Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

website/docs: update 2024.6 release notes with latest changes #10174

Merged
merged 1 commit into from
Jun 19, 2024

Conversation

rissson
Copy link
Member

@rissson rissson commented Jun 19, 2024

Details

REPLACE ME


Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@rissson rissson self-assigned this Jun 19, 2024
@rissson rissson requested a review from a team as a code owner June 19, 2024 15:14
@rissson
Copy link
Member Author

rissson commented Jun 19, 2024

/cherry-pick version-2024.6

Copy link

netlify bot commented Jun 19, 2024

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 07805c8
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/6672f5f2606c18000876aa48
😎 Deploy Preview https://deploy-preview-10174--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link

netlify bot commented Jun 19, 2024

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 07805c8
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/6672f5f254676b000821d9c6

@rissson rissson enabled auto-merge (squash) June 19, 2024 15:16
Copy link

codecov bot commented Jun 19, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.62%. Comparing base (a448107) to head (07805c8).
Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #10174      +/-   ##
==========================================
+ Coverage   92.60%   92.62%   +0.01%     
==========================================
  Files         712      712              
  Lines       34924    34933       +9     
==========================================
+ Hits        32343    32355      +12     
+ Misses       2581     2578       -3     
Flag Coverage Δ
e2e 49.55% <ø> (-0.01%) ⬇️
integration 25.40% <ø> (-0.01%) ⬇️
unit 90.09% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rissson rissson merged commit c7c7e28 into main Jun 19, 2024
69 checks passed
@rissson rissson deleted the release-notes-update branch June 19, 2024 15:31
Copy link
Contributor

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-07805c81bc9ccb89c6062a24b1de3101f442a9b2
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-07805c81bc9ccb89c6062a24b1de3101f442a9b2-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-07805c81bc9ccb89c6062a24b1de3101f442a9b2

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-07805c81bc9ccb89c6062a24b1de3101f442a9b2-arm64

Afterwards, run the upgrade commands from the latest release notes.

rissson added a commit that referenced this pull request Jun 19, 2024
kensternberg-authentik added a commit that referenced this pull request Jun 19, 2024
* main:
  website/docs: update 2024.6 release notes with latest changes (#10174)
  core: fix error when raising SkipObject in mapping (#10153)
  website/docs: 2024.6 release notes: add note about group names (#10170)
  website/docs: update 2024.6 release notes with latest changes (#10167)
  core: bump twilio from 9.1.1 to 9.2.0 (#10162)
  web: bump chromedriver from 126.0.1 to 126.0.2 in /tests/wdio (#10161)
  web: bump the wdio group in /tests/wdio with 4 updates (#10160)
  website/integrations: jellyfin: add OIDC configuration (#9538)
  website/docs: Describe where to apply the auto setup env vars (#9863)
  website/integrations: gitlab: better service description (#9923)
  web: fix docker build for non-release versions (#10154)
  root: makefile: add codespell to make-website (#10116)
kensternberg-authentik added a commit that referenced this pull request Jul 2, 2024
* admin: system api: fix FIPS status schema (cherry-pick #10110) (#10112)

admin: system api: fix FIPS status schema (#10110)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* web: bump API Client version (cherry-pick #10113) (#10114)

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10109) (#10115)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* release: 2024.6.0-rc1

* policies/reputation: fix existing reputation update (cherry-pick #10124) (#10125)

policies/reputation: fix existing reputation update (#10124)

* add failing test case



* fix reputation update



* lint



---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* core: include version in built JS files (cherry-pick #9558) (#10148)

core: include version in built JS files (#9558)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* core: include version in built JS files



* add fallback



* include build hash



* format



* fix stuff

why does this even work locally



* idk man node



* just not use import assertions



* web: add no-console, use proper dirname path

* web: retarget to use the base package.json file.

* web: encode path to root package.json using git

This is the most authoritative way of finding the root of the git project.

* use full version to match frontend



* add fallback for missing .git folder



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: Ken Sternberg <[email protected]>

* web: fix needed because recent upgrade to task breaks spinner button (cherry-pick #10142) (#10150)

web: fix needed because recent upgrade to task breaks spinner button (#10142)

web: fix broken Task plug-in

rebase and fix package json

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Ken Sternberg <[email protected]>
Co-authored-by: Jens Langhammer <[email protected]>

* root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151)

root: use custom model serializer that saves m2m without bulk (#10139)

* use custom model serializer that saves m2m without bulk



* sigh



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>

* web: fix docker build for non-release versions (cherry-pick #10154) (#10155)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>
fix docker build for non-release versions (#10154)

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10167) (#10168)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* core: fix error when raising SkipObject in mapping (cherry-pick #10153) (#10173)

core: fix error when raising SkipObject in mapping (#10153)

* core: fix error when raising SkipObject in mapping



* fix events not being saved

thanks tests



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>

* website/docs: 2024.6 release notes: add note about group names (cherry-pick #10170) (#10171)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10174) (#10175)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* release: 2024.6.0-rc2 (#10176)

* website/docs: Remove hyphen in read replica in Release Notes (cherry-pick #10178) (#10188)

Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>

* core: rework base for SkipObject exception to better support control flow exceptions (cherry-pick #10186) (#10187)

core: rework base for SkipObject exception to better support control flow exceptions (#10186)

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>

* web/flows: update flow background (cherry-pick #10206) (#10207)

web/flows: update flow background (#10206)

* web/flows: update flow background



* Optimised images with calibre/image-actions

---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* web: move rbac under .../admin

The RBAC code segment, while it is an aspect and not a vertical, is entirely used within the Admin
interface, and references other components within the Admin interface. It is not used by nor
references Flows or Users. It's placement in the `elements` folder breaks the DAG of foundational
versus client code, (`common -> elements -> interfaces`), and I'd like to keep that DAG clean to
facilitate future development.

