diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index b1e4e70250..074d6e1031 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -64,7 +64,7 @@ runs: rustflags: "" - name: Setup rust dependencies if: ${{ contains(inputs.dependencies, 'rust') }} - uses: taiki-e/install-action@e49978b799e49ff429d162b7a30601a569ab6538 # v2 + uses: taiki-e/install-action@6887963ccf37a9ddcd8c5fa4baeb3e1e5fd61fa1 # v2 with: tool: cargo-deny cargo-machete cargo-llvm-cov nextest - name: Setup node (root, web) @@ -79,7 +79,7 @@ runs: go-version-file: "${{ inputs.working-directory }}go.mod" - name: Setup docker cache if: ${{ contains(inputs.dependencies, 'runtime') }} - uses: AndreKurait/docker-cache@0fe76702a40db986d9663c24954fc14c6a6031b7 + uses: AndreKurait/docker-cache@7a3887908bdb97935395833df69b060cfcca0f7f with: key: docker-images-${{ runner.os }}-${{ hashFiles('.github/actions/setup/compose.yml', 'Makefile') }}-${{ inputs.postgresql_version }} - name: Setup dependencies diff --git a/.github/workflows/qa-codeql.yml b/.github/workflows/qa-codeql.yml index 8504dbda1d..726c696413 100644 --- a/.github/workflows/qa-codeql.yml +++ b/.github/workflows/qa-codeql.yml @@ -28,10 +28,10 @@ jobs: - name: Setup authentik env uses: ./.github/actions/setup - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/autobuild@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 diff --git a/pyproject.toml b/pyproject.toml index 31f579b95e..90502505af 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -36,12 +36,12 @@ dependencies = [ "fido2==2.2.0", "geoip2==5.2.0", "geopy==2.4.1", - "google-api-python-client==2.196.0", + "google-api-python-client==2.197.0", "gssapi==1.11.1", "gunicorn==26.0.0", "jsonpatch==1.33", "jwcrypto==1.5.7", - "kubernetes==36.0.0", + "kubernetes==36.0.2", "ldap3==2.9.1", "lxml==6.1.1", "msgraph-sdk==1.58.0", @@ -57,7 +57,7 @@ dependencies = [ "pyyaml==6.0.3", "requests-oauthlib==2.0.0", "scim2-filter-parser==0.7.0", - "sentry-sdk==2.60.0", + "sentry-sdk==2.61.0", "service-identity==24.2.0", "setproctitle==1.3.7", "structlog==25.5.0", @@ -84,7 +84,7 @@ dev = [ "constructs==10.6.0", "coverage[toml]==7.14.1", "daphne==4.2.1", - "debugpy==1.8.20", + "debugpy==1.8.21", "django-stubs[compatible-mypy]==6.0.5", "djangorestframework-stubs[compatible-mypy]==3.17.0", "drf-jsonschema-serializer==3.0.0", diff --git a/uv.lock b/uv.lock index d6b2339b3e..48bbddddcf 100644 --- a/uv.lock +++ b/uv.lock @@ -392,12 +392,12 @@ requires-dist = [ { name = "fido2", specifier = "==2.2.0" }, { name = "geoip2", specifier = "==5.2.0" }, { name = "geopy", specifier = "==2.4.1" }, - { name = "google-api-python-client", specifier = "==2.196.0" }, + { name = "google-api-python-client", specifier = "==2.197.0" }, { name = "gssapi", specifier = "==1.11.1" }, { name = "gunicorn", specifier = "==26.0.0" }, { name = "jsonpatch", specifier = "==1.33" }, { name = "jwcrypto", specifier = "==1.5.7" }, - { name = "kubernetes", specifier = "==36.0.0" }, + { name = "kubernetes", specifier = "==36.0.2" }, { name = "ldap3", specifier = "==2.9.1" }, { name = "lxml", specifier = "==6.1.1" }, { name = "msgraph-sdk", specifier = "==1.58.0" }, @@ -413,7 +413,7 @@ requires-dist = [ { name = "pyyaml", specifier = "==6.0.3" }, { name = "requests-oauthlib", specifier = "==2.0.0" }, { name = "scim2-filter-parser", specifier = "==0.7.0" }, - { name = "sentry-sdk", specifier = "==2.60.0" }, + { name = "sentry-sdk", specifier = "==2.61.0" }, { name = "service-identity", specifier = "==24.2.0" }, { name = "setproctitle", specifier = "==1.3.7" }, { name = "structlog", specifier = "==25.5.0" }, @@ -440,7 +440,7 @@ dev = [ { name = "constructs", specifier = "==10.6.0" }, { name = "coverage", extras = ["toml"], specifier = "==7.14.1" }, { name = "daphne", specifier = "==4.2.1" }, - { name = "debugpy", specifier = "==1.8.20" }, + { name = "debugpy", specifier = "==1.8.21" }, { name = "django-stubs", extras = ["compatible-mypy"], specifier = "==6.0.5" }, { name = "djangorestframework-stubs", extras = ["compatible-mypy"], specifier = "==3.17.0" }, { name = "drf-jsonschema-serializer", specifier = "==3.0.0" }, @@ -1082,15 +1082,15 @@ wheels = [ [[package]] name = "debugpy" -version = "1.8.20" +version = "1.8.21" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/e0/b7/cd8080344452e4874aae67c40d8940e2b4d47b01601a8fd9f44786c757c7/debugpy-1.8.20.tar.gz", hash = "sha256:55bc8701714969f1ab89a6d5f2f3d40c36f91b2cbe2f65d98bf8196f6a6a2c33", size = 1645207, upload-time = "2026-01-29T23:03:28.199Z" } +sdist = { url = "https://files.pythonhosted.org/packages/f2/aa/12037145b7a56eaa5b29b41872f7a21b538e807e13f32c4d3c46e59be084/debugpy-1.8.21.tar.gz", hash = "sha256:a3c53278e84c94e11bd87c53970ec391d1a67396c8b22609fcac576520e611a6", size = 1697577, upload-time = "2026-06-01T19:30:35.156Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/33/2e/f6cb9a8a13f5058f0a20fe09711a7b726232cd5a78c6a7c05b2ec726cff9/debugpy-1.8.20-cp314-cp314-macosx_15_0_universal2.whl", hash = "sha256:9c74df62fc064cd5e5eaca1353a3ef5a5d50da5eb8058fcef63106f7bebe6173", size = 2538066, upload-time = "2026-01-29T23:03:54.999Z" }, - { url = "https://files.pythonhosted.org/packages/c5/56/6ddca50b53624e1ca3ce1d1e49ff22db46c47ea5fb4c0cc5c9b90a616364/debugpy-1.8.20-cp314-cp314-manylinux_2_34_x86_64.whl", hash = "sha256:077a7447589ee9bc1ff0cdf443566d0ecf540ac8aa7333b775ebcb8ce9f4ecad", size = 4269425, upload-time = "2026-01-29T23:03:56.518Z" }, - { url = "https://files.pythonhosted.org/packages/c5/d9/d64199c14a0d4c476df46c82470a3ce45c8d183a6796cfb5e66533b3663c/debugpy-1.8.20-cp314-cp314-win32.whl", hash = "sha256:352036a99dd35053b37b7803f748efc456076f929c6a895556932eaf2d23b07f", size = 5331407, upload-time = "2026-01-29T23:03:58.481Z" }, - { url = "https://files.pythonhosted.org/packages/e0/d9/1f07395b54413432624d61524dfd98c1a7c7827d2abfdb8829ac92638205/debugpy-1.8.20-cp314-cp314-win_amd64.whl", hash = "sha256:a98eec61135465b062846112e5ecf2eebb855305acc1dfbae43b72903b8ab5be", size = 5372521, upload-time = "2026-01-29T23:03:59.864Z" }, - { url = "https://files.pythonhosted.org/packages/e0/c3/7f67dea8ccf8fdcb9c99033bbe3e90b9e7395415843accb81428c441be2d/debugpy-1.8.20-py2.py3-none-any.whl", hash = "sha256:5be9bed9ae3be00665a06acaa48f8329d2b9632f15fd09f6a9a8c8d9907e54d7", size = 5337658, upload-time = "2026-01-29T23:04:17.404Z" }, + { url = "https://files.pythonhosted.org/packages/ce/3d/f4bbb323a548bfab2af3d6b4ffd9bf22636e55956a1285d317a1de643aad/debugpy-1.8.21-cp314-cp314-macosx_15_0_universal2.whl", hash = "sha256:9bb2a685287a2ac9b181cde89edcec64845cb51de7faaa75badb9a698bc24782", size = 2477209, upload-time = "2026-06-01T19:31:04.157Z" }, + { url = "https://files.pythonhosted.org/packages/8c/2d/6e7ec524984a1702777868de49a4c53202bddac2a432a76a093469587750/debugpy-1.8.21-cp314-cp314-manylinux_2_34_x86_64.whl", hash = "sha256:3d6922439bf33fd38a3e2c447869ebc7b97da5cd3d329ff1ef9bc06c4903437e", size = 3927115, upload-time = "2026-06-01T19:31:05.863Z" }, + { url = "https://files.pythonhosted.org/packages/97/47/d1aa6d64005a98a9144647d99306b419396f9ad7bf1d73c119e17a81fb4d/debugpy-1.8.21-cp314-cp314-win32.whl", hash = "sha256:15d4963bd5ffa48f0da0947fd06757fa7621945048a14ad7705431566d3c0e7c", size = 5336724, upload-time = "2026-06-01T19:31:07.711Z" }, + { url = "https://files.pythonhosted.org/packages/5f/67/b905b90d163af11878c1af8abafa4a25206335e112e284e413454543a6da/debugpy-1.8.21-cp314-cp314-win_amd64.whl", hash = "sha256:fe0744a12353406de0ae8ccff0d0a4a666f00801a3db8fd04e7a5f761cd520e8", size = 5373803, upload-time = "2026-06-01T19:31:09.469Z" }, + { url = "https://files.pythonhosted.org/packages/95/51/67e7cf11a53e40694f720457d5b3a1cdaaa3d5a9a633e482f225456b93ff/debugpy-1.8.21-py2.py3-none-any.whl", hash = "sha256:b1e37d333663c8851516a47364ef473da127f9caebe4417e6df6f5825a7e9a92", size = 5352888, upload-time = "2026-06-01T19:31:25.186Z" }, ] [[package]] @@ -1644,7 +1644,7 @@ wheels = [ [[package]] name = "google-api-python-client" -version = "2.196.0" +version = "2.197.