript": "^5.9.3 || ^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3 || ^7.0.0",
+                "typescript-eslint": "^8.59.3"
            },
            "peerDependenciesMeta": {
                "react": {
@@ -45,7 +45,7 @@
        },
        "../prettier-config": {
            "name": "@goauthentik/prettier-config",
-            "version": "3.5.0",
+            "version": "4.0.0",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -55,30 +55,30 @@
                "@eslint/js": "^9.39.3",
                "@goauthentik/eslint-config": "../eslint-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.0.0",
+                "@types/node": "^25.7.0",
                "eslint": "^9.39.3",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2"
            }
        },
        "../tsconfig": {
            "name": "@goauthentik/tsconfig",
-            "version": "1.0.8",
+            "version": "2.0.0",
            "dev": true,
            "license": "MIT",
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            }
        },
        "node_modules/@babel/code-frame": {
@@ -576,30 +576,30 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "25.5.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
-            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+            "version": "25.7.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
+            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.18.0"
+                "undici-types": "~7.21.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
-            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
+            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/type-utils": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/type-utils": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "ignore": "^7.0.5",
                "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -609,9 +609,9 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.57.2",
+                "@typescript-eslint/parser": "^8.59.3",
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -625,16 +625,16 @@
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
-            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
+            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -646,18 +646,18 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
-            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
+            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.57.2",
-                "@typescript-eslint/types": "^8.57.2",
+                "@typescript-eslint/tsconfig-utils": "^8.59.3",
+                "@typescript-eslint/types": "^8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -668,18 +668,18 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
-            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
+            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2"
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -690,9 +690,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
-            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
+            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -703,21 +703,21 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
-            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
+            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
                "debug": "^4.4.3",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -728,13 +728,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
-            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
+            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -746,21 +746,21 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
-            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
+            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.57.2",
-                "@typescript-eslint/tsconfig-utils": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/project-service": "8.59.3",
+                "@typescript-eslint/tsconfig-utils": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3",
                "minimatch": "^10.2.2",
                "semver": "^7.7.3",
                "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -770,7 +770,7 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -784,9 +784,9 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.5",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+            "version": "5.0.6",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -797,13 +797,13 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.4",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+            "version": "10.2.5",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
            "dev": true,
            "license": "BlueOak-1.0.0",
            "dependencies": {
-                "brace-expansion": "^5.0.2"
+                "brace-expansion": "^5.0.5"
            },
            "engines": {
                "node": "18 || 20 || >=22"
@@ -813,9 +813,9 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/semver": {
-            "version": "7.7.4",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
-            "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+            "version": "7.8.0",
+            "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.0.tgz",
+            "integrity": "sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==",
            "dev": true,
            "license": "ISC",
            "bin": {
@@ -826,16 +826,16 @@
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
-            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
+            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2"
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -846,17 +846,17 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
-            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
+            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
                "eslint-visitor-keys": "^5.0.0"
            },
            "engines": {
@@ -1431,6 +1431,37 @@
                "node": ">=0.10.0"
            }
        },
+        "node_modules/domelementtype": {
+            "version": "3.0.0",
+            "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-3.0.0.tgz",
+            "integrity": "sha512-umCQid3jKbDmVjx8jGaW7uUykm4DEUeyV21hPxNMo2nV955DhUThwqyOIDtreepP31hl84X7G5U9ZfsWvIB3Pg==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/fb55"
+                }
+            ],
+            "license": "BSD-2-Clause",
+            "engines": {
+                "node": ">=20.19.0"
+            }
+        },
+        "node_modules/domhandler": {
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-6.0.1.tgz",
+            "integrity": "sha512-gYzvtM72ZtxQO0T048kd6HWSbbGCNOUwcnfQ01cqIJ4X2IYKFFHZ5mKvrQETcFXxsRObZulDaKmy//R7TPtsBg==",
+            "license": "BSD-2-Clause",
+            "dependencies": {
+                "domelementtype": "^3.0.0"
+            },
+            "engines": {
+                "node": ">=20.19.0"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/fb55/domhandler?sponsor=1"
+            }
+        },
        "node_modules/dunder-proto": {
            "version": "1.0.1",
            "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -1451,6 +1482,18 @@
            "integrity": "sha512-PwfIw7WQSt3xX7yOf5OE/unLzsK9CaN2f/FvV3WjPR1Knoc1T9vePRVV4W1EM301JzzysK51K7FNKcusCr0zYA==",
            "license": "ISC"
        },
+        "node_modules/entities": {
+            "version": "8.0.0",
+            "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
+            "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
+            "license": "BSD-2-Clause",
+            "engines": {
+                "node": ">=20.19.0"
+            },
+            "funding": {
+                "url": "https://github.com/fb55/entities?sponsor=1"
+            }
+        },
        "node_modules/es-abstract": {
            "version": "1.24.1",
            "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.1.tgz",
@@ -1790,13 +1833,13 @@
            }
        },
        "node_modules/eslint-plugin-lit": {
-            "version": "2.2.1",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.2.1.tgz",
-            "integrity": "sha512-mnqqwpWF4PBF/YjlGt9mbHwrWCGMtaqdpnqISv3nGcTl8iStaAt9UGieMY3i8vwKfSSWtkEfBZUcRKFGys6yiw==",
+            "version": "2.3.1",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.3.1.tgz",
+            "integrity": "sha512-wAqDOOWQzUoY5uK124ZR+h7Snx0+KdZd3Knv6133gRHEcu03jbqnouK4GBwVl6PkGOkNy40zSchOp9VbBh4yHg==",
            "license": "MIT",
            "dependencies": {
-                "parse5": "^6.0.1",
-                "parse5-htmlparser2-tree-adapter": "^6.0.1"
+                "parse5": "^8.0.1",
+                "parse5-htmlparser2-tree-adapter": "^8.0.1"
            },
            "engines": {
                "node": ">= 18"
@@ -1838,9 +1881,9 @@
            }
        },
        "node_modules/eslint-plugin-react-hooks": {
-            "version": "7.0.1",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-7.0.1.tgz",
-            "integrity": "sha512-O0d0m04evaNzEPoSW+59Mezf8Qt0InfgGIBJnpC0h3NH/WjUAR7BIKUfysC6todmtiZ/A0oUVS8Gce0WhBrHsA==",
+            "version": "7.1.1",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-7.1.1.tgz",
+            "integrity": "sha512-f2I7Gw6JbvCexzIInuSbZpfdQ44D7iqdWX01FKLvrPgqxoE7oMj8clOfto8U6vYiz4yd5oKu39rRSVOe1zRu0g==",
            "license": "MIT",
            "dependencies": {
                "@babel/core": "^7.24.4",
@@ -1853,7 +1896,7 @@
                "node": ">=18"
            },
            "peerDependencies": {
-                "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0"
+                "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0 || ^10.0.0"
            }
        },
        "node_modules/eslint-plugin-react/node_modules/resolve": {
@@ -3194,18 +3237,28 @@
            }
        },
        "node_modules/parse5": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
-            "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==",
-            "license": "MIT"
-        },
-        "node_modules/parse5-htmlparser2-tree-adapter": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-6.0.1.tgz",
-            "integrity": "sha512-qPuWvbLgvDGilKc5BoicRovlT4MtYT6JfJyBOMDsKoiT+GiuP5qyrPCnR9HcPECIJJmZh5jRndyNThnhhb/vlA==",
+            "version": "8.0.1",
+            "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+            "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
            "license": "MIT",
            "dependencies": {
-                "parse5": "^6.0.1"
+                "entities": "^8.0.0"
+            },
+            "funding": {
+                "url": "https://github.com/inikulin/parse5?sponsor=1"
+            }
+        },
+        "node_modules/parse5-htmlparser2-tree-adapter": {
+            "version": "8.0.1",
+            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-8.0.1.tgz",
+            "integrity": "sha512-aqkH+xQxX+QGZtP5GIMmqqp16Y0v9muEf2VVeypv35kFsD5bqP1UeBanSshdfjMY+RTh2vN4mmK6nEOVRMEvHg==",
+            "license": "MIT",
+            "dependencies": {
+                "domhandler": "^6.0.1",
+                "parse5": "^8.0.0"
+            },
+            "funding": {
+                "url": "https://github.com/inikulin/parse5?sponsor=1"
            }
        },
        "node_modules/path-exists": {
@@ -3718,14 +3771,14 @@
            }
        },
        "node_modules/tinyglobby": {
-            "version": "0.2.15",
-            "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
-            "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
+            "version": "0.2.16",
+            "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
+            "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "fdir": "^6.5.0",
-                "picomatch": "^4.0.3"
+                "picomatch": "^4.0.4"
            },
            "engines": {
                "node": ">=12.0.0"
@@ -3858,9 +3911,9 @@
            }
        },
        "node_modules/typescript": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
-            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
+            "version": "6.0.3",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
+            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
            "dev": true,
            "license": "Apache-2.0",
            "bin": {
@@ -3872,16 +3925,16 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
-            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
+            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.57.2",
-                "@typescript-eslint/parser": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2"
+                "@typescript-eslint/eslint-plugin": "8.59.3",
+                "@typescript-eslint/parser": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3892,7 +3945,7 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/unbox-primitive": {
@@ -3914,9 +3967,9 @@
            }
        },
        "node_modules/undici-types": {
-            "version": "7.18.2",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+            "version": "7.21.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
+            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
            "dev": true,
            "license": "MIT"
        },
--- a/packages/eslint-config/package.json
+++ b/packages/eslint-config/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/eslint-config",
-    "version": "1.3.0",
+    "version": "2.0.0",
    "description": "authentik's ESLint config",
    "license": "MIT",
    "repository": {
@@ -39,24 +39,24 @@
    "dependencies": {
        "eslint": "^9.39.3",
        "eslint-plugin-import": "^2.32.0",
-        "eslint-plugin-lit": "^2.2.1",
+        "eslint-plugin-lit": "^2.3.1",
        "eslint-plugin-react": "^7.37.5",
-        "eslint-plugin-react-hooks": "^7.0.1",
+        "eslint-plugin-react-hooks": "^7.1.1",
        "eslint-plugin-wc": "^3.1.0"
    },
    "devDependencies": {
        "@goauthentik/prettier-config": "../prettier-config",
        "@goauthentik/tsconfig": "../tsconfig",
        "@types/eslint": "^9.6.1",
-        "@types/node": "^25.5.0",
-        "typescript": "^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "@types/node": "^25.7.0",
+        "typescript": "^6.0.3",
+        "typescript-eslint": "^8.59.3"
    },
    "peerDependencies": {
        "react": "^18.0.0 || ^19.0.0",
        "react-dom": "^18.0.0 || ^19.0.0",
-        "typescript": "^5.9.3 || ^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "typescript": "^6.0.3 || ^7.0.0",
+        "typescript-eslint": "^8.59.3"
    },
    "files": [
        "./index.js",
@@ -65,7 +65,7 @@
    ],
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -75,7 +75,7 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
--- a/packages/logger-js/package-lock.json
+++ b/packages/logger-js/package-lock.json
@@ -1,29 +1,29 @@
 {
    "name": "@goauthentik/logger-js",
-    "version": "1.1.2",
+    "version": "2.0.0",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "@goauthentik/logger-js",
-            "version": "1.1.2",
+            "version": "2.0.0",
            "license": "MIT",
            "devDependencies": {
                "@eslint/js": "^9.39.3",
                "@goauthentik/prettier-config": "../prettier-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.5.0",
+                "@types/node": "^25.7.0",
                "eslint": "^9.39.3",
                "pino": "^10.3.1",
                "pino-pretty": "^13.1.2",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
                "pino": "^10.3.1",
@@ -40,7 +40,7 @@
        },
        "../prettier-config": {
            "name": "@goauthentik/prettier-config",
-            "version": "3.5.0",
+            "version": "4.0.0",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -50,30 +50,30 @@
                "@eslint/js": "^9.39.3",
                "@goauthentik/eslint-config": "../eslint-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.0.0",
+                "@types/node": "^25.7.0",
                "eslint": "^9.39.3",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2"
            }
        },
        "../tsconfig": {
            "name": "@goauthentik/tsconfig",
-            "version": "1.0.9",
+            "version": "2.0.0",
            "dev": true,
            "license": "MIT",
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            }
        },
        "node_modules/@eslint-community/eslint-utils": {
@@ -361,30 +361,30 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "25.5.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
-            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+            "version": "25.7.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
+            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.18.0"
+                "undici-types": "~7.21.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
-            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
+            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/type-utils": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/type-utils": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "ignore": "^7.0.5",
                "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -394,22 +394,22 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.57.2",
+                "@typescript-eslint/parser": "^8.59.3",
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
-            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
+            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -421,18 +421,18 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
-            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
+            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.57.2",
-                "@typescript-eslint/types": "^8.57.2",
+                "@typescript-eslint/tsconfig-utils": "^8.59.3",
+                "@typescript-eslint/types": "^8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -443,18 +443,18 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
-            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
+            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2"
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -465,9 +465,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
-            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
+            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -478,21 +478,21 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
-            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
+            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
                "debug": "^4.4.3",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -503,13 +503,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
-            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
+            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -521,21 +521,21 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
-            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
+            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.57.2",
-                "@typescript-eslint/tsconfig-utils": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/project-service": "8.59.3",
+                "@typescript-eslint/tsconfig-utils": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3",
                "minimatch": "^10.2.2",
                "semver": "^7.7.3",
                "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -545,20 +545,20 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
-            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
+            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2"
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -569,17 +569,17 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
-            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
+            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
                "eslint-visitor-keys": "^5.0.0"
            },
            "engines": {
@@ -687,9 +687,9 @@
            }
        },
        "node_modules/brace-expansion": {
-            "version": "5.0.5",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+            "version": "5.0.6",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -1409,13 +1409,13 @@
            "license": "MIT"
        },
        "node_modules/minimatch": {
-            "version": "10.2.4",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+            "version": "10.2.5",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
            "dev": true,
            "license": "BlueOak-1.0.0",
            "dependencies": {
-                "brace-expansion": "^5.0.2"
+                "brace-expansion": "^5.0.5"
            },
            "engines": {
                "node": "18 || 20 || >=22"
@@ -1653,9 +1653,9 @@
            }
        },
        "node_modules/prettier": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
-            "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
+            "version": "3.8.3",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
+            "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
            "dev": true,
            "license": "MIT",
            "bin": {
@@ -1946,9 +1946,9 @@
            }
        },
        "node_modules/typescript": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
-            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
+            "version": "6.0.3",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
+            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
            "dev": true,
            "license": "Apache-2.0",
            "bin": {
@@ -1960,16 +1960,16 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
-            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
+            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.57.2",
-                "@typescript-eslint/parser": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2"
+                "@typescript-eslint/eslint-plugin": "8.59.3",
+                "@typescript-eslint/parser": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1980,13 +1980,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/undici-types": {
-            "version": "7.18.2",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+            "version": "7.21.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
+            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
            "dev": true,
            "license": "MIT"
        },
--- a/packages/logger-js/package.json
+++ b/packages/logger-js/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/logger-js",
-    "version": "1.1.2",
+    "version": "2.0.0",
    "description": "Pino-based logger for authentik",
    "license": "MIT",
    "repository": {
@@ -31,14 +31,14 @@
        "@eslint/js": "^9.39.3",
        "@goauthentik/prettier-config": "../prettier-config",
        "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.5.0",
+        "@types/node": "^25.7.0",
        "eslint": "^9.39.3",
        "pino": "^10.3.1",
        "pino-pretty": "^13.1.2",
-        "prettier": "^3.8.1",
+        "prettier": "^3.8.3",
        "prettier-plugin-packagejson": "^3.0.2",
-        "typescript": "^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "typescript": "^6.0.3",
+        "typescript-eslint": "^8.59.3"
    },
    "peerDependencies": {
        "pino": "^10.3.1",
@@ -51,7 +51,7 @@
    ],
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -61,7 +61,7 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "ignore"
        }
    },
--- a/packages/prettier-config/package-lock.json
+++ b/packages/prettier-config/package-lock.json
@@ -1,12 +1,12 @@
 {
    "name": "@goauthentik/prettier-config",
-    "version": "3.5.0",
+    "version": "4.0.0",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "@goauthentik/prettier-config",
-            "version": "3.5.0",
+            "version": "4.0.0",
            "license": "MIT",
            "dependencies": {
                "format-imports": "^4.0.8"
@@ -15,25 +15,25 @@
                "@eslint/js": "^9.39.3",
                "@goauthentik/eslint-config": "../eslint-config",
                "@goauthentik/tsconfig": "../tsconfig",
-                "@types/node": "^25.0.0",
+                "@types/node": "^25.7.0",
                "eslint": "^9.39.3",
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
-                "prettier": "^3.8.1",
+                "prettier": "^3.8.3",
                "prettier-plugin-packagejson": "^3.0.2"
            }
        },
        "../eslint-config": {
            "name": "@goauthentik/eslint-config",
-            "version": "1.3.0",
+            "version": "2.0.0",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -41,26 +41,26 @@
                "eslint-plugin-import": "^2.32.0",
                "eslint-plugin-lit": "^2.2.1",
                "eslint-plugin-react": "^7.37.5",
-                "eslint-plugin-react-hooks": "^7.0.1",
+                "eslint-plugin-react-hooks": "^7.1.1",
                "eslint-plugin-wc": "^3.1.0"
            },
            "devDependencies": {
                "@goauthentik/prettier-config": "../prettier-config",
                "@goauthentik/tsconfig": "../tsconfig",
                "@types/eslint": "^9.6.1",
-                "@types/node": "^25.3.0",
-                "typescript": "^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "@types/node": "^25.7.0",
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            },
            "peerDependencies": {
                "react": "^18.0.0 || ^19.0.0",
                "react-dom": "^18.0.0 || ^19.0.0",
-                "typescript": "^5.9.3 || ^6.0.2",
-                "typescript-eslint": "^8.57.2"
+                "typescript": "^6.0.3 || ^7.0.0",
+                "typescript-eslint": "^8.59.3"
            },
            "peerDependenciesMeta": {
                "react": {
@@ -73,12 +73,12 @@
        },
        "../tsconfig": {
            "name": "@goauthentik/tsconfig",
-            "version": "1.0.8",
+            "version": "1.0.9",
            "dev": true,
            "license": "MIT",
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            }
        },
        "node_modules/@babel/helper-string-parser": {
@@ -382,30 +382,30 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "25.5.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
-            "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+            "version": "25.7.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
+            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.18.0"
+                "undici-types": "~7.21.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
-            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
+            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/type-utils": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/type-utils": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "ignore": "^7.0.5",
                "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -415,9 +415,9 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.57.2",
+                "@typescript-eslint/parser": "^8.59.3",
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -431,16 +431,16 @@
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
-            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
+            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -452,18 +452,18 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
-            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
+            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.57.2",
-                "@typescript-eslint/types": "^8.57.2",
+                "@typescript-eslint/tsconfig-utils": "^8.59.3",
+                "@typescript-eslint/types": "^8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -474,18 +474,18 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
-            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
+            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2"
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -496,9 +496,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
-            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
+            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -509,21 +509,21 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
-            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
+            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
                "debug": "^4.4.3",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -534,13 +534,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
-            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
+            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -552,21 +552,21 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
-            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
+            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.57.2",
-                "@typescript-eslint/tsconfig-utils": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/project-service": "8.59.3",
+                "@typescript-eslint/tsconfig-utils": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3",
                "minimatch": "^10.2.2",
                "semver": "^7.7.3",
                "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -576,7 +576,7 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -590,9 +590,9 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.5",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+            "version": "5.0.6",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
@@ -603,13 +603,13 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.4",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+            "version": "10.2.5",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
            "dev": true,
            "license": "BlueOak-1.0.0",
            "dependencies": {
-                "brace-expansion": "^5.0.2"
+                "brace-expansion": "^5.0.5"
            },
            "engines": {
                "node": "18 || 20 || >=22"
@@ -619,16 +619,16 @@
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
-            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
+            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2"
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -639,17 +639,17 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
-            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
+            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
                "eslint-visitor-keys": "^5.0.0"
            },
            "engines": {
@@ -1745,9 +1745,9 @@
            }
        },
        "node_modules/prettier": {
-            "version": "3.8.1",
-            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
-            "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
+            "version": "3.8.3",
+            "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
+            "integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
            "license": "MIT",
            "bin": {
                "prettier": "bin/prettier.cjs"
@@ -2001,9 +2001,9 @@
            }
        },
        "node_modules/typescript": {
-            "version": "6.0.2",
-            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
-            "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
+            "version": "6.0.3",
+            "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
+            "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
            "dev": true,
            "license": "Apache-2.0",
            "bin": {
@@ -2015,16 +2015,16 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
-            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
+            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
            "dev": true,
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.57.2",
-                "@typescript-eslint/parser": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2"
+                "@typescript-eslint/eslint-plugin": "8.59.3",
+                "@typescript-eslint/parser": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2035,13 +2035,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/undici-types": {
-            "version": "7.18.2",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-            "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+            "version": "7.21.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
+            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
            "dev": true,
            "license": "MIT"
        },
--- a/packages/prettier-config/package.json
+++ b/packages/prettier-config/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/prettier-config",
-    "version": "3.5.0",
+    "version": "4.0.0",
    "description": "authentik's Prettier config",
    "license": "MIT",
    "repository": {
@@ -39,15 +39,15 @@
        "@eslint/js": "^9.39.3",
        "@goauthentik/eslint-config": "../eslint-config",
        "@goauthentik/tsconfig": "../tsconfig",
-        "@types/node": "^25.0.0",
+        "@types/node": "^25.7.0",
        "eslint": "^9.39.3",
-        "prettier": "^3.8.1",
+        "prettier": "^3.8.3",
        "prettier-plugin-packagejson": "^3.0.2",
-        "typescript": "^6.0.2",
-        "typescript-eslint": "^8.57.2"
+        "typescript": "^6.0.3",
+        "typescript-eslint": "^8.59.3"
    },
    "peerDependencies": {
-        "prettier": "^3.8.1",
+        "prettier": "^3.8.3",
        "prettier-plugin-packagejson": "^3.0.2"
    },
    "files": [
@@ -57,7 +57,7 @@
    ],
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -67,7 +67,7 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
--- a/packages/tsconfig/package-lock.json
+++ b/packages/tsconfig/package-lock.json
@@ -1,16 +1,16 @@
 {
    "name": "@goauthentik/tsconfig",
-    "version": "1.0.9",
+    "version": "2.0.0",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "@goauthentik/tsconfig",
-            "version": "1.0.9",
+            "version": "2.0.0",
            "license": "MIT",
            "engines": {
                "node": ">=24",
-                "npm": ">=11.10.1"
+                "npm": ">=11.14.1"
            }
        }
    }
--- a/packages/tsconfig/package.json
+++ b/packages/tsconfig/package.json
@@ -1,6 +1,6 @@
 {
    "name": "@goauthentik/tsconfig",
-    "version": "1.0.9",
+    "version": "2.0.0",
    "description": "authentik's base TypeScript configuration.",
    "license": "MIT",
    "repository": {
@@ -15,7 +15,7 @@
    "type": "module",
    "engines": {
        "node": ">=24",
-        "npm": ">=11.10.1"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -25,7 +25,7 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": ">=11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
--- a/packages/tsconfig/tsconfig.json
+++ b/packages/tsconfig/tsconfig.json
@@ -1,7 +1,6 @@
 {
    "$schema": "https://json.schemastore.org/tsconfig",
    "compilerOptions": {
-        "ignoreDeprecations": "6.0",
        "alwaysStrict": true,
        "composite": true,
        "declaration": true,
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -36,7 +36,7 @@ dependencies = [
  "fido2==2.2.0",
  "geoip2==5.2.0",
  "geopy==2.4.1",
-  "google-api-python-client==2.195.0",
+  "google-api-python-client==2.196.0",
  "gssapi==1.11.1",
  "gunicorn==25.3.0",
  "jsonpatch==1.33",
@@ -76,7 +76,7 @@ dependencies = [