All this PR does is move `elements/rbac` to `admin/rbac`, and adjusts all of the import statements
accordingly.  The entirety of this PR is two commands:

```shell
$ cd web/src
$ git mv elements/rbac admin
$ cd admin
$ perl -pi -e 's{goauthentik/elements/rbac/}{goauthentik/admin/rbac/}' $(rg -l 'goauthentik/elements/rbac')
```

* website/docs: fix #9552 openssl rand base64 line wrap (#10211)

* website/integrations: fix typo in documentation for OIDC setup with Paperless-ngx (#10218)

Update index.md

Missing " cost me more time than I'd like to admit. Paying it forward.

Signed-off-by: Russ Harvey <[email protected]>

* security: fix CVE-2024-38371 (#10229)

* security: fix CVE-2024-38371 (cherry-pick #10229) (#10234)

Co-authored-by: Jens L <[email protected]>
fix CVE-2024-38371 (#10229)

* security: fix CVE-2024-37905 (#10230)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* core: bump debugpy from 1.8.1 to 1.8.2 (#10225)

Bumps [debugpy](https://github.com/microsoft/debugpy) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/microsoft/debugpy/releases)
- [Commits](microsoft/debugpy@v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: debugpy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump @sentry/browser from 8.11.0 to 8.12.0 in /web in the sentry group (#10226)

web: bump @sentry/browser in /web in the sentry group

Bumps the sentry group in /web with 1 update: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 8.11.0 to 8.12.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@8.11.0...8.12.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump webauthn from 2.1.0 to 2.2.0 (#10224)

Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](duo-labs/py_webauthn@v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump chromedriver from 126.0.3 to 126.0.4 in /tests/wdio (#10223)

Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 126.0.3 to 126.0.4.
- [Commits](giggio/node-chromedriver@126.0.3...126.0.4)

---
updated-dependencies:
- dependency-name: chromedriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump pdoc from 14.5.0 to 14.5.1 (#10221)

Bumps [pdoc](https://github.com/mitmproxy/pdoc) from 14.5.0 to 14.5.1.
- [Changelog](https://github.com/mitmproxy/pdoc/blob/main/CHANGELOG.md)
- [Commits](mitmproxy/pdoc@v14.5.0...v14.5.1)

---
updated-dependencies:
- dependency-name: pdoc
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* security: fix CVE-2024-37905 (cherry-pick #10230) (#10237)

Co-authored-by: Jens L <[email protected]>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>
fix CVE-2024-37905 (#10230)

* release: 2024.6.0

* website/docs: update 2024.6 release notes with latest changes (#10228)

* website/docs: update 2024.2 release notes with security fixes (#10232)

* website/docs: update 2024.4 release notes with latest changes (#10231)

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10228) (#10243)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* website/docs: remove RC disclaimer from 2024.6 release notes (#10245)

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* website/docs: remove RC disclaimer from 2024.6 release notes (cherry-pick #10245) (#10246)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* security: update supported versions (#10247)

* security: update supported versions (cherry-pick #10247) (#10248)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* website/docs: update geoip and asn example to use the proper syntax (#10249)

* website/docs: update the Welcome page (#10222)

* update to mention Enterprise

* moved sections

* tweaks

---------

Co-authored-by: Tana M Berry <[email protected]>

* website/docs: update geoip and asn example to use the proper syntax (cherry-pick #10249) (#10250)

website/docs: update geoip and asn example to use the proper syntax (#10249)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* web: bump API Client version (#10252)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* web/flows: remove continue button from AutoSubmit stage (#10253)

Signed-off-by: Jens Langhammer <[email protected]>

* web: disable reading dark mode out of the UI by default (#10256)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: disable reading dark mode out of the UI by default

This patch disables "dark mode" as a browser preference.  It still honors
the user preference, but it will always default to Light mode and will not
pay attention to the browser setting.

Thank GNU that dark mode availablity is not a requirement to sell to
governments: https://www.section508.gov/content/guide-accessible-web-design-development/#

* Prettier had opinions.

* Prettier having more opinions.

* Preserve knowledge.

* Updated eslint to stop warning us out about deprecated features.

* web: provide better feedback on Application Library page about search results (#9386)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: improve state management of Fuze application search

This commit rewrites a bit (just a bit, really!) of the relationship between
`ak-library-application-impl` and `ak-library-application-search`.

The "show only apps with launch URLs filter" has been moved up to the retrieval layer; there was no
reason for the renderer to repeatedly call a *required* filter; just call it on the list of
applications once and be done.

The search component exchanges the two-state guesswork and custom events for a concrete three-state
solution and *private* events. The search handler now sends the events "reset," "updated," and the
new "updated and empty," which we could not previously track.

By limiting the Impl layer to only those apps with launchUrls, we can now distinguish between "all
apps," and "filtered apps," and understand that when "all apps" is empty we have no apps, and when
"filtered apps" is empty the search has returned nothing.

I also tried to add a lot more comments.

In keeping with ES2020, I've put `.js` extensions on all the local imports.

In keeping with a variety of [best practice
recommendations](https://webcomponents.today/best-practices/), I've renamed web component files to
match the custom element they deploy:

```
ak-library-application-search-empty.ts
19:@CustomElement("ak-library-application-search-empty")

ak-library-impl.ts
44:@CustomElement("ak-library-impl")

ak-library.ts
30:@CustomElement("ak-library")

ak-library-application-list.ts
34:@CustomElement("ak-library-application-list")

ak-library-application-empty-list.ts
22:@CustomElement("ak-library-application-empty-list")

ak-library-application-search.ts
46:@CustomElement("ak-library-application-search")
```

The only effect(s) external to the changes in this vertical is that the Route() had to be updated,
and I have done that.