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "google-api-core" }, @@ -1653,9 +1653,9 @@ dependencies = [ { name = "httplib2" }, { name = "uritemplate" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/6d/f3/34ef8aca7909675fe327f96c1ed927f0520e7acf68af19157e96acc05e76/google_api_python_client-2.196.0.tar.gz", hash = "sha256:9f335d38f6caaa2747bcf64335ed1a9a19047d53e86538eda6a1b17d37f1743d", size = 14628129, upload-time = "2026-05-06T23:47:35.655Z" } +sdist = { url = "https://files.pythonhosted.org/packages/22/09/081d66357118bd260f8f182cb1b2dd5bd32ca88e3714d7c93896cab946fc/google_api_python_client-2.197.0.tar.gz", hash = "sha256:32e03977eda4a66eafc6ae58dc9ec46426b6025636d5ef019c5703013eddd4e5", size = 14707398, upload-time = "2026-05-28T20:23:12.498Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/99/c7/1817b4edf966d5afcac1c0781ca36d621bc0cb58104c4e7c2a475ab185f7/google_api_python_client-2.196.0-py3-none-any.whl", hash = "sha256:2591e9b47dcb17e4e62a09370aaee3bcf323af8f28ccecdabcd0a42a23ca4db5", size = 15206663, upload-time = "2026-05-06T23:47:32.886Z" }, + { url = "https://files.pythonhosted.org/packages/a0/e5/e9cc221fd75230974d4ef45eb72d2261feca3c110d5554215d516bfe6534/google_api_python_client-2.197.0-py3-none-any.whl", hash = "sha256:0f8b89aa75768161dd4f5092d6bcb386c13236b32e0d9a938c02f71342094d14", size = 15287302, upload-time = "2026-05-28T20:23:09.683Z" }, ] [[package]] @@ -2058,7 +2058,7 @@ wheels = [ [[package]] name = "kubernetes" -version = "36.0.0" +version = "36.0.2" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "aiohttp" }, @@ -2072,9 +2072,9 @@ dependencies = [ { name = "urllib3" }, { name = "websocket-client" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/bf/59/dc635e4e9afb3884bc5c57f14fe23783e4c04601aa20b835ac75c41d1625/kubernetes-36.0.0.tar.gz", hash = "sha256:027b606bb8032e6c6464a53236bdd9bd9a94c237e1063bc45a303c25b304ced9", size = 2346728, upload-time = "2026-05-20T20:44:24.28Z" } +sdist = { url = "https://files.pythonhosted.org/packages/2f/57/8b538af5076bc3372949d76f70ba3449bdfe52f9e6488170fa5d4f7cbe70/kubernetes-36.0.2.tar.gz", hash = "sha256:03551fcb49cae1f708f63624041e37403545b7aaed10cbf54e2b01a37a5438e3", size = 2336738, upload-time = "2026-06-01T18:20:30.785Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/cd/d2/6f99ca9c7eb961dfdd45b9643101399a8ee20922c662c362c91e9cc7e832/kubernetes-36.0.0-py2.py3-none-any.whl", hash = "sha256:a766433357ec9f90db7565cccf52e28e7fca40b0ef366c80a6022adbc0ac0425", size = 4660469, upload-time = "2026-05-20T20:44:20.893Z" }, + { url = "https://files.pythonhosted.org/packages/46/2c/5c160dbdef7123f8cc97fd8ece7e0198627a426a2a49614845e9086feb8d/kubernetes-36.0.2-py2.py3-none-any.whl", hash = "sha256:faf9b5241b58de0c4a5069f2a0ffc8ac06fece7215156cd3d3ba081a78a858b6", size = 4617568, upload-time = "2026-06-01T18:20:28.737Z" }, ] [[package]] @@ -3380,15 +3380,15 @@ wheels = [ [[package]] name = "sentry-sdk" -version = "2.60.0" +version = "2.61.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "certifi" }, { name = "urllib3" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/54/a2/2e6c090db384cc515069f4f85542bd5baf6786852073020ea73d4a76d3ea/sentry_sdk-2.60.0.tar.gz", hash = "sha256:0bd25e54e78ca02d0be512529fa644bbbf9e8470d7b26371294012d4ca93c978", size = 452946, upload-time = "2026-05-13T13:34:52.516Z" } +sdist = { url = "https://files.pythonhosted.org/packages/52/4d/3c66e6045bd2071256b6b6fdcb0cc02b86ce54b2acc2ceac79af8e0efbb5/sentry_sdk-2.61.0.tar.gz", hash = "sha256:1ca9b4bb777eb5be67004edab7eb894f21c6301f1d05ed64966719ad5d1764ce", size = 458510, upload-time = "2026-05-28T09:40:28.917Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/29/41/f2b800b7f12a05dd48c2a6280d4dd812d1425fc66ed3fe3fd99420c41d1a/sentry_sdk-2.60.0-py3-none-any.whl", hash = "sha256:28a536c03291c8bcb363cf35c611b32738ec118ff64d8d6383b096448ac4c803", size = 475616, upload-time = "2026-05-13T13:34:50.259Z" }, + { url = "https://files.pythonhosted.org/packages/21/5a/9794736d5802689c1a48862e6afe6b7f3e86cc37c15d4a84bc0143877dc1/sentry_sdk-2.61.0-py3-none-any.whl", hash = "sha256:ec4d30273909cb1d198e03208b16ee70e2bc5d90a16fd9f1fb2fc6a72e1f03dc", size = 483111, upload-time = "2026-05-28T09:40:27.027Z" }, ] [[package]] diff --git a/web/package-lock.json b/web/package-lock.json index 457164da76..6ef9240c53 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -44,7 +44,7 @@ "@patternfly/elements": "^4.4.0", "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.60.0", - "@sentry/browser": "^10.54.0", + "@sentry/browser": "^10.55.0", "@storybook/addon-docs": "^10.4.1", "@storybook/addon-links": "^10.4.1", "@storybook/web-components": "^10.4.1", @@ -59,7 +59,7 @@ "@typescript-eslint/parser": "^8.60.0", "@typescript-eslint/utils": "^8.60.0", "@typescript/native-preview": "^7.0.0-dev.20260510.1", - "@vitest/browser": "^4.1.7", + "@vitest/browser": "^4.1.8", "@vitest/browser-playwright": "^4.1.6", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", @@ -3838,75 +3838,75 @@ "license": "MIT" }, "node_modules/@sentry-internal/browser-utils": { - "version": "10.54.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-10.54.0.tgz", - "integrity": "sha512-Cz6NzYFmWJlHh1tvtltKsmLl+1jlseQaPXk18Z0P1g6lXAwhT3aJ99x7vDm4jwCzcJ12qAa8Oga8T3C23Ihijw==", + "version": "10.55.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/browser-utils/-/browser-utils-10.55.0.tgz", + "integrity": "sha512-zUvyBr13EK0evKsSTzwSimRzZ3P9kugS32dLCj3ea5gNN+/DFtU/GsMTdcIQDhusEDraIlH17AGgqJH5gUAv5w==", "license": "MIT", "dependencies": { - "@sentry/core": "10.54.0" + "@sentry/core": "10.55.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/feedback": { - "version": "10.54.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-10.54.0.tgz", - "integrity": "sha512-14D+TPgi75zogGQ/EWwtIm34FVWP34gso4SfJZRAoHiQrRfd907q8/7MTXNItxi81x79cH9vweu/o55LBml6MA==", + "version": "10.55.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/feedback/-/feedback-10.55.0.tgz", + "integrity": "sha512-32X9WW1xs5DjCRlp89QJ/PLw4kbTIX6MsBDXN2RBN1nWBjm/2WcwXqO/v/WoIS4W2kTWXcZnQwalLSI22Fp33A==", "license": "MIT", "dependencies": { - "@sentry/core": "10.54.0" + "@sentry/core": "10.55.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/replay": { - "version": "10.54.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-10.54.0.tgz", - "integrity": "sha512-B7eicNhAomJ7bGihJO7mCw7pZ8FFo/THQgGPo85VR3FaJVCCot20WxVgvhjc7IVBQVlaaxSrnlUFvA+yHjszqQ==", + "version": "10.55.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay/-/replay-10.55.0.tgz", + "integrity": "sha512-OkQpANGwYU5UKfwLk6Y+NpESRC8nrLBjawRDLwF6cJ8HpNScOuNNJDEJEGwXHVkJPH0pcIixsH8y0Qfcltq6Xw==", "license": "MIT", "dependencies": { - "@sentry-internal/browser-utils": "10.54.0", - "@sentry/core": "10.54.0" + "@sentry-internal/browser-utils": "10.55.0", + "@sentry/core": "10.55.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry-internal/replay-canvas": { - "version": "10.54.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-10.54.0.tgz", - "integrity": "sha512-CGsH019npxnU5cocVDoZKod7JaQtaM6JiR6e2fI8tDwssohJAxP616UQTmoTtBLe3yLG18P4e1BxMxYZFalZEQ==", + "version": "10.55.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/replay-canvas/-/replay-canvas-10.55.0.tgz", + "integrity": "sha512-lu/y7k9cK7FZ/qJpL0fBX4WqK6IFa/+bTPhedEaC5UpzjUNP7BfXt0H+R7q9CHWmp20Ffh/wGfO3j7O+Tv2MAA==", "license": "MIT", "dependencies": { - "@sentry-internal/replay": "10.54.0", - "@sentry/core": "10.54.0" + "@sentry-internal/replay": "10.55.0", + "@sentry/core": "10.55.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry/browser": { - "version": "10.54.0", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.54.0.tgz", - "integrity": "sha512-XYuAA2E4Hf6NOJiP3PqczPgBhFUEsEAh+avgxcYTjTwYdr+Nh5XmDxXATr6RxXUvRASTiYN9zNWyK2o9kEDloA==", + "version": "10.55.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-10.55.0.tgz", + "integrity": "sha512-5n1kxmW1m4j16ZDV9kt+Zo5uafFnKTy7s5YyEcGnC45KnOiO1Gy+QFd3woXns1K5GNxpjF7oOOc6tXgZLuXnQQ==", "license": "MIT", "dependencies": { - "@sentry-internal/browser-utils": "10.54.0", - "@sentry-internal/feedback": "10.54.0", - "@sentry-internal/replay": "10.54.0", - "@sentry-internal/replay-canvas": "10.54.0", - "@sentry/core": "10.54.0" + "@sentry-internal/browser-utils": "10.55.0", + "@sentry-internal/feedback": "10.55.0", + "@sentry-internal/replay": "10.55.0", + "@sentry-internal/replay-canvas": "10.55.0", + "@sentry/core": "10.55.0" }, "engines": { "node": ">=18" } }, "node_modules/@sentry/core": { - "version": "10.54.0", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.54.0.tgz", - "integrity": "sha512-yC/bc8N5ut6vk9X/ugTnIFAbzaSZ2uGoKiHRGzt7VseDIrjXk5ENDJP0m7Rbchuozr41kBv2QB3mPcHUhfB43w==", + "version": "10.55.