 [dependency-groups]
 dev = [
-  "aws-cdk-lib==2.252.0",
+  "aws-cdk-lib==2.253.0",
  "bandit==1.9.4",
  "black==26.3.1",
  "bpython==0.26",
@@ -85,7 +85,7 @@ dev = [
  "coverage[toml]==7.13.5",
  "daphne==4.2.1",
  "debugpy==1.8.20",
-  "django-stubs[compatible-mypy]==6.0.3",
+  "django-stubs[compatible-mypy]==6.0.4",
  "djangorestframework-stubs[compatible-mypy]==3.16.9",
  "drf-jsonschema-serializer==3.0.0",
  "freezegun==1.5.5",
--- a/schema.yml
+++ b/schema.yml
@@ -54916,6 +54916,7 @@ components:
      enum:
      - token
      - oauth
+      - oauth_interactive
      type: string
    SCIMMapping:
      type: object
@@ -55050,6 +55051,24 @@ components:
          type: object
          additionalProperties: {}
          description: Additional OAuth parameters, such as grant_type
+        auth_oauth_token_last_updated:
+          type: string
+          format: date-time
+          nullable: true
+          readOnly: true
+        auth_oauth_token_expires:
+          type: string
+          format: date-time
+          nullable: true
+          readOnly: true
+        auth_oauth_url_callback:
+          type: string
+          nullable: true
+          readOnly: true
+        auth_oauth_url_start:
+          type: string
+          nullable: true
+          readOnly: true
        compatibility_mode:
          allOf:
          - $ref: '#/components/schemas/CompatibilityModeEnum'
@@ -55082,6 +55101,10 @@ components:
      required:
      - assigned_backchannel_application_name
      - assigned_backchannel_application_slug
+      - auth_oauth_token_expires
+      - auth_oauth_token_last_updated
+      - auth_oauth_url_callback
+      - auth_oauth_url_start
      - component
      - meta_model_name
      - name
--- a/scripts/node/lint-lockfile.mjs
+++ b/scripts/node/lint-lockfile.mjs
@@ -0,0 +1,278 @@
+#!/usr/bin/env node
+/**
+ * @file Lints the package-lock.json file to ensure it is in sync with package.json.
+ *
+ * Usage:
+ *   lint-lockfile [options] [directory]
+ *
+ * Options:
+ *   --warn    Report issues as warnings instead of failing. The lockfile is
+ *             still regenerated on disk, but the process exits 0.
+ *
+ * Exit codes:
+ *   0  Lockfile is in sync (or --warn was passed)
+ *   1  Unexpected error
+ *   2  Lockfile drift detected
+ */
+
+/// <reference lib="esnext" />
+
+import * as assert from "node:assert/strict";
+import { findPackageJSON } from "node:module";
+import { dirname } from "node:path";
+import { isDeepStrictEqual, parseArgs } from "node:util";
+
+import { ConsoleLogger } from "../../packages/logger-js/lib/node.js";
+import { parseCWD, reportAndExit } from "./utils/commands.mjs";
+import { corepack } from "./utils/corepack.mjs";
+import { gitStatus } from "./utils/git.mjs";
+import { findNPMPackage, loadJSON, npm, pluckDependencyFields } from "./utils/node.mjs";
+
+//#region Constants
+
+const logger = ConsoleLogger.prefix("lint:lockfile");
+
+const { values: options, positionals } = parseArgs({
+    options: {
+        "warn": {
+            type: "boolean",
+            default: false,
+            description: "Report issues as warnings instead of failing",
+        },
+        "skip-git": {
+            type: "boolean",
+            default: !!process.env.CI,
+            description:
+                "Skip checking for uncommitted changes (use with --warn to ignore drift without reporting)",
+        },
+    },
+    allowPositionals: true,
+});
+
+const cwd = parseCWD(positionals);
+
+const ignoredProperties = new Set([
+    // ---
+    "peer",
+    "engines",
+    "optional",
+]);
+
+//#region Utilities
+
+/**
+ * @param {Record<string, unknown>} actual
+ * @param {Record<string, unknown>} expected
+ * @param {string[]} [prefix]
+ * @returns {Set<string>[]}
+ */
+function extractDiffedProperties(actual, expected, prefix = []) {
+    const a = actual ?? {};
+    const b = expected ?? {};
+    const keys = new Set([...Object.keys(a), ...Object.keys(b)]);
+    /** @type {Set<string>[]} */
+    const diffs = [];
+
+    for (const key of keys) {
+        const path = [...prefix, key];
+        const valA = a[key];
+        const valB = b[key];
+
+        if (
+            valA !== null &&
+            valB !== null &&
+            typeof valA === "object" &&
+            typeof valB === "object" &&
+            !Array.isArray(valA) &&
+            !Array.isArray(valB)
+        ) {
+            // @ts-ignore
+            diffs.push(...extractDiffedProperties(valA, valB, path));
+        } else if (!isDeepStrictEqual(valA, valB)) {
+            diffs.push(new Set(path));
+        }
+    }
+
+    return diffs;
+}
+
+//#endregion
+
+/**
+ * Exit code when lockfile drift is detected (distinct from general errors)
+ */
+const EXIT_DRIFT = 2;
+
+/**
+ * @returns {Promise<string[]>} The list of issues detected.
+ */
+async function run() {
+    /** @type {string[]} */
+    const issues = [];
+
+    /**
+     * Records an issue. In strict mode, throws immediately.
+     * In warn mode, collects the message for later reporting.
+     *
+     * @param {boolean} ok
+     * @param {string} message
+     */
+    const check = (ok, message) => {
+        if (ok) return;
+
+        if (options.warn) {
+            issues.push(message);
+            return;
+        }
+
+        assert.fail(message);
+    };
+
+    /**
+     * Checks deep equality of two values. In strict mode, throws if they are not equal.
+     * In warn mode, records an issue instead.
+     *
+     * @param {unknown} actual
+     * @param {unknown} expected
+     * @param {string} message
+     */
+    const checkDeep = (actual, expected, message) => {
+        if (options.warn) {
+            if (!isDeepStrictEqual(actual, expected)) {
+                issues.push(message);
+            }
+
+            return;
+        }
+
+        assert.deepStrictEqual(actual, expected, message);
+    };
+
+    logger.info(`Linting lockfile integrity in: ${cwd}`);
+
+    // MARK: Locate files
+
+    const resolvedPath = import.meta.resolve(cwd);
+    const packageJSONPath = findPackageJSON(resolvedPath);
+
+    assert.ok(
+        packageJSONPath,
+        "Could not find package.json in the current directory or any parent directories",
+    );
+
+    const packageDir = dirname(packageJSONPath);
+    const { packageLockPath } = await findNPMPackage(packageDir);
+    const lockfileDir = dirname(packageLockPath);
+    const isWorkspace = lockfileDir !== packageDir;
+
+    const corepackVersion = await corepack`--version`().catch(() => null);
+    const useCorepack = !!corepackVersion;
+    logger.info(`corepack: ${corepackVersion || "disabled"}`);
+
+    const expected = {
+        lockfile: await loadJSON(packageLockPath),
+        package: await loadJSON(packageJSONPath).then(pluckDependencyFields),
+    };
+
+    logger.info(`package.json: ${packageJSONPath} (${expected.package.name})`);
+    logger.info(`package-lock.json: ${packageLockPath}${isWorkspace ? " (workspace root)" : ""}`);
+
+    // MARK: Uncommitted changes
+
+    if (options["skip-git"]) {
+        logger.warn("Skipping git status check");
+    } else {
+        const packageStatus = await gitStatus(packageJSONPath);
+        const lockfileStatus = await gitStatus(packageLockPath);
+
+        if (!packageStatus.available || !lockfileStatus.available) {
+            logger.warn("Git is not available; skipping uncommitted change detection.");
+        } else {
+            check(packageStatus.clean, `package.json has uncommitted changes: ${packageJSONPath}`);
+
+            check(
+                lockfileStatus.clean,
+                `package-lock.json has uncommitted changes: ${packageLockPath}`,
+            );
+        }
+    }
+
+    // MARK: Regenerate
+
+    const npmVersion = await npm`--version`({ useCorepack });
+
+    logger.info(`Detected npm version: ${npmVersion}`);
+
+    await npm`install --package-lock-only`({
+        cwd: lockfileDir,
+        useCorepack,
+    });
+
+    logger.info("npm install complete.");
+
+    const actual = {
+        lockfile: await loadJSON(packageLockPath),
+        package: await loadJSON(packageJSONPath).then(pluckDependencyFields),
+    };
+
+    // MARK: Compare
+
+    assert.deepStrictEqual(
+        actual.package,
+        expected.package,
+        `package.json was unexpectedly modified during lockfile check: ${packageJSONPath}`,
+    );
+
+    try {
+        checkDeep(
+            actual.lockfile,
+            expected.lockfile,
+            `package-lock.json is out of sync with package.json`,
+        );
+    } catch (error) {
+        if (!(error instanceof assert.AssertionError)) {
+            throw error;
+        }
+
+        // NPM versions <=11.10 has issues with deterministic lockfile generation,
+        // especially around optional peer dependencies.
+        const diffedProperties = extractDiffedProperties(actual.lockfile, expected.lockfile).filter(
+            (segments) => segments.isDisjointFrom(ignoredProperties),
+        );
+
+        if (diffedProperties.length) {
+            const formatted = diffedProperties
+                .map((segments) => Array.from(segments).join("."))
+                .join("\n");
+
+            throw new Error(`Lockfile drift detected:\n${formatted}`, { cause: error });
+        }
+
+        logger.warn(
+            "Permissible dependency differences detected. Run `npm install` to update the lockfile.",
+        );
+    }
+
+    return issues;
+}
+
+run()
+    .then((issues) => {
+        if (issues.length) {
+            logger.warn(`⚠️  ${issues.length} issue(s) detected:`);
+
+            for (const issue of issues) {
+                logger.warn(`  - ${issue}`);
+            }
+
+            if (options.warn) {
+                logger.warn(
+                    "The lockfile on disk has been regenerated. Review and commit the changes.",
+                );
+                process.exit(EXIT_DRIFT);
+            }
+        } else {
+            logger.info("✅ Lockfile is in sync.");
+        }
+    })
+    .catch((error) => reportAndExit(error, logger));
--- a/scripts/node/lint-runtime.mjs
+++ b/scripts/node/lint-runtime.mjs
@@ -0,0 +1,114 @@
+#!/usr/bin/env node
+/**
+ * @file Lints the installed Node.js and npm versions against the requirements specified in package.json.
+ *
+ * Usage:
+ *   lint-node [options] [directory]
+ *
+ * Exit codes:
+ *   0  Versions are in sync
+ *   1  Version mismatch detected
+ */
+
+import * as assert from "node:assert/strict";
+import { parseArgs } from "node:util";
+
+import { ConsoleLogger } from "../../packages/logger-js/lib/node.js";
+import { CommandError, parseCWD, reportAndExit } from "./utils/commands.mjs";
+import { corepack } from "./utils/corepack.mjs";
+import { resolveRepoRoot } from "./utils/git.mjs";
+import { compareVersions, findNPMPackage, loadJSON, node, npm, parseRange } from "./utils/node.mjs";
+
+const logger = ConsoleLogger.prefix("lint-runtime");
+
+/**
+ * @param {string} start
+ */
+async function readRequirements(start) {
+    const { packageJSONPath } = await findNPMPackage(start);
+
+    logger.info(`Checking versions in ${packageJSONPath}`);
+
+    const packageJSONData = await loadJSON(packageJSONPath);
+
+    const nodeVersion = await node`--version`().then((output) => output.replace(/^v/, ""));
+
+    const requiredNpmVersion = packageJSONData.engines?.npm;
+    const requiredNodeVersion = packageJSONData.engines?.node;
+
+    return { nodeVersion, requiredNpmVersion, requiredNodeVersion };
+}
+
+async function main() {
+    const parsedArgs = parseArgs({
+        allowPositionals: true,
+    });
+
+    const cwd = parseCWD(parsedArgs.positionals);
+    const repoRoot = await resolveRepoRoot(cwd).catch(() => null);
+
+    logger.info(`cwd ${cwd}`);
+    logger.info(`repository ${repoRoot || "not found"}`);
+
+    const corepackVersion = await corepack`--version`().catch(() => null);
+    const useCorepack = !!corepackVersion;
+    logger.info(`corepack ${corepackVersion || "disabled"}`);
+
+    const npmVersion = await npm`--version`({ cwd, useCorepack })
+        .then((version) => {
+            logger.info(`npm${corepackVersion ? " (via Corepack)" : ""} ${version}`);
+
+            return version;
+        })
+        .catch((error) => {
+            if (error instanceof CommandError && corepackVersion) {
+                logger.warn(`Failed to read npm version via Corepack ${error.message}`);
+
+                logger.info(`Attempting to read npm version directly without Corepack...`);
+                // Corepack might be misconfigured or outdated.
+                // Attempting a second read without Corepack can help us distinguish
+                // between a general npm issue and a Corepack-specific one.
+                return npm`--version`({ cwd }).then((version) => {
+                    logger.info(`npm (direct) ${version}`);
+
+                    return version;
+                });
+            }
+
+            throw error;
+        });
+
+    const { nodeVersion, requiredNpmVersion, requiredNodeVersion } = await readRequirements(cwd);
+
+    logger.info(`node ${nodeVersion}`);
+
+    if (requiredNpmVersion) {
+        logger.info(`package.json npm ${requiredNpmVersion}`);
+
+        const { operator, version: required } = parseRange(requiredNpmVersion);
+        const result = compareVersions(npmVersion, required);
+
+        assert.ok(
+            operator === ">=" ? result >= 0 : result === 0,
+            `npm version ${npmVersion} does not satisfy required version ${requiredNpmVersion}`,
+        );
+    }
+
+    if (requiredNodeVersion) {
+        logger.info(`package.json node ${requiredNodeVersion}`);
+
+        const { operator, version: required } = parseRange(requiredNodeVersion);
+        const result = compareVersions(nodeVersion, required);
+
+        assert.ok(
+            operator === ">=" ? result >= 0 : result === 0,
+            `Node.js version ${nodeVersion} does not satisfy required version ${requiredNodeVersion}`,
+        );
+    }
+}
+
+main()
+    .then(() => {
+        logger.info("✅ Node.js and npm versions are in sync.");
+    })
+    .catch((error) => reportAndExit(error, logger));
--- a/scripts/node/setup-corepack.mjs
+++ b/scripts/node/setup-corepack.mjs
@@ -0,0 +1,110 @@
+#!/usr/bin/env node
+
+/**
+ * @file Downloads the latest corepack tarball from the npm registry.
+ */
+
+import * as fs from "node:fs/promises";
+import { parseArgs } from "node:util";
+
+import { ConsoleLogger } from "../../packages/logger-js/lib/node.js";
+import { $, parseCWD, reportAndExit } from "./utils/commands.mjs";
+import { corepack, pullLatestCorepack, verifyPackageManagerIntegrity } from "./utils/corepack.mjs";
+import { resolveRepoRoot } from "./utils/git.mjs";
+import { findNPMPackage, loadJSON, npm } from "./utils/node.mjs";
+
+/**
+ * @deprecated Remove after Corepack is merged into the monorepo and we can rely on the version specified in package.json.
+ */
+const FALLBACK_PACKAGE_MANAGER =
+    "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367";
+const logger = ConsoleLogger.prefix("setup-corepack");
+
+async function main() {
+    const parsedArgs = parseArgs({
+        options: {
+            force: {
+                type: "boolean",
+                default: false,
+                description: "Force re-download of corepack even if a version is already installed",
+            },
+        },
+        allowPositionals: true,
+    });
+
+    const cwdArg = parseCWD(parsedArgs.positionals);
+
+    const repoRoot = await resolveRepoRoot(cwdArg).catch(() => null);
+    const cwd = repoRoot || cwdArg;
+
+    const npmVersion = await npm`--version`({ cwd });
+
+    logger.info(`npm ${npmVersion}`);
+
+    const corepackVersion = await corepack`--version`({ cwd }).catch(() => null);
+
+    logger.info(`corepack ${corepackVersion || "not found"}`);
+
+    if (corepackVersion && !parsedArgs.values.force) {
+        logger.info("Corepack is already installed, skipping download (use --force to override)");
+        return;
+    }
+
+    await pullLatestCorepack(cwd);
+
+    await npm`install --force -g corepack@latest`({ cwd });
+    logger.info("Corepack installed successfully");
+
+    const { packageJSONPath } = await findNPMPackage(cwd);
+
+    logger.info(`Checking versions in ${packageJSONPath}`);
+
+    const packageJSONData = await loadJSON(packageJSONPath);
+
+    const packageManagerSpec = packageJSONData.packageManager || FALLBACK_PACKAGE_MANAGER;
+    const plusIndex = packageManagerSpec.indexOf("+");
+    const packageManager =
+        plusIndex === -1 ? packageManagerSpec : packageManagerSpec.slice(0, plusIndex);
+    const checksum = plusIndex === -1 ? "" : packageManagerSpec.slice(plusIndex + 1);
+
+    if (!checksum) {
+        throw new Error(
+            `Invalid packageManager field in package.json. Expected format "name@version+checksum". Got "${packageJSONData.packageManager}".`,
+        );
+    }
+
+    await verifyPackageManagerIntegrity(packageManager, checksum);
+
+    await $`corepack install -g ${packageManager}`({ cwd });
+
+    logger.info(`Setting up Corepack to use ${packageManager}...`);
+
+    const writablePackageJSON = await fs.access(packageJSONPath, fs.constants.W_OK).then(
+        () => true,
+        () => false,
+    );
+
+    /**
+     * @type {string}
+     */
+    let subcommand;
+
+    if (!writablePackageJSON) {
+        if (!packageJSONData.packageManager) {
+            throw new Error(
+                `package.json is not writable and does not specify a packageManager field. Was the package.json file mounted via Docker?`,
+            );
+        }
+
+        subcommand = "install -g";
+    } else {
+        logger.info("package.json is writable");
+        subcommand = "use";
+    }
+
+    await $`corepack ${subcommand} ${packageManager}`({ cwd });
+
+    logger.info("Corepack installed npm successfully");
+}
+
+main().catch((error) => reportAndExit(error, logger));
--- a/scripts/node/utils/commands.mjs
+++ b/scripts/node/utils/commands.mjs
@@ -0,0 +1,123 @@
+/**
+ * Utility functions for running shell commands and handling their results.
+ *
+ * @import { ExecOptions } from "node:child_process"
+ * @import { IConsoleLogger } from "../../../packages/logger-js/lib/shared.js"
+ */
+
+import { exec } from "node:child_process";
+import { resolve, sep } from "node:path";
+import { promisify } from "node:util";
+
+import { ConsoleLogger } from "../../../packages/logger-js/lib/node.js";
+
+const logger = ConsoleLogger.prefix("commands");
+
+export class CommandError extends Error {
+    name = "CommandError";
+
+    /**
+     * @param {string} command
+     * @param {ErrorOptions & ExecOptions} options
+     */
+    constructor(command, { cause, cwd, shell } = {}) {
+        const cwdInfo = cwd ? ` in directory ${cwd}` : "";
+        const shellInfo = shell ? ` using shell ${shell}` : "";
+
+        super(`Command failed: ${command}${cwdInfo}${shellInfo}`, { cause });
+    }
+}
+
+/**
+ * @param {string[]} positionals
+ * @returns {string} The resolved current working directory for the script
+ */
+export function parseCWD(positionals) {
+    // `INIT_CWD` is present only if the script is run via npm.
+    const initCWD = process.env.INIT_CWD || process.cwd();
+
+    const cwd = (positionals.length ? resolve(initCWD, positionals[0]) : initCWD) + sep;
+
+    return cwd;
+}
+
+const execAsync = promisify(exec);
+
+/**
+ * A timeout value to prevent hanging indefinitely when running shell commands,
+ * such as if CI is experiencing issues with provisioning or network connectivity.
+ */
+const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
+
+/**
+ * @param {Awaited<ReturnType<typeof execAsync>>} result
+ */
+export const trimResult = (result) => String(result.stdout).trim();
+
+/**
+ * @typedef {(strings: TemplateStringsArray, ...expressions: unknown[]) =>
+ *   (options?: ExecOptions) => Promise<string>
+ * } CommandTag
+ */
+
+function createTag(prefix = "") {
+    /** @type {CommandTag} */
+    return (strings, ...expressions) => {
+        const command = (prefix ? prefix + " " : "") + String.raw(strings, ...expressions);
+
+        logger.debug(command);
+
+        return (options) =>
+            execAsync(command, { timeout: DEFAULT_TIMEOUT_MS, ...options })
+                .then(trimResult)
+                .catch((cause) => {
+                    throw new CommandError(command, { ...options, cause });
+                });
+    };
+}
+
+/**
+ * A tagged template function for running shell commands.
+ * @type {CommandTag & { bind(prefix: string): CommandTag }}
+ */
+export const $ = createTag();
+
+/**
+ * @param {string} prefix
+ * @returns {CommandTag}
+ */
+$.bind = (prefix) => createTag(prefix);
+
+/**
+ * Promisified version of {@linkcode exec} for easier async/await usage.
+ *
+ * @param {string} command The command to run, with space-separated arguments.
+ * @param {ExecOptions} [options] Optional execution options.
+ * @throws {CommandError} If the command fails to execute.
+ */
+export function $2(command, options) {
+    return execAsync(command, { timeout: DEFAULT_TIMEOUT_MS, ...options })
+        .then(trimResult)
+        .catch((cause) => {
+            throw new CommandError(command, { ...options, cause });
+        });
+}
+
+/**
+ * Logs the given error and its cause (if any) and exits the process with a failure code.
+ * @param {unknown} error
+ * @param {IConsoleLogger} logger
+ * @returns {never}
+ */
+export function reportAndExit(error, logger = ConsoleLogger) {
+    const message = error instanceof Error ? error.message : String(error);
+    const cause = error instanceof Error && error.cause instanceof Error ? error.cause : null;
+
+    logger.error(`❌ ${message}`);
+
+    if (cause) {
+        logger.error(`Caused by: ${cause.message}`);
+    }
+
+    process.exit(1);
+}
--- a/scripts/node/utils/corepack.mjs
+++ b/scripts/node/utils/corepack.mjs
@@ -0,0 +1,165 @@
+import * as crypto from "node:crypto";
+import * as fs from "node:fs/promises";
+import { join, relative } from "node:path";
+
+import { ConsoleLogger } from "../../../packages/logger-js/lib/node.js";
+import { $ } from "./commands.mjs";
+
+const REGISTRY_BASE_URL = "https://registry.npmjs.org";
+const REGISTRY_URL = `${REGISTRY_BASE_URL}/corepack`;
+const OUTPUT_DIR = join(".corepack", "releases");
+const OUTPUT_FILENAME = "latest.tgz";
+
+export const corepack = $.bind("corepack");
+
+/**
+ * Reads the installed Corepack version.
+ *
+ * @param {string} [cwd] The directory to run the command in.
+ * @returns {Promise<string | null>} The installed Corepack version
+ */
+export function readCorepackVersion(cwd = process.cwd()) {
+    return $`corepack --version`({ cwd });
+}
+
+const logger = ConsoleLogger.prefix("setup-corepack");
+
+/**
+ * @param {string} baseDirectory
+ */
+export async function pullLatestCorepack(baseDirectory = process.cwd()) {
+    logger.info("Fetching corepack metadata from registry...");
+
+    const outputDir = join(baseDirectory, OUTPUT_DIR);
+    const outputPath = join(outputDir, OUTPUT_FILENAME);
+
+    const res = await fetch(REGISTRY_URL, { signal: AbortSignal.timeout(1000 * 60) });
+
+    if (!res.ok) {
+        throw new Error(`Failed to fetch registry metadata: ${res.status} ${res.statusText}`);
+    }
+
+    const metadata = await res.json();
+
+    const latestVersion = metadata["dist-tags"].latest;
+    const versionData = metadata.versions[latestVersion];
+    const tarballUrl = versionData.dist.tarball;
+    const expectedIntegrity = versionData.dist.integrity;
+
+    logger.info(`Latest corepack version: ${latestVersion}`);
+    logger.info(`Tarball URL: ${tarballUrl}`);
+    logger.info(`Expected integrity: ${expectedIntegrity}`);
+
+    logger.info({ url: tarballUrl }, "Downloading tarball...");
+
+    const tarballRes = await fetch(tarballUrl, {
+        signal: AbortSignal.timeout(1000 * 60),
+    });
+
+    if (!tarballRes.ok) {
+        throw new Error(
+            `Failed to download tarball: ${tarballRes.status} ${tarballRes.statusText}`,
+        );
+    }
+
+    const tarballBuffer = Buffer.from(await tarballRes.arrayBuffer());
+
+    logger.info("Verifying integrity...");
+
+    const [algorithm, expectedHash] = expectedIntegrity.split("-");
+    const actualHash = crypto.createHash(algorithm).update(tarballBuffer).digest("base64");
+
+    if (actualHash !== expectedHash) {
+        throw new Error(
+            `Integrity mismatch!\n  Expected: ${expectedHash}\n  Actual:   ${actualHash}`,
+        );
+    }
+
+    logger.info("Integrity verified.");
+
+    await fs.mkdir(outputDir, { recursive: true });
+    await fs.writeFile(outputPath, tarballBuffer);
+
+    logger.info(`Saved to ${relative(baseDirectory, outputPath)}`);
+    logger.info(`corepack@${latestVersion} (${expectedIntegrity})`);
+}
+
+/**
+ * Downloads the tarball for a package manager spec from the npm registry and
+ * verifies it matches the expected Corepack-style checksum (`<algorithm>.<hex>`).
+ *
+ * Corepack's CLI does not enforce the `+integrity` suffix on the `packageManager`
+ * field when invoked via `corepack install -g`, so we verify the bytes ourselves
+ * before handing control back to Corepack.
+ *
+ * @param {string} packageManager E.g. `npm@11.14.1`.
+ * @param {string} expectedChecksum E.g. `sha512.6a8a4d67...`.
+ * @returns {Promise<void>}
+ */
+export async function verifyPackageManagerIntegrity(packageManager, expectedChecksum) {
+    const atIndex = packageManager.lastIndexOf("@");
+
+    if (atIndex <= 0) {
+        throw new Error(
+            `Invalid packageManager spec "${packageManager}". Expected "name@version".`,
+        );
+    }
+
+    const name = packageManager.slice(0, atIndex);
+    const version = packageManager.slice(atIndex + 1);
+
+    const separatorIndex = expectedChecksum.indexOf(".");
+
+    if (separatorIndex <= 0) {
+        throw new Error(
+            `Invalid checksum format "${expectedChecksum}". Expected "<algorithm>.<hex>".`,
+        );
+    }
+
+    const algorithm = expectedChecksum.slice(0, separatorIndex);
+    const expectedHex = expectedChecksum.slice(separatorIndex + 1).toLowerCase();
+
+    logger.info(`Verifying ${name}@${version} against ${algorithm} checksum...`);
+
+    const metadataUrl = `${REGISTRY_BASE_URL}/${encodeURIComponent(name)}/${encodeURIComponent(version)}`;
+
+    const metadataRes = await fetch(metadataUrl, {
+        signal: AbortSignal.timeout(1000 * 60),
+    });
+
+    if (!metadataRes.ok) {
+        throw new Error(
+            `Failed to fetch registry metadata for ${name}@${version}: ${metadataRes.status} ${metadataRes.statusText}`,
+        );
+    }
+
+    const versionData = await metadataRes.json();
+    const tarballUrl = versionData?.dist?.tarball;
+
+    if (!tarballUrl) {
+        throw new Error(`Registry response missing dist.tarball for ${name}@${version}.`);
+    }
+
+    logger.info({ url: tarballUrl }, "Downloading tarball...");
+
+    const tarballRes = await fetch(tarballUrl, {
+        signal: AbortSignal.timeout(1000 * 60),
+    });
+
+    if (!tarballRes.ok) {
+        throw new Error(
+            `Failed to download tarball: ${tarballRes.status} ${tarballRes.statusText}`,
+        );
+    }
+
+    const tarballBuffer = Buffer.from(await tarballRes.arrayBuffer());
+    const actualHex = crypto.createHash(algorithm).update(tarballBuffer).digest("hex");
+
+    if (actualHex !== expectedHex) {
+        throw new Error(
+            `Integrity mismatch for ${name}@${version}!\n  Expected: ${algorithm}.${expectedHex}\n  Actual:   ${algorithm}.${actualHex}`,
+        );
+    }
+
+    logger.info(`Integrity verified for ${name}@${version}.`);
+}
--- a/scripts/node/utils/git.mjs
+++ b/scripts/node/utils/git.mjs
@@ -0,0 +1,25 @@
+import { $ } from "./commands.mjs";
+
+/**
+ * Checks whether the given file has uncommitted changes in git.
+ *
+ * @param {string} filePath
+ * @param {string} [cwd]
+ * @returns {Promise<{ clean: boolean, available: boolean }>}
+ */
+export async function gitStatus(filePath, cwd = process.cwd()) {
+    return $`git status --porcelain ${filePath}`({ cwd })
+        .then((output) => ({ clean: !output, available: true }))
+        .catch(() => ({ clean: false, available: false }));
+}
+
+/**
+ * Finds the root directory of the git repository containing the given directory.
+ *
+ * @param {string} cwd
+ * @returns {Promise<string>} The path to the git repository root.
+ * @throws {Error} If the command fails (e.g., not a git repository).
+ */
+export function resolveRepoRoot(cwd = process.cwd()) {
+    return $`git rev-parse --show-toplevel`({ cwd });
+}
--- a/scripts/node/utils/node.mjs
+++ b/scripts/node/utils/node.mjs
@@ -0,0 +1,175 @@
+/**
+ * Utility functions for working with npm packages and versions.
+ *
+ * @import { ExecOptions } from "node:child_process"
+ */
+
+import * as fs from "node:fs/promises";
+import { dirname, join } from "node:path";
+
+import { $ } from "./commands.mjs";
+
+/**
+ * Find the nearest directory containing both package.json and package-lock.json,
+ * starting from the given directory and walking upward.
+ *
+ * @param {string} start The directory to start searching from.
+ * @returns {Promise<{ packageJSONPath: string, packageLockPath: string }>}
+ * @throws {Error} If no co-located package.json and package-lock.json are found.
+ */
+export async function findNPMPackage(start) {
+    let currentDir = start;
+
+    while (currentDir !== dirname(currentDir)) {
+        const packageJSONPath = join(currentDir, "package.json");
+        const packageLockPath = join(currentDir, "package-lock.json");
+
+        try {
+            await Promise.all([fs.access(packageJSONPath), fs.access(packageLockPath)]);
+            return {
+                packageJSONPath,
+                packageLockPath,
+            };
+        } catch {
+            // Continue searching up the directory tree
+        }
+
+        currentDir = dirname(currentDir);
+    }
+
+    throw new Error(`No co-located package.json and package-lock.json found above ${start}`);
+}
+
+/**
+ * @typedef {object} PackageJSON
+ * @property {string} name
+ * @property {string} version
+ * @property {Record<string, string>} [dependencies]
+ * @property {Record<string, string>} [devDependencies]
+ * @property {Record<string, string>} [peerDependencies]
+ * @property {Record<string, string>} [optionalDependencies]
+ * @property {Record<string, string>} [peerDependenciesMeta]
+ * @property {Record<string, string>} [engines]
+ * @property {Record<string, string>} [devEngines]
+ * @property {string} [packageManager]
+ */
+
+/**
+ * @param {string} jsonPath
+ * @returns {Promise<PackageJSON>}
+ */
+export function loadJSON(jsonPath) {
+    return fs
+        .readFile(jsonPath, "utf-8")
+        .then(JSON.parse)
+        .catch((cause) => {
+            throw new Error(`Failed to load JSON file at ${jsonPath}`, { cause });
+        });
+}
+
+const PackageJSONComparisionFields = /** @type {const} */ ([
+    "name",
+    "dependencies",
+    "devDependencies",
+    "optionalDependencies",
+    "peerDependencies",
+    "peerDependenciesMeta",
+]);
+
+/**
+ * @typedef {typeof PackageJSONComparisionFields[number]} PackageJSONComparisionField
+ */
+
+/**
+ * Extracts only the dependency fields from a package.json object for comparison purposes.
+ *
+ * @param {PackageJSON} data
+ * @returns {Pick<PackageJSON, PackageJSONComparisionField>}
+ */
+export function pluckDependencyFields(data) {
+    /**
+     * @type {Record<string, unknown>}
+     */
+    const result = {};
+
+    for (const field of PackageJSONComparisionFields) {
+        if (data[field]) {
+            result[field] = data[field];
+        }
+    }
+
+    return /** @type {Pick<PackageJSON, PackageJSONComparisionField>} */ (result);
+}
+
+//#region Versioning
+
+/**
+ * Compares two semantic version strings (e.g., "14.17.0").
+ *
+ * @param {string} a The first version string.
+ * @param {string} b The second version string.
+ * @returns {number}
+ */
+export function compareVersions(a, b) {
+    const pa = a.split(".").map(Number);
+    const pb = b.split(".").map(Number);
+    for (let i = 0; i < 3; i++) {
+        if (pa[i] > pb[i]) return 1;
+        if (pa[i] < pb[i]) return -1;
+    }
+    return 0;
+}
+
+/**
+ * Runs a Node.js command and returns its stdout output as a string.
+ *
+ * @param {TemplateStringsArray} strings
+ * @param  {...unknown} expressions
+ * @returns {(options?: ExecOptions) => Promise<string>}
+ */
+export const node = $.bind("node");
+
+/**
+ * @typedef {object} NPMCommandOptions
+ * @property {boolean} [useCorepack] Whether to prefix the command with "corepack " to use Corepack's shims.
+ * @returns {Promise<string>}
+ */
+
+/**
+ * Runs an npm command and returns its stdout output as a string.
+ *
+ * @param {TemplateStringsArray} strings
+ * @param  {...unknown} expressions
+ * @returns {(options?: ExecOptions & NPMCommandOptions) => Promise<string>}
+ */
+export function npm(strings, ...expressions) {
+    const subcommand = String.raw(strings, ...expressions);
+
+    return ({ useCorepack, ...options } = {}) => {
+        const command = [useCorepack ? "corepack" : "", "npm", subcommand]
+            .filter(Boolean)
+            .join(" ");
+
+        return $`${command}`(options);
+    };
+}
+
+/**
+ * Parses a version range string, stripping any leading >= and normalizing to three parts.
+ * @param {string} range
+ * @returns {{ operator: ">=" | "=", version: string }}
+ */
+export function parseRange(range) {
+    const hasGte = range.startsWith(">=");
+    const raw = hasGte ? range.slice(2) : range;
+    const parts = raw.split(".").map(Number);
+
+    while (parts.length < 3) parts.push(0);
+
+    return {
+        operator: hasGte ? ">=" : "=",
+        version: parts.join("."),
+    };
+}
+
+//#endregion
--- a/uv.lock
+++ b/uv.lock
@@ -345,7 +345,7 @@ requires-dist = [
    { name = "fido2", specifier = "==2.2.0" },
    { name = "geoip2", specifier = "==5.2.0" },
    { name = "geopy", specifier = "==2.4.1" },
-    { name = "google-api-python-client", specifier = "==2.195.0" },
+    { name = "google-api-python-client", specifier = "==2.196.0" },
    { name = "gssapi", specifier = "==1.11.1" },
    { name = "gunicorn", specifier = "==25.3.0" },
    { name = "jsonpatch", specifier = "==1.33" },
@@ -385,7 +385,7 @@ requires-dist = [

 [package.metadata.requires-dev]
 dev = [
-    { name = "aws-cdk-lib", specifier = "==2.252.0" },
+    { name = "aws-cdk-lib", specifier = "==2.253.0" },
    { name = "bandit", specifier = "==1.9.4" },
    { name = "black", specifier = "==26.3.1" },
    { name = "bpython", specifier = "==0.26" },
@@ -394,7 +394,7 @@ dev = [
    { name = "coverage", extras = ["toml"], specifier = "==7.13.5" },
    { name = "daphne", specifier = "==4.2.1" },
    { name = "debugpy", specifier = "==1.8.20" },
-    { name = "django-stubs", extras = ["compatible-mypy"], specifier = "==6.0.3" },
+    { name = "django-stubs", extras = ["compatible-mypy"], specifier = "==6.0.4" },
    { name = "djangorestframework-stubs", extras = ["compatible-mypy"], specifier = "==3.16.9" },
    { name = "drf-jsonschema-serializer", specifier = "==3.0.0" },
    { name = "freezegun", specifier = "==1.5.5" },
@@ -495,7 +495,7 @@ wheels = [

 [[package]]
 name = "aws-cdk-lib"
-version = "2.252.0"
+version = "2.253.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "aws-cdk-asset-awscli-v1" },
@@ -506,9 +506,9 @@ dependencies = [
    { name = "publication" },
    { name = "typeguard" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/0b/2e/468ed756570af782831bc0518b4f187773b036342ce1b6f3d4e13e6127d8/aws_cdk_lib-2.252.0.tar.gz", hash = "sha256:2498d771ab141599c48494bd2564ee9a4fbaade54befa9356811e9454616d0a0", size = 49479070, upload-time = "2026-04-30T12:31:54.452Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/2d/ee/be9ce71331823a9860a8473a3a301359c154a5402f2895a9a30d222acaec/aws_cdk_lib-2.253.0.tar.gz", hash = "sha256:6db33e164f9afd6207698d382579bf62f762f14325f4b6d77643865e92448f20", size = 49584110, upload-time = "2026-05-06T17:42:37.086Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/ae/94/32c21ad93dc21554286955fd5ebc68cb91149cc5f7f3154b07927c3fc693/aws_cdk_lib-2.252.0-py3-none-any.whl", hash = "sha256:c96d02582d344ee81ea2ef8a5e22b6e680789973804720ec9f0e95a050257db1", size = 50157828, upload-time = "2026-04-30T12:31:11.041Z" },
+    { url = "https://files.pythonhosted.org/packages/c8/94/53b9f2aca8d5111ee952c0355f64ecba92809daced3364170e9bcfed81c6/aws_cdk_lib-2.253.0-py3-none-any.whl", hash = "sha256:58997c8a5af49d5328f5106468581a14235a1356dfe7574bb14656799594a2b5", size = 50269112, upload-time = "2026-05-06T17:41:54.504Z" },
 ]

 [[package]]
@@ -1269,7 +1269,7 @@ s3 = [

 [[package]]
 name = "django-stubs"
-version = "6.0.3"
+version = "6.0.4"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "django" },
@@ -1277,9 +1277,9 @@ dependencies = [
    { name = "types-pyyaml" },
    { name = "typing-extensions" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/86/0c/8d0d875af79bf774c1c3997c84aa118dba3a77be12086b9c14e130e8ec72/django_stubs-6.0.3.tar.gz", hash = "sha256:ee895f403c373608eeb50822f0733f9d9ec5ab12731d4ab58956053bb95fdd9e", size = 278214, upload-time = "2026-04-18T15:11:22.327Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/f9/82/ccf2a2dc9cdb4bd9cbe91f11e887589bf2da7609506db00ccbc73bd8a6da/django_stubs-6.0.4.tar.gz", hash = "sha256:7aee77e8de9c14c0d9cf84988befe826d93cbc15a87e0ade2943f14d553451cf", size = 280019, upload-time = "2026-05-09T21:24:30.436Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/80/a3/6751b7684d20fc4f228bdd3dd8341d382ab3faaf65d3d050c0d59ab0a1b0/django_stubs-6.0.3-py3-none-any.whl", hash = "sha256:5fee22bcbbad59a78c727a820b6f4e68ff442ca76a922b7002e57c25dd7cb390", size = 541570, upload-time = "2026-04-18T15:11:20.711Z" },
+    { url = "https://files.pythonhosted.org/packages/ba/e7/5128914ada94dd6277626ef5a4a5680a4def7d2f9366214d26c1cd86723b/django_stubs-6.0.4-py3-none-any.whl", hash = "sha256:e991c68f77239663577a5f4fc75e99c84f867f378cafc97cbf4acc5aff378279", size = 543791, upload-time = "2026-05-09T21:24:28.218Z" },
 ]

 [package.optional-dependencies]
@@ -1597,7 +1597,7 @@ wheels = [

 [[package]]
 name = "google-api-python-client"
-version = "2.195.0"
+version = "2.196.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "google-api-core" },
@@ -1606,9 +1606,9 @@ dependencies = [
    { name = "httplib2" },
    { name = "uritemplate" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/69/07/08d759b9cb10f48af14b25262dd0d6685ca8cda6c1f9e8a8109f57457205/google_api_python_client-2.195.0.tar.gz", hash = "sha256:c72cf2661c3addf01c880ce60541e83e1df354644b874f7f9d8d5ed2070446ae", size = 14584819, upload-time = "2026-04-30T21:51:50.638Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/6d/f3/34ef8aca7909675fe327f96c1ed927f0520e7acf68af19157e96acc05e76/google_api_python_client-2.196.0.tar.gz", hash = "sha256:9f335d38f6caaa2747bcf64335ed1a9a19047d53e86538eda6a1b17d37f1743d", size = 14628129, upload-time = "2026-05-06T23:47:35.655Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/21/b9/2c71095e31fff57668fec7c07ac897df065f15521d070e63229e13689590/google_api_python_client-2.195.0-py3-none-any.whl", hash = "sha256:753e62057f23049a89534bea0162b60fe391b85fb86d80bcdf884d05ec91c5bf", size = 15162418, upload-time = "2026-04-30T21:51:47.444Z" },
+    { url = "https://files.pythonhosted.org/packages/99/c7/1817b4edf966d5afcac1c0781ca36d621bc0cb58104c4e7c2a475ab185f7/google_api_python_client-2.196.0-py3-none-any.whl", hash = "sha256:2591e9b47dcb17e4e62a09370aaee3bcf323af8f28ccecdabcd0a42a23ca4db5", size = 15206663, upload-time = "2026-05-06T23:47:32.886Z" },
 ]

 [[package]]
@@ -3743,32 +3743,32 @@ wheels = [

 [[package]]
 name = "ujson"
-version = "5.12.0"
+version = "5.12.1"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/cb/3e/c35530c5ffc25b71c59ae0cd7b8f99df37313daa162ce1e2f7925f7c2877/ujson-5.12.0.tar.gz", hash = "sha256:14b2e1eb528d77bc0f4c5bd1a7ebc05e02b5b41beefb7e8567c9675b8b13bcf4", size = 7158451, upload-time = "2026-03-11T22:19:30.397Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/bc/78/937198ea8708182dd1edbf0237bf255a96feab3f511691ad08b84da98e5d/ujson-5.12.1.tar.gz", hash = "sha256:5b7e96406c301a1366534479a7352ec40ec68bb327c0c119091635acd5925e35", size = 7164538, upload-time = "2026-05-05T22:05:01.354Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/10/bd/9a8d693254bada62bfea75a507e014afcfdb6b9d047b6f8dd134bfefaf67/ujson-5.12.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:85833bca01aa5cae326ac759276dc175c5fa3f7b3733b7d543cf27f2df12d1ef", size = 56499, upload-time = "2026-03-11T22:18:45.431Z" },
-    { url = "https://files.pythonhosted.org/packages/bd/2d/285a83df8176e18dcd675d1a4cff8f7620f003f30903ea43929406e98986/ujson-5.12.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:d22cad98c2a10bbf6aa083a8980db6ed90d4285a841c4de892890c2b28286ef9", size = 53998, upload-time = "2026-03-11T22:18:47.184Z" },
-    { url = "https://files.pythonhosted.org/packages/bf/8b/e2f09e16dabfa91f6a84555df34a4329fa7621e92ed054d170b9054b9bb2/ujson-5.12.0-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:99cc80facad240b0c2fb5a633044420878aac87a8e7c348b9486450cba93f27c", size = 57783, upload-time = "2026-03-11T22:18:48.271Z" },
-    { url = "https://files.pythonhosted.org/packages/68/fb/ba1d06f3658a0c36d0ab3869ec3914f202bad0a9bde92654e41516c7bb13/ujson-5.12.0-cp314-cp314-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:d1831c07bd4dce53c4b666fa846c7eba4b7c414f2e641a4585b7f50b72f502dc", size = 60011, upload-time = "2026-03-11T22:18:49.284Z" },
-    { url = "https://files.pythonhosted.org/packages/64/2b/3e322bf82d926d9857206cd5820438d78392d1f523dacecb8bd899952f73/ujson-5.12.0-cp314-cp314-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0e00cec383eab2406c9e006bd4edb55d284e94bb943fda558326048178d26961", size = 57465, upload-time = "2026-03-11T22:18:50.584Z" },
-    { url = "https://files.pythonhosted.org/packages/e9/fd/af72d69603f9885e5136509a529a4f6d88bf652b457263ff96aefcd3ab7d/ujson-5.12.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:f19b3af31d02a2e79c5f9a6deaab0fb3c116456aeb9277d11720ad433de6dfc6", size = 1037275, upload-time = "2026-03-11T22:18:51.998Z" },
-    { url = "https://files.pythonhosted.org/packages/9c/a7/a2411ec81aef7872578e56304c3e41b3a544a9809e95c8e1df46923fc40b/ujson-5.12.0-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:bacbd3c69862478cbe1c7ed4325caedec580d8acf31b8ee1b9a1e02a56295cad", size = 1196758, upload-time = "2026-03-11T22:18:53.548Z" },
-    { url = "https://files.pythonhosted.org/packages/ed/85/aa18ae175dd03a118555aa14304d4f466f9db61b924c97c6f84388ecacb1/ujson-5.12.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:94c5f1621cbcab83c03be46441f090b68b9f307b6c7ec44d4e3f6d5997383df4", size = 1089760, upload-time = "2026-03-11T22:18:55.336Z" },
-    { url = "https://files.pythonhosted.org/packages/d3/d4/4b40b67ac7e916ebffc3041ae2320c5c0b8a045300d4c542b6e50930cca5/ujson-5.12.0-cp314-cp314-win32.whl", hash = "sha256:e6369ac293d2cc40d52577e4fa3d75a70c1aae2d01fa3580a34a4e6eff9286b9", size = 41043, upload-time = "2026-03-11T22:18:56.505Z" },
-    { url = "https://files.pythonhosted.org/packages/24/38/a1496d2a3428981f2b3a2ffbb4656c2b05be6cc406301d6b10a6445f6481/ujson-5.12.0-cp314-cp314-win_amd64.whl", hash = "sha256:31348a0ffbfc815ce78daac569d893349d85a0b57e1cd2cdbba50b7f333784da", size = 45303, upload-time = "2026-03-11T22:18:57.454Z" },
-    { url = "https://files.pythonhosted.org/packages/85/d3/39dbd3159543d9c57ec3a82d36226152cf0d710784894ce5aa24b8220ac1/ujson-5.12.0-cp314-cp314-win_arm64.whl", hash = "sha256:6879aed770557f0961b252648d36f6fdaab41079d37a2296b5649fd1b35608e0", size = 39860, upload-time = "2026-03-11T22:18:58.578Z" },
-    { url = "https://files.pythonhosted.org/packages/c3/71/9b4dacb177d3509077e50497222d39eec04c8b41edb1471efc764d645237/ujson-5.12.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:7ddb08b3c2f9213df1f2e3eb2fbea4963d80ec0f8de21f0b59898e34f3b3d96d", size = 56845, upload-time = "2026-03-11T22:18:59.629Z" },
-    { url = "https://files.pythonhosted.org/packages/24/c2/8abffa3be1f3d605c4a62445fab232b3e7681512ce941c6b23014f404d36/ujson-5.12.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:0a3ae28f0b209be5af50b54ca3e2123a3de3a57d87b75f1e5aa3d7961e041983", size = 54463, upload-time = "2026-03-11T22:19:00.697Z" },
-    { url = "https://files.pythonhosted.org/packages/db/2e/60114a35d1d6796eb428f7affcba00a921831ff604a37d9142c3d8bbe5c5/ujson-5.12.0-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d30ad4359413c8821cc7b3707f7ca38aa8bc852ba3b9c5a759ee2d7740157315", size = 58689, upload-time = "2026-03-11T22:19:01.739Z" },
-    { url = "https://files.pythonhosted.org/packages/c8/ad/010925c2116c21ce119f9c2ff18d01f48a19ade3ff4c5795da03ce5829fc/ujson-5.12.0-cp314-cp314t-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:02f93da7a4115e24f886b04fd56df1ee8741c2ce4ea491b7ab3152f744ad8f8e", size = 60618, upload-time = "2026-03-11T22:19:03.101Z" },
-    { url = "https://files.pythonhosted.org/packages/9b/74/db7f638bf20282b1dccf454386cbd483faaaed3cdbb9cb27e06f74bb109e/ujson-5.12.0-cp314-cp314t-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:3ff4ede90ed771140caa7e1890de17431763a483c54b3c1f88bd30f0cc1affc0", size = 58151, upload-time = "2026-03-11T22:19:04.175Z" },
-    { url = "https://files.pythonhosted.org/packages/9c/7e/3ebaecfa70a2e8ce623db8e21bd5cb05d42a5ef943bcbb3309d71b5de68d/ujson-5.12.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bf9cc97f05048ac8f3e02cd58f0fe62b901453c24345bfde287f4305dcc31c", size = 1038117, upload-time = "2026-03-11T22:19:05.558Z" },
-    { url = "https://files.pythonhosted.org/packages/2e/aa/e073eda7f0036c2973b28db7bb99faba17a932e7b52d801f9bb3e726271f/ujson-5.12.0-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:2324d9a0502317ffc35d38e153c1b2fa9610ae03775c9d0f8d0cca7b8572b04e", size = 1197434, upload-time = "2026-03-11T22:19:06.92Z" },
-    { url = "https://files.pythonhosted.org/packages/1c/01/b9a13f058fdd50c746b192c4447ca8d6352e696dcda912ccee10f032ff85/ujson-5.12.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:50524f4f6a1c839714dbaff5386a1afb245d2d5ec8213a01fbc99cea7307811e", size = 1090401, upload-time = "2026-03-11T22:19:08.383Z" },
-    { url = "https://files.pythonhosted.org/packages/c4/37/3d1b4e0076b6e43379600b5229a5993db8a759ff2e1830ea635d876f6644/ujson-5.12.0-cp314-cp314t-win32.whl", hash = "sha256:f7a0430d765f9bda043e6aefaba5944d5f21ec43ff4774417d7e296f61917382", size = 41880, upload-time = "2026-03-11T22:19:09.671Z" },
-    { url = "https://files.pythonhosted.org/packages/b1/c5/3c2a262a138b9f0014fe1134a6b5fdc2c54245030affbaac2fcbc0632138/ujson-5.12.0-cp314-cp314t-win_amd64.whl", hash = "sha256:ccbfd94e59aad4a2566c71912b55f0547ac1680bfac25eb138e6703eb3dd434e", size = 46365, upload-time = "2026-03-11T22:19:10.662Z" },
-    { url = "https://files.pythonhosted.org/packages/83/40/956dc20b7e00dc0ff3259871864f18dab211837fce3478778bedb3132ac1/ujson-5.12.0-cp314-cp314t-win_arm64.whl", hash = "sha256:42d875388fbd091c7ea01edfff260f839ba303038ffb23475ef392012e4d63dd", size = 40398, upload-time = "2026-03-11T22:19:11.666Z" },
+    { url = "https://files.pythonhosted.org/packages/f8/ca/d88d86f90f8f237985f3e347b9a4f9fa24e8d30d19ec7d477ed18aa58393/ujson-5.12.1-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:6f19e9a407a24230df0cc1ec1c0f5999872ba526b14a780f80ad6479f5eed9bc", size = 58099, upload-time = "2026-05-05T22:04:06.688Z" },
+    { url = "https://files.pythonhosted.org/packages/ae/2d/a0a88407cee3550f7ed1e49b41157ee2d410f51905ed51fb134844255280/ujson-5.12.1-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:8b657e870c77aaacdeea86cfad3e6d2ef9b52517e45988c9c367f7ee764fe4dd", size = 55631, upload-time = "2026-05-05T22:04:07.925Z" },
+    { url = "https://files.pythonhosted.org/packages/a9/6d/12a3b8e72132db244ae048075e71a0079b3c5f61ff45b7ca81d5193ab3e7/ujson-5.12.1-cp314-cp314-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:984b5a99d1e0a037c2046c3c4b34cec832565d62d5017be0a035bf3cbfab72dc", size = 59469, upload-time = "2026-05-05T22:04:09.208Z" },
+    { url = "https://files.pythonhosted.org/packages/a2/72/310f8c21737554f2d2b4f1883e1a71e8a6ab0d8f92f0feb8aaa85e0f4b66/ujson-5.12.1-cp314-cp314-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:f48ef8a16f1d85bd7982beac7adfd3fb704058631db84c1c61c8a1b7072b1508", size = 61611, upload-time = "2026-05-05T22:04:10.836Z" },
+    { url = "https://files.pythonhosted.org/packages/50/50/ab4b2f7bab6c7a67298c8f2aca80e2082eaf6f332cf2d099762647b5301e/ujson-5.12.1-cp314-cp314-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4f39ba3b65cc637b59731532f7e7c807786bff1d0332ab2d5b96a04d2584d78f", size = 59122, upload-time = "2026-05-05T22:04:12.137Z" },
+    { url = "https://files.pythonhosted.org/packages/21/48/5d81cbe76fc2aa9e071aa489a3041cf0712f5e0663d60d501641f92b7bb4/ujson-5.12.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:07f307780f85b49cba93f291718421b6f5f3b627a323b431fad937a18f6587cb", size = 1038938, upload-time = "2026-05-05T22:04:13.548Z" },
+    { url = "https://files.pythonhosted.org/packages/fb/a7/abe1acb0e5d8b8d724b35533a44c89684c88100a5fd9f2fee7f7155528d5/ujson-5.12.1-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:1c335caea51c31494e514b82d50763b9792d3960d2c7d9fdb6b6fb8ed50ebdd0", size = 1198416, upload-time = "2026-05-05T22:04:15.609Z" },
+    { url = "https://files.pythonhosted.org/packages/ed/6e/087067d6ee22bd01bfba9fb1f32ce98c24ae2bcbab53bd2fbf8f7a80fe9e/ujson-5.12.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:19ea07e29a45d199f926aadf93a9974128438c01b83141fba32477c0ee604b33", size = 1091425, upload-time = "2026-05-05T22:04:17.909Z" },
+    { url = "https://files.pythonhosted.org/packages/4e/d2/28938574b766980f873b68962abb4c68a944d939446768982934ad3bcd93/ujson-5.12.1-cp314-cp314-win32.whl", hash = "sha256:c8e626b6bc9bdd2e8f7393b7d99f3daa2ca4022e6203662e70de7bb3604b21b9", size = 42334, upload-time = "2026-05-05T22:04:19.85Z" },
+    { url = "https://files.pythonhosted.org/packages/49/b0/0af30bf65d96b73c28054b344ebbe24bc96780ae8a7f2973f5dad979510a/ujson-5.12.1-cp314-cp314-win_amd64.whl", hash = "sha256:c6d3bdd020333688ee60559437021ed68a98a28fdd609b5af16de5dd58f90cba", size = 46586, upload-time = "2026-05-05T22:04:21.298Z" },
+    { url = "https://files.pythonhosted.org/packages/4e/3b/0ee2555823724e60cc847c715c299f5792aa444bdde69c51d4aa42d885c2/ujson-5.12.1-cp314-cp314-win_arm64.whl", hash = "sha256:e3c9c894971f4ada3ded16a804ed4640e1f2b3e5239beaeec7c48296f39f4232", size = 41178, upload-time = "2026-05-05T22:04:22.597Z" },
+    { url = "https://files.pythonhosted.org/packages/3f/3d/7547835cd0b7fa22eb1122702f81b2403c38a0027a2cc0d75acc449a4a66/ujson-5.12.1-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:49dd9c378e1c8e676785ff2b62cb490074229f15ab54abf45b623713cb2c36b5", size = 58565, upload-time = "2026-05-05T22:04:23.75Z" },
+    { url = "https://files.pythonhosted.org/packages/ed/6a/1784e0b24aab50623eb47b2f7a8dc22c9d809d798854d2568a9cb7c3560f/ujson-5.12.1-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:6d8827904358d7da59ccf2e1fd8de59e78248036d17fecc0462e62c6721f1102", size = 56157, upload-time = "2026-05-05T22:04:25.028Z" },
+    { url = "https://files.pythonhosted.org/packages/91/2d/2c1b24df24eee309047d81460c3a1acf0d047207327edc6f3cab8a614985/ujson-5.12.1-cp314-cp314t-manylinux_2_24_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:dc26caebea90425662ef0b979f945f6ac832651881107d6ec9a3c4d4a4ba929c", size = 60288, upload-time = "2026-05-05T22:04:26.273Z" },
+    { url = "https://files.pythonhosted.org/packages/c5/14/c0c603e3dff2ef98f7deee2df7795e6055abbc5825c6ef530024b3b06a15/ujson-5.12.1-cp314-cp314t-manylinux_2_24_i686.manylinux_2_28_i686.whl", hash = "sha256:45022aae09ac3d45bda6fbfc631088d1aff9a0465542d40bd6d295ced378c430", size = 62302, upload-time = "2026-05-05T22:04:27.516Z" },
+    { url = "https://files.pythonhosted.org/packages/5c/0d/889bbc044561d9adc9bf413620fbd9878f352c9fd36da829d319bca2f5ad/ujson-5.12.1-cp314-cp314t-manylinux_2_24_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b22aa0f644516d3d5b29464949e4b23fe784f84b4a1030ab9ac3cb42aaedabb1", size = 59784, upload-time = "2026-05-05T22:04:28.776Z" },
+    { url = "https://files.pythonhosted.org/packages/18/35/3b1d8ff8cd6dc048f5c495af6ee6ded43055562610a7e9b78b438dc6421e/ujson-5.12.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:7dc5cf44ea42365cd1b66e6ed3fc6ca040c86587b024a6659b98e99d31cff2cd", size = 1039759, upload-time = "2026-05-05T22:04:30.291Z" },
+    { url = "https://files.pythonhosted.org/packages/6a/d8/3c66cdf839420a6da2d6140a54a882c15efd135bcced103bd4473d577636/ujson-5.12.1-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:8df5d984ff4ac1ef292d70f30da03417038a7e1e0bc272d28ca9d34f02f41682", size = 1199121, upload-time = "2026-05-05T22:04:31.961Z" },
+    { url = "https://files.pythonhosted.org/packages/54/51/c3d1b94a4ad27dc7532e9f7d00b869463157cede2295ba6d57566afeb8cd/ujson-5.12.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:485f0182a0c0b54c304061cdc826d8343ce595c4055f7a24e72772a8520e5f7b", size = 1092085, upload-time = "2026-05-05T22:04:33.697Z" },
+    { url = "https://files.pythonhosted.org/packages/ae/52/4d4a6e78290a5eef3f576f6d281e6355535db903a08483fd1bb393bf8cb9/ujson-5.12.1-cp314-cp314t-win32.whl", hash = "sha256:4e12ca368b397aed7fa1eec534ea1ba8d94977b376f9df3e93ae1acfd004ec40", size = 43243, upload-time = "2026-05-05T22:04:35.486Z" },
+    { url = "https://files.pythonhosted.org/packages/3d/c8/849366785de52b513e5fc89d7aea0b531e71bb5641407cbdfdf47a99ede8/ujson-5.12.1-cp314-cp314t-win_amd64.whl", hash = "sha256:cec6b9b539539affc1f01a795c99574592a635ce22331b64f2b42e0af570659e", size = 47662, upload-time = "2026-05-05T22:04:37.07Z" },
+    { url = "https://files.pythonhosted.org/packages/8a/46/36a67f5a531a15308124786f3e2b7b96414b9d23dbcdc2a182dd3ffa2e1d/ujson-5.12.1-cp314-cp314t-win_arm64.whl", hash = "sha256:696224d4cfb8883fa5c0285dff31e5ce924704dd9ccd38e9ea8b5bf4a42b12fc", size = 41680, upload-time = "2026-05-05T22:04:39.083Z" },
 ]

 [[package]]
--- a/web/README.md
+++ b/web/README.md
@@ -3,6 +3,27 @@
 This is the default UI for the authentik server. The documentation is going to be a little sparse
 for awhile, but at least let's get started.

+# Setup
+
+Install dependencies from the repo root with `make node-install` (or `make install` for the full
+Python + web + docs bootstrap). This wraps `npm ci` and explicitly rebuilds the small set of
+packages whose install scripts are required for the toolchain to function — currently `esbuild`,
+`chromedriver`, `tree-sitter`, and `tree-sitter-json`.
+
+The repo-root `.npmrc` sets `ignore-scripts=true` to neutralize the dominant npm supply-chain
+attack vector. As a side effect, running `npm ci` directly in this directory will install
+dependencies but skip those rebuilds, leaving `esbuild` and `chromedriver` in a non-functional
+state. If you bypass `make`, run the rebuild step yourself:
+
+```bash
+npm rebuild --ignore-scripts=false --foreground-scripts \
+    esbuild chromedriver tree-sitter tree-sitter-json
+```
+
+New dependencies that ship install scripts must be audited and added to `TRUSTED_INSTALL_SCRIPTS`
+in the repo-root `Makefile`. Each entry is arbitrary code that runs at install time, so the list
+is intentionally small.
+
 # The Theory of the authentik UI

 In Peter Naur's 1985 essay [Programming as Theory
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -51,13 +51,13 @@
                "@types/codemirror": "^5.60.17",
                "@types/grecaptcha": "^3.0.9",
                "@types/guacamole-common-js": "^1.5.5",
-                "@types/node": "^25.6.2",
+                "@types/node": "^25.7.0",
                "@types/react": "^19.2.14",
                "@types/react-dom": "^19.2.3",
                "@typescript-eslint/eslint-plugin": "^8.57.2",
                "@typescript-eslint/parser": "^8.57.2",
                "@typescript-eslint/utils": "^8.57.2",
-                "@typescript/native-preview": "^7.0.0-dev.20260421.2",
+                "@typescript/native-preview": "^7.0.0-dev.20260506.1",
                "@vitest/browser": "^4.1.6",
                "@vitest/browser-playwright": "^4.1.6",
                "@webcomponents/webcomponentsjs": "^2.8.0",
@@ -73,13 +73,13 @@
                "dompurify": "^3.4.2",
                "esbuild": "^0.28.0",
                "eslint": "^9.39.3",
-                "eslint-plugin-lit": "^2.2.1",
+                "eslint-plugin-lit": "^2.3.1",
                "eslint-plugin-wc": "^3.1.0",
                "fuse.js": "^7.3.0",
                "globals": "^17.6.0",
                "guacamole-common-js": "^1.5.0",
                "hastscript": "^9.0.1",
-                "knip": "^6.11.0",
+                "knip": "^6.12.0",
                "lex": "^2025.11.0",
                "lit": "^3.3.2",
                "lit-analyzer": "^2.0.3",
@@ -114,7 +114,7 @@
                "turnstile-types": "^1.2.3",
                "type-fest": "^5.6.0",
                "typescript": "^6.0.3",
-                "typescript-eslint": "^8.57.2",
+                "typescript-eslint": "^8.59.3",
                "unist-util-visit": "^5.1.0",
                "vite": "^8.0.12",
                "vitest": "^4.1.6",
@@ -124,17 +124,46 @@
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.6.2"
+                "npm": ">=11.14.1"
            },
            "optionalDependencies": {
                "@esbuild/darwin-arm64": "^0.28.0",
                "@esbuild/linux-arm64": "^0.28.0",
                "@esbuild/linux-x64": "^0.28.0",
+                "@goauthentik/prettier-config-dev": "../packages/prettier-config",
                "@rollup/rollup-darwin-arm64": "^4.57.1",
                "@rollup/rollup-linux-arm64-gnu": "^4.57.1",
                "@rollup/rollup-linux-x64-gnu": "^4.57.1"
            }
        },
+        "../packages/prettier-config": {
+            "name": "@goauthentik/prettier-config",
+            "version": "4.0.0",
+            "license": "MIT",
+            "optional": true,
+            "dependencies": {
+                "format-imports": "^4.0.8"
+            },
+            "devDependencies": {
+                "@eslint/js": "^9.39.3",
+                "@goauthentik/eslint-config": "../eslint-config",
+                "@goauthentik/tsconfig": "../tsconfig",
+                "@types/node": "^25.7.0",
+                "eslint": "^9.39.3",
+                "prettier": "^3.8.3",
+                "prettier-plugin-packagejson": "^3.0.2",
+                "typescript": "^6.0.3",
+                "typescript-eslint": "^8.59.3"
+            },
+            "engines": {
+                "node": ">=24",
+                "npm": ">=11.14.1"
+            },
+            "peerDependencies": {
+                "prettier": "^3.8.3",
+                "prettier-plugin-packagejson": "^3.0.2"
+            }
+        },
        "node_modules/@adobe/css-tools": {
            "version": "4.4.4",
            "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.4.4.tgz",
@@ -1597,6 +1626,10 @@
                "prettier-plugin-packagejson": "^3.0.2"
            }
        },
+        "node_modules/@goauthentik/prettier-config-dev": {
+            "resolved": "../packages/prettier-config",
+            "link": true
+        },
        "node_modules/@goauthentik/tsconfig": {
            "version": "1.0.9",
            "resolved": "https://registry.npmjs.org/@goauthentik/tsconfig/-/tsconfig-1.0.9.tgz",
@@ -5480,12 +5513,12 @@
            "license": "MIT"
        },
        "node_modules/@types/node": {
-            "version": "25.6.2",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.2.tgz",
-            "integrity": "sha512-sokuT28dxf9JT5Kady1fsXOvI4HVpjZa95NKT5y9PNTIrs2AsobR4GFAA90ZG8M+nxVRLysCXsVj6eGC7Vbrlw==",
+            "version": "25.7.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
+            "integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
            "license": "MIT",
            "dependencies": {
-                "undici-types": "~7.19.0"
+                "undici-types": "~7.21.0"
            }
        },
        "node_modules/@types/ramda": {
@@ -5549,19 +5582,19 @@
            "license": "MIT"
        },
        "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
-            "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
+            "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
            "license": "MIT",
            "dependencies": {
                "@eslint-community/regexpp": "^4.12.2",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/type-utils": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/type-utils": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "ignore": "^7.0.5",
                "natural-compare": "^1.4.0",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5571,9 +5604,9 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "@typescript-eslint/parser": "^8.57.2",
+                "@typescript-eslint/parser": "^8.59.3",
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
@@ -5586,15 +5619,15 @@
            }
        },
        "node_modules/@typescript-eslint/parser": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
-            "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
+            "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -5606,17 +5639,17 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/project-service": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
-            "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
+            "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.57.2",
-                "@typescript-eslint/types": "^8.57.2",
+                "@typescript-eslint/tsconfig-utils": "^8.59.3",
+                "@typescript-eslint/types": "^8.59.3",
                "debug": "^4.4.3"
            },
            "engines": {
@@ -5627,17 +5660,17 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
-            "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
+            "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2"
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5648,9 +5681,9 @@
            }
        },
        "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
-            "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
+            "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5660,20 +5693,20 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
-            "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
+            "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3",
                "debug": "^4.4.3",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5684,13 +5717,13 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/types": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
-            "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
+            "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
            "license": "MIT",
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5701,20 +5734,20 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
-            "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
+            "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/project-service": "8.57.2",
-                "@typescript-eslint/tsconfig-utils": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/visitor-keys": "8.57.2",
+                "@typescript-eslint/project-service": "8.59.3",
+                "@typescript-eslint/tsconfig-utils": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/visitor-keys": "8.59.3",
                "debug": "^4.4.3",
                "minimatch": "^10.2.2",
                "semver": "^7.7.3",
                "tinyglobby": "^0.2.15",
-                "ts-api-utils": "^2.4.0"
+                "ts-api-utils": "^2.5.0"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5724,7 +5757,7 @@
                "url": "https://opencollective.com/typescript-eslint"
            },
            "peerDependencies": {
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
@@ -5737,9 +5770,9 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-            "version": "5.0.5",
-            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-            "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+            "version": "5.0.6",
+            "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+            "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
            "license": "MIT",
            "dependencies": {
                "balanced-match": "^4.0.2"
@@ -5749,12 +5782,12 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-            "version": "10.2.4",
-            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-            "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+            "version": "10.2.5",
+            "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+            "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
            "license": "BlueOak-1.0.0",
            "dependencies": {
-                "brace-expansion": "^5.0.2"
+                "brace-expansion": "^5.0.5"
            },
            "engines": {
                "node": "18 || 20 || >=22"
@@ -5764,9 +5797,9 @@
            }
        },
        "node_modules/@typescript-eslint/typescript-estree/node_modules/semver": {
-            "version": "7.7.4",
-            "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
-            "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
+            "version": "7.8.0",
+            "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.0.tgz",
+            "integrity": "sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==",
            "license": "ISC",
            "bin": {
                "semver": "bin/semver.js"
@@ -5776,15 +5809,15 @@
            }
        },
        "node_modules/@typescript-eslint/utils": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
-            "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
+            "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
            "license": "MIT",
            "dependencies": {
                "@eslint-community/eslint-utils": "^4.9.1",
-                "@typescript-eslint/scope-manager": "8.57.2",
-                "@typescript-eslint/types": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2"
+                "@typescript-eslint/scope-manager": "8.59.3",
+                "@typescript-eslint/types": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5795,16 +5828,16 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
-            "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
+            "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/types": "8.57.2",
+                "@typescript-eslint/types": "8.59.3",
                "eslint-visitor-keys": "^5.0.0"
            },
            "engines": {
@@ -5828,27 +5861,30 @@
            }
        },
        "node_modules/@typescript/native-preview": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview/-/native-preview-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-CmajHI25HpVWE9R1XFoxr+cphJPxoYD3eFioQtAvXYkMFKnLdICMS9pXre9Pybizb75ejRxjKD5/CVG055rEIg==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview/-/native-preview-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-UcEslgHBaHYPAisVQcyARDfps7nKyugmUyXcsfE1HiHcVuvZ4tBJ5C93sG1FDeHWJ9skGQ68ec+Xsx086geAfg==",
            "license": "Apache-2.0",
            "bin": {
                "tsgo": "bin/tsgo.js"
            },
+            "engines": {
+                "node": ">=16.20.0"
+            },
            "optionalDependencies": {
-                "@typescript/native-preview-darwin-arm64": "7.0.0-dev.20260421.2",
-                "@typescript/native-preview-darwin-x64": "7.0.0-dev.20260421.2",
-                "@typescript/native-preview-linux-arm": "7.0.0-dev.20260421.2",
-                "@typescript/native-preview-linux-arm64": "7.0.0-dev.20260421.2",
-                "@typescript/native-preview-linux-x64": "7.0.0-dev.20260421.2",
-                "@typescript/native-preview-win32-arm64": "7.0.0-dev.20260421.2",
-                "@typescript/native-preview-win32-x64": "7.0.0-dev.20260421.2"
+                "@typescript/native-preview-darwin-arm64": "7.0.0-dev.20260506.1",
+                "@typescript/native-preview-darwin-x64": "7.0.0-dev.20260506.1",
+                "@typescript/native-preview-linux-arm": "7.0.0-dev.20260506.1",
+                "@typescript/native-preview-linux-arm64": "7.0.0-dev.20260506.1",
+                "@typescript/native-preview-linux-x64": "7.0.0-dev.20260506.1",
+                "@typescript/native-preview-win32-arm64": "7.0.0-dev.20260506.1",
+                "@typescript/native-preview-win32-x64": "7.0.0-dev.20260506.1"
            }
        },
        "node_modules/@typescript/native-preview-darwin-arm64": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-darwin-arm64/-/native-preview-darwin-arm64-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-fHv1r3ZmVo6zxuAIFmuX3w9QxbcauoG0SsWhmDwm6VmRubLlOJIcmTtlmV3JAb9oOnq8LuzZljzT7Q39fSMQDw==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-darwin-arm64/-/native-preview-darwin-arm64-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-dAd7qG2J508+4CRSuoEA0EUxViIedQ0D+8xKoZiM0EQHCwww8glWYCo72UTjcRZctS3QbJY3PtGSvo3nzL4oVw==",
            "cpu": [
                "arm64"
            ],
@@ -5856,12 +5892,15 @@
            "optional": true,
            "os": [
                "darwin"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@typescript/native-preview-darwin-x64": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-darwin-x64/-/native-preview-darwin-x64-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-KWTR6xbW9t+JS7D5DQIzo75pqVXVWUxF9PMv/+S6xsnOjCVd6g0ixHcFpFMJMKSUQpGPr8Z5f7b8ks6LHW01jg==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-darwin-x64/-/native-preview-darwin-x64-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-1Q7Elncpuiozvx3HCTgFbSxNz2m2FIkO1QW5f15igcZDG3vMW4QglNflmXosc69bzYI7KfYZuaGX3yGzJkGbfg==",
            "cpu": [
                "x64"
            ],
@@ -5869,12 +5908,15 @@
            "optional": true,
            "os": [
                "darwin"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@typescript/native-preview-linux-arm": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-linux-arm/-/native-preview-linux-arm-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-BWLQO3nemLDSV5PoE5GPHe1dU9Dth77Kv8/cle9Ujcp4LhPo0KincdPqFH/qKeU/xvW25mgFueflZ1nc4rKuww==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-linux-arm/-/native-preview-linux-arm-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-MfYn1p+aOorZ2Y+7sqLvSoAXPEz/RfKgHfeYO240Udco30B4oapm7Hsq2PsS9Z2Oth/RorGjY0jLP2OhnkY2Ig==",
            "cpu": [
                "arm"
            ],
@@ -5882,12 +5924,15 @@
            "optional": true,
            "os": [
                "linux"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@typescript/native-preview-linux-arm64": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-linux-arm64/-/native-preview-linux-arm64-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-VLMEuml3BhUb+jaL0TXQ4xvVODxJF+RhkI+tBWvlynsJI4khTXEiwWh+wPOJrsfBRYFRMXEu28Odl/HXkYze8w==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-linux-arm64/-/native-preview-linux-arm64-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-Q1W4DHplR2urmtPwoz9tw6XUGWRNXF+CIXJQ8ZpIZFj/OHgvTw8vkYkKFuaEao3lSjTsR4lQe/wL2Xr5K0hxuA==",
            "cpu": [
                "arm64"
            ],
@@ -5895,12 +5940,15 @@
            "optional": true,
            "os": [
                "linux"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@typescript/native-preview-linux-x64": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-linux-x64/-/native-preview-linux-x64-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-qUrJWTB5/wv4wnRG0TRXElAxc2kykNiRNyEIEqBbLmzDlrcvAW7RRy8MXoY1ZyTiKGMu14itZ3x9oW6+blFpRw==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-linux-x64/-/native-preview-linux-x64-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-b+sbLBCIchbrGQNbjIvVN2qd+ieqqp/nghi0n2zOAKGPsfd5wG6ceqxWJKADdBDCohsCCGt//rZccUwFugIsyA==",
            "cpu": [
                "x64"
            ],
@@ -5908,12 +5956,15 @@
            "optional": true,
            "os": [
                "linux"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@typescript/native-preview-win32-arm64": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-win32-arm64/-/native-preview-win32-arm64-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-Rc6NsWlZmCs5YUKVzKgwoBOoRUGsPzct4BDMRX0csD1devLBBc4AbUXWKsJRbpwIAnqMO1ld4sNHEb+wXgfNHQ==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-win32-arm64/-/native-preview-win32-arm64-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-l59d8pZjFT7GoWpgCOy6aBcxLSALphA91X4Z/2XHo5HnM0bQ/yJjB7XMeUQZBdk5DZCdZL+sWTfmXLRggm7sFg==",
            "cpu": [
                "arm64"
            ],
@@ -5921,12 +5972,15 @@
            "optional": true,
            "os": [
                "win32"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@typescript/native-preview-win32-x64": {
-            "version": "7.0.0-dev.20260421.2",
-            "resolved": "https://registry.npmjs.org/@typescript/native-preview-win32-x64/-/native-preview-win32-x64-7.0.0-dev.20260421.2.tgz",
-            "integrity": "sha512-GQv1+dya1t6EqF2Cpsb+xoozovdX10JUSf6Kl/8xNkTapzmlHd+uMr+8ku3jIASTxoRGn0Mklgjj3MDKrOTuLg==",
+            "version": "7.0.0-dev.20260506.1",
+            "resolved": "https://registry.npmjs.org/@typescript/native-preview-win32-x64/-/native-preview-win32-x64-7.0.0-dev.20260506.1.tgz",
+            "integrity": "sha512-dJDLSzaz2xjRYYmTSfcCepZUi3ITjQSJ6Gk5YGplMF57UmZCAGI+ns4Te/V74IJiQigXqTnyEIGorwsOqhW8gQ==",
            "cpu": [
                "x64"
            ],
@@ -5934,7 +5988,10 @@
            "optional": true,
            "os": [
                "win32"
-            ]
+            ],
+            "engines": {
+                "node": ">=16.20.0"
+            }
        },
        "node_modules/@ungap/structured-clone": {
            "version": "1.3.0",
@@ -8678,6 +8735,37 @@
            "license": "MIT",
            "peer": true
        },
+        "node_modules/domelementtype": {
+            "version": "3.0.0",
+            "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-3.0.0.tgz",
+            "integrity": "sha512-umCQid3jKbDmVjx8jGaW7uUykm4DEUeyV21hPxNMo2nV955DhUThwqyOIDtreepP31hl84X7G5U9ZfsWvIB3Pg==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/fb55"
+                }
+            ],
+            "license": "BSD-2-Clause",
+            "engines": {
+                "node": ">=20.19.0"
+            }
+        },
+        "node_modules/domhandler": {
+            "version": "6.0.1",
+            "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-6.0.1.tgz",
+            "integrity": "sha512-gYzvtM72ZtxQO0T048kd6HWSbbGCNOUwcnfQ01cqIJ4X2IYKFFHZ5mKvrQETcFXxsRObZulDaKmy//R7TPtsBg==",
+            "license": "BSD-2-Clause",
+            "dependencies": {
+                "domelementtype": "^3.0.0"
+            },
+            "engines": {
+                "node": ">=20.19.0"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/fb55/domhandler?sponsor=1"
+            }
+        },
        "node_modules/dompurify": {
            "version": "3.4.2",
            "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz",
@@ -9195,13 +9283,13 @@
            }
        },
        "node_modules/eslint-plugin-lit": {
-            "version": "2.2.1",
-            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.2.1.tgz",
-            "integrity": "sha512-mnqqwpWF4PBF/YjlGt9mbHwrWCGMtaqdpnqISv3nGcTl8iStaAt9UGieMY3i8vwKfSSWtkEfBZUcRKFGys6yiw==",
+            "version": "2.3.1",
+            "resolved": "https://registry.npmjs.org/eslint-plugin-lit/-/eslint-plugin-lit-2.3.1.tgz",
+            "integrity": "sha512-wAqDOOWQzUoY5uK124ZR+h7Snx0+KdZd3Knv6133gRHEcu03jbqnouK4GBwVl6PkGOkNy40zSchOp9VbBh4yHg==",
            "license": "MIT",
            "dependencies": {
-                "parse5": "^6.0.1",
-                "parse5-htmlparser2-tree-adapter": "^6.0.1"
+                "parse5": "^8.0.1",
+                "parse5-htmlparser2-tree-adapter": "^8.0.1"
            },
            "engines": {
                "node": ">= 18"
@@ -9210,11 +9298,29 @@
                "eslint": ">= 8"
            }
        },
+        "node_modules/eslint-plugin-lit/node_modules/entities": {
+            "version": "8.0.0",
+            "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
+            "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
+            "license": "BSD-2-Clause",
+            "engines": {
+                "node": ">=20.19.0"
+            },
+            "funding": {
+                "url": "https://github.com/fb55/entities?sponsor=1"
+            }
+        },
        "node_modules/eslint-plugin-lit/node_modules/parse5": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
-            "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==",
-            "license": "MIT"
+            "version": "8.0.1",
+            "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+            "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
+            "license": "MIT",
+            "dependencies": {
+                "entities": "^8.0.0"
+            },
+            "funding": {
+                "url": "https://github.com/inikulin/parse5?sponsor=1"
+            }
        },
        "node_modules/eslint-plugin-react": {
            "version": "7.37.5",
@@ -11865,9 +11971,9 @@
            }
        },
        "node_modules/knip": {
-            "version": "6.11.0",
-            "resolved": "https://registry.npmjs.org/knip/-/knip-6.11.0.tgz",
-            "integrity": "sha512-84PTlN8Q5smLpTbzs8smTVh8PMbTDXtw0tFksXq/m6auGFC/KSzJykKFmnYh3As38kiWDkoDBvdTTyKk5M1TAQ==",
+            "version": "6.12.0",
+            "resolved": "https://registry.npmjs.org/knip/-/knip-6.12.0.tgz",
+            "integrity": "sha512-nRg8+DOFcfBD6NjmNzu9+3D35QnEmMsnojJGOHQUqv+70r1aOx99wpSUXvEV7syQVOL5E6tNXXkoyG1Fuz8BWg==",
            "funding": [
                {
                    "type": "github",
@@ -14817,19 +14923,41 @@
            }
        },
        "node_modules/parse5-htmlparser2-tree-adapter": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-6.0.1.tgz",
-            "integrity": "sha512-qPuWvbLgvDGilKc5BoicRovlT4MtYT6JfJyBOMDsKoiT+GiuP5qyrPCnR9HcPECIJJmZh5jRndyNThnhhb/vlA==",
+            "version": "8.0.1",
+            "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-8.0.1.tgz",
+            "integrity": "sha512-aqkH+xQxX+QGZtP5GIMmqqp16Y0v9muEf2VVeypv35kFsD5bqP1UeBanSshdfjMY+RTh2vN4mmK6nEOVRMEvHg==",
            "license": "MIT",
            "dependencies": {
-                "parse5": "^6.0.1"
+                "domhandler": "^6.0.1",
+                "parse5": "^8.0.0"
+            },
+            "funding": {
+                "url": "https://github.com/inikulin/parse5?sponsor=1"
+            }
+        },
+        "node_modules/parse5-htmlparser2-tree-adapter/node_modules/entities": {
+            "version": "8.0.0",
+            "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
+            "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
+            "license": "BSD-2-Clause",
+            "engines": {
+                "node": ">=20.19.0"
+            },
+            "funding": {
+                "url": "https://github.com/fb55/entities?sponsor=1"
            }
        },
        "node_modules/parse5-htmlparser2-tree-adapter/node_modules/parse5": {
-            "version": "6.0.1",
-            "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz",
-            "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==",
-            "license": "MIT"
+            "version": "8.0.1",
+            "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+            "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
+            "license": "MIT",
+            "dependencies": {
+                "entities": "^8.0.0"
+            },
+            "funding": {
+                "url": "https://github.com/inikulin/parse5?sponsor=1"
+            }
        },
        "node_modules/path-data-parser": {
            "version": "0.1.0",
@@ -18466,15 +18594,15 @@
            }
        },
        "node_modules/typescript-eslint": {
-            "version": "8.57.2",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
-            "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
+            "version": "8.59.3",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
+            "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
            "license": "MIT",
            "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.57.2",
-                "@typescript-eslint/parser": "8.57.2",
-                "@typescript-eslint/typescript-estree": "8.57.2",
-                "@typescript-eslint/utils": "8.57.2"
+                "@typescript-eslint/eslint-plugin": "8.59.3",
+                "@typescript-eslint/parser": "8.59.3",
+                "@typescript-eslint/typescript-estree": "8.59.3",
+                "@typescript-eslint/utils": "8.59.3"
            },
            "engines": {
                "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -18485,7 +18613,7 @@
            },
            "peerDependencies": {
                "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-                "typescript": ">=4.8.4 <6.0.0"
+                "typescript": ">=4.8.4 <6.1.0"
            }
        },
        "node_modules/ufo": {
@@ -18568,9 +18696,9 @@
            }
        },
        "node_modules/undici-types": {
-            "version": "7.19.2",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz",
-            "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==",
+            "version": "7.21.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
+            "integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
            "license": "MIT"
        },
        "node_modules/unicorn-magic": {
@@ -19695,14 +19823,14 @@
            "license": "MIT",
            "dependencies": {
                "@goauthentik/tsconfig": "^1.0.9",
-                "@types/node": "^25.6.2",
+                "@types/node": "^25.7.0",
                "@types/semver": "^7.7.1",
                "semver": "^7.7.4",
                "typescript": "^6.0.3"
            },
            "engines": {
                "node": ">=24",
-                "npm": ">=11.6.2"
+                "npm": ">=11.14.1"
            }
        },
        "packages/core/node_modules/semver": {
--- a/web/package.json
+++ b/web/package.json
@@ -13,7 +13,6 @@
        "format": "wireit",
        "lint": "eslint --fix .",
        "lint:imports": "knip --config scripts/knip.config.ts",
-        "lint:lockfile": "wireit",
        "lint:types": "wireit",
        "lint-check": "eslint --max-warnings 0 .",
        "lit-analyse": "wireit",
@@ -127,13 +126,13 @@
        "@types/codemirror": "^5.60.17",
        "@types/grecaptcha": "^3.0.9",
        "@types/guacamole-common-js": "^1.5.5",
-        "@types/node": "^25.6.2",
+        "@types/node": "^25.7.0",
        "@types/react": "^19.2.14",
        "@types/react-dom": "^19.2.3",
        "@typescript-eslint/eslint-plugin": "^8.57.2",
        "@typescript-eslint/parser": "^8.57.2",
        "@typescript-eslint/utils": "^8.57.2",
-        "@typescript/native-preview": "^7.0.0-dev.20260421.2",
+        "@typescript/native-preview": "^7.0.0-dev.20260506.1",
        "@vitest/browser": "^4.1.6",
        "@vitest/browser-playwright": "^4.1.6",
        "@webcomponents/webcomponentsjs": "^2.8.0",
@@ -149,13 +148,13 @@
        "dompurify": "^3.4.2",
        "esbuild": "^0.28.0",
        "eslint": "^9.39.3",
-        "eslint-plugin-lit": "^2.2.1",
+        "eslint-plugin-lit": "^2.3.1",
        "eslint-plugin-wc": "^3.1.0",
        "fuse.js": "^7.3.0",
        "globals": "^17.6.0",
        "guacamole-common-js": "^1.5.0",
        "hastscript": "^9.0.1",
-        "knip": "^6.11.0",
+        "knip": "^6.12.0",
        "lex": "^2025.11.0",
        "lit": "^3.3.2",
        "lit-analyzer": "^2.0.3",
@@ -190,7 +189,7 @@
        "turnstile-types": "^1.2.3",
        "type-fest": "^5.6.0",
        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.57.2",
+        "typescript-eslint": "^8.59.3",
        "unist-util-visit": "^5.1.0",
        "vite": "^8.0.12",
        "vitest": "^4.1.6",
@@ -202,6 +201,7 @@
        "@esbuild/darwin-arm64": "^0.28.0",
        "@esbuild/linux-arm64": "^0.28.0",
        "@esbuild/linux-x64": "^0.28.0",
+        "@goauthentik/prettier-config-dev": "../packages/prettier-config",
        "@rollup/rollup-darwin-arm64": "^4.57.1",
        "@rollup/rollup-linux-arm64-gnu": "^4.57.1",
        "@rollup/rollup-linux-x64-gnu": "^4.57.1"
@@ -266,11 +266,6 @@
                "build-locales"
            ]
        },
-        "lint:lockfile": {
-            "__comment": "The lockfile-lint package does not have an option to ensure resolved hashes are set everywhere",
-            "shell": true,
-            "command": "sh ./scripts/lint-lockfile.sh package-lock.json"
-        },
        "lit-analyse": {
            "command": "lit-analyzer src"
        },
@@ -279,8 +274,7 @@
            "dependencies": [
                "lint",
                "lint:types",
-                "lint:components",
-                "lint:lockfile"
+                "lint:components"
            ]
        },
        "storybook:build": {
@@ -298,7 +292,7 @@
    },
    "engines": {
        "node": ">=24",
-        "npm": ">=11.6.2"
+        "npm": ">=11.14.1"
    },
    "devEngines": {
        "runtime": {
@@ -308,11 +302,12 @@
        },
        "packageManager": {
            "name": "npm",
-            "version": "11.10.1",
+            "version": ">=11.14.1",
            "onFail": "warn"
        }
    },
-    "prettier": "@goauthentik/prettier-config",
+    "packageManager": "npm@11.14.1+sha512.6a8a4d67478497a2dbc6815cad72e64c43f33413717e242756047d466241ab39bee61e691683a64658e94496ec5f1a1c05e4a5ec62dcc773280dfd949443a367",
+    "prettier": "./prettier.config.mjs",
    "overrides": {
        "@goauthentik/esbuild-plugin-live-reload": {
            "esbuild": "$esbuild",
@@ -351,6 +346,7 @@
        "rapidoc": {
            "@apitools/openapi-parser": "0.0.37"
        },
+        "tree-sitter": false,
        "typescript-eslint": {
            "typescript": "$typescript"
        },
--- a/web/packages/core/package.json
+++ b/web/packages/core/package.json
@@ -45,13 +45,13 @@
    },
    "dependencies": {
        "@goauthentik/tsconfig": "^1.0.9",
-        "@types/node": "^25.6.2",
+        "@types/node": "^25.7.0",
        "@types/semver": "^7.7.1",
        "semver": "^7.7.4",
        "typescript": "^6.0.3"
    },
    "engines": {
        "node": ">=24",
-        "npm": ">=11.6.2"
+        "npm": ">=11.14.1"
    }
 }
--- a/web/prettier.config.mjs
+++ b/web/prettier.config.mjs
@@ -0,0 +1,15 @@
+/**
+ * @file Prettier config resolver.
+ *
+ * This file attempts to import the monorepo's local Prettier config package,
+ * falling back to the published version if the local one cannot be found.
+ */
+
+const config = await import("@goauthentik/prettier-config-dev")
+    .catch(() => {
+        console.debug("Fallback to published @goauthentik/prettier-config");
+        return import("@goauthentik/prettier-config");
+    })
+    .then((module) => module.default);
+
+export default config;
--- a/web/scripts/lint-lockfile.sh
+++ b/web/scripts/lint-lockfile.sh
@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-
-if ! command -v jq  >/dev/null 2>&1 ; then
-    echo "This check requires the jq program be installed."
-    echo "To install jq, visit"
-    echo "    https://jqlang.github.io/jq/"
-    exit 1
-fi
-
-CMD=$(jq -r '.packages | to_entries[] | select((.key | contains("node_modules")) and (.value | has("resolved") | not)) | .key' < "$1")
-
-if [ -n "$CMD" ]; then
-    echo "ERROR package-lock.json entries missing 'resolved' field:"
-    echo ""
-    # Shellcheck erroneously believes that shell string substitution can be used here, but that
-    # feature lacks a "start of line" discriminator.
-    # shellcheck disable=SC2001
-    echo "$CMD" | sed 's/^/    /g'
-    echo ""
-    exit 1
-fi    
--- a/web/src/admin/providers/scim/SCIMProviderFormForm.ts
+++ b/web/src/admin/providers/scim/SCIMProviderFormForm.ts
@@ -93,6 +93,7 @@ export function renderAuth(provider?: Partial<SCIMProvider>, errors: ValidationE
        case SCIMAuthenticationModeEnum.Token:
            return renderAuthToken(provider, errors);
        case SCIMAuthenticationModeEnum.Oauth:
+        case SCIMAuthenticationModeEnum.OauthInteractive:
            return renderAuthOAuth(provider, errors);
    }
 }
@@ -160,12 +161,18 @@ export function renderForm({ provider, errors, update }: SCIMProviderFormProps)
                                )}`,
                            },
                            {
-                                label: msg("OAuth"),
+                                label: msg("OAuth (Silent)"),
                                value: SCIMAuthenticationModeEnum.Oauth,
-                                default: true,
                                description: html`${msg("Authenticate SCIM requests using OAuth.")}
                                    <ak-license-notice></ak-license-notice>`,
                            },
+                            {
+                                label: msg("OAuth (Interactive)"),
+                                value: SCIMAuthenticationModeEnum.OauthInteractive,
+                                description: html`${msg(
+                                        "Authenticate SCIM requests using OAuth, interactively authorized.",
+                                    )} <ak-license-notice></ak-license-notice>`,
+                            },
                        ]}
                    ></ak-radio>
                </ak-form-element-horizontal>
--- a/web/src/admin/providers/scim/SCIMProviderViewPage.ts
+++ b/web/src/admin/providers/scim/SCIMProviderViewPage.ts
@@ -13,6 +13,7 @@ import "#elements/buttons/ModalButton";
 import "#elements/sync/SyncStatusCard";
 import "#elements/tasks/ScheduleList";
 import "#elements/tasks/TaskList";
+import "#elements/timestamp/ak-timestamp";

 import { DEFAULT_CONFIG } from "#common/api/config";
 import { EVENT_REFRESH } from "#common/constants";
@@ -20,7 +21,14 @@ import { EVENT_REFRESH } from "#common/constants";
 import { AKElement } from "#elements/Base";
 import { SlottedTemplateResult } from "#elements/types";

-import { ModelEnum, ProvidersApi, SCIMProvider } from "@goauthentik/api";
+import renderDescriptionList from "#components/DescriptionList";
+
+import {
+    ModelEnum,
+    ProvidersApi,
+    SCIMAuthenticationModeEnum,
+    SCIMProvider,
+} from "@goauthentik/api";

 import MDSCIMProvider from "~docs/add-secure-apps/providers/scim/index.md";

@@ -154,6 +162,42 @@ export class SCIMProviderViewPage extends AKElement {
        </main>`;
    }

+    renderSyncStatusExtra() {
+        if (
+            this.provider?.authMode !== SCIMAuthenticationModeEnum.Oauth &&
+            this.provider?.authMode !== SCIMAuthenticationModeEnum.OauthInteractive
+        )
+            return nothing;
+        return html`
+            <div class="pf-c-description-list__group">
+                <dt class="pf-c-description-list__term">
+                    <span class="pf-c-description-list__text"
+                        >${msg("OAuth Token last updated")}</span
+                    >
+                </dt>
+                <dd class="pf-c-description-list__description">
+                    <div class="pf-c-description-list__text">
+                        <ak-timestamp
+                            .timestamp=${this.provider?.authOauthTokenLastUpdated}
+                        ></ak-timestamp>
+                    </div>
+                </dd>
+            </div>
+            <div class="pf-c-description-list__group">
+                <dt class="pf-c-description-list__term">
+                    <span class="pf-c-description-list__text">${msg("OAuth Token expires")}</span>
+                </dt>
+                <dd class="pf-c-description-list__description">
+                    <div class="pf-c-description-list__text">
+                        <ak-timestamp
+                            .timestamp=${this.provider?.authOauthTokenExpires}
+                        ></ak-timestamp>
+                    </div>
+                </dd>
+            </div>
+        `;
+    }
+
    renderTabOverview(): SlottedTemplateResult {
        if (!this.provider) {
            return nothing;
@@ -168,91 +212,94 @@ export class SCIMProviderViewPage extends AKElement {
                : nothing}
            <div class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter">
                <div
-                    class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-6-col-on-xl pf-m-6-col-on-2xl"
+                    class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-4-col-on-xl pf-m-4-col-on-2xl"
                >
+                    <div class="pf-c-card__title">${msg("Info")}</div>
                    <div class="pf-c-card__body">
-                        <dl class="pf-c-description-list">
-                            <div class="pf-c-description-list__group">
-                                <dt class="pf-c-description-list__term">
-                                    <span class="pf-c-description-list__text">${msg("Name")}</span>
-                                </dt>
-                                <dd class="pf-c-description-list__description">
-                                    <div class="pf-c-description-list__text">
-                                        ${this.provider.name}
-                                    </div>
-                                </dd>
-                            </div>
-                            <div class="pf-c-description-list__group">
-                                <dt class="pf-c-description-list__term">
-                                    <span class="pf-c-description-list__text"
-                                        >${msg("Assigned to application")}</span
+                        ${renderDescriptionList([
+                            [msg("Name"), this.provider.name],
+                            [
+                                msg("Assigned to application"),
+                                html`<ak-provider-related-application
+                                    mode="backchannel"
+                                    .provider=${this.provider}
+                                ></ak-provider-related-application>`,
+                            ],
+                            [
+                                msg("Dry-run"),
+                                html`<ak-status-label
+                                    ?good=${!this.provider.dryRun}
+                                    type="info"
+                                    good-label=${msg("No")}
+                                    bad-label=${msg("Yes")}
+                                ></ak-status-label>`,
+                            ],
+                            [msg("URL"), this.provider.url],
+                            [
+                                msg("Service Provider Config cache timeout"),
+                                this.provider.serviceProviderConfigCacheTimeout,
+                            ],
+                            [
+                                msg("Related actions"),
+                                html`<ak-forms-modal>
+                                    <span slot="submit">${msg("Save Changes")}</span>
+                                    <span slot="header">${msg("Update SCIM Provider")}</span>
+                                    <ak-provider-scim-form
+                                        slot="form"
+                                        .instancePk=${this.provider.pk}
                                    >
-                                </dt>
-                                <dd class="pf-c-description-list__description">
-                                    <div class="pf-c-description-list__text">
-                                        <ak-provider-related-application
-                                            mode="backchannel"
-                                            .provider=${this.provider}
-                                        ></ak-provider-related-application>
-                                    </div>
-                                </dd>
-                            </div>
-                            <div class="pf-c-description-list__group">
-                                <dt class="pf-c-description-list__term">
-                                    <span class="pf-c-description-list__text"
-                                        >${msg("Dry-run")}</span
+                                    </ak-provider-scim-form>
+                                    <button
+                                        slot="trigger"
+                                        class="pf-c-button pf-m-primary pf-m-block"
                                    >
-                                </dt>
-                                <dd class="pf-c-description-list__description">
-                                    <div class="pf-c-description-list__text">
-                                        <ak-status-label
-                                            ?good=${!this.provider.dryRun}
-                                            type="info"
-                                            good-label=${msg("No")}
-                                            bad-label=${msg("Yes")}
-                                        ></ak-status-label>
-                                    </div>
-                                </dd>
-                            </div>
-                            <div class="pf-c-description-list__group">
-                                <dt class="pf-c-description-list__term">
-                                    <span class="pf-c-description-list__text">${msg("URL")}</span>
-                                </dt>
-                                <dd class="pf-c-description-list__description">
-                                    <div class="pf-c-description-list__text">
-                                        ${this.provider.url}
-                                    </div>
-                                </dd>
-                            </div>
-                            <div class="pf-c-description-list__group">
-                                <dt class="pf-c-description-list__term">
-                                    <span class="pf-c-description-list__text">
-                                        ${msg("Service Provider Config cache timeout")}
-                                    </span>
-                                </dt>
-                                <dd class="pf-c-description-list__description">
-                                    <div class="pf-c-description-list__text">
-                                        ${this.provider.serviceProviderConfigCacheTimeout}
-                                    </div>
-                                </dd>
-                            </div>
-                        </dl>
-                    </div>
-                    <div class="pf-c-card__footer">
-                        <ak-forms-modal>
-                            <span slot="submit">${msg("Save Changes")}</span>
-                            <span slot="header">${msg("Update SCIM Provider")}</span>
-                            <ak-provider-scim-form slot="form" .instancePk=${this.provider.pk}>
-                            </ak-provider-scim-form>
-                            <button slot="trigger" class="pf-c-button pf-m-primary">
-                                ${msg("Edit")}
-                            </button>
-                        </ak-forms-modal>
+                                        ${msg("Edit")}
+                                    </button>
+                                </ak-forms-modal>`,
+                            ],
+                        ])}
                    </div>
                </div>
-                <div
-                    class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-6-col-on-xl pf-m-6-col-on-2xl"
-                >
+                <div class="pf-l-grid__item pf-m-12-col pf-m-8-col-on-xl pf-m-8-col-on-2xl">
+                    ${this.provider.authMode === SCIMAuthenticationModeEnum.OauthInteractive
+                        ? html`
+                              <div class="pf-c-card">
+                                  <div class="pf-c-card__body">
+                                      ${renderDescriptionList(
+                                          [
+                                              [
+                                                  msg("OAuth Status"),
+                                                  html`<ak-status-label
+                                                          ?good=${this.provider
+                                                              .authOauthTokenLastUpdated !== null}
+                                                          good-label=${msg("Authenticated")}
+                                                          bad-label=${msg("No token saved")}
+                                                      ></ak-status-label>
+                                                      <a
+                                                          class="pf-c-button pf-m-primary"
+                                                          href=${this.provider?.authOauthUrlStart ||
+                                                          ""}
+                                                          target="_blank"
+                                                          >${msg("(Re-)authenticate")}</a
+                                                      >`,
+                                              ],
+                                              [
+                                                  msg("OAuth Callback URL"),
+                                                  html`<input
+                                                      class="pf-c-form-control"
+                                                      readonly
+                                                      type="text"
+                                                      value="${this.provider.authOauthUrlCallback ||
+                                                      ""}"
+                                                  />`,
+                                              ],
+                                          ],
+                                          { horizontal: true },
+                                      )}
+                                  </div>
+                              </div>
+                          `
+                        : nothing}
                    <ak-sync-status-card
                        .fetch=${() => {
                            return new ProvidersApi(DEFAULT_CONFIG).providersScimSyncStatusRetrieve(
@@ -261,7 +308,9 @@ export class SCIMProviderViewPage extends AKElement {
                                },
                            );
                        }}
-                    ></ak-sync-status-card>
+                    >
+                        ${this.renderSyncStatusExtra()}
+                    </ak-sync-status-card>
                </div>
                <div class="pf-l-grid__item pf-m-12-col pf-l-stack__item">
                    <div class="pf-c-card">
--- a/web/src/elements/ak-drawer/ak-drawer.stories.ts
+++ b/web/src/elements/ak-drawer/ak-drawer.stories.ts
@@ -121,7 +121,7 @@ export const Default: Story = {
    render: () => html` <ak-drawer> ${contentBlock} ${panelBlock} </ak-drawer> `,
 };

-export const story = (args: DrawerProps = {}, name?: string): Story => ({
+const story = (args: DrawerProps = {}, name?: string): Story => ({
    ...Template,
    ...(name ? { name } : {}),
    args: {
--- a/web/src/elements/ak-drawer/ak-drawer.styles.ts
+++ b/web/src/elements/ak-drawer/ak-drawer.styles.ts
@@ -51,11 +51,11 @@ export const styles = css`
        flex-direction: column;
    }

-    :host(:not([inline], [static])) .ak-v2-c-drawer__main {
+    :host(:not([inline]):not([static])) .ak-v2-c-drawer__main {
        position: relative;
    }

-    :host(:not([inline], [static])) .ak-v2-c-drawer__main > .ak-v2-c-drawer__panel {
+    :host(:not([inline]):not([static])) .ak-v2-c-drawer__main > .ak-v2-c-drawer__panel {
        position: absolute;
        inset-block-start: 0;
        inset-block-end: 0;
@@ -65,17 +65,17 @@ export const styles = css`
    }

    :where(.ak-v2-m-dir-rtl, [dir="rtl"])
-        :host(:not([inline], [static]))
+        :host(:not([inline]):not([static]))
        .ak-v2-c-drawer__main
        > .ak-v2-c-drawer__panel {
        transform: translateX(calc(100% * var(--ak-v2-global--inverse--multiplier)));
    }

-    :host([expanded]:not([inline], [static])) .ak-v2-c-drawer__main > .ak-v2-c-drawer__panel {
+    :host([expanded]:not([inline]):not([static])) .ak-v2-c-drawer__main > .ak-v2-c-drawer__panel {
        transform: translateX(0);
    }

-    :host([position="left"]:not([inline], [static]))
+    :host([position="left"]:not([inline]):not([static]))
        .ak-v2-c-drawer__main
        > .ak-v2-c-drawer__panel {
        inset-inline-end: auto;
@@ -84,19 +84,19 @@ export const styles = css`
    }

    :where(.ak-v2-m-dir-rtl, [dir="rtl"])
-        :host([position="left"]:not([inline], [static]))
+        :host([position="left"]:not([inline]):not([static]))
        .ak-v2-c-drawer__main
        > .ak-v2-c-drawer__panel {
        transform: translateX(calc(-100% * var(--ak-v2-global--inverse--multiplier)));
    }

-    :host([expanded][position="left"]:not([inline], [static]))
+    :host([expanded][position="left"]:not([inline]):not([static]))
        .ak-v2-c-drawer__main
        > .ak-v2-c-drawer__panel {
        transform: translateX(0);
    }

-    :host([position="bottom"]:not([inline], [static]))
+    :host([position="bottom"]:not([inline]):not([static]))
        .ak-v2-c-drawer__main
        > .ak-v2-c-drawer__panel {
        inset-inline-end: 0;
@@ -108,7 +108,7 @@ export const styles = css`
        transform: translateY(100%);
    }

-    :host([position="bottom"][expanded]:not([inline], [static]))
+    :host([position="bottom"][expanded]:not([inline]):not([static]))
        .ak-v2-c-drawer__main
        > .ak-v2-c-drawer__panel {
        transform: translateY(0);
@@ -406,10 +406,10 @@ export const styles = css`
            );
        }

-        :host([position="left"][inline]:not([no-border], [resizable]))
+        :host([position="left"][inline]:not([no-border]):not([resizable]))
            .ak-v2-c-drawer__main
            > .ak-v2-c-drawer__panel:not(.pf-m-no-border, .pf-m-resizable),
-        :host([position="left"][static]:not([no-border], [resizable]))
+        :host([position="left"][static]:not([no-border]):not([resizable]))
            .ak-v2-c-drawer__main
            > .ak-v2-c-drawer__panel:not(.pf-m-no-border, .pf-m-resizable) {
            padding-inline-start: 0;
--- a/web/src/elements/sync/SyncStatusCard.ts
+++ b/web/src/elements/sync/SyncStatusCard.ts
@@ -90,6 +90,7 @@ export class SyncStatusCard extends AKElement {
                        </div>
                    </dd>
                </div>
+                <slot></slot>
            </dl>
        `;
    }
--- a/web/src/flow/stages/prompt/components/locale.ts
+++ b/web/src/flow/stages/prompt/components/locale.ts
@@ -15,9 +15,6 @@ import { msg } from "@lit/localize";
 import { html } from "lit";
 import { guard } from "lit/directives/guard.js";

-// Fixes horizontal rule <hr> warning in select dropdowns.
-/* eslint-disable lit/no-invalid-html */
-
 export interface LocalePromptProps {
    activeLanguageTag: TargetLanguageTag;
    prompt: StagePrompt;
--- a/web/xliff/cs-CZ.xlf
+++ b/web/xliff/cs-CZ.xlf
@@ -2349,10 +2349,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -11203,6 +11199,36 @@ Vazby na skupiny/uživatele jsou kontrolovány vůči uživateli události.</tar
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/de-DE.xlf
+++ b/web/xliff/de-DE.xlf
@@ -2371,10 +2371,6 @@
  <source>Authenticate SCIM requests using a static token.</source>
  <target>SCIM-Anfragen mit einem statischen Token authentifizieren.</target>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
  <target>SCIM-Anfragen per OAuth authentifizieren.</target>
@@ -11235,6 +11231,36 @@ Bindings zu Gruppen/Benutzern werden mit dem Benutzer des Ereignisses abgegliche
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/en.xlf
+++ b/web/xliff/en.xlf
@@ -1808,9 +1808,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -9224,6 +9221,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/es-ES.xlf
+++ b/web/xliff/es-ES.xlf
@@ -2326,9 +2326,6 @@ Si se deja vacío, AuthnContextClassRef se establecerá según los métodos de a
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -11160,6 +11157,36 @@ Las vinculaciones a grupos/usuarios se verifican en función del usuario del eve
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/fi-FI.xlf
+++ b/web/xliff/fi-FI.xlf
@@ -2415,10 +2415,6 @@
  <source>Authenticate SCIM requests using a static token.</source>
  <target>Todenna SCIM-pyynnöt staattisella tunnisteella.</target>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
  <target>Todenna SCIM-pyynnöt OAuthilla.</target>
@@ -11401,6 +11397,36 @@ Liitokset käyttäjiin/ryhmiin tarkistetaan tapahtuman käyttäjästä.</target>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/fr-FR.xlf
+++ b/web/xliff/fr-FR.xlf
@@ -2412,10 +2412,6 @@
  <source>Authenticate SCIM requests using a static token.</source>
  <target>Authentifier les requêtes SCIM avec un jeton statique.</target>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
  <target>Authentifier les requêtes SCIM avec OAuth.</target>
@@ -11390,6 +11386,36 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/it-IT.xlf
+++ b/web/xliff/it-IT.xlf
@@ -2293,9 +2293,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -11109,6 +11106,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/ja-JP.xlf
+++ b/web/xliff/ja-JP.xlf
@@ -2410,10 +2410,6 @@
  <source>Authenticate SCIM requests using a static token.</source>
  <target>静的トークンを使用してSCIMリクエストを認証します。</target>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
  <target>OAuthを使用してSCIMリクエストを認証します。</target>
@@ -11391,6 +11387,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/ko-KR.xlf
+++ b/web/xliff/ko-KR.xlf
@@ -2235,9 +2235,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -10761,6 +10758,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/nl-NL.xlf
+++ b/web/xliff/nl-NL.xlf
@@ -2147,9 +2147,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -10446,6 +10443,36 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/pl-PL.xlf
+++ b/web/xliff/pl-PL.xlf
@@ -2234,9 +2234,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -10785,6 +10782,36 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/pt-BR.xlf
+++ b/web/xliff/pt-BR.xlf
@@ -2414,10 +2414,6 @@
  <source>Authenticate SCIM requests using a static token.</source>
  <target>Autenticar solicitações SCIM usando um token estático.</target>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
  <target>Autenticar solicitações SCIM usando OAuth.</target>
@@ -11383,6 +11379,36 @@ por exemplo: <x id="0" equiv-text="&lt;code&gt;"/>oci://registry.domain.tld/path
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/ru-RU.xlf
+++ b/web/xliff/ru-RU.xlf
@@ -2255,9 +2255,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -10871,6 +10868,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/tr-TR.xlf
+++ b/web/xliff/tr-TR.xlf
@@ -2240,9 +2240,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -10861,6 +10858,36 @@ Gruplara/kullanıcılara yapılan bağlamalar, etkinliğin kullanıcısına kar
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/zh-Hans.xlf
+++ b/web/xliff/zh-Hans.xlf
@@ -2409,10 +2409,6 @@
  <source>Authenticate SCIM requests using a static token.</source>
  <target>使用静态令牌验证 SCIM 请求。</target>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-  <target>OAuth</target>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
  <target>使用 OAuth 验证 SCIM 请求</target>
@@ -11685,6 +11681,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/web/xliff/zh-Hant.xlf
+++ b/web/xliff/zh-Hant.xlf
@@ -2166,9 +2166,6 @@
 <trans-unit id="s24d7ac2fc280ca5e">
  <source>Authenticate SCIM requests using a static token.</source>
 </trans-unit>
-<trans-unit id="s0e1641692e0dac94">
-  <source>OAuth</source>
-</trans-unit>
 <trans-unit id="s1c34cb0a4cccc041">
  <source>Authenticate SCIM requests using OAuth.</source>
 </trans-unit>
@@ -10498,6 +10495,36 @@ Bindings to groups/users are checked against the user of the event.</source>
 <trans-unit id="s3162a5abea92514e">
  <source>View Credentials</source>
 </trans-unit>
+<trans-unit id="s7cbd6ddbb3cdbda4">
+  <source>OAuth (Silent)</source>
+</trans-unit>
+<trans-unit id="sf74719393c9d600b">
+  <source>OAuth (Interactive)</source>
+</trans-unit>
+<trans-unit id="s364366c872ccd349">
+  <source>Authenticate SCIM requests using OAuth, interactively authorized.</source>
+</trans-unit>
+<trans-unit id="s67dbb822a17bf6fc">
+  <source>OAuth Token last updated</source>
+</trans-unit>
+<trans-unit id="sb586db2f11959745">
+  <source>OAuth Token expires</source>
+</trans-unit>
+<trans-unit id="s4011de0d7365d106">
+  <source>OAuth Status</source>
+</trans-unit>
+<trans-unit id="s169a1a1dce3987b8">
+  <source>Authenticated</source>
+</trans-unit>
+<trans-unit id="s02e7dfce69646f50">
+  <source>No token saved</source>
+</trans-unit>
+<trans-unit id="sde2c41117de5db9d">
+  <source>(Re-)authenticate</source>
+</trans-unit>
+<trans-unit id="s13c4adf0d185f12e">
+  <source>OAuth Callback URL</source>
+</trans-unit>
 </body>
 </file>
 </xliff>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
dependabot[bot]	4be3985574	core: bump github.com/grafana/pyroscope-go from 1.2.8 to 1.3.0 (#22349 ) Bumps [github.com/grafana/pyroscope-go](https://github.com/grafana/pyroscope-go) from 1.2.8 to 1.3.0. - [Release notes](https://github.com/grafana/pyroscope-go/releases) - [Commits](https://github.com/grafana/pyroscope-go/compare/v1.2.8...v1.3.0) --- updated-dependencies: - dependency-name: github.com/grafana/pyroscope-go dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 14:01:03 +02:00
dependabot[bot]	c7786a7a24	web: bump @typescript/native-preview from 7.0.0-dev.20260421.2 to 7.0.0-dev.20260506.1 in /web (#22355 ) web: bump @typescript/native-preview in /web Bumps [@typescript/native-preview](https://github.com/microsoft/typescript-go) from 7.0.0-dev.20260421.2 to 7.0.0-dev.20260506.1. - [Changelog](https://github.com/microsoft/typescript-go/blob/main/CHANGES.md) - [Commits](https://github.com/microsoft/typescript-go/commits) --- updated-dependencies: - dependency-name: "@typescript/native-preview" dependency-version: 7.0.0-dev.20260506.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 14:00:40 +02:00
dependabot[bot]	9547fee764	lifecycle/aws: bump aws-cdk from 2.1120.0 to 2.1121.0 in /lifecycle/aws (#22350 ) Bumps [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk) from 2.1120.0 to 2.1121.0. - [Release notes](https://github.com/aws/aws-cdk-cli/releases) - [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1121.0/packages/aws-cdk) --- updated-dependencies: - dependency-name: aws-cdk dependency-version: 2.1121.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 14:00:13 +02:00
dependabot[bot]	99c7c1695f	core: bump aws-cdk-lib from 2.252.0 to 2.253.0 (#22352 ) Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk) from 2.252.0 to 2.253.0. - [Release notes](https://github.com/aws/aws-cdk/releases) - [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md) - [Commits](https://github.com/aws/aws-cdk/compare/v2.252.0...v2.253.0) --- updated-dependencies: - dependency-name: aws-cdk-lib dependency-version: 2.253.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 13:59:57 +02:00
dependabot[bot]	456cf77108	core: bump google-api-python-client from 2.195.0 to 2.196.0 (#22351 ) Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.195.0 to 2.196.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.195.0...v2.196.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-version: 2.196.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 13:59:43 +02:00
dependabot[bot]	f2b5026d44	ci: bump actions/setup-go from 6.3.0 to 6.4.0 (#22353 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v6.3.0...4a3601121dd01d1626a1e23e37211e3254c1c06c) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 13:59:13 +02:00
dependabot[bot]	888cc7c5be	web: bump knip from 6.11.0 to 6.12.0 in /web (#22356 ) Bumps [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) from 6.11.0 to 6.12.0. - [Release notes](https://github.com/webpro-nl/knip/releases) - [Commits](https://github.com/webpro-nl/knip/commits/knip@6.12.0/packages/knip) --- updated-dependencies: - dependency-name: knip dependency-version: 6.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 13:59:02 +02:00
dependabot[bot]	f7824857de	ci: bump taiki-e/install-action from 2.77.4 to 2.77.6 in /.github/actions/setup (#22354 ) ci: bump taiki-e/install-action in /.github/actions/setup Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.77.4 to 2.77.6. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](`ec28e28791...c070f87102`) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.77.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 13:58:28 +02:00
dependabot[bot]	d2e960e6b1	core: bump aws-lc-rs from 1.16.3 to 1.17.0 (#22357 ) Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs) from 1.16.3 to 1.17.0. - [Release notes](https://github.com/aws/aws-lc-rs/releases) - [Commits](https://github.com/aws/aws-lc-rs/compare/v1.16.3...v1.17.0) --- updated-dependencies: - dependency-name: aws-lc-rs dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-14 13:58:15 +02:00
Dewi Roberts	b8bb5bcca7	website/integrations: fix aws scim mapping wording (#22359 ) Update wording	2026-05-14 07:52:20 -04:00
authentik-automation[bot]	5a0a210d4a	core, web: update translations (#22344 ) Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>	2026-05-14 13:17:31 +02:00
Teffen Ellis	0d55ef05f3	core: Defer status posts until GitHub Actions finishes. (#22340 ) Defer status posts until GitHub Actions finishes.	2026-05-14 00:35:50 +02:00
Teffen Ellis	9543b3c9f6	ci: Consistent NPM versions via Corepack (#20400 ) * core: add .npmrc baseline to block dependency lifecycle scripts Set ignore-scripts=true at the repo root, plus engine-strict, save-exact, audit, and prefer-offline. This neutralizes the dominant npm supply-chain attack vector — postinstall scripts in transitive dependencies — at the cost of requiring an explicit rebuild for the handful of packages that legitimately need install scripts (esbuild, chromedriver, tree-sitter, tree-sitter-json). The next commit wires that rebuild into the Makefile. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * core: route node installs through make to retire website preinstall hook Make docs-install depend on a new root-node-install so the root deps are guaranteed before the website install runs, removing the need for the website/preinstall lifecycle script. Rebuild the small audited list of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json) after the web install so ignore-scripts=true remains the only path that needs maintenance. web/README documents the new workflow. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * Clean up install scripts. * Track .npmrc in CODEOWNERS * Fix formatter config. Reformat. * Fix mounted references. * Flesh out node scripts. * Bump engines. * Prep containers. * Update makefile. * Flesh out github actions. * Clean up docs container. * lint. Bump. Lint. Bump NPM version. * Add limits. * collapse the composite's three setup-node calls to one cache restore * Add SHA. * Bump NPM range. * Run formatter. * Bump NPM. * Remove extra install. * Fix website deps. * Use local prettier. Fix drift in CI. * ci: build frontend in CI with node_env production Signed-off-by: Jens Langhammer <jens@goauthentik.io> * Install docusaurus config. * Fix linter warning, order. * Add linter commands. * Add timeout. * Remove pre install check. --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>	2026-05-13 22:05:07 +00:00
Ken Sternberg	f0686c274a	web/bug: fix regex recursion error in compatibility mode (#22338 ) * web/bug: Fix wild regexp self-ddos recursion bug in compatibility mode. # What Replace CSS not x or y with not x and not y constructs. The form: :host([expanded][position="left"]:not([inline], [static])) … becomes … :host([expanded][position="left"]:not([inline]):not([static])) Minor: Removed the `export` declaration on a helper function in the Drawer story file. # Why The first expression triggered an obscure regex recursion bug in `polyfill.js` when converting the CSS to a format that works when the browser’s shadowDOM features are disabled. It does not handle complex CSS Level 4 Selectors very well. The unneeded `export` was confusing Storybook and causing it to render an empty story on the Drawer’s component overview page.	2026-05-13 13:23:35 -07:00
Jens L.	a712e5bb2f	enterprise/providers/scim: add support for interactive OAuth2 (#22072 ) * enterprise/providers/scim: add support for interactive OAuth2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prep different oauth mode Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add data to API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove not-needed migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix last_updated not being updated Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>	2026-05-13 18:27:34 +02:00
Marc 'risson' Schmitt	4cfb61f83b	website/docs: fix email link in CVE-2026-40166 (#22331 ) Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>	2026-05-13 14:54:24 +00:00
Tana M Berry	30b82ea683	website/docs: add that the Grant Types are now on UI (#22315 ) * add that the Grant Types are now on UI * dewi edits * tweak * formatting * more formatting	2026-05-13 09:31:03 -05:00
dependabot[bot]	e0316ff2e8	core: bump ujson from 5.12.0 to 5.12.1 in the uv group across 1 directory (#22329 ) core: bump ujson in the uv group across 1 directory Bumps the uv group with 1 update in the / directory: [ujson](https://github.com/ultrajson/ultrajson). Updates `ujson` from 5.12.0 to 5.12.1 - [Release notes](https://github.com/ultrajson/ultrajson/releases) - [Commits](https://github.com/ultrajson/ultrajson/compare/5.12.0...5.12.1) --- updated-dependencies: - dependency-name: ujson dependency-version: 5.12.1 dependency-type: indirect dependency-group: uv ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-13 14:37:57 +02:00
Teffen Ellis	2c3d11a4c3	core: harden npm install against supply-chain attacks (#22245 ) * core: add .npmrc baseline to block dependency lifecycle scripts Set ignore-scripts=true at the repo root, plus engine-strict, save-exact, audit, and prefer-offline. This neutralizes the dominant npm supply-chain attack vector — postinstall scripts in transitive dependencies — at the cost of requiring an explicit rebuild for the handful of packages that legitimately need install scripts (esbuild, chromedriver, tree-sitter, tree-sitter-json). The next commit wires that rebuild into the Makefile. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * core: route node installs through make to retire website preinstall hook Make docs-install depend on a new root-node-install so the root deps are guaranteed before the website install runs, removing the need for the website/preinstall lifecycle script. Rebuild the small audited list of trusted packages (esbuild, chromedriver, tree-sitter, tree-sitter-json) after the web install so ignore-scripts=true remains the only path that needs maintenance. web/README documents the new workflow. Co-Authored-By: Playpen Agent <279763771+playpen-agent@users.noreply.github.com> * Clean up install scripts. * Track .npmrc in CODEOWNERS --------- Co-authored-by: Playpen Agent <279763771+playpen-agent@users.noreply.github.com>	2026-05-13 12:20:36 +00:00
dependabot[bot]	a3c50ae92a	core: bump django-stubs[compatible-mypy] from 6.0.3 to 6.0.4 (#22319 ) Bumps [django-stubs[compatible-mypy]](https://github.com/typeddjango/django-stubs) from 6.0.3 to 6.0.4. - [Release notes](https://github.com/typeddjango/django-stubs/releases) - [Commits](https://github.com/typeddjango/django-stubs/compare/6.0.3...6.0.4) --- updated-dependencies: - dependency-name: django-stubs[compatible-mypy] dependency-version: 6.0.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-13 13:49:57 +02:00
dependabot[bot]	3ef36b9e9e	ci: bump taiki-e/install-action from 2.77.3 to 2.77.4 in /.github/actions/setup (#22321 ) ci: bump taiki-e/install-action in /.github/actions/setup Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.77.3 to 2.77.4. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](`e3134ec54b...ec28e28791`) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.77.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-05-13 13:49:53 +02:00
Simonyi Gergő	691e173cad	endpoints: remove `print` line (#22325 )	2026-05-13 13:45:28 +02:00