* web: updated the improved search to Google's Lit standards for events.

* website/docs: update geoip and asn documentation following field changes (#10265)

Co-authored-by: Tana M Berry <[email protected]>

* core, web: update translations (#10259)

Co-authored-by: rissson <[email protected]>

* core: bump goauthentik.io/api/v3 from 3.2024042.13 to 3.2024060.1 (#10260)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10268)

Translate locale/en/LC_MESSAGES/django.po in ru

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'ru'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* core: bump drf-jsonschema-serializer from 2.0.0 to 3.0.0 (#10262)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* translate: Updates for file web/xliff/en.xlf in zh_CN (#10271)

Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* translate: Updates for file web/xliff/en.xlf in zh-Hans (#10272)

Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* web: provide a test framework (#9681)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: provide a test framework

As is typical of a system where a new build engine is involved, this thing is sadly fragile. Use the
wrong import style in wdio.conf.js and it breaks; there are several notes in tsconfig.test.conf and
wdio.conf.ts to tell eslint or tsc not to complain, it's just a different build with different
criteria, the native criteria don't apply.

On the other hand, writing tests is easy and predictable. We can test behaviors at the unit and
component scale in a straightforward manner, and validate our expectations that things work the way
we believe they should.

* Rolling back a reversion.

* Adjusting paths to work with tests.

* add ci to test

Signed-off-by: Jens Langhammer <[email protected]>

* web: patch spotlight on the fly to fix syntax issue that blocked storybook build

This should be a temporary hack.  I have an [open
issue](getsentry/spotlight#419) and [pull
request](getsentry/spotlight#420) with the
Spotlight people already to fix the issue.

* Somehow missed these in the merge.

* Merge missed something.

* Fixed an issue where npm install and npm ci had different shell script behaviors.

* Removed debugging messages.

---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens Langhammer <[email protected]>

* web: lint package-lock.json file (#10157)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: replace ad-hoc test for package-lock.json file with a tool

Testing to see if a package-lock entry has a `resolved` field hasn't
been a reliable test of that entry's validity for several years
now.  The best options we have now are to ensure that every download
occurs over https, and that every download only happens from fully
vetted sources such as NPM and Github. [Liran Tal's Lockfile-Lint
tool](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/)
does this for package-lock.json files made with NPM or Yarn.

* web: update CI workflows to use `lockfile-lint` for validity checking

* Still getting familiar with the workflows thing.

* ci: refactor ci-web linting

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* ci fix

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* try again

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* and again

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* rework ci-website

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* events: associate login_failed events to a user if possible (#10270)

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* core: adjust styling to meet our standards (#10277)

* core: adjust styling to meet our standards

* Fix version correspondence bug in website (#10278)

web: update lockfile to correspond to package.json, enabling npm-ci

Looks like someone updated `package.json` to have the latest version
of Typescript, but failed to update `package-lock.json` to get that
version into the cache.  `npm ci` won't work if the versions in the
two files don't correspond, as that means, well, exactly that: no
one has checked that the versioning is correct.

The actual diff to `package-lock.json` is small enough it can be
verified by eye, and it's fine.

* web: bump @sentry/browser from 8.12.0 to 8.13.0 in /web in the sentry group (#10286)

web: bump @sentry/browser in /web in the sentry group

Bumps the sentry group in /web with 1 update: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 8.12.0 to 8.13.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@8.12.0...8.13.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump ruff from 0.4.10 to 0.5.0 (#10285)

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.10 to 0.5.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@v0.4.10...0.5.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump swagger-spec-validator from 3.0.3 to 3.0.4 (#10284)

Bumps [swagger-spec-validator](https://github.com/Yelp/swagger_spec_validator) from 3.0.3 to 3.0.4.
- [Changelog](https://github.com/Yelp/swagger_spec_validator/blob/master/CHANGELOG.rst)
- [Commits](Yelp/swagger_spec_validator@v3.0.3...v3.0.4)

---
updated-dependencies:
- dependency-name: swagger-spec-validator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump twilio from 9.2.1 to 9.2.2 (#10283)

Bumps [twilio](https://github.com/twilio/twilio-python) from 9.2.1 to 9.2.2.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](twilio/twilio-python@9.2.1...9.2.2)

---
updated-dependencies:
- dependency-name: twilio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump google-api-python-client from 2.134.0 to 2.135.0 (#10281)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.134.0 to 2.135.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](googleapis/google-api-python-client@v2.134.0...v2.135.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump sentry-sdk from 2.5.1 to 2.7.1 (#10282)

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.5.1 to 2.7.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](getsentry/sentry-python@2.5.1...2.7.1)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core, web: update translations (#10279)

Co-authored-by: rissson <[email protected]>

* root: allow extra sentry settings (#10269)

* core: fix URLValidator regex to allow single digit port (#10280)

* root: fix web docker build (#10287)

* tests/e2e: fix ldap tests following #10270 (#10288)

* web/admin: show matching user reputation scores in user details (#10276)

Co-authored-by: Jens Langhammer <[email protected]>

* web: bump API Client version (#10290)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* web: restore hasLaunchUrl to client-side criteria for filtering apps (#10291)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: restore `hasLaunchUrl` to the The `filteredApps` criteria

I misunderstood where this information was coming from.  Sorry about that.

* Use the most efficient operator here.