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-10.55.0.tgz", + "integrity": "sha512-XUyoNtDSYCvgJnoNzlh+YeAXfIPhCRIXbhWqqM3GQ3AFtZICi85lkyfsrwXEl9wzlPGYnU+Eg8F4tOfScx+FcQ==", "license": "MIT", "engines": { "node": ">=18" @@ -6587,14 +6587,14 @@ } }, "node_modules/@vitest/browser": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/browser/-/browser-4.1.7.tgz", - "integrity": "sha512-N2JFGfXoEGVAut+kHeru9dD4BUMq/q5xDvBARNl0tUsly3m5KglLOu8VO/6MkDfOlgxXTycojkt6gBKsuyR+IQ==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/browser/-/browser-4.1.8.tgz", + "integrity": "sha512-u21VzX07HzlJYpFgkxmjEXar/tG2UqWGgyGG/46SrrPc7rSdCTPw5vuowopO9CIqF8UCUQzDFdbVnNpw6N0BfQ==", "license": "MIT", "dependencies": { "@blazediff/core": "1.9.1", - "@vitest/mocker": "4.1.7", - "@vitest/utils": "4.1.7", + "@vitest/mocker": "4.1.8", + "@vitest/utils": "4.1.8", "magic-string": "^0.30.21", "pngjs": "^7.0.0", "sirv": "^3.0.2", @@ -6605,17 +6605,17 @@ "url": "https://opencollective.com/vitest" }, "peerDependencies": { - "vitest": "4.1.7" + "vitest": "4.1.8" } }, "node_modules/@vitest/browser-playwright": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/browser-playwright/-/browser-playwright-4.1.7.tgz", - "integrity": "sha512-OlTlJej7YN6VwV7zJJoNeaCsctF+JXpzpZ4oBHUbrQFfIq+0KW2f07rprCLh9N/zRIZ0v4Mchn1QDDmWMUhPKw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/browser-playwright/-/browser-playwright-4.1.8.tgz", + "integrity": "sha512-SR7FqgegaexEg73xvf3ArtygXegagMdXnL0EZMpxrWvvhQxvicD/E8p0ib0J91riPRtQUViyh67Xjw3NqvyhVg==", "license": "MIT", "dependencies": { - "@vitest/browser": "^4.1.7", - "@vitest/mocker": "4.1.7", + "@vitest/browser": "^4.1.8", + "@vitest/mocker": "4.1.8", "tinyrainbow": "^3.1.0" }, "funding": { @@ -6623,7 +6623,7 @@ }, "peerDependencies": { "playwright": "*", - "vitest": "4.1.7" + "vitest": "4.1.8" }, "peerDependenciesMeta": { "playwright": { @@ -6695,12 +6695,12 @@ } }, "node_modules/@vitest/mocker": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.7.tgz", - "integrity": "sha512-vY7nuamKgfvpA1Koa3oYIw/k7D6kZnpGyNMZW8loow2bsBYla1TFdqTaXncWdRn4pgwNs+90RhnXhJScDwQeJA==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.8.tgz", + "integrity": "sha512-LEiN/xe4OSIbKe9HQIp5OC24agGD9J5CnmMgsLohVVoOPWL9a2sBoR6VBx43jQZb7Kr1l4RCuyCJzcAa0+dojw==", "license": "MIT", "dependencies": { - "@vitest/spy": "4.1.7", + "@vitest/spy": "4.1.8", "estree-walker": "^3.0.3", "magic-string": "^0.30.21" }, @@ -6721,9 +6721,9 @@ } }, "node_modules/@vitest/pretty-format": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.7.tgz", - "integrity": "sha512-umgCarTOYQWIaDMvGDRZij+6b9oVeLIyJzfN+AS88e0ZOU3QTgNNSTtjQOpcvWr3np1N0j4WgZj+sb3oYBDscw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.8.tgz", + "integrity": "sha512-9GasEBxpZ1VYIpqHf/0+YGg121uSNwCKOJqIrTwWP/TB7DmFCiaBpNl3aPZzoLWfWkuqhbH8vJIVobZkvdo2cA==", "license": "MIT", "dependencies": { "tinyrainbow": "^3.1.0" @@ -6733,12 +6733,12 @@ } }, "node_modules/@vitest/runner": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.7.tgz", - "integrity": "sha512-BapjmAQ2aI78WdMEfeUWivnfVzB+VPGwWRQcJE0OUq7qEeEcBsCSf+0T5iREBNE5nBb4wA5Ya0W6IA+sghdEFw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.8.tgz", + "integrity": "sha512-EmVxeBAfMJvycdjd6Hm+RbFBbA9fKvo0Kx37hNpBYoYeavH3RNsBXWDooR1mgD52dCrxIIuP7UotpfiwOikvcg==", "license": "MIT", "dependencies": { - "@vitest/utils": "4.1.7", + "@vitest/utils": "4.1.8", "pathe": "^2.0.3" }, "funding": { @@ -6746,13 +6746,13 @@ } }, "node_modules/@vitest/snapshot": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.7.tgz", - "integrity": "sha512-ZacLzja+TmJeZ1h14xW2FB/WpeimUD3haBXQPyJqxvo8jQTmfeA8zv58mtjN2C7EHXZDYVcVYdYmAxjkWVvKCw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.8.tgz", + "integrity": "sha512-acfZboRmAIf05DEKcBQy33VXojFJjtUdLyo7oOmV9kebb2xdU01UknNiPuPZoJZQyO7DF0gZdTGTpeAzET9QPQ==", "license": "MIT", "dependencies": { - "@vitest/pretty-format": "4.1.7", - "@vitest/utils": "4.1.7", + "@vitest/pretty-format": "4.1.8", + "@vitest/utils": "4.1.8", "magic-string": "^0.30.21", "pathe": "^2.0.3" }, @@ -6761,21 +6761,21 @@ } }, "node_modules/@vitest/spy": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.7.tgz", - "integrity": "sha512-kbkI5LMWakyuTIvs6fUJ5qdIVb1XVKsYJAT4OJ938cHMROYMSfmoQdZy0aaAnjbbc8F61vkoTqz/Az+/HiIu5Q==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.8.tgz", + "integrity": "sha512-6EevtBp6OZOPF7bmz36HrGMeP3txgVSrgebWxHOafDXGkhIzfXK14f8KF6MuFfgXXUeHxmpD3BQxkV00/3s5mA==", "license": "MIT", "funding": { "url": "https://opencollective.com/vitest" } }, "node_modules/@vitest/utils": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.7.tgz", - "integrity": "sha512-T532WBu791cBxJlCl6SO+J14l81DQx6uQHm1bQbmCDY7nqlEIgkza/UFnSBNaUtSf41unldDFjdOBYEQC4b5Hw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.8.tgz", + "integrity": "sha512-uOJamYALNhfJ6iolExyQM40yIQwDqYnkKtQ5VCiSe17E33H0aQ/u+1GlRuz4LZBk6Mm3sg90G9hEbmEt37C1Zg==", "license": "MIT", "dependencies": { - "@vitest/pretty-format": "4.1.7", + "@vitest/pretty-format": "4.1.8", "convert-source-map": "^2.0.0", "tinyrainbow": "^3.1.0" }, @@ -20256,18 +20256,18 @@ } }, "node_modules/vitest": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.7.tgz", - "integrity": "sha512-flYyaFd2CgoCoU+0UKt3pxksgC+S02iTDN0n3LtqaMeXsI9SBcdNujc2k0DeFLzUn/0k538yNjOSdwgCqcrwJA==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.8.tgz", + "integrity": "sha512-flY6ScbCIt9HThs+C5HS7jvGOB560DJtk/Z15IQROTA6zEy49Nh8T/dofWTQL+n3vswqn87sbJNiuqw1SDp5Ig==", "license": "MIT", "dependencies": { - "@vitest/expect": "4.1.7", - "@vitest/mocker": "4.1.7", - "@vitest/pretty-format": "4.1.7", - "@vitest/runner": "4.1.7", - "@vitest/snapshot": "4.1.7", - "@vitest/spy": "4.1.7", - "@vitest/utils": "4.1.7", + "@vitest/expect": "4.1.8", + "@vitest/mocker": "4.1.8", + "@vitest/pretty-format": "4.1.8", + "@vitest/runner": "4.1.8", + "@vitest/snapshot": "4.1.8", + "@vitest/spy": "4.1.8", + "@vitest/utils": "4.1.8", "es-module-lexer": "^2.0.0", "expect-type": "^1.3.0", "magic-string": "^0.30.21", @@ -20295,12 +20295,12 @@ "@edge-runtime/vm": "*", "@opentelemetry/api": "^1.9.0", "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0", - "@vitest/browser-playwright": "4.1.7", - "@vitest/browser-preview": "4.1.7", - "@vitest/browser-webdriverio": "4.1.7", - "@vitest/coverage-istanbul": "4.1.7", - "@vitest/coverage-v8": "4.1.7", - "@vitest/ui": "4.1.7", + "@vitest/browser-playwright": "4.1.8", + "@vitest/browser-preview": "4.1.8", + "@vitest/browser-webdriverio": "4.1.8", + "@vitest/coverage-istanbul": "4.1.8", + "@vitest/coverage-v8": "4.1.8", + "@vitest/ui": "4.1.8", "happy-dom": "*", "jsdom": "*", "vite": "^6.0.0 || ^7.0.0 || ^8.0.0" @@ -20345,15 +20345,15 @@ } }, "node_modules/vitest/node_modules/@vitest/expect": { - "version": "4.1.7", - "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.7.tgz", - "integrity": "sha512-1R+tw0ortHEbZDGMymm+pN7/AFQ/RkFFdtd7EN+VBpynKmLbP8A3rpEXdshBJ7+8hQ9zBJh/i1s0yKNtxAnU7w==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.8.tgz", + "integrity": "sha512-h3nDO677RDLEGlBxyQ5CW8RlMThSKSRLUePLOx09gNIWRL40edgA1GCZSZgf1W55MFAG6/Sw14KeaAnqv0NKdQ==", "license": "MIT", "dependencies": { "@standard-schema/spec": "^1.1.0", "@types/chai": "^5.2.2", - "@vitest/spy": "4.1.7", - "@vitest/utils": "4.1.7", + "@vitest/spy": "4.1.8", + "@vitest/utils": "4.1.8", "chai": "^6.2.2", "tinyrainbow": "^3.1.0" }, diff --git a/web/package.json b/web/package.json index 409fe71b62..2159a0b8f0 100644 --- a/web/package.json +++ b/web/package.json @@ -119,7 +119,7 @@ "@patternfly/elements": "^4.4.0", "@patternfly/patternfly": "^4.224.2", "@playwright/test": "^1.60.0", - "@sentry/browser": "^10.54.0", + "@sentry/browser": "^10.55.0", "@storybook/addon-docs": "^10.4.1", "@storybook/addon-links": "^10.4.1", "@storybook/web-components": "^10.4.1", @@ -134,7 +134,7 @@ "@typescript-eslint/parser": "^8.60.0", "@typescript-eslint/utils": "^8.60.0", "@typescript/native-preview": "^7.0.0-dev.20260510.1", - "@vitest/browser": "^4.1.7", + "@vitest/browser": "^4.1.8", "@vitest/browser-playwright": "^4.1.6", "@webcomponents/webcomponentsjs": "^2.8.0", "base64-js": "^1.5.1", diff --git a/web/src/admin/outposts/ServiceConnectionDockerForm.ts b/web/src/admin/outposts/ServiceConnectionDockerForm.ts index 947c029043..ffaa42e972 100644 --- a/web/src/admin/outposts/ServiceConnectionDockerForm.ts +++ b/web/src/admin/outposts/ServiceConnectionDockerForm.ts @@ -82,6 +82,7 @@ export class ServiceConnectionDockerForm extends ModelForm