* core: applications api: prefetch related policies (#10273)

* stages/user_login: fix ?next parameter not carried through broken session binding (#10301)

Signed-off-by: Jens Langhammer <[email protected]>

* core: bump psycopg from 3.1.19 to 3.2.1 (#10313)

Bumps [psycopg](https://github.com/psycopg/psycopg) from 3.1.19 to 3.2.1.
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](psycopg/psycopg@3.1.19...3.2.1)

---
updated-dependencies:
- dependency-name: psycopg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump goauthentik.io/api/v3 from 3.2024060.1 to 3.2024060.2 (#10311)

Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2024060.1 to 3.2024060.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](goauthentik/client-go@v3.2024060.1...v3.2024060.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* website: bump postcss from 8.4.38 to 8.4.39 in /website (#10310)

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.38 to 8.4.39.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.38...8.4.39)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump esbuild from 0.21.5 to 0.22.0 in /web (#10309)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.21.5 to 0.22.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.21.5...v0.22.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump the esbuild group in /web with 2 updates (#10308)

Bumps the esbuild group in /web with 2 updates: [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) and [@esbuild/linux-arm64](https://github.com/evanw/esbuild).


Updates `@esbuild/darwin-arm64` from 0.21.5 to 0.22.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.21.5...v0.22.0)

Updates `@esbuild/linux-arm64` from 0.21.5 to 0.22.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.21.5...v0.22.0)

---
updated-dependencies:
- dependency-name: "@esbuild/darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#10306)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* core, web: update translations (#10294)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>

* web: fix package lock out of sync (#10314)

* translate: Updates for file web/xliff/en.xlf in zh_CN (#10315)

Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* web/flows: remove background image link (#10318)

Signed-off-by: Jens Langhammer <[email protected]>

* core: remove transitionary old JS urls (#10317)

Signed-off-by: Jens Langhammer <[email protected]>

* web: set noopener and noreferrer on all external links (#10304)

Signed-off-by: Jens Langhammer <[email protected]>

* web: bump typescript from 5.5.2 to 5.5.3 in /web (#10332)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](microsoft/TypeScript@v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump the esbuild group in /web with 2 updates (#10330)

Bumps the esbuild group in /web with 2 updates: [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) and [@esbuild/linux-arm64](https://github.com/evanw/esbuild).


Updates `@esbuild/darwin-arm64` from 0.22.0 to 0.23.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.22.0...v0.23.0)

Updates `@esbuild/linux-arm64` from 0.22.0 to 0.23.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: "@esbuild/darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump typescript from 5.5.2 to 5.5.3 in /tests/wdio (#10327)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](microsoft/TypeScript@v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump pydantic from 2.7.4 to 2.8.0 (#10325)

Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.7.4 to 2.8.0.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v2.7.4...v2.8.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* website: bump typescript from 5.5.2 to 5.5.3 in /website (#10326)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](microsoft/TypeScript@v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core, web: update translations (#10324)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>

* web: fixed missed internationalized strings (#10323)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: you have no missed messages

This commit uncovers a few places where a human-readable string was not property cast into the
internationalized form and internationalizes them in order to conform to our policy of keeping the
product viable outside of the English-speaking world.

* Restored SAML spacing manually. Not sure why that was necessary.

* Restored WS spacing manually. Not sure why that was necessary.

* Restored RouteMatch spacing manually. Not sure why that was necessary.

* Restored RAC spacing manually. Not sure why that was necessary.

* web: bump esbuild from 0.22.0 to 0.23.0 in /web (#10331)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* translate: Updates for file web/xliff/en.xlf in zh-Hans (#10293)

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* translate: Updates for file web/xliff/en.xlf in fr (#10334)

Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* provider/scim: Fix exception handling for missing ServiceProviderConfig (#10322)

* web: provide default endpoint api configuration (#10319)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* Intermediate; prepping for remove that may fail.

* web: provide a default table endpoint configuration

This commit finds 19 places where the exact same configuration is
used to describe a table's API endpoint, and replaces that configuration
with a provided default from a parent class.

While examining the logs for our build, I noted that this particular
sequence is duplicated multiple times throughout our code base,
accounting for a bloat of 169 lines or so of the estimated 5552
lines of bloat.  By providing a default endpoint configuration and
substituting it (mechanically) wherever the default is required,
we reduce our code duplication issue from 9.26% of the codesabe
to 8.99%.

... which is a start.

* Didn't need the duplication.

* remove page argument while we're at it

Signed-off-by: Jens Langhammer <[email protected]>

* actually use it everywhere

Signed-off-by: Jens Langhammer <[email protected]>

* web: fix inconsistent method signature for LogViewer

Removed the `_page` parameter from LogViewer's apiEndpoint() method.

The `page: number` parameter is no longer a part of this method's signature.

* web: restore reduced page size to Overview:Recent Events card

---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens Langhammer <[email protected]>

---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Jens Langhammer <[email protected]>
Signed-off-by: Russ Harvey <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jonathan Joewono <[email protected]>
Co-authored-by: Russ Harvey <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: ztelliot <[email protected]>
Co-authored-by: Michael Poutre <[email protected]>
BeryJu added a commit that referenced this pull request Jul 2, 2024
* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: remove some minor lint

While working on other projects, a few small lint issues came up:

- Duplicate imports of a web component
- A switch statement with a single condition
- Empty returns

All of these made eslint complain, so I have edited the code to meet our standards.  They are all
quite small.

* web: move rbac under .../admin (#10213)

* admin: system api: fix FIPS status schema (cherry-pick #10110) (#10112)

admin: system api: fix FIPS status schema (#10110)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* web: bump API Client version (cherry-pick #10113) (#10114)

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10109) (#10115)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* release: 2024.6.0-rc1

* policies/reputation: fix existing reputation update (cherry-pick #10124) (#10125)

policies/reputation: fix existing reputation update (#10124)

* add failing test case



* fix reputation update



* lint



---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* core: include version in built JS files (cherry-pick #9558) (#10148)

core: include version in built JS files (#9558)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* core: include version in built JS files



* add fallback



* include build hash



* format



* fix stuff

why does this even work locally



* idk man node



* just not use import assertions



* web: add no-console, use proper dirname path

* web: retarget to use the base package.json file.

* web: encode path to root package.json using git

This is the most authoritative way of finding the root of the git project.

* use full version to match frontend



* add fallback for missing .git folder



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: Ken Sternberg <[email protected]>

* web: fix needed because recent upgrade to task breaks spinner button (cherry-pick #10142) (#10150)

web: fix needed because recent upgrade to task breaks spinner button (#10142)

web: fix broken Task plug-in

rebase and fix package json

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Ken Sternberg <[email protected]>
Co-authored-by: Jens Langhammer <[email protected]>

* root: use custom model serializer that saves m2m without bulk (cherry-pick #10139) (#10151)

root: use custom model serializer that saves m2m without bulk (#10139)

* use custom model serializer that saves m2m without bulk



* sigh



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>

* web: fix docker build for non-release versions (cherry-pick #10154) (#10155)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>
fix docker build for non-release versions (#10154)

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10167) (#10168)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* core: fix error when raising SkipObject in mapping (cherry-pick #10153) (#10173)

core: fix error when raising SkipObject in mapping (#10153)

* core: fix error when raising SkipObject in mapping



* fix events not being saved

thanks tests



---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>

* website/docs: 2024.6 release notes: add note about group names (cherry-pick #10170) (#10171)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10174) (#10175)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* release: 2024.6.0-rc2 (#10176)

* website/docs: Remove hyphen in read replica in Release Notes (cherry-pick #10178) (#10188)

Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>

* core: rework base for SkipObject exception to better support control flow exceptions (cherry-pick #10186) (#10187)

core: rework base for SkipObject exception to better support control flow exceptions (#10186)

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>

* web/flows: update flow background (cherry-pick #10206) (#10207)

web/flows: update flow background (#10206)

* web/flows: update flow background



* Optimised images with calibre/image-actions

---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* web: move rbac under .../admin

The RBAC code segment, while it is an aspect and not a vertical, is entirely used within the Admin
interface, and references other components within the Admin interface. It is not used by nor
references Flows or Users. It's placement in the `elements` folder breaks the DAG of foundational
versus client code, (`common -> elements -> interfaces`), and I'd like to keep that DAG clean to
facilitate future development.

All this PR does is move `elements/rbac` to `admin/rbac`, and adjusts all of the import statements
accordingly.  The entirety of this PR is two commands:

```shell
$ cd web/src
$ git mv elements/rbac admin
$ cd admin
$ perl -pi -e 's{goauthentik/elements/rbac/}{goauthentik/admin/rbac/}' $(rg -l 'goauthentik/elements/rbac')
```

* website/docs: fix #9552 openssl rand base64 line wrap (#10211)

* website/integrations: fix typo in documentation for OIDC setup with Paperless-ngx (#10218)

Update index.md

Missing " cost me more time than I'd like to admit. Paying it forward.

Signed-off-by: Russ Harvey <[email protected]>

* security: fix CVE-2024-38371 (#10229)

* security: fix CVE-2024-38371 (cherry-pick #10229) (#10234)

Co-authored-by: Jens L <[email protected]>
fix CVE-2024-38371 (#10229)

* security: fix CVE-2024-37905 (#10230)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* core: bump debugpy from 1.8.1 to 1.8.2 (#10225)

Bumps [debugpy](https://github.com/microsoft/debugpy) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/microsoft/debugpy/releases)
- [Commits](https://github.com/microsoft/debugpy/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: debugpy
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump @sentry/browser from 8.11.0 to 8.12.0 in /web in the sentry group (#10226)

web: bump @sentry/browser in /web in the sentry group

Bumps the sentry group in /web with 1 update: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 8.11.0 to 8.12.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/8.11.0...8.12.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump webauthn from 2.1.0 to 2.2.0 (#10224)

Bumps [webauthn](https://github.com/duo-labs/py_webauthn) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/duo-labs/py_webauthn/releases)
- [Changelog](https://github.com/duo-labs/py_webauthn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/duo-labs/py_webauthn/compare/v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: webauthn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump chromedriver from 126.0.3 to 126.0.4 in /tests/wdio (#10223)

Bumps [chromedriver](https://github.com/giggio/node-chromedriver) from 126.0.3 to 126.0.4.
- [Commits](https://github.com/giggio/node-chromedriver/compare/126.0.3...126.0.4)

---
updated-dependencies:
- dependency-name: chromedriver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump pdoc from 14.5.0 to 14.5.1 (#10221)

Bumps [pdoc](https://github.com/mitmproxy/pdoc) from 14.5.0 to 14.5.1.
- [Changelog](https://github.com/mitmproxy/pdoc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mitmproxy/pdoc/compare/v14.5.0...v14.5.1)

---
updated-dependencies:
- dependency-name: pdoc
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* security: fix CVE-2024-37905 (cherry-pick #10230) (#10237)

Co-authored-by: Jens L <[email protected]>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>
fix CVE-2024-37905 (#10230)

* release: 2024.6.0

* website/docs: update 2024.6 release notes with latest changes (#10228)

* website/docs: update 2024.2 release notes with security fixes (#10232)

* website/docs: update 2024.4 release notes with latest changes (#10231)