${msg( diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md index 55d161c123..def1df69a2 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md @@ -129,7 +129,11 @@ If the user has multiple compatible authenticators, authentik lets them choose o ### WebAuthn authenticator type restrictions -If you restrict allowed WebAuthn authenticator types, those restrictions only apply to WebAuthn authenticators that authentik knows how to classify. This is useful when you need to limit authentication to specific hardware families or compliance profiles. +**WebAuthn device type restrictions** are an allowlist for already-enrolled WebAuthn authenticators. When no device types are selected, any enrolled WebAuthn authenticator that matches the stage's **Device classes** can be used. When one or more device types are selected, authentik only allows WebAuthn authentication from enrolled devices whose recorded device type matches one of the selected entries. + +The available device-type entries are populated from the [FIDO Alliance Metadata Service](https://fidoalliance.org/metadata/) data and additional AAGUID metadata bundled with the authentik release. This is useful when you need to limit authentication to specific hardware families or compliance profiles. + +These restrictions only apply to WebAuthn devices that have a stored device type. Devices enrolled in authentik 2024.4 or later store this information when the authenticator returns a known AAGUID. Older WebAuthn enrollments or devices without a stored type cannot be matched by this filter. To enforce a device-type policy for enrollment and later authentication, configure the same allowlist on the [WebAuthn / FIDO2 / Passkeys Authenticator setup stage](../authenticator_webauthn/index.md) and have users re-enroll devices that predate stored device types. ### Throttling diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md index bbff6392bc..95413d9368 100644 --- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md +++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md @@ -80,4 +80,12 @@ For backward compatibility with older browsers that do not support hints, authen **Prevent duplicate devices** can only be enforced when the authenticator exposes a unique attestation certificate. -If **Device type restrictions** are enabled, authentik can also allow the special built-in type `authentik: Unknown devices` for authenticators whose AAGUID is not otherwise known. +### Device type restrictions + +**Device type restrictions** are an allowlist for WebAuthn registration. When no device types are selected, authentik allows any WebAuthn authenticator that the browser and authenticator can register. When one or more device types are selected, authentik only allows registration when the authenticator returns an AAGUID that matches one of the selected entries. + +The available device-type entries are populated from the [FIDO Alliance Metadata Service](https://fidoalliance.org/metadata/) data and additional AAGUID metadata bundled with the authentik release. This lets you restrict enrollment to specific hardware families or passkey providers listed in that metadata. + +If you select specific device types, newly added metadata entries are not allowed automatically. Review this allowlist after authentik upgrades if your compliance policy should include newly recognized authenticators. + +authentik also includes the special device-type `authentik: Unknown devices`. Select it only when you want to allow authenticators that return an AAGUID that is not present in authentik's device-type metadata. Authenticators that do not return an AAGUID cannot satisfy a