* website/docs: update 2024.6 release notes with latest changes (cherry-pick #10228) (#10243)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* website/docs: remove RC disclaimer from 2024.6 release notes (#10245)

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* website/docs: remove RC disclaimer from 2024.6 release notes (cherry-pick #10245) (#10246)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* security: update supported versions (#10247)

* security: update supported versions (cherry-pick #10247) (#10248)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* website/docs: update geoip and asn example to use the proper syntax (#10249)

* website/docs: update the Welcome page (#10222)

* update to mention Enterprise

* moved sections

* tweaks

---------

Co-authored-by: Tana M Berry <[email protected]>

* website/docs: update geoip and asn example to use the proper syntax (cherry-pick #10249) (#10250)

website/docs: update geoip and asn example to use the proper syntax (#10249)

Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* web: bump API Client version (#10252)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* web/flows: remove continue button from AutoSubmit stage (#10253)

Signed-off-by: Jens Langhammer <[email protected]>

* web: disable reading dark mode out of the UI by default (#10256)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: disable reading dark mode out of the UI by default

This patch disables "dark mode" as a browser preference.  It still honors
the user preference, but it will always default to Light mode and will not
pay attention to the browser setting.

Thank GNU that dark mode availablity is not a requirement to sell to
governments: https://www.section508.gov/content/guide-accessible-web-design-development/#

* Prettier had opinions.

* Prettier having more opinions.

* Preserve knowledge.

* Updated eslint to stop warning us out about deprecated features.

* web: provide better feedback on Application Library page about search results (#9386)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: improve state management of Fuze application search

This commit rewrites a bit (just a bit, really!) of the relationship between
`ak-library-application-impl` and `ak-library-application-search`.

The "show only apps with launch URLs filter" has been moved up to the retrieval layer; there was no
reason for the renderer to repeatedly call a *required* filter; just call it on the list of
applications once and be done.

The search component exchanges the two-state guesswork and custom events for a concrete three-state
solution and *private* events. The search handler now sends the events "reset," "updated," and the
new "updated and empty," which we could not previously track.

By limiting the Impl layer to only those apps with launchUrls, we can now distinguish between "all
apps," and "filtered apps," and understand that when "all apps" is empty we have no apps, and when
"filtered apps" is empty the search has returned nothing.

I also tried to add a lot more comments.

In keeping with ES2020, I've put `.js` extensions on all the local imports.

In keeping with a variety of [best practice
recommendations](https://webcomponents.today/best-practices/), I've renamed web component files to
match the custom element they deploy:

```
ak-library-application-search-empty.ts
19:@customElement("ak-library-application-search-empty")

ak-library-impl.ts
44:@customElement("ak-library-impl")

ak-library.ts
30:@customElement("ak-library")

ak-library-application-list.ts
34:@customElement("ak-library-application-list")

ak-library-application-empty-list.ts
22:@customElement("ak-library-application-empty-list")

ak-library-application-search.ts
46:@customElement("ak-library-application-search")
```

The only effect(s) external to the changes in this vertical is that the Route() had to be updated,
and I have done that.

* web: updated the improved search to Google's Lit standards for events.

* website/docs: update geoip and asn documentation following field changes (#10265)

Co-authored-by: Tana M Berry <[email protected]>

* core, web: update translations (#10259)

Co-authored-by: rissson <[email protected]>

* core: bump goauthentik.io/api/v3 from 3.2024042.13 to 3.2024060.1 (#10260)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* translate: Updates for file locale/en/LC_MESSAGES/django.po in ru (#10268)

Translate locale/en/LC_MESSAGES/django.po in ru

100% translated source file: 'locale/en/LC_MESSAGES/django.po'
on 'ru'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* core: bump drf-jsonschema-serializer from 2.0.0 to 3.0.0 (#10262)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* translate: Updates for file web/xliff/en.xlf in zh_CN (#10271)

Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* translate: Updates for file web/xliff/en.xlf in zh-Hans (#10272)

Translate web/xliff/en.xlf in zh-Hans

100% translated source file: 'web/xliff/en.xlf'
on 'zh-Hans'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* web: provide a test framework (#9681)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: provide a test framework

As is typical of a system where a new build engine is involved, this thing is sadly fragile. Use the
wrong import style in wdio.conf.js and it breaks; there are several notes in tsconfig.test.conf and
wdio.conf.ts to tell eslint or tsc not to complain, it's just a different build with different
criteria, the native criteria don't apply.

On the other hand, writing tests is easy and predictable. We can test behaviors at the unit and
component scale in a straightforward manner, and validate our expectations that things work the way
we believe they should.

* Rolling back a reversion.

* Adjusting paths to work with tests.

* add ci to test

Signed-off-by: Jens Langhammer <[email protected]>

* web: patch spotlight on the fly to fix syntax issue that blocked storybook build

This should be a temporary hack.  I have an [open
issue](https://github.com/getsentry/spotlight/issues/419) and [pull
request](https://github.com/getsentry/spotlight/pull/420) with the
Spotlight people already to fix the issue.

* Somehow missed these in the merge.

* Merge missed something.

* Fixed an issue where npm install and npm ci had different shell script behaviors.

* Removed debugging messages.

---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens Langhammer <[email protected]>

* web: lint package-lock.json file (#10157)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: replace ad-hoc test for package-lock.json file with a tool

Testing to see if a package-lock entry has a `resolved` field hasn't
been a reliable test of that entry's validity for several years
now.  The best options we have now are to ensure that every download
occurs over https, and that every download only happens from fully
vetted sources such as NPM and Github. [Liran Tal's Lockfile-Lint
tool](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/)
does this for package-lock.json files made with NPM or Yarn.

* web: update CI workflows to use `lockfile-lint` for validity checking

* Still getting familiar with the workflows thing.

* ci: refactor ci-web linting

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* ci fix

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* try again

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* and again

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* rework ci-website

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* events: associate login_failed events to a user if possible (#10270)

Signed-off-by: Marc 'risson' Schmitt <[email protected]>

* core: adjust styling to meet our standards (#10277)

* core: adjust styling to meet our standards

* Fix version correspondence bug in website (#10278)

web: update lockfile to correspond to package.json, enabling npm-ci

Looks like someone updated `package.json` to have the latest version
of Typescript, but failed to update `package-lock.json` to get that
version into the cache.  `npm ci` won't work if the versions in the
two files don't correspond, as that means, well, exactly that: no
one has checked that the versioning is correct.

The actual diff to `package-lock.json` is small enough it can be
verified by eye, and it's fine.

* web: bump @sentry/browser from 8.12.0 to 8.13.0 in /web in the sentry group (#10286)

web: bump @sentry/browser in /web in the sentry group

Bumps the sentry group in /web with 1 update: [@sentry/browser](https://github.com/getsentry/sentry-javascript).


Updates `@sentry/browser` from 8.12.0 to 8.13.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/8.12.0...8.13.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: sentry
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump ruff from 0.4.10 to 0.5.0 (#10285)

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.4.10 to 0.5.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.4.10...0.5.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump swagger-spec-validator from 3.0.3 to 3.0.4 (#10284)

Bumps [swagger-spec-validator](https://github.com/Yelp/swagger_spec_validator) from 3.0.3 to 3.0.4.
- [Changelog](https://github.com/Yelp/swagger_spec_validator/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/Yelp/swagger_spec_validator/compare/v3.0.3...v3.0.4)

---
updated-dependencies:
- dependency-name: swagger-spec-validator
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump twilio from 9.2.1 to 9.2.2 (#10283)

Bumps [twilio](https://github.com/twilio/twilio-python) from 9.2.1 to 9.2.2.
- [Release notes](https://github.com/twilio/twilio-python/releases)
- [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-python/compare/9.2.1...9.2.2)

---
updated-dependencies:
- dependency-name: twilio
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump google-api-python-client from 2.134.0 to 2.135.0 (#10281)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.134.0 to 2.135.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.134.0...v2.135.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump sentry-sdk from 2.5.1 to 2.7.1 (#10282)

Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.5.1 to 2.7.1.
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.5.1...2.7.1)

---
updated-dependencies:
- dependency-name: sentry-sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core, web: update translations (#10279)

Co-authored-by: rissson <[email protected]>

* root: allow extra sentry settings (#10269)

* core: fix URLValidator regex to allow single digit port (#10280)

* root: fix web docker build (#10287)

* tests/e2e: fix ldap tests following #10270 (#10288)

* web/admin: show matching user reputation scores in user details (#10276)

Co-authored-by: Jens Langhammer <[email protected]>

* web: bump API Client version (#10290)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* web: restore hasLaunchUrl to client-side criteria for filtering apps (#10291)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: restore `hasLaunchUrl` to the The `filteredApps` criteria

I misunderstood where this information was coming from.  Sorry about that.

* Use the most efficient operator here.

* core: applications api: prefetch related policies (#10273)

* stages/user_login: fix ?next parameter not carried through broken session binding (#10301)

Signed-off-by: Jens Langhammer <[email protected]>

* core: bump psycopg from 3.1.19 to 3.2.1 (#10313)

Bumps [psycopg](https://github.com/psycopg/psycopg) from 3.1.19 to 3.2.1.
- [Changelog](https://github.com/psycopg/psycopg/blob/master/docs/news.rst)
- [Commits](https://github.com/psycopg/psycopg/compare/3.1.19...3.2.1)

---
updated-dependencies:
- dependency-name: psycopg
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump goauthentik.io/api/v3 from 3.2024060.1 to 3.2024060.2 (#10311)

Bumps [goauthentik.io/api/v3](https://github.com/goauthentik/client-go) from 3.2024060.1 to 3.2024060.2.
- [Release notes](https://github.com/goauthentik/client-go/releases)
- [Commits](https://github.com/goauthentik/client-go/compare/v3.2024060.1...v3.2024060.2)

---
updated-dependencies:
- dependency-name: goauthentik.io/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* website: bump postcss from 8.4.38 to 8.4.39 in /website (#10310)

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.38 to 8.4.39.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.38...8.4.39)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump esbuild from 0.21.5 to 0.22.0 in /web (#10309)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.21.5 to 0.22.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.21.5...v0.22.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump the esbuild group in /web with 2 updates (#10308)

Bumps the esbuild group in /web with 2 updates: [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) and [@esbuild/linux-arm64](https://github.com/evanw/esbuild).


Updates `@esbuild/darwin-arm64` from 0.21.5 to 0.22.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.21.5...v0.22.0)

Updates `@esbuild/linux-arm64` from 0.21.5 to 0.22.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.21.5...v0.22.0)

---
updated-dependencies:
- dependency-name: "@esbuild/darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#10306)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>

* core, web: update translations (#10294)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>

* web: fix package lock out of sync (#10314)

* translate: Updates for file web/xliff/en.xlf in zh_CN (#10315)

Translate web/xliff/en.xlf in zh_CN

100% translated source file: 'web/xliff/en.xlf'
on 'zh_CN'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* web/flows: remove background image link (#10318)

Signed-off-by: Jens Langhammer <[email protected]>

* core: remove transitionary old JS urls (#10317)

Signed-off-by: Jens Langhammer <[email protected]>

* web: set noopener and noreferrer on all external links (#10304)

Signed-off-by: Jens Langhammer <[email protected]>

* web: bump typescript from 5.5.2 to 5.5.3 in /web (#10332)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump the esbuild group in /web with 2 updates (#10330)

Bumps the esbuild group in /web with 2 updates: [@esbuild/darwin-arm64](https://github.com/evanw/esbuild) and [@esbuild/linux-arm64](https://github.com/evanw/esbuild).