device-type restriction. diff --git a/website/integrations/infrastructure/atlantis/index.md b/website/integrations/infrastructure/atlantis/index.md new file mode 100644 index 0000000000..7dc4571331 --- /dev/null +++ b/website/integrations/infrastructure/atlantis/index.md @@ -0,0 +1,82 @@ +--- +title: Integrate with Atlantis +sidebar_label: Atlantis +support_level: community +--- + +## What is Atlantis? + +> Atlantis is an application for automating Terraform via pull requests. +> +> -- https://www.runatlantis.io + +Atlantis does not provide native SSO for the web UI. Use authentik as a forward auth proxy in front of Atlantis, and allow the Atlantis webhook endpoint to remain reachable by your Git host. + +## Preparation + +The following placeholders are used in this guide: + +- `atlantis.company` is the FQDN of the Atlantis installation. +- `authentik.company` is the FQDN of the authentik installation. + +:::info +This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application. +::: + +## authentik configuration + +To support the integration of Atlantis with authentik, you need to create an application/provider pair in authentik. This guide assumes that Atlantis is already deployed behind a reverse proxy that supports authentik forward auth. + +### Create an application and provider in authentik + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Applications** and click **New Application** to open the application wizard. + - **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings. + - **Choose a Provider type**: select **Proxy Provider** as the provider type. + - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. + - Set **Mode** to **Forward auth (single application)**. + - Set **External host** to `https://atlantis.company`. + - Under **Advanced protocol settings**, set **Unauthenticated Paths** to the following value: + + ```text + ^/events$ + ``` + + - Under **Authentication settings**, disable **Intercept header authentication**. + + - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/bindings-overview/) (policy, group, or user) to manage the listing and access to applications on a user's **Application Dashboard** page. + +3. Click **Submit** to save the new application and provider. + +### Configure proxy outpost + +The proxy provider requires an authentik proxy outpost. If you do not already have a proxy outpost, follow the [outpost documentation](/docs/add-secure-apps/outposts/) to create and deploy one. + +Add the Atlantis application to a proxy outpost that will serve it: + +1. Log in to authentik as an administrator and open the authentik Admin interface. +2. Navigate to **Applications** > **Outposts**. +3. Click the edit icon for the proxy outpost. This can be the built-in **authentik Embedded Outpost** or another proxy outpost. +4. Under **Available Applications**, select the Atlantis application and move it to **Selected Applications**. +5. Click **Update** to save your changes. + +## Atlantis configuration + +No SSO configuration is required in Atlantis. + +Configure your reverse proxy to use the authentik outpost as the forward auth endpoint for `https://atlantis.company`. + +Requests to `/outpost.goauthentik.io` must be routed to the authentik outpost. All other requests, including `/events`, must continue to be routed to Atlantis. + +Set your Git host webhook URL to `https://atlantis.company/events`. The `/events` endpoint is skipped by authentik so that Git host webhooks can reach Atlantis. Atlantis should still validate those webhook requests with its existing webhook secret or webhook authentication settings. + +## Configuration verification + +To verify the login flow, open Atlantis. You should be redirected to authentik before the Atlantis web interface is shown. + +## Resources + +- [Atlantis Docs - Introduction](https://www.runatlantis.io/guide) +- [Atlantis Docs - Configuring Webhooks](https://www.runatlantis.io/docs/configuring-webhooks.html) +- [Atlantis Docs - Webhook Secrets](https://www.runatlantis.io/docs/webhook-secrets) +- [Atlantis Docs - Deployment](https://www.runatlantis.io/docs/deployment.html)