Updates `@esbuild/darwin-arm64` from 0.22.0 to 0.23.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.22.0...v0.23.0)

Updates `@esbuild/linux-arm64` from 0.22.0 to 0.23.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: "@esbuild/darwin-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
- dependency-name: "@esbuild/linux-arm64"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: esbuild
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* web: bump typescript from 5.5.2 to 5.5.3 in /tests/wdio (#10327)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core: bump pydantic from 2.7.4 to 2.8.0 (#10325)

Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.7.4 to 2.8.0.
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.7.4...v2.8.0)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* website: bump typescript from 5.5.2 to 5.5.3 in /website (#10326)

Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* core, web: update translations (#10324)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>

* web: fixed missed internationalized strings (#10323)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* web: you have no missed messages

This commit uncovers a few places where a human-readable string was not property cast into the
internationalized form and internationalizes them in order to conform to our policy of keeping the
product viable outside of the English-speaking world.

* Restored SAML spacing manually. Not sure why that was necessary.

* Restored WS spacing manually. Not sure why that was necessary.

* Restored RouteMatch spacing manually. Not sure why that was necessary.

* Restored RAC spacing manually. Not sure why that was necessary.

* web: bump esbuild from 0.22.0 to 0.23.0 in /web (#10331)

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* translate: Updates for file web/xliff/en.xlf in zh-Hans (#10293)

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>

* translate: Updates for file web/xliff/en.xlf in fr (#10334)

Translate web/xliff/en.xlf in fr

100% translated source file: 'web/xliff/en.xlf'
on 'fr'.

Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>

* provider/scim: Fix exception handling for missing ServiceProviderConfig (#10322)

* web: provide default endpoint api configuration (#10319)

* web: fix esbuild issue with style sheets

Getting ESBuild, Lit, and Storybook to all agree on how to read and parse stylesheets is a serious
pain. This fix better identifies the value types (instances) being passed from various sources in
the repo to the three *different* kinds of style processors we're using (the native one, the
polyfill one, and whatever the heck Storybook does internally).

Falling back to using older CSS instantiating techniques one era at a time seems to do the trick.
It's ugly, but in the face of the aggressive styling we use to avoid Flashes of Unstyled Content
(FLoUC), it's the logic with which we're left.

In standard mode, the following warning appears on the console when running a Flow:

```
Autofocus processing was blocked because a document already has a focused element.
```

In compatibility mode, the following **error** appears on the console when running a Flow:

```
crawler-inject.js:1106 Uncaught TypeError: Failed to execute 'observe' on 'MutationObserver': parameter 1 is not of type 'Node'.
    at initDomMutationObservers (crawler-inject.js:1106:18)
    at crawler-inject.js:1114:24
    at Array.forEach (<anonymous>)
    at initDomMutationObservers (crawler-inject.js:1114:10)
    at crawler-inject.js:1549:1
initDomMutationObservers @ crawler-inject.js:1106
(anonymous) @ crawler-inject.js:1114
initDomMutationObservers @ crawler-inject.js:1114
(anonymous) @ crawler-inject.js:1549
```

Despite this error, nothing seems to be broken and flows work as anticipated.

* Intermediate; prepping for remove that may fail.

* web: provide a default table endpoint configuration

This commit finds 19 places where the exact same configuration is
used to describe a table's API endpoint, and replaces that configuration
with a provided default from a parent class.

While examining the logs for our build, I noted that this particular
sequence is duplicated multiple times throughout our code base,
accounting for a bloat of 169 lines or so of the estimated 5552
lines of bloat.  By providing a default endpoint configuration and
substituting it (mechanically) wherever the default is required,
we reduce our code duplication issue from 9.26% of the codesabe
to 8.99%.

... which is a start.

* Didn't need the duplication.

* remove page argument while we're at it

Signed-off-by: Jens Langhammer <[email protected]>

* actually use it everywhere

Signed-off-by: Jens Langhammer <[email protected]>

* web: fix inconsistent method signature for LogViewer

Removed the `_page` parameter from LogViewer's apiEndpoint() method.

The `page: number` parameter is no longer a part of this method's signature.

* web: restore reduced page size to Overview:Recent Events card

---------

Signed-off-by: Jens Langhammer <[email protected]>
Co-authored-by: Jens Langhammer <[email protected]>

---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Jens Langhammer <[email protected]>
Signed-off-by: Russ Harvey <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jonathan Joewono <[email protected]>
Co-authored-by: Russ Harvey <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: ztelliot <[email protected]>
Co-authored-by: Michael Poutre <[email protected]>

---------

Signed-off-by: Marc 'risson' Schmitt <[email protected]>
Signed-off-by: Jens Langhammer <[email protected]>
Signed-off-by: Russ Harvey <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Co-authored-by: Marc 'risson' Schmitt <[email protected]>
Co-authored-by: Jens L <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: Tana M Berry <[email protected]>
Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
Co-authored-by: Jonathan Joewono <[email protected]>
Co-authored-by: Russ Harvey <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: rissson <[email protected]>
Co-authored-by: transifex-integration[bot] <43880903+transifex-integration[bot]@users.noreply.github.com>
Co-authored-by: ztelliot <[email protected]>
Co-authored-by: Michael Poutre <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants