From 6184d645d21c1c084c355c18efecc3e7ac8bc389 Mon Sep 17 00:00:00 2001
From: Krzysztof Dajka <alteriks@protonmail.com>
Date: Wed, 4 Dec 2024 21:42:34 +0100
Subject: [PATCH 01/87] NEW: proxmox example

---
 examples/media/kanidm_proxmox.png | Bin 0 -> 72223 bytes
 examples/proxmox.md               |  91 ++++++++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 examples/media/kanidm_proxmox.png
 create mode 100644 examples/proxmox.md

diff --git a/examples/media/kanidm_proxmox.png b/examples/media/kanidm_proxmox.png
new file mode 100644
index 0000000000000000000000000000000000000000..b7e2687bb7db3573b01a7084643dbb5fdb02d897
GIT binary patch
literal 72223
zcmce-bySpL_cn?mqJW@)bO}gHm!v4tAs`^#Al=;}UD7dxlF}s&LrF6r&CuQ5L!KLb
z-`_gxTj#9xegAy3Trv#LJkP%Gd*`*U9sEH~{0SNn8WIxH6G;hCMI<ETC?ur&L607S
zPc}TfK7k+i>=nh|A{F<OY=B=L7)ZYRaPJAyy%bY^b|fSUBuP<`k1i?OGv*c~YpH9O
z)^qier{RW2av`xlLmew$_LiIWmXVkgQq*_Clk6AaDTD(L(f9gWjBOrH=pIrwH$3{*
z-rtJex4pa#<K;KuYN5bncVC>r`OP1kDT6JoV$mJ{QVLg65_iu+JGt6;F2AlHJzoO`
znTVx}iuEG*d0KFhm!F%ToP9BV>zY<BD=VuO^zVh+VyqVbMdI1t7k!9lCL;yq-<L+<
z|9qPKf8pKayT_DktE*%k#@sun??vxkWY7CY(NYB6;|~rF_|bV&zqaX}Zo}WP5@<Ri
zAGoAo37z}QT@=mLH6_nxhR;I(uBR*0aFhaDw=;tD*RNl?YIqwC$r{yGwx`=_5#+*h
zrluQO30$%`!<^&U<!Abt)hvIPdPrBM7H>3D)C{jM$tx^0T<cGjUQLLNwORl3LNO0_
zXJ_ZPJ{x%B)s*gsiiQ2?!TE-~w-jG$$JUA6)w!*YQSWMba${qogR^stT<+tCek1}e
z--d=1hc-A9SaggnEHDDwMC|Q3_?@<q=40fAT9yu2xwzg_Mm6s^*@I{F^z_7A%o$e{
z)uf^0GtWEl5fT#q`1LEcs;bISc>X`f0T(<AF3ij8=CN<ITR}r&X*|ZJl~1F7`smN#
zpfAjL32u_!zF@Q8!&owZ;G)8W&dSZ*F<PMNx|x^jax$v=*#E7^#YS$khmT1G{QPQ7
zSYAVe`1<<#_~c||i-VW9YoRUB6|s`=_`!Y6dM8WxPDxeTXU-n`0l`inv1>`7*xxf*
zj&d9j$(q{fV8uW>-JR+6MMf>1+M$k-oVMc0`)CGV*;R4U)%Cf!aBE#)<%Wc7)jO40
z&k3!rt`ZOv8|=+C@{(YB2$6%G_+DMj(=?l$Oe8>tg%l<6)kOemIMrU5TUVD{Ud}Eh
zCAE9<=bwrSl!t8M)TTJ_g%7MDQ$$JFtn@rLHa4bv^{RcvuBc{urYA>{o`Heka2PYt
z?*rZM-@hLq<;tgPmln4g%~(0#I747n+f^~$%lTUeZjFp%TK`sJ>pUQ`yuWV)C0{}u
zt--4-i3bGFNPx_D3bQp<WRy^^p;j_3O&Qgdz=h%0-!Df*Ok4)H@K`|CX<o2F`qpiD
znDj^ARUpk#E%Kl8E#?1QEez26CPO1hjV&W5XLqppJ|{QV)Y1}V6`8GiDja5PU}Y7N
zmPS?%-@bad?NknDs;H>=6z@1*esXexfq?<^!rw>@C=yO+`~Kzi*S9Ywr>59sV`OOB
zfRMFLJCmFIpGvQzqodum|2;GaHz~Nm>zZ%8L<e=X!gawW5vYwvQwz{kyOT}jVy*gs
zshu1sG_AOpS!Os3sMX=2ofo242dM5reSFc+pSs{!G;3^pKQg@MC0X5HXhR}-ZTI!`
z)M?iH)|06>1Dwe9<yndPS^HGe_{qOBk$6^e{`8;I=&oHGRQqSK%Lkbhihp-kG$iN$
z!n@U!w6xiEzJDTh;puT;v`wx{1r-Lm2*^=9ome;f`xk+skrd_sL#bA$*U^FmEb>00
zwXv2KiW}(aLtp{J8^4zhaFu5{Wx?^~On8HjW~@3FY;cvmI7Y8UG`7m<J5+eRu=Jb2
zb{Kln2gP<uF~qf&GXWLnhFE46R4_C3wz6U<=8fe0W|<~`iuZ3@n83ZXR>Ol^;0<%C
zJ|W`Pm?8gFNdnQgh+C?jy?h0Xe@h;wwo;}~@K7$-UTIFWM41`Kl%ONur~=O9RPQ;w
z?ajOu3o}-IRS)01`Cha#foo7e(sVLw4NgbR8;uftRc$P%DHw{+4JrCb69Tclt+oRX
z(T|j6s~S4c7`VoJ_AKfo_kWJ7Dn}@)>{A$o#~M4dofX3`IvRU(b8`aNhg@!*YDkd9
zS5Zpefwif>yW3@uvEH?JakAy$<iwoF!_O~mVnU0Ij7%cv<^bbi%P}2-!@Gfzd42dc
zIjQcnJB|2&`jOZ3f-?}4G^3&6>W8J$-;*(9WMBv)AtTGFsK9~1IwDB<Kbx7guGq1?
ze%%ecSW;Tr>J{Qh;P&dseAC{3XOfGChKAQ+{i#rTq$s6`yE}i9OaL+}=Jb(V@IO=Z
zQ~3B4K01ohJlp7QYG&3mz{0|^Hc@8avEPE)*Vo4?ARuFDX*o!oo|cyL<Hw8id&dZm
z?YXA(o0}UHBRk*xfi;7(-5F8JXGjkpK3w0}(6h3_guui+Jq6_j4jv%wHQfq1IyxSo
zoehtS{NA0Z-`Lt(>If&!8aDmXLUDPvmz$OKz^AN?4VW+R1s_#Z?DpqHxCWmyYt}Ra
z2SqEFQe*CP)p$0$6sM}Kc9<I6uK%mL`luD1MPNO@xL|fxduZc08UY-mE^CdUm#QlM
zRJAp2O!uAOAd~>Fku|&#n6|LDv-2{ho5|(-iVg42pFh7B7H<C-Gh$@N@EaUd0B#q_
zrhX<iAwfx9y{?4|2b?raf0WJ?I3YM(O@M6R3le+N{oI)Ncsw8|At|Yr(o;1Zoq<a8
zaf#evAT>6|!^eSbAo3!yCt;9#9zQE8DiS#A;{XA%KmBhEK>{Ie6>KbURlq6px}P#t
zR#t*vkQNVkJ0r<EjVsuMgyh7<QN<(4UJ_v3=|g)czUyx78WI6H`PxQqdWUg^?e6sJ
zi;IiTrl$06I?IDGQrSW6`rsyD@8hp;gnRM}3Jxx>&DA@0oRm~mQQxp9c|09ukWyA2
z{Zc0{FVDfw{uadcc)}kJnPFjJ^G@}qrlu|6$vixr`}?fn;o&tiyWz!YKs7Ax7d(st
zW=)Y^rXjamp$XUL;^tmFyCfta_}<u<3LMA#_bBeC+bw%%IN@Tp^)nVzRZkKJJXBOw
zIapcWn42?#Mco~48|&fTEo0$3pb^?7_&y*!Y;J8G-7^MPfWtwQzk2lwA(RTvPn5DO
z$1_S?-rAbw`Sa%^BO`xCM=L3UNJvSuGc%FvXVPxvR;Fug{h&}GP3G}rb{!=pr3d$Y
zUy4K+smaL8vq0`m(}8pc=#mAu#*H-wMXDSJPy$CsE)EWkW)D2pGu_Wrz?GOLqepD@
z^<k8K!a%B@k)y`GOEY+RgN8S#W4d*dSHGA;^awtxsxF<lv0?aq=9Hp|x!1gRrlhUi
zKQe-Q;37Z{j@%UN_-89Cnm8#oZti&RTRmP9ZToLGtcf|ny(_I&>EsRdAcAaenptoY
z4-XH^$jS~*Og!onUhfsOskdEv*rNN*flrnu<^=)9>MeIpPEKM<%7ayM0kC}q*?~bp
zU3gWSw~J(vsEGp-#m8x7niaY3gr8_}(N?TELAoR;D44?U9Fd^y77WZ<fNU*S_}bKq
zu($k>hx0C3IXg3`o&qU~w6<Jo0e|1z13c~mdtMTBs~+@pkcXURXiqaoGWV9RZ*3Xe
z-dx|A9pcbPOk5n?jv$~VH{Gj;V?Y3;kXa=qEVpv?2M4xp?(VKPh&9_<P0a?EvUN*7
z5=<cWqlbQoCXU|n#N_13Z^XM%QO`04*T1+<Rav$HwGt3W@s{A=;;J-MOCLzU`o>M^
z(>E&U3}c|D{{e-P0YAZ>WT>zIB_QA-2_|Z==$Dojkz@$O7qO)X)CIUIkO7#Pn}b}F
z8ZQ*MI7wOACsb5a=N>}9)3VCO`1;;Uk)t&-G71Y1Um-V>m6u;SyDVd3oSU9oI?zp~
z@$~d`5lE9wm<bi76wOos^6tAef^SPnOWX32@TSUjbaWgd{{Y`(aoJz6tNjTc6w__9
zHTLShFA_+J!LpN+lWq7?ff?(UeS&Iyxw8zxg4v|_*w_y$DjnO~OyC*P$;X5NEieer
zJ#Ygiw>I$2vpMhdyZnN6&8Z$<YfsB#HLVLgV`S$$I^0E&g2Gr5WN3g4cc~07uY`t%
zh7iu-QTnY%3pX0FcFB1Cch^)s0+8QSn2#4{Y%xVff~{rhrNj=_t$_b5D$35y4V0jM
z%Y>Jil|_BqX!-f`d`}!>vqwOAT^&(EFUlJwB^;2CzqjN#b5==o1o6Kgl@@DC3Z}Mn
zz{{M#c<YS+=m7yKsprIKeSzl8@CK)!pPx(PEDF|dJ6|1OQ3zD=TBvtzv*4Lc--g2~
zc@7K)Q&3Vu?nAxxedF^tZvZ|tEGa3;gX1zFAi#sh-q6sng<C0aBnO?+Q-~a>09C47
zj0ANe1Y%%e5e8CS5Z=LeH#STe7#WYQC++Q$G!lCKVa8Mt7&{M-IPgU`E>?yr>LAjM
zi7RY`r}8@=cGITc<*`8Lfp<a|Gf9O&+E(low6wI2K~llP#l_`u3OD&xRRw(0k!)sz
zHVaS(mqu+qKECz6y<Cvb)z-fDI)coV+ONrBw1I?l-mbQkDHLcHNH3x-4CS=6Nb#99
zzk@5^P&9`V^8k;EpwXc82MXV9Tyb?hcPoelw}}795NCZqwO63^sx2h$0$y}-8HfG`
zB&|oi)~7AH-1g*c(~db!O~UEQeh6J!{0FTb6@8lDDqOtd&9xg+rmx;me6tSObE*dh
zgxFGEcvmys0HfylDF<py=uL|*YkE>)etwV1oTreE*R5UrB{Nf60?e2V!(bR?0Ax3c
z4H;j$KotNo+xH-K0P9B#s-qjR6EbTzbp3c27y```aM`DrnVA6@Mzjn~+0@R*k01B@
zI0kg9r+|9~iAHQh1ZJ^zW61DER$g8(usMu2T@R0x;avG82R;zJL@A?Cu1V125)vv*
z2FSpDB^cr;anTNzW90Fa<y{+oFWG`@!sVbHAO9Fd$a$9pc%f~0MW7*j_wq9Jj}Jj0
zKad%Iu!`z{*sd4=p$^rm+Py`htsNY9FKU$U8(mK)Gt!ld2dmmP!W<kG7P@i0qL!Q`
z;}EQ`z|8g$9>C1NL0eTrl9CATOcSQ23jEjs!UOnE1#RsJ(`1Bkstv9EYc{qh>wK`8
zN1ht?vI3VE7u++tT$q7WbIu&VMP3HdU<Y48m&^Yc7#O^-6uP^CoZKqpTux3dS}J>t
z^AY6Ej+x&(|C$6+uB@y~H@L<G2R{a7#><y4M@C1VVLYt0S-Ai1-8-cBsL`NYnyGiL
za6j99-pgdwpIlNi+#N+FuA;dMEcPne^~sYb=*ikEDZIA&Eyrns?z<|MuD?%CPZhPa
z8Vy<V#>P~HZq5zB$+d&xvDO2@4vHsT*2DpQu+_suL#=`2ULg83<hIz@ZB2jfJqbR(
zy#A=H49qRYx^?rwB_37-{0%E7rzkf>ONr4R^+!WP3fLkVTG}J56uWUo5XLMmcaquj
zM@L7)A|mX70|N>4-Wdz82?#X7!NDGQ@CBO>8XCP56Q8`^r03`7%RYZ|AEEjZ7}enT
zxHvZi<{gPn{&_i>75``w3siHiuC7o-Y41u#e*UKKjvv@B0T=Ez)_7}3rC3Z%jK}ey
zI6;7jv~=iwHrI7K&!JsoCnqNu@*B(N!J_)3IVBqoZX!o*Fv^(jLZT0rV|Bux+esjr
zD(6;XTjy%=?d$7w%n4h*r`Alye~SQvLXE&?P?HX3imUcXf%rFOoJ<3pW;1J;Y}6}!
zkdK9z74JQH<o~we>acgKR_fU^I5mhFpg{gtzH~iQ>iHmQ80!8J@;MZIe>LlW5_M2v
zkuie0qW$d3(kR~OIal4f@$_wx<{4_ygn?36k;B!P{a+!j?<x^s9=}<`UfFYKVSsSD
zH?I*sV?_&rStVarGlhc8VnkOHQnZUTsU899f}R77y?=E<busc*kcAUjWFROH8R907
zd4}7|;T9mqfb22fh!hhw$5cOg_5W236{<T`+*L!pch%5qudT*8VCLmFV>^OTl*C1e
zXQCls(}TLM72IF^2X*@2#+S4YUPQ)jY;1%V-vz9oE-G1(ECEH2>>KdGbbQdjdK@F9
z>-hLre<w}G(F;mSjils?zfTL27{vYeT<~seBxSUmN$7kY+1SLSjLEzk#In@3KrEbK
z(Xpa0Kv?i9cP*q3+6Gw!$Z6XLK&f@$(y&f3#3{?i&re832J)kY0~Zjli~v@|OA=A}
zQTAVfN%n;cB??$45(%%34+tM9=`$d;1F`N|u;^V%+qR%Q?)?8-z7%Gg{d@f3Q(RKf
zei)36j}NUmTRNe}VPhzoJv%#l!h*Y4r>TEfUbu0SFBd=ypFe+ZXdppKALzWfzTDW`
zL)A4l4&X59-`^}KSxrE!uy}U^%cWyvT$--6zw-d$V%>)9+tal%Al7jbwR6gz?o5d*
zD?hilw|}2d$rK6_Surs&37VLi87ok)NrHq0WS@~j7eO|>GMq%&KYsXv%0k=Ypxxsd
z6f<w=aP==wciPF+{~l)4tITx@JAeRLa7$BTt6@_BXvXX2C|yZe`8_8Q4As9NucTyc
zveFzBO2B;rtPE^PMtLGqw;^_5Tg$;xCm|8hB3Rx^Fm2j=JHC#gjm@_L)e=Qz<;t9L
zP*{TW-e!A(4TM~f4{Fxh`PbF)Az=qU0Psn}ek=OKjuWUO4&PN02eeE~5CGTq>a;Wj
z_Z5T-RAC@P+IHeP1NAO2I|YZQgyCZMK(4StD~#waHv-OMeRETP4(j>7sG_XwS<~D=
zb2HK%__t&W(4~nA6D%)p+r3MW01&^q@zkg_t^!U7WcRD(AX<Y|bMe4MB3lsvTp%2C
z!mixze7}nT!jp`Mi1O(pR#2m`68zpe!BcjQ(l@H0Ie@FJE>;-I#tfCSqeTBzx)&j6
zl(e+8pxT9+6DIV&S5qSdIahgkc?P#tG7X4CALt&u;Y$V4InaKs|6oX(<#{D0$clVm
z#>mYZ4$O(#=5Vm_px6Q`2r|T%Erl@SUes?$pj5rvE8y(`)R#E$DWot#6Dimz3TE6=
z9yHL;@C`Sr=oO@+beh+Z5a$`(4#;8e`C<=*8vrAUfy_ez6#v5ww>Ou+Dl0({xp#Pt
zWj$TfGCfTKFo^B~QT8Mmg{>x4Qc}{yobF&8S{q&xux-EqRG7$vML|jnQcnFc0(l|C
zGICLRA-><I0p)-t^tDM+s|H^NGxN5Z1ff7WZM(0;f~J)9#0PVoZfM9|L+rv86&$hg
zh~R;K0YzU!w_`ricLyuN4)Mc>qHUg};%bo50dc|ABI#r1Ba1<W*;Z)46xN)gLLFZq
zTTgXGE)*lR_0r%aEn#p3$7=|M<(D?4w?8xDlhMdEb{TYGY$G#RPwIcZg0J@gZ=zmA
zBuW$@A}>FX&zN6aZ0zEa2r}yo?ro>~yu7@HiUFa_%F5?WbMiDXKT1mOf(bYu0Nj8m
z1!}uHG~nb!aG!!brW>SUhp<oeb#*=nj1@ajDgg!2Y;=nQK(9xYQq_I_v>v=<s@W-?
zYCJK@j{P^n*9O{E;vU4B!gvq9olccBmhqFI-<R~JsA;Ke@ZJqEJ`GqUCrFB^UMD&$
zwRC?XM66q}@ZtF2!*hF~oYEx*YeR8I`qNf_bTYF(SsDF@UwCsnlJc3Ue&rlAXMf|u
zU+I7;JQ^SRWk75t9)H|NhwR6*UZxIL*iiF)2?+@{HLlj)XQZTj^Gw7LfYPjC_3@zE
z1{ysyIM{NRgUy};IB{cl7oamShU~#JR=F7&Urf?mAJ)%A%vhNK{19aHcc=^~fkVlD
zt!eK}R)!7;U50^jfjoEk&WC^i0*Av<V4u)IEFYYjk~TNrLN0;`AaN5rU8ZX2s+zuB
zD5paXrdIQqDB|RxLKe+kWi7{?zL7H9WH^A|8|n+gVCUl!@A%cc&_ZsS#l5YTXe;@?
z7S117GNNzA9G+CUR8aWh8<~Lz_j{VH-#Rm*mVX+v+?)cD)5jCADA3mu;t`V6IMVU(
z=xxlDYI#4H9x4Pmw>NmW!-KoPAmC3isi+ls#_@z>opI}SF-MInm0a+gKC_;_np4Ab
zM^2UV)d63&Hk;e0OBJR}^^l=Mbt3aCbNA}OrFE+{WFG|5u(9)kQ;`j45g`pt#e?e6
z#eOF?p(L7*wa5I-?W~Ce5z&|y2CAvT<Swt<PAn>9E^r<Xx!9N}$zYt|q{`@i!kjkJ
zGb1+J=Wiit66uT$w7VqXphw05Hojs=n;}E{g#8rTEIIk-{^Zz4JVw}vjqtlNgn1V2
z2e7|iu{+tP`sxnGxrd&XbJ!Lnbca0_BsJW09>yJsp?nrqWH{<hAK2zQx3_jzrJcRd
z?EmxU>4J?592(@T0g$eGc%%DSh!GJHQG7!T`&y{ZmHy2cfSF$ogD!*SK}B58#kE(O
z_YDGNiXH>gegzHTA(SF#;zj)lURU@rtXmCTbs{vCDR})=z^YW<4D?A8Rok*Imglux
z6^}m!ck`bxNZpP*y}fbwZ@1dl?5!51!7tn18ZBl`7yTM>EzNP;*xjSjsPJ1In;ITu
zd)vZ?w<aVlt-7mY;mo^xfuL%`p<E7S7mTC9wnaA0$%&4QMYUze6idl+M=g3HWRXPg
zRx+pmrvh?O&Y4;5mgF!xT*vcuDpCJ?Zh}Tc>UI!aqU)c&yvI2yE5G7vYy)};A|hgb
z{!AS(?wL%ikQso}Su$uu*V-rWu-(3;4^8?3!Fc)3VyZHg-90(j7jisn_ot5P3l8g&
z?F7_ME8EHVAzuxgINQvfv0h5oX`ZM$V>p%vR&7C7Y~l0U2J5;aoAX!IQ-_?S^`>r^
z5Pm)6-GtqiDZHha9kpZmRo%nDq{rL}(4yelh<hYcr$1j80A%Es*;6$|#kcR?A%pG(
z)Ld+6?dbW5RhM|Mky>AWzunQQEHE#8!(WDsUC~7KEtLoS!)nv90h^{jkMC8;$QjY)
z<+bdUBa^*V*3%z1=p%U1+9IZY<)kTBih<m=+p3q%R%pa+#Q5TA^1z451~Sc4CSMz?
z$<SVzewJL~ZKImUsL}*UDb%ESt*Oa|?8;))^GL|0mw7)MQe7QT@-Q%M&F$jdOj16z
ziW_P?iX^o`%?p>YakPm3m=#hqc5Z#t9ZlBMvJ(77t)CTEzeQg`DAQql;J>vNX<zzf
z{sVa?2Nx&G@k<>Jj(2#d+G|=7sa(<)J(MFK-zA|pzjM`k9z(h$^OEW#l9Rm8;Shp#
zWbH)vEM7sIy-BWQJe<o&m))C?A;0jsi9Y)~H7!z+YD+K3=t`KgEUVGiNB5kpgAU6P
zC%nBqHYT|eknc`~ApO%&D5?Xv3xGSlnw8<n{i*zc18Ym`gPFuy&(%1Hi$74w#*wiq
z$%qFAsp&Bke5oldEhofiGpxErBlSPCiVu|OXtnES;}Uqwly)x=y}DCwtXyOa0QyW_
zx9CpWPN4|f3=5wp#I>f)<!C*{eRWz^j5XtR>SL)!_R{=cUPy^`1ZPt|pv{#?P<d85
zr`^;RTrvM?atAXkON2Z1MNFzu=@Pb|Ke0_sw_(vGF|R4Q`oPgWym+HF!a@^wN6D57
ztj?=BIkS{twV35;u1WD#;cjDDg2<?Yz|oXMt~9Jb98{Vl8N6Qg<Mv97p&aDuSAKeY
z2Q_HLj83%78UbN!!UJ}^Wo!MJDDkj}A{#!{+>Bo1E&>{k#)R5m^F$jjW1x+)^^LlM
zc--Zm)X=w1Pi(vd&%8+9i;fMUDUL<nurz_rMYyWAt5Igb3v-*boE@ih=0Kc;-tZL%
zh1owoqxODKZT_jMxTTJWwq1%(O`*v{n(=Vzm@1n(*__ME#8R_~F`^D5R7I-k#H4!r
zw#MlJkC(ebjZ)X-*A#Y1OAGrrhfmmrUWaqV<rL;`_uFzPX32(Pqxyhiqhr^hf6is<
zdSn+aM(2GolvR!?AmGJQyyYg8n4Y$Wv!ULAWWU6wn0>Nsu|G%XK+Dx14lxL$efN?6
zNki3<9%J^133h5q%l;)k^+DKyc5yf_yo&K_TRcrnkAAJy+y_GXAvN0U)9mpd^|CBb
znj%f78zMrp>38qoJC^D+8)5#vmQmqzE9%wrCaIYDK>`57>TEU7yWbNizQeK-RXGjo
znOQYBQc%zd=V$x<=Mx&;%lT>!oN#QOa-WvzE?KMTkmypTa$`IaOcEywsx~dyf4Kk<
zeKUs;PQ2d8CC0N(U*V5Z4BWr77HB`7LnF7D2BQcudRr62u~VyXFyef8-u!t^%Lhsi
z^u)&*)pfN(xSi9b*De^JY&&S5NVUC~mZR;TmN!kb(}|uqpU%gUHe{n+8GWWX?0JmQ
z9+Zm_CKGb*A}mPt*h5+QJk{vyeb(35FVo5>Ae7vkV$(Pj>z;2$%j2G5P9~8N8q*l~
z8a*Yim0W|-*%zc4@;gB!L8E&F|E=iQXV{rb`EG1*thn3)ioq*<tlsiwWf4omfV4rc
zj-Dzdg&EP&uBUA?s%%WePS!s89cCUA2P(>J9Dn3hJFn>Cpx@IKJ2^LEgI7xJc95)v
z{dJBxy^>60gZo$#bfCJ>8S)H^(gc_95ks0ZgZI&~v^k{4<1`FOh2B<9{iMH#&Y~=P
zVu%{JQ8yXtk1VhDa%%I+IeA=AZ0yWqx?iHqA$4_xKnc!H)Pr|>UHj;vG;r~3TB8#4
zY<oD>t49k38MW}1{Vux3nQH<yVkh~>KQ@icdS^c2#g1BK8ruXx`xP)qTzXnLx!&7o
z;L-SxQ|)Tnqvam0RZNtBP^<`_{2}s?Zwjmp)B0O-4w2NSI@mOqmDl7uwdVIaI<$gG
zsTSj1jg*R6apmE?T1uAO8eY)y*sWe;f?iBy%JLPE4>!DY7GrFjdNQf<_%|Lg(RyYT
z)Hbs~Ay(8Q;0;Bo7vnE%4Ck}xqB&VDE6&alx|wmDk3xf@61P0lqsPa`7in0vEPUjk
zBe-UDPk+G#je0ziJ?c>6QxUvX>Zk%<G<rT#UieCB&4RmL&ask}!&GsYO6JqOD%bL5
zRR~Of=B9h|*1ul8>FC9l$l5#6<(rk+u+noO>ujNzUQgyTF;Gmi$Ja|RrB!dsPT}=P
z#m6J6Wjx1AHi}wC=AQ&$lQ9r)?lY5(a#t5QP7GyQFmm~Ok*s?J1x=HK7W*>P%JxGo
z@26i(()X766rR#+jLlpK;mNVoG&3n#Rqh*b%&f=7#_Jnbca*Z;^*c2q>n0zK>`{;J
zTet9~u5j+%FVA_{tJZ#zilv5iw@&A3^-{oAh>xXjSgV-Y>3taE+^a5ifGgS)|4R|6
zR(-#Q_cId-r{Te&o%e{Qwf!JsLeoJAfUL~;`zsIo)bg4P^y2Mmb<1tkjA-}5zevD`
zRGv^+5A>?TQH=2B8eUnc=ja~ZB<1AE^a8-3toCj#xYo8lHN5M+C?U0oTH_+{?b4)z
zFP$epC={y-SH3{&Q6l|)4FF*E+C2D6*U9%)H%MrI=jt8apxChTrK8?cCDH#uyy45|
z60^c6QRUf8<J%6kNag!8VYLYVCj5R4E4S<&sRK|XvWA5h2TbSu=fQ;*+0DhQ=itw_
zNJ%hbd`@4O(Mx>P=mJaCctx<A{bu(JnJ*K2xmRyqU8xDMR5PE1YYOL>Zqm5o{CDLc
zssxWFEx2Wd`);)-gxSxm^$?nWK37le5lJxkXc7Z)j0#7rZAEehdzia<@g9cx5Btli
z<MUX*(kz*V$k4o_iGi=1by@O}gGB`fN!X%6id$2gOZU$-braEX(J#f4b85f$nGs5&
z#I%<Y2K<N(wQwuoG61;2U3TB1r?>w(c{N(s&Q@u>-tt|N<Xx#9n8_LgP~lbzHhhWI
z)u|mP63oso8|_ATs2R>v#Z2-^67Xm|)Ni#LLqkI-gyO@TNAgL4PJ$U|Kvi(p0H?$X
zGED~E&a1}swuMjMelTG$C!kY57sVTZx`9HzQjxo~w06Tz_LDta8~`DKQ#)htMF1SL
z{47?Q0Mz_GC}&^%&w|>+`b+RW7ces5z-MPc#b#~G=)iZ^`k|+%uPq6A&KM=J+{ARa
zuD(GU5eg|{#-sqS4}eWULH{K8jwo~()Z?gQ$4lZOKn5DCcplokU2=N2UDM@6h9;Jv
zVm2``dF`}K0ASaGctHRocN>=fq&RHD68_DKF*!Mj=aAg!uz?LgSCDDXIwAmm-=Ffj
zjj^Pm{6ema%IF{_Q?t2-_j{j~45viI9lVvv0)a70kS&W@zG}c{+MbO?r!%tTz6yf%
z^?@FuqkJz>z>oQPwhBc&b{;L>AUVAw6fWsIR)*{G^9V?pOITQ|dq=yhhGR($H?dHu
z94N!U3&7z<9I5|0^PmQZH&Rej>&B56@a<h$%#0Lj<&>367m@|+Ab?lz?plF{ASmDS
z^BK}y79WGI6zE=s;<Es1fK9C?XpaLDP=Uh<m98yCQvIjIoV*vucT^CvccFXt@S9jP
z{a($cKN%2x=qCaI%@&h%&#LXvgc9w>9)PS52;T~%Urw)qt_8TGeg&M@?U)X14-Tyy
zpfJ?{P7COXk?=c(4S4R_16U!BQ5EU#Qy>>eNc^j+xH~#K0T|~sQO{`pYg*|?D@{SD
zxaq5_Y8zeBJ2cAG19ujEcIU(@6jHZJ$KmQsOeT7Nd!h_Eva=143KBfHIXQm=f($@u
z0G@eAX9AE>x1pUR{N~0>T|)!l>)>;zy;<1&JO%Jr3BBz=>^tzBMA$0@94RW)+U{26
zf=XMU$woJ|_03=I3mHo&a#uS{^~brpjG9>+q@vX$a2&944qH&kKWJ&Crdub|1n4ml
zcygT;HyN_mX5m<{CoK<UOKa9Sn6}j61V6az^h02F*B6dLm)jgYy}hq(=6%GRX5Omw
zNHK%f%7Xv9JG7CE#s9H?tAd*SUeJShPSeq@!uBa#5$e7sYOjGbL2$R=4|HD#*4qBI
zh9s!55rf*GAC_af=v1FzcxPd#SY%n{<=Bb0lzpHHrl{Boy2k)GzXJyi*(Cv~0>C)}
zCnHK&o;umQ?GJrIQOD@FMT=yz?v!(>6JT8Cf@nBTN~_#uP~v(u5-99m?L{>}a&l+@
zf*2&0`L}gW?ve{o0|2is+3?l?<{Ch;0HXwu13>QyK#-D>k3pNk!O>AcMJ1qfsT-^7
zsCK|J0&uXRx(#_j=f|p=7@!QjD|LH(y=|2>q?c0ZYdt^Z|H`m>Vmil(e?hZBkeuyJ
zdGF1;+DO4lBN8i&14D!Pw6Xe{_v%)xsqIwdtM}hGZW>sQy$tGW6d$sxw!gV@z4E#h
zEZLfG@w?hoZR(NV1CRy4KJQ>*K$9vjj|L(me*pCu;6#l#-EaZ62<XP?tKpdpqybtC
zV0p+3UvqLpUZt;GwX=9dk*_#{GWx7>?{L2e?+vrnBEy~Qf=D~?wMVi<{^8*6T*#rg
zJ@%&|YCD?gyU>5k7hrtuElju^1C@mSYD&)cF_GQU@eodQw>}5HEY4PwAN1=BR_zB;
z`8z@7lHiFVzI)WuBjx7icDFB45{5I343X*WEsKj$m3TZFsYywo<F8Bb5LoEn9=smF
zrp@Qh`*?NS`FoOVUJBo+e;pg`p*8T>nTs4cUrF_FzqG^ufoq*!*BzN$b+D8$_6KXc
z%Vu>+VHQfX_O=fxAtqo`5$aL%g-2bmaL3Lqz5FrsQdO{Fc;t5p^h0vGmwChYuo<z^
z5tx0E-p#s8qUWsgSdyIWMJsP^affLnp$t5A+j{?~1O1tH0bJ^xHSsT<l$Qw6AgbNC
z-jrM39%mL<dT-W@h`I7(9RZ>RSSl7m69D!W-`5>N_O5f%N#nAw#%3Q0ogLn;(GJmg
zI~&Dr8Q6O5B?WMyM1x*ojV3eDV-OB<hwu0aK+_%gK=*lK=k!Xxc*9(eRc*ps5s!fZ
zM-4Q!Ywg!|)j_#*2pWHi3JPV+&vEEG7EgEl@6p%{By~YgP5aL^KZeU6$a%k<Gn?>1
zm*DH45+<4FH;{u~8NT$MU2X+U^aZJ~YHx>_vozD?5^biHSt8fM^!%M?H&^>RpV`dW
ziNftSm-L`~iK|UlOPg_i`O8e!jl%;|724XuV1Y#VS<xx4g<I0EU?f^P@D3iLDhUc#
zs-E##p7XKYr{XGfL)Tl{&<h9?EoQ=zN#~4<jNfTLfpycA^jU)X`4KI*EWRU%si>Qs
z3E~q9YCY!iW7Cx>13UATwB{~n!+KsGu3t+kxt=$Mx4#;RuQ!QxR~^yng?e62R9nya
z6^C{u7oK){?`2ldxSp9scW7~W)Osf>rS~0%KfHa{kE@n)JNnc*+!b*uY_%NTl}b@%
zX%ZAees(abgK?-b>;#=@DD#c)+{?Cfho=%2iO6yDpYQB-o~z=&z1pehC4C*r;Vt}o
zYWStcWjKvC*6M1)P*rB^{M_;W*d>k!0xP8JzBLN`fpA@N#z7v<&60FB0#566X)5D*
zL`yDv$ddju%NDtS4g_0Pk4YZcfeDf(_i{3y+lz$<=~HTA_U)~?{enxTH&F9<VVA0u
zxk=&$ou={jT+iY6XHiVX78oeeXL6BHBk51(%`Q6fi4SQJgEcW#I4|Tb^siQ|X<S(r
z)+$?7ekyS^oZQd}ugk_9y148FMSfgx?2$O!-JtV^vx%p#WLfG2b+r2GSJ*<2(%oFE
z^L*z#Op}CuZ<yZH3BKEExj?zMEI?coSm3fWBs&XbZR1IP_rMC{urE>;dWf3>jWwL~
zdE@D0?EwwJX_@M!#c4P?qiUE*%3?9dEz1w%(Jo#MuR~D$y2hWmI{oy`8g;2*hD|4@
z@^xRecK9Eao@AFz280QW?PhtB({n&9{-OAWsh17x`@x%cB1o=~nO@?OvEgK!wFK!W
zo#*{59j?}_ZL!1MH}Owz4_Bs6q~s3+=SVX*+bM>3Vp7O>evGu4TUL5(`QXb(UB(lo
zFSE$Y@B7V;cvMVIbKB+8K3f}M5qmxAd3ipHKxDFv?5leuE(xblqFtrm?lK6wI^y3R
z{8?<C4H(B9RwB$$``L3g<!pC&6waA7{c**3=0qUd<<gz!wU&m6fpyrKacV==KudkX
z&J|qPeA%!VVdEBHeUp1HgXPzus{HFcsCBpG&HkMHhm*p{UHP1Kr-$dK#EvN=Q;{HP
zyI1pvr+Xns7y5V$oxkV&rjrfo#wnwO@SuS6N3C9xcb?B-2KpkxmVrA3u78~KPrsd3
zrb@l=$J?&O&yOhKL-F-bak-U0x!bFRawHh9AH~_0w}@@Y315cu?)@^^#bv{8IBC1*
z#j4s<?OpBPbgk$!k}cW4%wuG?n(KKbN!xJKZtQhhKl)3y-NoeB_hKg=OYt7p3P=B{
zG=s;?xuo0HpMEI)nCZ2bm5YA&n0c)VlDL9;t$hO<cRDQa9_%A`H9lV=7c=ESQfxTN
z6uQ~@87O=q{_1MmJlrEwsNLCnqBHM{P<S5kQo~l^e8~-hOz1Lqbeo)X3DT7Eva%!d
z5$36K?Th$~sZXm*!PHu&#NsLw!t%cdf^(*>9~dlMEntc9E}<W-HC3mQ-#WbvG+=|C
z`aSDk8%u@l_amqWJb(CydN;&0z1CftNyj|u{}^?Nm%a#@BVYZ+(v^OD<K%TZN+g#<
zgAn%OW%s@+r<c371UH%x^uF?HiWpDjxa#&MUhvR*C49L<q1>-{v#qnOM&t8fTN^sG
zO8ZCfH~uWNoBY-x*15QSL++DHYc@%q?M%M|zI_@~zh+9yks;~rg5g)5h=;F5QpmNM
zj$$bt?L&r*>2+q8G(G1M=bD_E2~#{OeT8p561h>n0c-bhz<`zKp7tXjlRo2Vx^zg~
zyEgvPlE>+%WC}flJoY-<VCAQD-i<jOxd6fbl^ehR<AC<FP_urwTTl*Ct$1C&jZRyc
zk@L$}5f)E*L*3jR)Q*tGahPL{-V8tROAIWzZ8MV_bNOtUKR*B^$ly8~k4;$^;fldw
z89gvANa$b?w!ZNrf;P-|Ot%M{<h$CRp@kd9sO6O5(5oRNKmA$qiS2f<Qr#h&b$QJ$
zoESdS-kre6E5OyBM}~f3&@i*N2xA#NRQC()D2<GvHFKp(oF6ecxZ)FpBIyY4<_<nd
z)BRRr;fzfxi`^LbZo_u6xpa4=<O5$XC+7XM(e&d=Z=$6zmft!ad0(m+u!^4OK~L0C
z#P!*3>bB(O9hUQmv`g&2%(Ot?iC~%x|H6N;>pWEr4aK?oO}aSeQTC-O$mAx)GcTpB
zY^u|mw<AxFw&}LL4zYw!zXVe)KxC@W=Ha?nrMs6HtX${0W%%BnijnGAJ7G5h8YgtB
zm+^L-OB=E9DA&Hls%$OqMITQZL#AbJx=K^}xcYWVBOi<ti6*zCUqspm2TFOmQ*|Af
z?~+*=R;4l*a8~jBS(Lcytth21nz@|4Kg9dc;`J>;b?ItNC;Ui0?Ul|@LnYgGZ_|Cl
zS7>`rp7R!ybD6}6_g`yL<dn$U@vST`?+#5Ry}+V%c6Z%M7;YHWX|E=-5Y42|k!sv#
zwD4D7F=(>C!AlFKo(X`ks6M}Pt@R{{n5faTc;Dc3-!Mr|z4_3$`(w|8NWVACE{^qZ
zRbHR+PFeH3ZvQe)1=VP%MRfIzIqKXix@b<Hp}tfZgQU<_Gj}cS(n9wx(N>3{2i2j?
zcB+IWsYo=#d2wgfX_9B3A6mynj<uegOY@Ta;uTExB}L-S|AK;|$t`fol-F9)8ggko
zNGcnZEOjvI%~PwpCE2#v^|i%8KsJ52H>#(V?*ZZ>SQ)dG(l?*N8cMV*OTiU0FLQ>Q
zE0i*i<^AY(2P;1~tk5ZK)%iQaHuIxnl3zQFRQq!#=aK?_Tc?CxBgnKjB0flXCMs|q
zqSZ(p1DAF^BT!jYaiT<S$%|xJNVaQYjLm**nRjqc`8>8bg2l&MxjyV{ja7==9KD?^
zm>#Y^>yciQp?tx+7-0+Lc|4V1u93KGQQ})Y)_L=M++5_;DZcOiw2{Z<nfYgpW7R!d
zzC8@0Usjel7|dA2A9fpKe!Tjq-Rd>)VC^!d)PCb8yDsp2vXguED)3n}qh-cEN#Vym
z{hsO7yn<!xCR|N+pXkoDF9pszPRfI}P*<9^ZdG$$TX$zcFLK(n!$G_%mz6+{E5pKM
z9u+}()8?w>`c+djyP@$;_f$f;iQLy)2S?<|mVN2x%BQc;C)8FhK|``!h^WW&xE*`D
z7|KDXGvJckg!uf$+sWhR71r$l{4vzcL65tfCI0)5hVvV|_E}Vh<_4ZR%WvYXi*mzf
zhQ=Y}C+fe*@|R3>%<0cf7d2qq8RG^G_<{KhSjxfF_-GeXY*EX07pHqG+UlvM%vg91
z4>_?l$#mW|PT!m5ozJ+ecs3istlgin=Mk&4B&Y2@<V{NzCuiqX`27=8i+@eb7z2-T
z99e!C?#yG_aFOwybS4uo!9Hi}EH&%A7F)TKwkW}t6>$>B_=7k><_o|~U9W!R6SX`N
zsFV^p_4Dxc1i5Wg7|l8}#v_x}8dd`Xli!t?m6e0)y8#E(o@C>xO9qklo7c}~A*GK*
zr#XpCCuz~}LOaiwZf*RkFZTMRiXB3<@H}T?8a!=H<#^)QB^M~x7iI@yDq>mooa}y>
zN0V!&Qk65>@ITV>oV%+Sb3l0nJneFBNn}4(#*zC#tP;Kh_;>g2=sMCslf3cBTc`66
zhPzpByv9oY*ou$>-iN33b{aaDoF?Vk+TJu0=D#)em3oK=9(<M=IOre6NL#g={V8=Y
zbIaD}-bQ~BK#S;iXPdMaiQwsipr)kUI1110NDc9jt)<=)uAp-GYxLS&@K7~)T4o1i
zaG#QvtPv}l&R*QeLJ?a8x$cW8duhu%<Y)W*xoe+2>f)^}SO|W<ge;VJv;VI5tKK?Z
zvaKt4+c0S8m&0m3LXdJHDV%FXy#bNhpS|?EDljL!|NLw`j15?u!x@H2oeA#@S2ust
z?plFx%J-(6FV=#!ir-9@y3j`(6xch{y-EUwuWh1-1#SB^NtgKN_Ew61LU@`!bPMrs
zyR*w^=tm194tPz(IF6sl9i}>WzTU$+xa1#OJE18GY)#P(5We2aOo=cKis;{;As2tm
zrJu`X=vM~>%W}Qk3vgvge!(Zyo0lGOfMfEQ)(ojS^$j=7KZ0=5Bpxw9PqMldn38gP
z^2%$?JIp5E)9mKcb$Pn?m9WYFHuKsE>zQNP=??nPq;UU~pB2<&zTc*<U>7j_y52d|
zu>JO*rN`bt*go;{^o*bLyy)*LM3P-O^4qz(xVU=57yPRmT!6_Fz@61!9-CazL$#ru
z#@^`873}Q3a|OGi1gEB5lD5dgBKzmsfy??v4*AL=cF#jtY-C}fcfkMk>u2>^lO0hw
zQ|FNpdb4gNflZvGB(51LbJhea4p#nfPLqE5eJiEz9=|PK&jv&s9;P>Y$5cY+`D*7w
zB`4Y<uIvWH3g7JK6DEta&u52|n0~ic)jS*Aq}y`}-QKRXhfem2Ea0(JY3Y%6o3~pF
z{H8xcVh>ku72C$Qc3Hj!%@Qn`^Vm6-Dm*{_<McgV*j?yXDfyDVknr5aT=n2Z3!U&e
zbq~KSPKw+q&x7+*RjLMUd;T{Vs{8mlzSUl2OOdyHJ+Z^>QSq$aCyHOGtaJsj^IBNF
z5BM5Rj%=ZbMz$QAKa)@AS)hut5d7vg;-=w8!l8$$O&c`Hjn{}<bwObyCE0J|#Kz~l
zm&gve>hZ2TIet|voJTw>nGK$<$$L(+Phpck(cE4iI3VkIuR4jry~x+-vF8m(39OU6
z<W!#b=~&LGSg<hNvER}xF!m+qsP78c@wCDPED#l|G(oIf4M7at?Do*X;$E7&HHt^D
zM`8uQSTRV|;IU{^<!d*v@Is?x8bIo~wWf*Db8^C~o|5HDr2z!wZbLxV-v&?-mGja<
z4O<t7F#CDJZA0+*__>@o0KcLF>G@I@-J3Q{#Es~iDtV&4O_ue6TFhw?u3UUdnRCza
z&2L7-noSs-os9qkeJgegfOp!&pDG7HKFmO5Ko<Br+yr>prBiFfrmM3!rWNqx{;ubA
zIP`bW1|^oPa&z0B;BYg*H}*^Bwia!az6n;|TonlaLpN&v@V~b=>P|+MaNWO4(q589
z0;%z?0D1&?jEc|q_baPtgmxgSZ|A6Q&q~~n_Ixeq&dPGD!n}_^&Ioepp#T;d7(CD;
z0E|qUm=++R4KE<ABQUanWLDLTIJIJC{S1(?MotsQT21NXiru*;Zz|`1;8=NY0!zW`
zE#$2K4yR>(Mx*>UruP5+t{|e{4UC}xDsYJQkAXF+I4RrXb%mbZ1aH^%He)qBFf;=A
z>x0U7$Rc2A4u!b2ca|A+?h-x4dzgGTItcKH_o{#m9|0!q0LvGkreFqCU0wZWK>_mJ
z*e95YDEGWP%^0tpSm{lmXJpLG&R$6y2Ry~Q*ZYT20Iy+m^9T6S%Q&eOzvlX+)YKI~
zMCRn=yraBnGUG2TErB5+gJc?j(!IAnvpOz*^H-RtlQOfXt^nCYtvUc?XfQ3~x)@A*
zcm$>ix{NCT$@mq06EEXyfOY~hzp1%76~HmTXd)nFF(-sdP`82^DZr}Kb8v_SG%Yab
z3g%z*K7S4Z=x=m4H6XbGsTI`KrNBG}0Ej6`Fu`QZYcPDJtgMV>ar<vitCF8=;h3u7
z0pb~$9yIJW0jM4j9Jf){XKTD<$*JCTB~G==klo{aArJ!#3($iB$)Ab@^NuGB=ArI}
zh`OSvz@U-UOkH~?xp!YE3-r+&%BVa3I=;5cy@cM%oc|2^32br~${PZOxErjKk5X>r
z2UIyuA|oI%fXBd`Zv@O(L$SE2DZQ?)?&^k<hX+imw4I;x3Z-ND07jQ%LBgF10({-D
z?LxFplX=^TAIz?Hn*b&&K}Yia+MTKD7?^P_fSS`iPYD5@56GMp<OHi=%oS`I7$`uv
z#v4URPy=Q+;A5hEi~I?QGXLSE3cLYCN@6Yl&enjF;9qbHKvusSgaBN~eKl`yVZdX*
zBl=3m0}4K3!+|gL))VkGJ37SfsFv(WSzrVS9AKK;W**8GfTh6@b15K?UNyJ~M2v5}
zOp+;HWBx~I6|mzz7L2NQ-dhD4;^5%$XJR6#Z9x|tA-MkFH;z1$X@oj}bOFK-P9iZ!
z5>V8DRr~xez-rpwFlY}YK_EaSK7he5Fd+k`s-6Ro77YK=rh9;Sw1yAILjQSY@!d1Q
z6tqES#Nf;f42(;IWyHqC+0HlL1M@5ivDQ{r#%^xOI@g=3SGU_Uo}ZLV(#~&rTz$S}
zJjPP_qK{HZ5IUw?`8<bTs<S_2iqEgAUT9=b+14_beWp^;Id^@eXlSO4eYc8ri+4!d
zpunNJXT&L-!$_3>)rU%Kji<j+7v;Zw2!F~H09fAF_eA%DKTj!atvPDdO4!Nm9=&$%
zf1M(~dpRwhIrx;6bZ0A`&+Yg#0MOy}&Mev`;MgB6E-oUm5@2|MQD;DK?T93g9Q>RG
z7_?wuLoBn!kR2gr^8D?i7hj*gePru+k1Vp&y@(Ln8!z#qxP9wn@x;w@;2xj=gE`{6
zJ%__LF1P*;n~4;u41=x`z|28+0*uZsE-l@wrBS@Q(c)$CT5?xN2-<yQWQBs!2M-@!
zq!omqWPScG7vLkqM~3H8+1S~N!Eb-O$@_@?^r_F=A4vNr0T_=S)hxbAU8I?#{d+4Q
z*zcY9wiU=gx_=^Gexv^HU%t*!2jl+d^93GBO8@^{bPg-g@Bm*tg99p`mD8iUOKJiD
z({^tAsVGadDB6n$hXay#A1Zf8Hdd2u^fTP89^AjxdI*~ystV$PRdxNqyT6Z|Rs(&H
z_3iDf%uGL^sep%TR!IaTm&$(o<HPrl3<`9(bhv2u@8ADGS2sBhetLMjr-ed+XmgCt
zGmiLxPYYaFrefX)hBzL6>c6WvP|X?q{0IX>v`7VqfMDIdSTWCIEl5x@OEE8&`jAi3
zS>^9#;6JaJ|7E#B)~!p;WAlfN4x@0J>EAZLNtdH7<$<K<=26s&LA?|7SIT_m!sT<@
zZvaqJx`0@*D6U(+?#EfaHRrP?StpX{I&EP{b6rh>MjmGy-tdw4)~00~eyX$Jc%JG#
zqg=B?(oI9}AcT^}DC?l-#q5hfaL+Yx<P>Kuha7p~U{(nwHHQqPwI@r;fBK3DHUGU@
z_ATyddxqAW6H_%BK8k&tgd5DQ0=br9i#T$>>tc@q3Y|(@DkA(Um>jypU_a$lq^t54
zSFfezYq*sDAn{92?`_`FFIlwJv$5oFiV5Adm?OXT>zbD|L#Nz;VlH42ei9Gbqj%i4
zP`N(BbwH}I<sL0P+YvbQveq3%7u*ZA?g1#cIl7r;M&1hlCkg3it6)4dW#YQ-S5Wjh
z?pQeM54ZqfCP}xo2zLmY7PU#chl%uh#g3M=7Fj4BuI@R^YSY{7w<86_HSegKK)XAq
zlN0IVwJX+zsq`OjlR@oNFEg6GFwUo&<I{7Vjc6~vuBZPJMH|Fgv*jSxR_h;H8&<n0
zQCohV+WO>=smU$BdADX&?D1Mc`KEBSWA$Mzyy-=1VJg12sx!HZ-?2B3^X<^?>If}F
z4N@C>e4Nd6J8FD7<}??we2iJnKBs%sq0Hnd6a&Ls3r8*fkcqkJ`g!nuN6euO(@5I)
zA9G`!O4}~kdwkP_0^A`g1C%XKW%j?b^|{nOBK}b6^^mYWnGWQ<U%k6&1W$NA!mCTW
zctacbSXsg-O%KpkZ)LG1gCA387dKD;(K7Z+dLBvpl%Fn)wT*zx)r(PihEQY>z3hQ-
z+M4-uJ5T+bLtk9%`k3};t@poWq{Wm}n|n~2e*CI`IaFni!qM^m86J`J(BdoT;ePBl
zHfG=VNue%=iucRd%BTgK;xej-T@8l_^fL`ysVmldiawArq9kz;7(All<&4ilfyeS9
zktE`GVxN9yRwhGYbd3~$RzDGjY(vszG?-}+M1(75^BMPXo*J$r&n^UC?4Zk@F)=-*
zIZ>f3Oj1omM2|T%8ixP}r#-Q=g5Go^!d>S6Q3A_i)Nkr&nwP9g{`U)2EnFMbQ&eq+
z`a(t?WW4oz94e<f)^t`_kKF4GE>zHafc1##)EX~JV^XUt$|Aa>k9NtQkoslV3vL=;
zL=$5Mh5bXxCH>$KNy_U+?IHsw4&%#@ieWwlAw?{Gx?wL8=l^`dUNu%2sUUSJOw>tx
z|5gT954ld`@!amN*@v|EU-X`>rk(7J)=isC^)hWF&+5N$7Qt3P{_>dkq^sS<g86N_
zy2vVy7$?IYdF{88A5o10-4-kLnMb~{!~S@ah9$r6IO33ylA+WaqGGy8UD2nU`XD+M
z)41vA7**m}w#7ei=($!F9NNXWcadcvk9VXBG2Ohul+uRCzjYwc3wW^FWVPXSd+63U
zc4KrogONcdPkU{h@hCK@eT=Vkr(54kpGgn-OEA&VqYZ0S$9C;B7?oegH|>eav|>TR
zFv8<U@D;71EQLsu(#39S?2dM9ek(k9eV-vrmQqiKN#XI4=a%hBUHvJP^6S&;%q=NO
zFvbVQyyx$R86v%}sP3kx!34+1*chNyA857H{gyS%+@E<nt&~u4dO}i;*EzhuP`@pR
zYSqhqXs)kT<0kkTo|N_ZET*a8%gwIL#+4n%>ph;Q)w<8ObOsg)hhO&*ALf1DO5U|9
z%z0slnZ&|kv`Vm3UCr<+cj8j*iD)E6`JCWfa~ADTq9EJil*Y|YpVC{&VSy@DE(Il4
ztj?{CWiq6tq0~YMnN+KEd+fCt;cJuuy|Bd2ocx`vCnz=w<+;8ix36+)vc9HtXJ@hW
zwV}lp!oKUS6ZKexbH=afUU2#qV%5vh<D||0KGn%`s79-$gDZ=*9*c4!k)f~3Kgp7*
z&w{PHFdyM32P3NWHwWUQII2Q23>qi%)C*Y2rHz#&3Ax<kf4G{Hg`&l{=4M4F4;g*t
zE~ef)&t}|hEqB8UJta_6RhKv4k&FM<xxH4U|4zPVl0>nHvHM)>xw18r{z~^p?jl){
zJ$gOZZEx%8gp*l6_mJ6)m{c2)%1v>Ps@0%2s{L(sSWo^=Uxf+Bo=)LRi8IGQ+WRs0
zncVSRhL8w(<6)f;dS<xXW;e!alas0Uu6esFJtG`_%^*Tk#MYAW#6A9LgRKxDd7Vu|
zLVsALY?f8=kIKA&9eK{EYeOOpcWj{oLg`~ZrvzoiDkqHh129_abv`F=wRbC%1Zdj*
zCyqu=xVtSEAJAyxLNit>x_DzHBC><WCQ}VRSF!#-oV|5aR&UoeiYO?OQqo9=bT^XH
zC?MV4-KlgVAl=<9-3`*+-67riUH9|+p7(vfbH4NaamJ7_zybTd_TE>lHRoJ&xe3rI
zwp}@Lo%6Glm;O%eDNEwGkwe&iU&(Mi(KQPei^SnwFfzK0?LIm6$o%YMlfQSWEjis<
ziq=T?jH3~Khk7B!+K(fr{Xz6dsWa=lGM@%s<;<D##_ae?<k+@5m*UwC=)%5K?j%|w
z?88!voTq43EWYHC2X<G~Z|_CiN(PryMYk#>*mxB>Lg?SC#|m?vO(ZnGi$$NFa5jgR
z#|<vOC=3a?od32xbw&R@mzT`g^XuRmFK2e0ZNl>==FOZ8P^ELkCrM46Ve22-w$B=D
zHtB00@Rwxdmj;HCsRg+hpbhjm#>p$cl5~>0G9XLJRqk_Uf{#7QEv}4m^8C{C=TfAu
zPH{;?PpkfFh6XGjn%3w(P{dU3c5N9>z$*a?S~4;+5b!vDf|^56i*s|c5dlQKPjq@1
z>*QauzBQU~C=5OY%hzQYMb&$9PIUbEK)au78q8m9ohd$$-EF4A%};R2I$$TSA@>5!
zkcn9)KsCdlD}ul%s-vUj&(VcEr?)tNC<!qSw8m)I=cCd&(e3lSY$yKI+nG!BkI~Lo
zdsG)`IE9Q@(p^g)f2-^D@}pGF<fs{45&Z+?#TnVGD~DTONK3)TM&iJww_ik<#7orb
zminx|z`@~LkXUvTQHUIDsB~R+$vpTa$Iq7VtKYvAn#UlXA6MwCQ)3B<)6y`4&+k`X
z%Rq&v^7roFzJqB!>0kF4A9<qdvsm66eR&<tLlJ|8!7%AdHU8-=Spk9i!?>@_7ql8l
zW;$6owHmgcXX`j}{$?M#`WBVO1Lvw?s_;ki%8%IXDq5I)u*=vg7@Y9?T|dRNy*(GG
zc^C}r*=kcfAXXrhke}#g%ZYDIk(79q&ZL8fFEx1KLi!mBha@+0)p!?4)Z)YCj){g%
zk#78TM8ERNf_JwazRi_m(|70r{n(}`38^>6qPdY(W)uVDjSM?ULF!HZWYL%D<9c_u
zT(Mn;Is>Ig3ZGdM>SeLVpzbO}bp^?pt$?802)7}c_`Qf<45^GPl<YgT=T+UKR)Z+K
zIsAor11Y}pn3B(JCtc)7i8GOSaCD7`p953Hl+bE$_b@FaNX|`2T*C+^k`<(A+05e%
zOvv<yG=%$qI~1obS9{F99pWI6X%EbL=6WNp(?24m!EY>_Te+F{<wO(i*ZcCVHvQOU
zuJ?LxjQ#V<w|Al|Hs6m%pW!}R>RdY(5uL8RGA`GQ+T><vH6l0EAveit+^7B<Cn<Je
z(bK$NZ4^^h>Ggua5z}Nsj{$*w^g`!FY|w!7Un&yU7}(B9DMkLAj1R3JU$8v!1WXCl
zR_?CdqK9e@<)&Tk)0ri9H-T3m<lQf}+oiBAGil!%-ae(>Ii<CvVWIU-FmU0QmeM%H
z@CxEGg@x4@&#3nX5%IE`hdM?ANX3K<49LI%LP|#V4i%M{eH(oR?VXg`1<euiTPpXW
zpF<X^{t0r<rcdbp-6Q0W6x_34E5k0m%Co|;q~-Pn4U<YoU3bm$t$LOZv+LIp$N3Lf
zo569*xn}w4UFZ=G;!o2Y+-n2GXM)9)^rOqFpRThkv2-$mGi%vb(N6vREI+CE6U3Xm
z-V+2ZD`fcI$=t9QD}2}T*)e7izT%Qc7(**G>2So9YMt#Muk3rgzAaW>B{tj_RBUST
zug_xj2q}-J!r_X+Sn5`G!pKNyfa@fa1cjt1CUrM0)c)}q+NVPqpUaL@6ii3eEAt1O
z@sx4R<KK(wfJ(!^iV>0MxF|2~3QV$*{*b9v`MX5ZV;bL+CWX$_$hj(xoK(PJ9nz_1
z(Z^;WH`fuFDrm6#U46auv}_wSGhlV)y{igu(ZG8QoY*N2%SCzVuc;N{`5TT`anLak
zd%n>S5sTQ3?04Z8K_T}@sCMJKrraX8?4rO-A-L=Z(U-JHiK+-#ZtsgCh{(G{CsaOZ
zbx&`7>|ZeO+r<hcVdbd1dq3eiMTJs4qh&rP2lJ9ny}3qy<`kM~+fe(qo!qfZdT&_~
z?{LmQ?@SI&yL(y-A0e2uQpwrXgECwXvF?x!M_nX40&$}|H7He4l|;APp*J0S^qRZX
zozS$y@U@42*%opbQRR+Qj#IN^jP2B8Q4t@p$E8ly+$aL;#hjIHCSo16c^y>PpT4F%
z@+w;$Dk?Lh%LIB3;g#C%FFExc?30tSOM7JvWsvMKe<fBdqSvQe7i6r=E@%26^~4PE
z13(p|4AjMilPe`$JevFkFoAH?fCHk-O@PB_17Q=SFdF^+dwDG_uMM-wqD76ymfB9#
z;MQ0f3N|-}=xus~Z&$9<hJ&PMn{3OEUE%l1VbhV!x3~0_ef`747MV%w5BLgB-Z<7y
z>W8!Y=6jr%6B+Pd^=`&&Z8b;sJc}s~;);}S$_a&*C_Bge>Nsbt#fzS2*oHYBgnh3}
zITiK--$Z;^KhlXe%!$TaX{%WrI<yj848+B0>hUWnU0WZ3{ivu!$q4(th8mZV-z{KC
zYkETekw119Ud*f8eeM(0H?Kt>9aY&{cHC{j_x)aOx9P;NJ}>rNs}G%V%30Of7B0bl
zE8O){aa3$$?kJ$dUt)kwOR2T+61%A&p_j&1+$(EGwZ$Bh7sLv+QKD*O280&Gv`?^l
zC$r^Kn#CBs{jfL){-v0c2Z0ktKYxr$s_qsa8$>o2Aqu@xK5(rKQ>mEJh?=~q!na3u
z|5cp9T~VP^^p|x>r+Z%agZ<AC@2&Ixa~d5d3tm=(?n8I7`eWo*smnpyXyLiIjX42X
zEFstvimNxhDThxEf4c9?s5;zvB7X%zWjxNbt9+#JD9NTPR>ZyQ6Jv3G8F{B-UU7AY
zRLrVyq#{tcaxXJ;X3-qCqTM-G_0)V&?RKlQ+)CGivG_Qn{igey(ZR%-N%j1Pj?oyD
z`62x#U7a&|atY1hx+a)~k=e3uPD+bP0LNgPvO;yayD$M36oC;DI|pU0+dw@B<gpzc
z9dF>^+AV9(Z+Fr_1}|oAP9u{S?GO7rtPb!`N;*1n28N%n3Eh7ZKAi*re>Urz6CHpT
z-P3;xJWdX4KHfaJN|Rj^4x>{Dz+r7yr5*l*JX@}V8%xe^?BHuQg_14em-u6i>oDNj
zF0(tVN{63YqT%(1fb@gVDTic@yz&G>U4`12N-KFl^V1<)uugo>XKUS=By(<S=ml)<
znhi|HCWCF^Iym`@DZYF%x=X5DW7^GD`N3}V$)Ku&gze=BHYoO*xA0Slj~Z)KEI7u6
zB^}$=4%JU}=E@OTc&rnZE{OG*uYW64T;`}3<_?pQq0)fRa~j@7StC6tlt|&FtA|qI
zF4*C2y51@?9*_OxX}&L>wam>oDvy=yda$R99<WnMu<G8j(Y{^6sZm@K>sae($orm2
zLidG?={gVRtzubv{_qrU+b9A#aCQj_Db=^JK!dkquh?tF9KSH-n%nv$`BB>V4gTbk
zhV2NBtrP2y9oTgnwYfW0HZn)+6qYK(X6y~Lf{Oz0r}YbEs#~7~YHkK5KZR(&MWrES
zja9Cem>Bw<uUkR-`)E`w=IR1RFJ6O9_Q?&Ve!3uA)AiAW-~A=wi~OjBd->T0u8>Sv
zr5VR^o}}@Lg6wd|HB%c0io{Qn7%pX&8C@G4ThN($ff>Hu*Tr?}Y!b_T%^VD9aprC_
za<wtPDb7dfS31llE?K7L$^k6%`@5O!u|U$r<BUK^0vOD!y7oe}^fVz$_OQ5bMZqAB
zf#HxOjItV3fZrhunwaYz^-DI5$kbnXayCu%nQmznm6tJ#rN<}Zu74e?9}nahBZj)|
zKP0_hDec&@(OHP@{^S0>K$bMK{fCPSm*E5so5f;RqBHZ}K$+8MlIQ-B>3uMY;9~CG
zqenRalUG-@L5ba5trg*0Kkxo%3cDE%r*|kQpY-%dfNj@KR}fk#9%ocEg{+*GmaP6J
zM)-OhhwbJYa3uE_H#u{mU|;~BlDy+PiL#ji0HS&HA1*nqgpC;s=g56kQwtd~6e>^v
z3fsNI!!BbM)cK;MUsI-AoBg2Np1>awS5#enF>ErrPM%7X;d~FB&1y*JR)*r02m`Ur
z3wXlu%nd5c$=0D7rP!#M3{kT{Bg1(qQOfV1cNn%V*lacD;WJL9fM%g9qm;NB4fE%6
z@<=1DQbksG7?=I4=u`;`G8~R2FEJ7V*&UTLMyrvG@_sl0F8^+_$g2k_QS}2<(aSf6
zbn&8>4Ho84q~S(F-!b7`=vD3p4V_t{zg1~_2@qhQG4&_gnDmO<MEdtf<aF3o)s^YM
zUs~ldnCa4Cqea_1<RGAFv-rvVV)Ktt#NzY7J~o%?gu>EX5}voiCdD4NDL_C-tMPTx
z+~X3UbKy>L>1D3yuA@97t+I5U8OQT;D}P$8KN1k3W8?{=Rl^liixr;K#d?|*jG~Cu
z)aiLro=fCJKG!oKeeMujFIrH!mV@0x%POz=uCuPLd7s8gT12By+n;&4_pH|~jEJN7
z^IQSitClomGn1_NzE^IXFq~K|>$8=V&T_JFWrUV1Vlv?*EID%7x`;g1x70N$jR&NK
zSey*mq>}A@8&fE^cPj9e42fpS*X5B0N$g`6>agPew{^s!*?iAP2LuyY6af}j_L}ZY
zu?XB<Qc?yg?G2>@QQ<e(RwHen=`ToAaiV69^e@ls$9qfLgMav%n3&(M7-0Q~k11lz
zqa}7kF}{eDN==e5)qkP*@x+?iY#KB2=@{*eho<cMM8aT-s)UeJeRFN|9}^|y{<B6_
z^huSq`d4pL8*f@pyLmV3{$Mfl_Qu6yZ(qp2E_@YQY9579WsQZZa&z#vIHCAOsQ%M2
z_iw&d@9bR{mI4G)DXpHG8Tm4^6RbyByV>QRGOngH*tC(^JaJN)J+6MPe>DS&4z=Pe
zj7Z{6h817$B}AZHCc{e)>dR>@^*8iha6FX<UTBCa62^xJz}U@{8V+pQGd+FjX*dXc
zEOdBpLS%L{brm!C@puH_<00^XqF6Q?IvM*+_zn}Z2e{cml%`lb&J0<iVY;9!9E#^|
zHw$8g0rED$k=y{~?Uw?Dhm!#Qrfu(LO?t1piL`hI9cUj|#D;x$h_f27mw-bfPgg7|
z$j|?j@rA*1kptqCm7l)~<nyF7G@*bi0cG^@Oa^ZOl<fX++S}4~3XUQ};M*XT%7dLE
zbM(`R`^2>wcqOgaL2TK8brR6A1NWf2r-mg<a2^4q8N#ywlpbh@!9^CGRy?4Lt5?>=
z^48t9Ml*y$3HhJY=x3T3LNOS-f0Z-|PGsz+<@tu%oZD<o|75;2d`-d;B|WYWKQP=P
zv`_o<rtgWYD`ms=NtQcBqxLhm`whd7A3yS^OabEWG4hQXgF5CdfXL+vg#QJR!@YU)
zDPwm(d(O^8^V6sAq35<3kB&x{uFbDry;{9=1v`gu*4XI0>*@Ft7^Anh_wMfQ$v5{A
zxaVp>S%BLS5SStGtSl`J2WCB}czB@_ImC2y;lPNBi@VX%{yh$kgt9Ugl#Y(htJkmf
zYPFi;*OuLmMRMfc;o$tya9Wz8aQqLRK9jeyf?BOg3uwUf^beD!tiVR2tEWeo1;+#1
z9TXz3t*wE53*vdgp#7;8Ua@Ejfct;|pi7ztuCu)xM3j_o0Qm;u#;vXQ^aO9-yg4EB
zi6hT2t!|J_Fum-4@{q_GFMFl*FX{k<pD~w7!k{();+hMtg2iTz1)O>}faU0-*YhJ3
z#Gn>D0~9p0PCzXIM>+%op1Kv7*WkYh2tf79qrsBO!Tvsn=L1K7e?K5nn855HCT{34
zzIJT}l^VZQX#p_`OiZ{^z>DdIC+d=pIx{4pV&@KANT7~%h+$>temkaj!4zzjF_vQR
zj4BwIl(%wJEEIqQlMWRBkjIIN+5vRpb-*METnf-{DA?HI#>SKY$ouf&!*`ud|J&-5
zx;l=QyZw*hc$~m;;XSB>0hpeghQ<(>|B|0RL4nI{0hcJCO$YA^xE^k`{dn2J1nQ81
zc`TTf#fl$OQc_xc<^S_gYKvB4`@pdz8bL4wh5)QH5OCQ-0hPJ(i5!qtySv7af*jy0
z2nPq}sr8*pyA6uK{Y2p3hQ?IjTE4!%44}NG)GhS|$>(rjF#=fU;NA^^youAcm&iA<
zjMl54K<PMGL?1{=eSteirUG@VK+Hd%?^}n{+N0FClj;Uu->0mxFW<iTfvF0(7*tef
z`z2WYo0GLrT=sBa0dWtzaT*|#r`O>Nr<79qg)%TCq;bE5Q-OL4gTHLbG=a~<HSHP|
z4ec>l{Ef{Hpom9@kOUwfvtF~Rgj(>05{u8B11v`H>QM3VhrnFyhJ1l2608aBw(l=m
zUO4Des)ICTv$3u@0K!6bT~9eI?THsCXio3P{rq`S0!#W2JGDOT0KZ6g(<AcvGa4{_
ztLprR?+WA=ZOy6z#KgaU=CwQk>>ZuMS_jOcrBm9!F6vuX1>O#bW5NCf<~P^|{%<6f
zYmXBc-p>lnQo$&((`H)`FaXU2gzE!&x#cy0d%<4#dfb==+*YPy5gY=-1+P+pLW^Bj
zDydw7f&{8dN;Y@VKcjooDvnC^U;G+`ef#$hCrPA{|B!b?59H$6|9^kIz|s*445td8
z%YN4|;6s-KHoxb?zurO@zEqSLk?$v&Kiz+YJTD-FuKJ(UTH{)5A25gkG-mjiG32GM
z=!(shRaeKXuC6BG`1~`VMYsnUVs38k+w~CoH%Lf^C#&s%&wB}>pJnp03JZgQ(-j&f
zrlZCSupohrE5spp<1~HB6q`x^4I?8XSl<`-x4@fiVsy047Y+>y;;RE}LY^IZ|MSK&
zy*w!*!M>1{k?{hmXlmc>xu~pV9ehErf|(+f!i5p@r&X68cn<-)P@sR1if4EcCMpD6
zQGvAx3me-RnDiHF!1WmTbKhz9_V$8_ynbv7_s{j~kig}~#>SGl9NtFs+D*CmBVeyP
zLBoN0-<>YtQwL0LJdRCRa4uYVy?{+}`J6cx0xZOMTtNXHnA(B)0`eUOoG_61fcp~#
zrgadN05b0d2n{h>V*9`W1q2wt^iLpbjKOr0l9+_#M=9oj+fjW0@TLRX-sqk^SWieX
z5+Y#80my{gU>7lF!2yn_kO*=6+Vx)}UEF80Ty$PaQ)zNObwUY3S$Et}>e;d9;`DlI
zD(jXlnqu;Na6W1{pffc!<*-?QH9AGTYs~?!{pcw27X+V{wahl_T?4r=FffeHC)$t=
z3jy{e)XqrS4me3)t)7qY=jG=5zatTa4D!(N-k>BFn7g`zf=I}L*z)QEJnUC6FyPR5
zYwytQv6~S9PSsz)6&<92kg*~W@=4j-vw$ZF6c$y$<ol@Q-jW3;jDLy@OzB0J`9l^b
z;q-~+!%q!Mrl*UUr4&?6k=gQZP9HaCc8h_kLYW2=EI}wNR#SAY6!18@!TuSdxZvPh
zT2__^Tt<OZ!*k$p&mRXJ-M)JdC(IvI{H+|MnvuSQhK3v+;H;XVX$1iTFd=8s??VA(
z^BZ`0y}qAB$$TF3>?7bLhp^Ex5*?kL5Z5~>>X_iNmb+l!0tngWf16B@{%DG>qcs=v
z@;6G|yH^IhrTNV{T=Gi!%{G4-*&}~Qs}1LR*`^qqc*Z$ZohwDCRqbGdIssftyJBx`
z9S_mNc2898FQf4pIp-rTzG)Y4i?Z!6vnMGqjvg%nJT=IQkx%oQiS#Zjx2LY-TFdPP
z!&YR1fM_qdokHCkfnuML1iLKCDe_+Bf3yH7z+v_PqfEyf_})cpU&*Y45aOORUTJ)J
z*>f(iq`kcz)Hd;LT|iFS>fg)Y)Wib@h``Ys5b<BXe#HtC{Uxz=S(07nL1j-$tJ0m!
z;V^R$ZYYDl*q)^3HBdvOLc>sKW$C_t#l{jdl|-TUi~BNIP5RuEuLRG(-#F_gT3+ft
zs5Q>^_qw@*-2uxTcy*9XI7BOt0jyGfFnzA8MF~Jr=Fguf;JgLKMjR;`7S!Ogg+G73
zZwS#05zNpYO&0)1B9rlGI^P7C@EmsA2-izaX~)gW{kao+hqVS@vc}Y>iTCZf%I44J
zIu9;E<!^__^-_Rf#z~12Fs{5_w3BT;AZz(NsXEy*MCScYe1hR|PEgu{8H=RNqWA1+
z!TkR4)sQ8v|BcB*=YvV;DD==&{Ie0RTah`(QhGCYs>%68Jmv!Xt-WVc>Yz^~Da_QD
zvC+_I<6NH8my2of6_e}}#lZ&K>nynlUpM&be&n<&MaQQ2i`&j7b$%1E+()RqG@EU9
zp<@guuGCT%x75L?!33UtI&)qYy8Xh4;kAYg+q@+3LK2LG6>G*}L|aqRn>_DcI=~dG
zYwOI-3Cn#0)T1QDqXRPqZ>P8m^^29r12B&YFv*`S&~n^LW)oRRTYiU6M$hScDf?ZT
zy(}<W*`t;ZwEFS*iIKH4TKO_dzSzTz9%JG?%8Cb``O~>7)5j>~`w?-CeieBlGp*7O
zd;FLkYA%OXj)IotLv~7$m{xf=&9#h#JR)`hv4M4@h9ha>O-OD1L7DC~$EB+Z%*I*L
zgUS2>q(X?dAJ1);-^&dBz?tM1qd2$0$57%PcAT$xAWFl(H!bI0LeXtw(IbK<n67+o
zr4KTKPQD{eb9y#DrDZla!pjw20lR*Iw?*qp&(rfrxO|3QJe6PG6Ca!pj&Z4WFZaT%
znniC(_=lslIU1m7=UP-|qs#e{^6FdnENo7>`y8ohZA(8=NSGnJa2Gk_dBI$KN2Fd0
z%6ja!lG8K@L<I!}-D#r$gtWe{`xYMFV@3!XvWz=A9xUs@4g=Zafi>Ld;$kSMSsqMa
z1~N$GX3gV90@T%;Q;0+k%sL6+sS6^pzp5|%ysxgV22{yGHSz7;K^Z4-9|vI-*rp+2
zm4d<~tKQo;Z_+a}p^K*G^BOIV6(wybZ1tXX=`nWfg;%m(E+*f62pF1*9P~8d<t(E$
zc<a{hV#YsIS7E-;rkPveZh^#EX2iIYs_NLJ<*sr~3AIyUdUGnLSTd|DpiaxpmZ)=Q
zt7u?wdYG^3_)r1Oo=%V;IG<_K^{2mUXswXgsvXR=1OT@F@pHL#w^iw|G$SdI4(P|$
z>iILJR_@@Hy%#Nab1U<wr8wj8+e-*B*m#F|&?jqjC8{i^EW1%bD`i31G44k2e<dMv
zHWv;}KOSl4QPNeQJ-<Y2sH2h^SDn?XAOCtF#}(xn+e51HN<LOUlI;cc@_^359tY-w
zEidPD#V?b@$4v{$E?AD%!JS&}5wzzEYJk}i)7HdVSUE^%b&85i7^kX4ir+;bBsc8a
zU?%drBn<`F4-Tu#$_%?I4q=Ijv?Ec^(}jHwJ0BR@Y+CuW=>4tOi#NnbYKOt9FK>N5
zC9$;7Rf!LCNs6h;uJ3jWk2u0YuUCLVJIh*#;GUI=#)~%Kl72|osDGoDP~#BBVZAPz
z>iL(*b_bQPa!sTb+CazDL4W@+sYqkmgNE(kd%?xKha;(PN=i;ckt!JniG6Oz%`?Zo
zl0{R%II0V%Hve5&yx^49H#<Aa*S`xwbYKIJ0Ypt8+}0}678ZU5wl)BGM<*vACh=2J
z27;{Adb95x#I*43+x3?FBNAfb%#}JRax`#+gQE)8Pp}=FIQOK#*O5l&q--p??%g~M
zZ5jpGq2>3P2gBusj99y0CkDCcvgKN{YJb?H5I@wA56y8w6|Z9MSNNPR-)NI+CR#Ej
zSb|2OKHV%~!4Sz(d9bu={BnPuBdTEphd7JGn$WxlZr8q(A?*HRN$c)_UXJz}Ld{Ih
zSGixJp>ID4ofUPXo9Qwbt8>V3jr#hJyY~Hf`3BazH<#&HhZpKDAWzqvs%?5l_4DiP
z>%lG>8gh%@unbXG17uCNI%C}`3egGozuqCHW1EqZXUDkMxi<5u`Kj|!wICjCbRSwV
zSA5WfHx|G9@uQjWxc6z4<qlL~G^U$gsVqvV@<i8tfqE%kB|qD0OCLKSkL8#SeVJ`9
zC%O+6==OjeJO9Dk?t5%qKrRDK(*cKBOOK7?pDsWB@Cnq6mri!fL#Ftu*PMw<pVGPp
zq#eXzq?}_DY%~V&PP2LwF2s@UsdrGkUJkjp3z#MrU4L!T3Zdc)hk34PG3(e93^og3
z{5vO(<^BBwT9wxW)j-IVo|`=mRKtBPgNc|Do@ElIgFI_@nyR)tUNmNzf!v7TW<0%b
zo!@PWFi7IYXYg5=n4$m&0tJgqAO*ndn3$NEm`_)b_;#`GDIyBiCqwpnnn1NAmP$VN
zMpHJ0YwDT@U=aYy{un#s#<y#V@fVV0k;|qoT1l<DNo5#}FG?APLtiJnb!;-*R(F3}
z6&>J^l4Q>^v3QuhUXqjj+%mJng~*cj+9}D;V&PhDY*iSSFLd_<#ZeLMN97$!nkgvi
zlH-TZp5I$UoFynLDD-%0QvPlYFi0Qn%N$oGs@&Sr8HT)kq(p<eBTrXi)(wR97&-q)
zV3AZlCqOuN@VPL9QTQrV2}2_PxY7m@B{X;BfKL*A9k#yUNuU2plpXiU!D~h>#WJ}R
z=&hvm91k)0Y^z@wE)FGIP3Y`;7z{w+uk9Nqsx7j3{T0P6Y2=`#^w#P8F>Lo8N29OX
zY^=;7nJhc@@%XQ{RSdo$F@tcSO_qPS<V(~4<`;3F1Ia1U54aoU5L1o@!sm{V*z*NS
zpgLE0JE0xRopxXyAC{$s4@nLASOdhRhgcdT$}J4I7F@lQaocZ??#BJqAE>_K^Cw-T
z9cq8>XPbU*59iWl5ifvGuxKD92XR#QO^PrqNGR&l^t81<04T>dARuezpe(T%&c;nH
zYgz>59g?r?+8kN=lM-$poa*pdZ$O5k=@{Z@<b{2ifFoDR>|aa!cT?tW{e!oJbYurw
z{uwZd{F<`e6zp~$UF@0S21Bpa7(h@@^89P4I8#ch5OtbHIp}Y_t|{NXDfaJ2OW1{#
zhE#7MM&a)z!?3)2hCYbBIVpVlPz0wMW)<Z-lK2x(E>si5Zp-%ak!juGyqJbPi4An$
zZLTFslVy^XBuJ;YU}0G&+=mgJoCpb9YwU(gNa%#a9KYij$unR4wyOCif8)irE=RX_
zYFDyxxMWF#dp^6snY8sBDJ+a)?fSZ?(6kigCz3`WPG>}H)gSgRKa;kZhfrKyDs$oS
z-|Uzt+X?v|$MLWuB07$eWpqlPC!7mE?W)9%Ks!yqU0FWTCau(>@CyaVm=SOBr-HS?
zdMU$Q!$u1WqfDm~`yUz)dFT6tOn2G}DZSTgy<@FU$y)F6;E1}0Y&rw-KNGn4?oH$k
zXfv-5TVJDN^1Taq%wnIjSwsxxAiyi@IRm?Y;v(1+FA1ls_FD%h>lQf{K4FYcb?ox#
z>3kl81Nrxn6%&j51RPB)no?7#ocoOTm@!Md=Ae#_B-`FWQQJn_Sf)VMOx6o^3V0x*
zBt99vJPG-SA@EiYd8t}#?m-rZYNCqnWpFieC5O)!l+A(9r7=PRbR7)s@7?BB5at7|
zCoeItX1Hu>lXZ_vA7|Z5JWVIxQd}`RCU>2#a?C#eNZ2Q5|2;>!tk?(V12=)fY6Ev#
zhwS-DCk%}%C3&{`rCm(b%qPR8Qio)RMjNgrz)Rr@&oDV2^-ho3CI7{UQ2ReIQc86&
zfmbcBgAQh8pSA_5W#-G-lQY*h+|T&!(AbFxXuq6)CE&d6o}K@MpDC0FYw;8F5(O>y
z#B}gjrM&jVuzWnbe#KSu{>SC%ewEu7xNPQ~<D0N0;npQM-oG_kar+sy-q^r5(t576
z{5~i^VfQ)8fEncc)xBNor0r_LW+R);ywmK|?`1$WWXU>jj8>JFBAu)_)JC!Ha{eea
zzM_<ci0$96PrM#os#Rn4J36W{_h-{ek$4Cp5y|Be4N*{WU#jH#qJ5=TL(*V1)!_4%
zhi`MXfE7dJ-GmF4m%K;}{6llF>hlC%4SRNUDvqS6Bq`MhS#*AdXI>FeS57cLx1UZ&
z$3Tsm!=g|8Z>#cad0g=cBPOHuq{Ew$t-~)k47^-HH~UAi{30xR((g7OJux_Gi<F;`
z_Xa($HP~9^#OwkvJL5@HJ=k)J+$Zo-IpYB95m(h&Ao@P3%e$KjE5F5lPl<oHaH{J`
zpM1;8!ti!{DBs7vONQkgf1CGXD6SxV(9UOgF{|O7rLdyev2{^=E^l$!oM==JzdxhW
z#1=u(77OtGYPE<)0XP<23{w0me-67!N$O0lpk*wUd*<Jt+hmdH4x*2z27WI2p1`m6
z-R%IWQgg6VdM2=P&raI7%=)Vj-QNF+yZP5aQw;-9gX1A2!N89|Io{&tboBs9(Lvrb
zHYNaJlgdDgrktGanW2W}W_(cM<L1_Qtg2d~c!Wh>diW0_Z5Tl0tEKOTu@Vc+{41SL
z*N@FTi7fq7)sPAJ+~eEYJ^}a^z|Ji@0Bw$ufIxT!3YlLhfzBFWF6m$F9mWr_7nwhN
zXgh9{Sv0W>0jL-RdOH2PP-n9NL5OT{qyDX~UPmG=2^I{*CDZfz4`}lL2~YL20@zAm
zCNS<_;8ms<1kpNjwrza%uZutbPk`zFsonlJ{`kL1)umyl-w7_B>gy}oG)A_kcd?W8
z@`CR+mP<tbg<U;y1}y|6KZIC?;9Yn96%2Q)B>+mX^PLf(ONi)P10KkLdIOIbWD6`f
zh(tt0py(06GT>o6(CK0RgRj{{-^2)mhYOB=+inwJObfc-09wEp^qK(dA1OIG(B9mX
zyxKi=27pKY)V@^?&wrpP_Te(pGmvn2zMlmdhNL7s0NEdh7l2JJfW07I+$AMpAb$Zs
z3m`zwstqyUzh?$84XE>2Vf^>)0%f`-`1oaz?SeGs?whu?HN#6-gcGx6&{PF97^?^H
z6C4s!F2LO&o;i+<*xZgZ5Ep9C7znHaxyX9sjuI+1;31uzom*#wk#JZ70XB<<g0ec(
zF_Oj)!96@mVgXdp)!X~8ZaKiF7~CbWTS~sUaR#ME5T7NsBt&3f48mN|tVl3-WKy`g
z6PS&R&CEa-ic=rL2hc)h7_g%@Tq$7oFaUHVRFnh?WMlwp0F8e}zQ1^h#h?uZz~@kW
zZp?pEp^(H1fV+#})&LHnK#d(B_V0VPF*^VF@eTqQ0+bg3hJXTq&=#sC<N#6!MFapM
zfB^2G{0ZXC3D}qAG62f^BV>TiV}JnxBL=XRufIPkfTBJL3PSt&`SF~zz1+3uf@lFj
zN+&KMAy}XQJYCw~Yq__Bm-qtGl#Y}X1r^o1cOwIs6$9}BO0(w3jFy))01big1N;CU
z8a9hD3b32%0*&*4bU}{+3km|IX?a{?fbN1HOsf+?*#?OCv4LZM*mM<&r!_dJgXq*7
zEa4$DB2X<(OMDYxh7f|-v9Wo@r7Vxz3}9m5g|1%gP2hob2^#tV@?sd=SDCUuXbD0@
z^aD%~sGd;lPGGtVnq~mzNfm;eK>?P<1r$e(nO1|%0>C){tpb1-q{|Y3{;!wa=mB3{
zUe1u2nF*#P6tHq<1hp;RK0Yr13cs-t!B5V|N8l&8Hq#Kakb-+3=NJFnlolNAn8-aP
zEZobyMNyT2nfG$>aHafL$F3Ap9(TXit=i)GOl6z%hNL;&Tw9?Joc<#Z+}|9ul<uaA
z#ZV%Wkh#va$@`+dd4om{jS`Xf*aO*wLx$Tzu=-fkL|qOxYP01ugnviqIKv%MKRoAL
z&Ki~M?4Y&oe8$|N3U*4IbIZq3%R+<23QUUcI82l3NQX6bD&L=RG%S_wv@a<%W{AGr
zr^+?pAILs-iGd?JQfIH`HUnBu*JgrdO=NqGXXmp`aiB};{Y52zXHWQdceich^ahpt
zJD9M)By#A3CXHEIOkTWr0UpLzB_)6!X|J~Z08Ae=FyIC(-(fTg?CaN{35dtUz`y_%
zJ^it~CU};h3?)wMfZWpRDuVsz<&%q4#E{|M#F#O6Qo-CkUDAqj#JQi8Vb4{fiq40<
z<M*E~*wu0yb1<$Q2Ft=z`p>$>ccGlrn5(rC=dOlT&5xu!pRBvs;YHsN9gz;3o_Sru
z#*Uf{iYG}QE}14*V-6l$8a{INxjUkIUcZB5WxU_xASU~Po*9A6|L~LW`KC8+sXYVG
zk^GN)vOHI_dhAq8HYAp+PSarK1M4wqUENHp%_(rlqG3290Mh_#5a6A6+e*|ifMEnK
zWnjXzFaaR7)R{XH;Obx}lm&l7Ur$3#4c!nm1TF(+mPe4jnOV_s6*wRuTuxwMDVj~$
zOvuFE1+9|%2q&%ieY*eb<To1Ux}Dzw0VaxEzaL{gC@fIS>Nvde!q%VX+$+c`>%H-h
z&GoFR@oTxf>jI3bRw+(*t@ZlV!c|!PPGI4yrDYb0Y_cC(VWe!1J{Zk_xDK~S(~R6h
z<!$Gk*@dFnnBRVbthv3gFrQ>LcStcmrY*4v5=r89rK17S*mH7sa^#AL$P!Vwe)NSh
zTy$O|<>R72(PyC!{!)@1LTO_jGW}4ucfBj3a%YZIi90o4uR^}mwESvMd>}5Sd)c#R
zQhe_~-XDoH7=jk>WsBXtO@{SN@r*#0_@gbFLF-r*IT3!Z9-K1#KzXWzwzD~65k>6J
zOVM|VNg?qtNwcXjp#-1|V7+^gXK;&+Wh^NBi8#Oks8)X&or~EL^pucoN=<CcM+<aB
zV~z(qR+%3Tm5QButnyeIo=-O`ETp8fqCD@)(})rH<5&~WgXTqoG<hlcLZ2D-PV;~O
zANq0+U;l9%ee629Q*N#2;=;Bkwxr>#f<YBA#gWFV&#1Qr=TL^-7mHy?xz9TQF&}qO
zzuCrHIV)ga&oQ~gRQK7D4Q}Tx)x)@dvvj~-kdZP2Beb>Mezg1YW0s%%P<j|!B$JcO
z3=^Hsy&Ye-l+IpMLg;R4F|!PjMPw4<g6!7?TX9sE609T|bGHNZiFGirMTf2hdwBe+
zfhsZQ$v=tn(%Jb?5q`zu%;kntRVED~g)2E##?1-TN$`*P=;NL-LfZ<wtC{;H2;*7{
z65_O2<ilj=t<#ZgiZ8cRNFO~ga$i$Z&2AB2I<*R%kHd4Migh&<y;)EJ;(y7$xw=qc
zUTu2fd%u`XOhp~D7oD@{v5zz4u~L((&StQBPult!x#;KbaFL{FZolD_)>h4W_KEtC
zM^3e_OjfH$#CXR|sGJ&7DaNJx_QsyfA1n=^czpu|b^MSaf!iVDiUt-~1Pn<-Evdfi
zS8GZug91LVI<*U&fQ<*LS#%7HQ_xH-i2vy{0v!|cEUxvz57HtN>@etW{j`=;KyQhl
z(9q2R`qnPPsxeTW3OY>zlA<M68VVpgfae7)yf)w#Ab302m%#=NP=ejdyN~2fph_^#
z+4Wz{E^vth`wtVq0suG;X@3Wb2CX^D=ja>}@wn_M0jmYh*R@MmPH+UjM#4L(mFfOl
znwz{|ql`+fe%DxqIkA|-lf-j~Ls;{*jws?W5k0mww(~B|Ftcj&bRojE!Ml;uVRG0f
zL@Dx;ut+SVL}%gt-lk`W+~e-eq)nB|WhNoq<~OXKUbHcFp=$g$K}L%60IywAR>_R}
zf0YGHOudA5!rpGsuTc)3d#ZXB96Lh1@r9T(mR!}$DJo;G;}E7^c`Uk;EkNNwg2_`!
zWC}M#*@Y=a+Dv}*<!?nDzSzOsC??Y@8lm%P9!w1Ka~W|m)|`P+b9M1$n^jQtk+ulU
zzaTCxkM`Owx<HlBCsczDt1&b=4#E5}j}?6iBeFvOBV(C))GIl6NptiTwLrIh+v%26
zq3LyJ96tBB=AG}kx@S*~C_7#D(?GiQ%`U6JgFOJBqLFX!f7ZOvD)C}M52ZB?Z3}T3
z8kJH|81WVvB4lT3zs9gw(qU1Q$9+Q9e^SFNk|Qa2O5+I@dj7FhG!u0x%n^GH&p8G+
zOwS&D?)lONUa{iok|vcgrL&3XS(lT~k-G43cU`*W)i{MK&dAfb`MS_u%aT=S^DXwV
zh25a#tY8m)NjB!>=&ZuXa9&d1W1Kn-f%V@%+C7rrNT075N~BrMp9^A&TSwCKa}KhA
z;PzV&UN9|pe=_QuBkI9#<ZO>QQGW_k1`7vtx6~Bd{!jStE~lCqHH~);H`RS*l(amJ
zK2HLSq?5d&N<TM0rQX&Zv3gy3acXxautAQQo=|O!Cfj7ZuP>P`t?^vvj*gEP1LB27
z$G;u_DqfwdHhT{WDL{z3e0b93&`_|X(i?``3uJ7N`3P+E`~(G@ojIb(rO&ESknp+w
zA(kM)2hcI()YZj<Xbps8Vq#)-x^obn186D(>W^OoE)#qXQ1N8u<N%rjguD>fN|!TI
zASVXhKUbJOhvNm!9OV4|jSj@eGI<+6UK5<SHFy0TS{e`K77LJ>cy5a0Y))IB*O78_
zMD_php|9(Z(Cg1x=Ho0uO3(Ai@=`CW%Sy<z*9$n(cL)OZfSA053Lai<ds}^(I}HM*
z<wLv@+m>%LNeMMosw0Yr1xce0GCO-+Lk*d&Uq2q4=FTf7JA5;HO<mffh@KCv*lkS%
z{Z0y6$#;ct@lEjCW%QEcosBgg(isPjQYYOT>*lf%{QOfw4!r0WpFSHaqnLl}hOITi
z%aRE|;&$X79ZFj!-<x(-bM9r{fkDIh{yk{W#gr(TO~1lE9(I(;wueTFmu2<Ohg%_v
ziD?QZCa4eICX(Byo-3@yBS}KK&ODOOEMc?0Hldwy3D1qcB3r)0e=)=6bRZ_8P7i>S
z{~r0X0FANmI~3YG4JF-b!Le30y`a?I2JCk?&@CjWDm)t=<ax)sd$Z2Ono>HaS6>GS
zY6$X77`0kZ#=oW|-n4(slK=P%Z<usJo0!QQI%wdacGl4#sw{%!G;;Nhap@geV8kHl
z<EIzVgs*s9(ax>0o?M~)4yOEib`waECfCYdcN=!*PG`vv>zN%MACD!)&)!w6?0+D6
zGTk~mZ_|GGn^$Koz9y)Mgy5M9r*p~v%8mc*6{A+R_3EqwaT2m=akXBR&+_P%_|OG=
za78^^H+=qaB$rx_$ObjB-q5|URFKi;NR7=E3=~Du#7yU;tQel+idyf5AnL>uQ}|_L
z98=}{beuoG)4EaDk?V@n*--d5Oaxh=-XVCj#Z68qe(;U7GK?yKYtOflv#Ep*YyZAs
z4TJF=vyCMvFJPLTLNtMxVKY=;^>^-?%bQ_D#pF_&Wi2hihbYo@H<Rygavu#bKT01*
zf8`2Oxo+!y6gofYL_P<dF-}20Qs~Rhege;%HKcHf#ZaV_l&Q{69}sv0`l+;jBxV8N
z{)w@B#&n>O&g$v_tuTnwK_*eFYG`2rp+gbyxqk0em$g1M6sQ$9Hr^v{pz^DmHWO%6
zBPOAhCa&ccKIsY^JB0ZRSj_(7VQaB8)H|PXcv8=|pj;_3Xvoh!joN1`pDWM$yi!wN
zBCO_s_#u5x8b(X&B}T8L^*H<qSzE1+-Zz-7Z=%GBmySK`z9?27w^m-Pt#a#PqBWN4
zCy;|jz}70i7E)$awPT8ysA#FLT%yRr8_L2jBKGs0Q8)%g`d5*Yi_nZFK0CrwN%HDh
z*}#LZZj_X9rS4OHa`2{3P+p=Vo&;N2DTnHf(Z5ac+jE@_r3jI>9MKPCqO|5+ZbwzM
zSN-lPmXA~~lqU0L3gHX*q_6x-4*O|gth_>Bn4(XPVkI@k<|2s^m|81kS<?LR@qaY`
zHGep3tEj!aa!6V|+PH``#GTi0Fy`h{vIwi5@QreI_~UNFuIlvIzo(4bwHeOE27lPE
zp)FE+EuY)5Ipt<)DOW1LUrIvdu^g0l);ylatlXn;LXv+n-lsEa8;^x4`1GhvJg7Xr
z_+CZnGqa*B?w<p_(n6l;K9E%N!noPP<m<1(r(H~S4D=Y~{&;M$o~ohckdNNZAC;b+
zLXNuw-;n_2*5?U58!J<JRM1XK*3;87$;im!Fxa)$*2!rH<klC*D{0@qLqQt(0;O1K
zf_?D4)Gky<(>TXPPFS7J(6Q7)g?o9R!o7Z!R;bCNGDv2Ig&)*L&?e%I=Orr?4;UJJ
zwvYlm_Yd$S5F>rDk4}P)*jF%YDuewQSq|?PX8)rFkO>YhzJYzE?$N&fH$*_M+ZD$c
zZ$ja#@Yk5g+0si{ySNdfux%6a3e@x9Aa}M}5BWQsFxX^H#p2OlA22ag+E<hbWldnu
zz4UZ;5zthu1}XHq8oLJkqUzoOBdTVMx02>4bH&R=zipRGDf-g=Rk^3-Xc;GVP|Fm{
zQw9z7Ou4-7iKBKdxF$2u#5^7B<y~`s#p#}pXVLLbg?~b)!Ihhn=T3mJ>RvmBLANsa
zYN^A$@{^#s7H5M5Uim_Q1JMv>ffHAKYCWH#GA**?o)(>FuF)WFdOaokfi1dRDJo&{
z;_h$oDcz3ky8W1Sj<Sr1ix9NZSK&zN)SRT9pX-GmoZL{W&<2a$NkiUv(dNP=;JG$e
zXxi!W>WD0KzUf`CJEDm~)$F}HmwL+|_UWbaGgG*<*}^S>LJQWTP<(an&tE<2-QNVp
z#9#M>6F9jN+BrEH0h1JbeE&KT3mg{=Ae01T4?u~4z^AFH$=b=OcW4L^U}vB;J;*8n
zOmVjAgIvQkHnh~E&-C@nmp0(T3yCKI>LYz1AAFx27j#q6j&2D;Y$c?;KNhnRZ~GoT
z`28-s2qkbzQMqeKVsPlE(DU&dH*NC_4*k|oGxsy%5jO8z(WLgr?s-$Md__t}^DQ>;
zPeSr-xqCyf(~}OxS<u*}9(9b|S?l1M!ndTA`nuRc1jUwwA5(DCO9Nt0Upl)AN<vq@
zgz3-AmwVbUHA*CZi5a+q8JK0)CPwT0K{62EoSmHTab;_%)=2ItH^Ja@Dc!cKAVHe{
z-YS!(2mO1{^~k}A34j#|9Aub?82U5}(K-_AOH;>D=m|eu1Yj|0w}epmjgQ*nVQ=Nj
zJrHq`F|~P>f-imjO3aukcXd0^UuheRG@viv_fj3^kKtbAf6bcO8%@&P^>9Sq(@O5p
zgqN@(FKAWka=W+qiy+)?snjMJFbtnx6ID-(dq4)0Q^UKJALRZ4)oq&G5py2OPfn6+
zAX;u#-u8022OLg1$j8O=5{^1lY-&__EzA9d->_$iDHs}VLl<jldp@q*X($-I1_l?H
zN$lur_Nx7=6;Yu*BPIIGWqgb&+4R)=(Z8Wy<|EwP8Dnvhr3SOYtJIf4TkAeL^KE42
zRaNrBk$x}o4yH!L(OS8y>5onle>yL{D}63?{FN1KFfWh8Mz7gd$}D58GFR=4=aZ%^
z8hhRo08dm}B260!1rS^l%qc=|I*o=CFh3mavDWDf+`9(VmqcrxNW#c)%_#}E9^4WG
zy-b+0gp#;`GL$zSj-E8Vctzr@sDN^pK{ULFXUO*m7T$UHKH<&1J&9zLMbnugv<`b+
zcNV%O*=?NKL0Z1UjT3VBMH+nkC<oD(Z%Ar0(<2w}X`Ixp!l;Aa>@cl|M&~p1Fr6bO
ziQyEQZ0U-2_K__pH?@Vjd_on$3c}$H347*_coXNh$=T15dh6>qhQmTbY9NZfu|vvy
zHsNT$v&S6ZaPX0VBAobSM}~z+DB)(CEtc;{vOA!P(JDgwwA}>j8-qo^?lPgN;Zs0>
z^EFjM@E3KhV~Rl@SuX4(xmgv<*Yv#YIyQr@1vWk7%TmtdslP9&Xl4yx(|fu0k~5sY
zz^_9#+OBdOXU{2L^|`aq=}a}+7W1OCltt&#O-*i#tTv&EPx7Calr{bxBt{6Ivx7e0
zG7P&5OQBtpb6z_YGOL<1IfBLADdlc9z_>>&?!4u~#Aa0Puq7i=gg)u7-H~Zju?jbV
zk=N|OSYypTHP?bBu38CyZuMHvxj$~!2sMFCmyir<&Cc0L{M~j!#!ZZOkFoALp?v(*
zYZi}X1Nnl4Teyrt`WHfdUvf({Kd(cj^Rf@JoRZQ78QpnZ_a3t%wuqvkrMV^s@^3{Q
zWaBSguy(c72j!Fv_2S`+ef{<rTG9IaAt;ia`S=G)W>C_=R^h?!2VZ09jX{mDhzw62
zGazS*qtnO)U6c3nGATj-)3v=lNW*6kD^Latf^Q!0uV4QpQ|)5K2Y4Y!TB}<at*~u`
zXb0~t@zECC7o-EZcN$idh~~vwKCf$zryiSaG#rC?ynA8-ty(oKFVAQ~4{TZzIY8(3
z5*ZnJacSxF<fLtAsKg{{sHdN0X>n0scgU=+-|y8w2(sW}#D9Cmj2Vt|O1>c~rEn)m
z*uuyE*ROOf390^<fz0oO|CXlCOEmy#?W;@XR>1x}3h(m*4iLf`*sMgG9QmPK;}%?l
z@@+xLFa7(ojG6!2iROR55CqWwH=u1nj&=ahGdCuojJlb=Y|3>-L=BtYSwbk88duG;
zt>Bv>F^FikPo%!isZSc&rV;X;QlE50V}$*G+4YPWT9^j$fIKEoCZ)lVh#JG=?t+Mv
zbh8GA{GZQRKbpuTtpplXA|ZckAVCLp1W<uNK^c;9bcZXgX+VPg_U&6B=e__2P(u_W
zfBtkBR%sxK=5&mVM1by^S!2fYw~BQ4ptB~xqyGkr{DbIsg)Lpgi?OrU=B5FWBIMe@
z4hg)3J)ovd8rWN?rRR0MfJz5qOW>OnnUoaLuir2?`tLE-(bw141MG5UOec`AE=h*i
z%*^aXVoP>vYAOOYldl(Ooe5DDPnj-YewUb<+|QRQIJvm!nwY3EakH^u1ijgS&~syZ
zTNIRN1_cH}fo7n|i;L=@m*uEwHDJRhs?BCFx4eM*&i!&q3FzsuK&qywh^f~TYBJyA
zbgT*H%-(bfE-;dU)aU_pAJ~k6m<RACEM$ZKAxv7$lu-Bn{#}|(xdfunOBfbOXwXPv
zZ?XUlDIjY|Twha@;P&?RlZS5M#9m-%=&RNB?vTyRO$cq^?%`2TT&xeOGXN*R<*?t?
z`gBPT`OvYf*DD^^_@MX{NKjc~G=M=n1f2&WTUehT;LYIn*a68l(B?w7LH-2Dz!s(|
zsk?^c%TsEzjx&#UKXqyJxby^91-x4cN6MxxELPSK4ZRjFhYY$7`)^`Owb%0#U?*z2
zTLC$fHL+*O^?h{o3q(4<zP^qH<jATem?7QJ-xZ4tK(*n`-QBuvJ$U>13e-Tq%Ly8I
zfVT;-`o+b?UGRheAJM+l{6q`9_*x#$B=0T{0@Bj7k~V-Sza2yk?Ck6Si{}K+Y0|Ci
zHuUn8k6b>#`Dt|9B@I)VN61c{3JwQrSuI914ai-RFihdaWYs^Z9+jkw#a0K49N3lD
zVuq2$)Sr*{6<A#9*8BaQ86qtm?kZfIukY5NvBKUEZIX#Cst%K>^yCiz;)7{1YR;6r
z;$*F4ZBTKNVN=ZGc^^_b+Z?)Ak#Tct42Q=N?#EqH`%HSxxs~h}_Ay#K*=)Q1{UD9A
z9;eAOrE#?k>UwN_W&8>~`nhFWHN2e||MqcX=MGPO>Kx-`^Ooo%QzS>HJzL{<l73-q
zqv$bHUN@)y_`T1Q>(lfc$+)>2*Q1rkoWwS*`zH>>xN7vcA|O}-6bhuzD_DOJ#i!A5
za{JO!3J96l9kNOa3hE21<;z+Zz2y}ZMFG_V9u<vfR>jaMOWJ7f#6&dks!Q@PTPIMw
zyQPk*Rd2hv(ck7n^DUhgT}y3^tkLDXQbJ8YnKw6bBC&Z+g%YTBl*#!ckYv|xH<w*1
zwqu{BGMJ*%p@n&HyJq`KUeh7WqEww}{8~rVHdIJH^k(_NUB5OcI@osSuN5P2!k>u=
zImV|`=3zdAu0+11uW)6k4*K|Lk5<?HNAlHqeabPxIrsXg+n-U>ea6w;W`FbfIW=K2
zI>lf7M5#?EB&=GNY3E$M=gv6~k#0Ip?5WB0>ni-yA6$hxwx-naSI<=kU(!RL_0`zv
zyu+Rg@DZ%BT3Oz21)bk@Ygg_b|7^ef5fTytc?J~~6$pfU$@%&Dxv`@3^z_NYv9(L^
zZ{OBApAthgyIvAgQwM`(Sv-BmJzavxqWCK|?k`w%dlgHTtvM>X-MoJ+bv8cx`O2_F
zGcciM2}HC=GUSRIqUv5M%W956%bAg#`><RkTRK|~=p6hJ8T9B6by+4>H1E%7d6a99
z;)>gBwKSMI#*DlffT0nSFc>j`Ib)BiY=$E9A_?(KYcEhO6{qUgpIX@ag^=96_-r2g
zi8@D_jfTP|75iKgUQDw&8k+lyT3gS|PNl9_)yl|(n#%7F7?P};WoqAVy_j;U*HqO-
z%smazAH5$=4sgUK(ct?zCd}2=Iqt9@M{xv$B$Y)KMK*rO(0C;b<$HSG+}^z78Xvsl
zG3s2p<}hq!3i8x=8RSZGFu%pY%pm)KR-bds%&m)BV3gQvKy*81^RVa4iT%tQY%_pd
z!Py@1b!6B`A&~G#1Rcry@*|m+Mei9a^zCa~8$l1ems#;C97$gpzxw+7qF#@?IyM^_
zDoF7Q`Uqmj)P=k)RXi2(DAG=EM{aGg8GNdOp-_~|lcu<odgtYuNm#{i4=rOmlZZVv
zf^5-g^wTvvV|iFjRDDH!(8~nRrou+JJ5={di{|%qd}2}y?7%K*tPGq$);J0iiJwK%
z4&&rK+rx9Ps{~x$@GaW;u60MleHQ!81h*>_b1F+l3AIICyFs3|6161ijxO7XLHqG|
zAC2V=uIq9~&$CLGdKLD0lW?q6`Io{^^3Ao5Bt@P{Qnus7QO`ysoLkZq+mr82X#XtQ
zHDnB);jul95MvIO(A)Jl3^dbaFE^Z1UzO-z3B{>B?|3OIv}R~H1Vk@h+=hm{?H)-N
zS*Rw=(wqy$Xmbdij2p@(s29L9>s`CfPq;<f2y~+i&kxA0It=ko+!JH6dCb+52_!Bz
z;~ymCUekw#rx1N-Ji2Zas;j<k7_7d!$dKe&roTF<(Rra`$VRv_cmU_6yYj6hVy2+B
zG#qIl&4{_ss<Q=o$Z)I0f7Vi=H|CJ|HV@GTR)o>yln$qij>!;~X@93*iV$0*wI##1
zXV@~h{cLA%aAoww>#G5ggCSmq#^W2X!DTNg;(=lUV<ptNy2;)c4OIZHOM;E1Ok#h&
z1Ay$H69`udXkr@$PF#@CEiW&Fnjan>o-ajH5WY}BLD<28wYs|6{_i{n=urz!Q_#ZK
z9h{Va9sp%LKkj_Tz_tW{A4nBTCMBrQ0B1U<!#+AFmIEYgQB)sbj=#vu`*g0QmzS5D
zY%ALkQt=3SI#7P~DQh|}?PRf_8;L+@8E#i}ER`TrLmTm4$t!=ThTEkrXgW7B>2&my
zU-`wfIVVEeS{<m8;b*=W6~=4Mv|Z8sH9*>MtmyPr?Ojqqdh&c{A%C{b-HIWjlLYCV
z;lf)!2_jnl@BL-86kFGJ*uw;J(}sF>$I^q^yne4~rQfUPRnpGhBNL6odlLYUuNwx-
z7Wq5mr1Om##%DXqV*;wILwoXbj~PA9N_Ywxnh**`H>X#U*D2jLuDEt$24^EPdN9cg
zLsEBPF*lQffBwL$uupp5&c$p(QwH>LFh^a}CYZYt?ayx+uZz$9FWTNZDy#nc76k)E
zBt)b`LXeQ|7HJ6q=|;M{1q?u>1O%j|LAo2H8w8{TM7q2Cu1CMWbI-ZsoO92(V_g4v
zAM|BEd+$%JHRoD$o;y&SCoN7*%J!J+kYvkHc~yrc9ii*1XpqM=gxn-vKQ*~oBFHPf
z7^^NCuhzMrRFBDInOayI&!iec<<iK#Xk(L=LsDf(Ox9VW?*DjF0JHa3W=x#})mm|g
zLZuC9>~KMZ`)rpyRdnQ4+1>Vj!8uDe0^hZ{&Wm18MR~%QGB1)6_xIa-p&>h)N`&zf
zOKh8ETH^H%I1+B;afx&kC(}zMIYmYXJ=P3Qr97h|JCj2fzwc(MSDtk>P|DdqsS<t9
zE%n+NN8$Ce0Cz`n^>0`~_MuycJ9p-uMkEMq<?GF5j?c$4h-KfLYewZ4D(5o)e(A)!
zWmzLU&lV_o@`|-YM83psLoT;0bF7**nD`2nit)MriMK5EL$2V@p?3(w<$aY-IQ{sO
zBxjpMjrX5WS#6L?BcF|$rCHLFGw9#zzWUPRkg;c&D@~J0xLc9=YG5=vW_MZ%mAgJH
zPj_V0K+$GO|Iu0uhaJI!64&r3iA`MLxhFOnCa0y1#Z*{D_&C!BrSk%LR~O0Wt=OAe
zy(Z&$8))r2Vz{-H!98^`>(Us1E^e^J5nbl;eq`+kmLwl44sOw}qPlYAB@n<3H*>Oe
z*2TV8W5Q-ubhG!f3(vm4>)mGDy@eeo8Macde4-J}-j|llY}Qgd_lNGR9VICC6({u>
zyq0Rl7|ortSLd{1-SX&PDjCA)^9p;vGq)n6tMC*5X3ZfEi`4~r2#HWz4W{AFDp6cP
zW%iQcsD=EVd#5NT2~+BJs`|_Ie)H*D^es=8x8-bsEHi;1cKvr<93(`DkQPEgB#4}a
zGlz;m2TJhj+yUV?Kbo(d{q37bp2}WC()oL(Ot~EpS9^DU?g_QKlLp4BJ`l3i*41_P
z_Cm+&K!L6hM2_HX40dvJ-*&>`0H&s=56sPF@Y+u$8-P}zt&I{ams{ywezWNk-fVbT
zt>cD?7{>ea_(3{fHw_GSzr2t$GU1xke>o>)%T0aVC*()r!^cdm;KoJtaw(#o;<|(?
zW%=awc`l)>@=rbQIGft!+J1_m>xj=L1~m%_-48^6n<~4EhN+)@%^a;m(2|Cg`Yy*;
zw2v)6B~EYXL{u=v4%Mh%{WdP{!~YVcA~{1Qkz!}Gb9stAt1C-UAB|E=`Q<Q9{k^4k
zQjj7LUp>NX9AR$HUO!!UzP`40yuM-f(?w+PAK?JSTn#!r8|W&}J6^HHaDJDR#MJ#L
z_&ey4J847Gy*CBY@9ab=0!>WE;_GuRtt&OUJF@SiDj*BUe7P1B6wiAv_0DbPdjn;}
zYs$|sIgZ`=Ixk!W)?5~6@jpps9I!3!SKABG5Ui}}uNq+c6FglAT=AvK$mT4mXHnP>
zG3i62W=BH4AG3#J`P+6u>;=!rom=WTs*3EEEOF&F6lQ9S1@g6?_h_we31p}Te&MU<
z>gp7*JRhRyX^=GR{FQ+26f82+Nc@vU9&1_xbCb6z(KV!M=+(ARjI6U8{{4(E+eg=&
zxb8=gg|;{|*Cea@63$&uC0Z5WXr!FI%^MTEP%GjEbVTC!_sjz3E+lniZg25j&~Am$
zn%4aslOuh|#z&STfsfjt)3=BDGcy>LmHJ5NG!3O8t`yT3!qpJp9*^4j-7OQ%wGhD)
zH5XgW*8*xrtr`n~0~K$>N2<BC{GG=b7K5|49&hnkV#wbz+P>`ba~I|KY$g==C{5ya
z+gzOMl_NjebiCvT6!yAVsncOm>5&HSV7moX^JjI#X>Wt}?_NukHIREIVB>B_>mcI1
zcX{Z?<(kL4*<t)!i2JjfjT~iD4S64)zk$@W%$#ZahaI*6Or#%Jd<=J_Kbk6#)HoM;
zy^Anwi1qKpW3QtQ-=CHI#hI6mRgwS9<86Cen~qD3bh-f)SdC6@uB~+gR$btJ(Jpjp
z7q}E$k|*-o0JIOqQU@fjE-wm*qL1~J)()1xS&hZp4qI)~5pkB0){SytFjnX*?T#H+
z#{~E4j-EIqCkKA}^?YjA(`RsdubMF%HGwsH=@pLir5CE1#Szy2;P&ZeZnWi?rL+A=
zU+ej(ar;lgB5kC%1|L?+{h#3yv9wt-lu=`!PHqQX`w=8(Fcc@npjq>22kqlm8-AfH
z?K@JGbdTwZ!dcip1(`5yZP|)p**J*=+<zrnvNINoB}4sP`NlE!4{o0Ur#kyzWCcZQ
z3lnQ9IS*tpDSIV+{cjN1EvjXcRV@eF?7jJHj?T5&NY)fTyk=Wp6`sx(;ac4!x&BjB
z@sb%$DezTy(SKtNJjVaB224LVe0+@Ck537+xOLv%uRJft4Mw>eN>l78&OrEZUiEoQ
zl|D|K3*e+;v6MD=VhZ<(N#t!E`H>F8i4QF$Unzf!ZBaESRHj>g8+-6$dzYpX@3HPg
zp~u-!m3m|f=kmb#^D5iy%c|c$*15|t68zCM)6p%REqUmfw`_1FpX@VM+~>dK!5-^M
zw8|MfRlRxj1E0F*i?oc-Pi+^CP6B$h@DFRhEW@F2E0L~I3dyQ~ud66Gp+Bv3>T{O+
zJ(h<zOdgbai0TUOx%c=KFunZD`SKItb-%VZW9g4xI&O$bmZ-4{T)UmcErt4H%a5k|
zY29!N=aY7gJLCef4aP0_NDm&N7is5&(3dIBPWrm}kQH!RJM!2b`|DXrI&%m{uh|FR
zsbodXFE(%@G`loutB|-|FU$kIomSEmb#--MONb;q)IS0O4_{lu$wVe2L~da%Mz$q0
zS+$gXk!cE9cqf+jizedSKxVCd^<deFdUo19@k^WNkj}?44gUcWh6?Ox#-LlT&KpU@
z`xAwK#}T<LMZCb}zZdlDng4GI`AN1;Dp7VVz2RT9Pn3VSTxZ5+8|&z6=9!Q0ee;wJ
zHDaxh(=L&riN%q8Em8fBve>!?OWcZ(ys_b?XwW5jkA{+@^jw!n{+*9<yv&CKh26SC
z%%n9l_StlSkq!Ni4u?NP(Y!d($t1R3dH#x>&~{O+$o^z7GppmyrMPu<l(X_Dk6#_7
zLRPO5y8?!bV@9tWaQCJImr9a2rU!fmbOX(vQv2)Jc=pTX(&U<Y;LlKPYu}^Ec{ozx
zrKu41VA{ur-eB)hN@y7UEfe#tqE6;b=fewnwL-D}z`*;lt0>ySR6C)uV<q2wupeP0
zgc5pGp_`f_=k}Q_(Wo?0z|xei`ig{pkZAwgPdig$3EBC(iut=XjAJ}$9&agmn>x~j
z|Hid2BO|yLe8(|q>D#XJZn!en(rbML)~3m=0)0D{UZoMOk>FzK3G-RfN(dzky>#Jz
z{;|+p<j0Rg#)y$JV`FdprfR0H4_i+!T)RF@eV*Lzp#RLC)2=0klYsn6m_CB~^wyuV
zDXEX~dgl0S8~jQl0X9g;R=fk~t9dzxzA0=frm=Flx7P@^NhS)n%2v5`DUs_VBxyC;
zTiS}I9;kf$R{B2cVd|4)cOn*dO<G>`eY3|YKc&UalpM*erQ@ng%F9dJ%Pyx@VGcQR
zGu_{L^^SHjUgTFkv0UUtVI<C{lc#sgbXN!j82v2zl*XpsXFnGtAY%Bea{W*V0w?26
zzjGovq-2%sMwO4lBYr#@HFs%dgeZ!vy#4oy`6~Tc3_lTeOK5h|s(u|2zx3}`-*-mw
zMQ=TkXxHPfipb+Jml=p26)a2YYqS?Ry{Ys3WRt4xs#Kqq#D-E_7ybCy;6*Fz1}%CV
z9+TlH0ZnD@x(0tpqdWs;cQ(1RG=Cp@x0+kwHLVARPrMW6ryi(I=QUXK_(-G4(Tma0
zX(TxQFR7Qq#R$oeFkTbl5>>S<;dd;Lk#r+*b#0z}eVY31&wKy{T|A+<TtKElZ<AjD
zb-bETVt?iGN^~?*c9-5l9D!Pb-c()CJSK-syt@--<XHC5?Xg6e!9I$3Mw+UvCzNIU
zi2;=JehV8ZMBH!ji>0*7BG=EAJ|{9QytJlXi7QcPLcvN?xsUrGV0S@couTwuUc%cA
z&CZUp)J=<~pFI9~h^g1t)Mkb2n1L@cg^ZJXtGsxrl;m5Uq4lqK9PAhoPi5z?hmDnR
z7M1)!dHh*pP(AT;QzG``bN0y3`!c!1Uk^u8Rp0eJR}~UeTFv9@;&vu{7MeRhd}N<(
z`-aU%pu``&ZIV0rIT23|ovo?o&cRKs2Wl!*C6{T}fARSH%>_o*)+gW2%(>Q`gjZbe
zNiif|v3q6{+tTv&ZulkNI|>?ZdE>(EinyKE<`fE6)jL1^+;ak$C^K4=irw{<1Z+<B
zL{xBt^=6m-(snhRCVc{AR^y%yTEx+QyGF;r@El)e(jrgZc!X|P(pYYw@T8*CF!Jr5
z42o1Yo1p>8PTk5jOPEUpfRm*bvQj(E2!>~pHhJtarY(FFx9}mYZ;%plOGBv-YVxRA
zlLMx46B;U{=Z{X5*%oy(^ma&t-C|e#T>1_!WZo-p7)sgmo{YvMl$l*E-@qpI=_zF|
z?jC+G%fiO7%)ZhP6L^v?mX>(iV0SNqse+qOrsYPYfpXjjGfu7_EB!-~7xQgWn-^W&
zuV}XfRa(wXh0gCL2R-L1J}y9G$!7mcNW5eCl6rlB@RaQg?fzdzf^eH8t|{Xt%7{D~
zBEc`g#CY_`iu9gp!p!Ny53WS10o+B2P(yVO%|~ZF`ctQwcDeXsU&%i;GMU`lS>#kC
zZSWQ2ep$reNpr8+PwGA4`8Hc`=JJkHn#{pXWue)mJNlzNUNRaMtw-4|<NL91dQp>2
zUtc4LS8M4QUX!$pAJlyy_TGWOPW;Km(t6XrzbqBH)j|_9Z-A^f;Tt0zVw7hO=Ps}9
zjbwK0l2$}8hG!S_P{<`Tk0?KvgvK0xL#h7Gp4S<dZ83f9kxQf-GKZ@-zj%jr#6~1j
z@e_p()N$Qkq{4ExrtIA7>A9Fvk*0+7*kH@g`qcdVog=Xu*S)=*=VR(b?R)(#!_hq4
z$a}96igI<{kMl>*_b#Ev=~D|z2AkPmv+I(Jsx@!pw?QQ+YmVV~gv|kwp<SIZMBwV%
zOQ%kz*Cm)*!wSP(yhrL)@;{m2mN4tFMLavdy-pN(BFQi$Zb8dCP;dAdS;2H9gz^Vg
zR~owb;)Ttfojm1NboZs!rj6zUPFkFXvAHeD#VCIpO~hF>*f}@5=Mc>O#Nn(@F}jd{
zHb5xi=Kk)DTbvS;{9ETdUbzQPXRq=piw-#O|Em_@QU=@ZsYdB*nxb(RQlcyFB9iA+
z9OoOir(5@LKY2qL)%b3w^tA#XxpgptfvVZD7V*3SL^U?b(Cl1YQ}g-%8wn*lgs*Bw
zuG(>8L7{oE6wWPo*~9JvDt##Egg*!LCv|tD?s5HWs@)o4QK-%+@2)#|tz4MKsAmyf
z)mxqWv8M6I1BvmY*(sr0qOHH|-e<H|ENghkFMsFFFMG7H>9lcD&&kN+3NR?YfB<+P
zxVpP@3aDhi1gISVnQb7erlv>`%+=&%Y!tSmgM-EC__10k)srxh$y+#@v?G%V>-^?a
zn{PZ;`wRbaMwQ(i7rNw|*VAu}d^(q+)t~Eaaavh6{Y$E})FFgUHm|oy;C<RPm5?A8
zWt-XS`0Td4b=_R1B<j`bGINVS_fd@1XMv#sg~|6AxpQ8o+Ul)SQvWO3>MzN(YEp|M
z^5Lu#9+i*x26>BsG<-|T>#g7FjG%F29qOU)hDqKs_56Qzk^i1V`+ss@aNm<AhT`US
z1z}R#n~eXFg_-o9PtlsBpU-HYlK3C5I?*^|>*)B`$^l--Kr(MBpM|qCC#W;nxNj~l
z`f21XN(i0ayEr{)p1N3cm;^DQ;^Ja_Hsia_H3^7D5NLt^?daCp+6sam%pebfgmAfr
zMEceF`MGtq%zv1<%F$BV0LLmV2=EYTH6mp$0?tT_Q8nkxd1cV|%a<>lw|>;P*npy5
zT;hZ!Cuo8MspO=)Z2h)kTylq+3g#G@ikE<%0pi9X5E>NJGBI(c^6dUUV(EiN7kWfT
zbu};iS`Sp%a)Wz%0<V(+$VVXjIi7@nTRf}qkBcLs8(v_pc3csG+#fWQWET>+?cRbk
z01)t^71mQ=<szJ}Xa}++Agx47N(!thlwyG}4E|j|+@-Ai{5FFk_A=2#!Pl`(O(Gzd
z@?-4)YCBSfRzTZjeqliYgkRF1M{n=#%|Wun0<Jdy?7cM(x2F5AWAY2j$;l}_H-s)4
zAi03QO&%~^22u|yM1)@l8iCa|qI0~unh;t_pp9I!)`VQNU9-;JsV3CzaNJ}|nCkD-
zx>OJuv%0ytArMC4*CHlGYWPqP94c_A7I*=47dMcGPi{E^<ppg;z$qbr{rc7C>a5`k
zp=Sbx{`U6vh}U!d7RHS~=O=qW4yMt@ob7fq5eRx7b94)NU-HAnL4yPOUr!d}Y>t7Y
zM0^48YdUrAEWpIUgLm}xEka)kw9*V#*yzF+opj234W{t>H#Z_Uw$r06dFZ2ss%OOO
zcXe~)cvNC!WQ6Fof$<BAj1&WqRKVk~cA;N-(gw$JX=Ax&nUD7qS?(c~FIR-)9dc`t
zyadHKLhpCgsg(CN6tu;S^2h{#g<yzk1$L|Wr5ruG3~cGGw8l28m^e9{u+gl|czg#0
zYGkD*^WaFH2bo0S*Ws%(Gfx2tS{cs4Ljn?soS&aKul$mp6cpx`lDy>%4XKczA=^wV
zB`JvvTC$;U8+gT^t0#Sl0?*<1b`B11ew9xWgpoo96PRGAHU)F_m#V6Bz`Hv+9XQP~
z!FV|=^*Mq-9jza9;V6M9<7d%B=+QCrGy$$2sF&GZ&zG}jDTXDh=`R_|qIDHL&h8Tv
zw7(D7d0+O(pD#&vwabw~#rF>lwmS2Os}h6-MekeUxuec0FdkVv2&@mHIBDf}<Wi2s
z6481_e?Y3kd;U%)D3LXCrjD2HjZ(+S8U^b$+(Nxv?^~_5LJoF@7Y4t(SK5wG99*;V
zhJ=55b<@yue*b(Dw56`whS6XWbES5~89&(Mfi}c5I9rp|%ETP*PwM?~jI^SFCi>O1
zc{ql|Za1F6PL+MC6%&2*;=R3JC8E>PQNvwl3NE{p%nY$CbK(O_-|knWlz*u++uBjr
zA;|ZRYif!a;EFs}_9_am*fmf)E-@`#I^6Bk{YY?-ll{J%J#Lm->xfGMl*Gnfg>sa!
zo}Qe*T>3OYC=7jTz)p!M;MAWi62VckJd}xPZEcN&kbMGSG!Qb24Y7lrJeGF2yE{kB
z4VtOo|FVF3{^8*#)Xh+#AY4$;f5(!O$RC3w1@sfh$jD%dTH||z$dc0Ai7b{dtNE3c
zaSCW)Ie9?x{h55v`b`-O<!5<s>)4Y7G&zfBF`XCdIb(k7j0#OAdLwnG<Lh`jTuc64
zL9?LrjregzI=IW2itV{$zF2=W?-?)czN+%pOCaVqiDNR%zx2(u$KYB=y4C07eI`^~
z66luoMCu_D1~JBHZ-s5unO-cX|Be7rePGBH<<^j6dF~b8)KX~XlGQ1rd2`z~*_7v|
z=X0&SBL}HQ1s&m$X(9a$K8(cIcKiZ1wz5yvk)v!pU6<2&TAZt7cSf|n51j5(yYwK8
ztw7aVLksWOMcF<O3$7qw*f8zW@}z2Ef(Q2II*%jHN8+&PET`)eNCn)PK^2YY)>p;k
zVRPv75fu|F^1kw7z(o^+m22zZ&<qR(bOX(9>3ZJ+K|qX}sSr@%%FSK>X2b=qR)oQe
zu}edy?A!@`8B0K00AYcJgVTcG*=1y8l)}fOd}TQZ(P6=>w%Qum({Bp!+Ia7yH(MNN
zpU3b@_+M~kdzN~$JCKdMQ~YSu?O{2o>mxg$A4J^iEkhQ(V@emuIiJeCr+&ak6ybfq
zpRwm5Ib9eLZ$KoSM|f2@BO~`kI8BG#V_3@><xx0yetnrDPvzUHt7X~Qf>{W27j3AF
zJdi&c7!7P$eOYRqQ)}>fkbYln7tJgNM`V(;cTM1~yPptlb6>h|eEFLOBc8ze&9~WI
zB8R>&GA>ueD4w&z*ZIdgIR8A=gC;J$Rc6Z7U)KhwT`|wTKkQq=Rn$oTO2!?7DzMiv
zmLQ)k+j#ZnMq(UxKt0vF`77Fo>`h`bW_%x0s7>d+KW*DGr%yyjB<AS#%Nr{U?=i%t
z7_HevePTPdPoUk5FK!<9B*JMv*Kf@|*Ti+B%)t6>>o%04j22rqDeH?l$fLF5bG7w^
zF6s1Um`~16k<%`Y`FQ6P)DMO~<ukE}TsOL3SkVZ15_()Nzy3gCX0Vl1pI(W5Zm&|Z
z|K&|bAP;f=dS?VvFV*>^iRB4c)F{$?>w6;_@})`XS@q0VMQjDe;o?HH_(0yJcF|G4
zO$3*%AlszNc11>%<Sm-Zus*PI?PB@i@xp~Tnz4QE@vrWvP$8PkmVmAbnhXgVHm^@)
z-+tY<R4=|M@r7)f^b&XYQ_ML<{gN`?SnqUbXcC$Hr4V|E(0MS4Kk4Flvfv-OxsJnN
zOTPUlk&Nh5O{9yRQkVlnVXd)3TVKa+8fDYd#<3^uBovSDcIxa()7fb&>M!5#KBj$j
z`^ZjT%Hv(#8>YQo%7d*DCs%Zv^^MMMrr_#$&+3p*_0D8Vj3TEtqs(pm5o25WX)>_i
zc64<7*=Z+hhw>#KsKp5j3wsL3`lct+Y<cy92S}1{euEsZ>@>qz#R*C{Aw2jT9nIxr
zw*fUIh#s32M@3cDcCKm9W+=pt3xN;;>YZV;c}z!#D7&Jav6O{l4Se-ljZ2``MnYeo
z9HzWh^-EnPc4}`}Z1H?9A<%@HF$Nn@{_1Z+kOKy-eTa?_L?M(bz_AC7a~ob)vy4k5
zQZLE4oo3nZ+__1X{wa#=`}}BB#O_(uT@y@NixLH>M>93RU)8xU>AB`M>v?A^wmK5+
zT`$AQt2?wdF#!zIog>~F6JDEzonP9)gPAi%tf1}wI>u8>8fFX6FI1mIKJcYh<2+Zv
z;CzkM=GWP=apIemq$a$3enX~9?zegZDrFDD$(%i|EM}@<xBXy4`RG=zS|<-)UypAm
z!%4wF)=_476j7f8T7>$p2LCEkdARzZEu*Gj<^@fWo<2pO7Ym`_YyaS?J8eY{F@(v~
zu9g&m8SjzB4KjKR>`NW3>h?bJxE2O&f06WbZ#NiR{Nz+xjNX2NmB1YNRM6}0g?EGD
zs_=t9DY<_bre?hx3#MIT+Rx<+H@0wp)t)*#5lCPxDvVe0O%d|O^4zHxyI3anI%&e8
zh^$M?<GXFgrv7E$Vo`pzxvHU|*}t9m_%8dvnJ0!sAIE3qsOGTn%`YhB>k=Anrj%PG
zFZQ+_8mLdAQSTNe{Ly-a_j2Ot;E-UuzWL*;Y~ha;`7>K4gyp)t5{Y@3Y&u>sG0oK#
zdA=D+H^RtYXuS+V!<+W1_6xo_g?}_#Af<CmTx3|ZcpWX$tEk6QpK7YkeQ*A)F6*P(
zFC;5`S;X8Cqj)qC@!S#HAM4h+Z8zJNEYk?T|1|L%%u}LL@;<nr`h*098c-(;bsTb#
zOaWC4J2c6=Mqx|K^`ramE3JMFV~>w@jm0<WJ>=z$4a8&G1zqTwe>4{FRIm0gP&<Pb
zf{yO)RB-5nD9j%MUubUi?_Llo809Kcyymz$83Tk=ctpfI;HyDbPu7J?V{U0l0$Oqq
zEy-|jLXi@vsy&3>GN@XHnl&;P7Z*of5@5+dzqGz-|L7>Qu<%n)kBoQ-@%YQc=x99X
zaieBp3WdtEnS}*01o9u(@zEoaFd>>Sy$hqv*O0XI9;Xp&2BZ0R$;k-2b*ZivgTUlg
z3INh&TzT%DUntN!TXN#@+Hf4wojnmtMf*5Ef}0O!6^oYZ>iX0rGchTTvueb!lbGKy
zbBrN59pU?7vZvgVt}t<+GiC2=e!FI4EGDC;D8os6wiiP<PQdT@UI6P|1E1b)>JCkb
z=vy+&Q^@bakjVHriN4-q54-D4h0o#B*s}eU$c=_CDf^zjYD-odzP`w>hg<xr15X(^
zu74rUzga4ZxgtIyh-RdKX~#xycqSTR`0@khpLb?@OoAs81V+MZB!={z(z0nqox*ms
zSr^R&JVtk4zkGq3bzP?AaLo_%MR|AA_;-Iv{K2~Vvb-()Hq7F}#UH4Nt9Sv~M>Ojf
zr^KnGE8^q&XiFlb6vbi~D-XA9Nd*U(?vs4IR(<b6jX~Y*=E1<cq0*oG&E3s}-QGb8
z`nSe+7b=1<Z~Pdfp^Mt|+NjD^Nj^}Vsb2Q^6=A4Jx3YKaigL`6C={DpfoY#MC>prm
zRmb<rxZ$psSC$qA9sPsSgqPfm<vfqJUO;m&GeTA}$?KH%h0u-l8Go|PKUpokrb88V
zEczC*ptw8jxrYuNS0Kh22e|_7D~y6AjWsC{sw@#(GX?=*eSOtS^6X5-Y<zy#ZRLWq
z<6~yy9{jI@ELK{-udixydF(IS4YQ2$h00}Gu&k{?>q9K**~y9a9)|SZ1rl_5X-vsa
zqTyI7-!V_XICw<F8J7@W=D>1QHqKZkZi$yKSj_HC6Q^S6(3Ss;49llp`YCE<n;E0_
zoD<aFrS7-LBz3>{V+k`)Agw!kaDR2#QMQiE5^p{0;F8^@<p<IJ<5tdfN0gt-j=}9Y
z-=76*Os%^G+8->(B}iuu=?l@kBIgSUynl<~vvQ>?)41Z5Vjh}=(<Ak1!It9@>MsqO
z(~J*($@PlwR^@!fwS7=B7izPo{w%PR*PgB+5d|i~u0s%N{#9aDS;EeWW2=jJj@4?S
zy84Rn!rZ8VJuz7wW`4Ldu_*!8gFc!h4Q{T<mau~EWj0pgC+rredGk#-mve1Y-u}iU
z3q7UUecSuS-kQm#p}u0_Y{TWvX;{*?oVgluyhuFlEOw2TWsxsccstG}h^VYh%e&L9
zU#eVt;*X`MQW$Mz!GOb8dhEC+z7)v#+2Q~tudZ#4#I)tZJ?KM#8m>yNvK1m5W_%4Q
z{ZR_pf!SMmT}{a%9LY)|jj335p^23y;Zh$=D|fTYlr+A5-9qW=G;V)jQn>g|gu*+l
zXHt+?xUtwBdF5xQsp|Ev^zLZs!*3pQ)+t!C{t_n4v(s(KQm1{qpOw<tIjOIWNn2&r
z9c*kF+c32*zCXSGpf4JvNDn$vNJ-{r?-kp>c3n2<-?1G!dP=_4Tyf&Dc#m|A=c||S
z=jX|0*0`Cet@urxc31a`Q1@6ka8nMRiCu_()OgKx{%b6|yImr1&5|JU$7e~EDAknJ
zmqMt)bd#dTBP43}4+~i1S@c!qWapkO_1PxZs!uGpc4bhNl!W3s_2a|g@Jx20#?nY@
zdp+o5#D?b(IwL9hlI8;evMtoj>Di%9|K+RW2TG@$TCt<NkLeu-#>pOAIcs&Aq}g0V
zZ6{rXn>;J^38Y-ZElHn=3cT~eoJm({GWf~o&CN}#F8Y=!S?YravxMu)>0{8I(HCt`
z#}yImEl1Pt&3zwb?Ylq_`MaNLg1@BYs;-rB?h0x3rBtvzuH7ARD|`EvFhK?V@tA!@
zF<bj@TbCEION{Q)p~gxt()E}+jV(s9RkrGLl+6nx4a$aX{*nhNrI7-@ShIb5WW>+5
z#}m@L^;>l`bt|lRv#<zAMlR?3W8~Y~dB$*VYFeWZ_z!;}y?s+S59RCxTYBTpSH0e%
zPr4LVpIsEklNs*Zr8aOs`!hFm+>bf*NwQ<gKOMUiMd;-t9<@GRTWtnvi|B=2e36$~
zQzW00m}(mDex>s~uNipqbtdU@anWO+$dsbckVz9GzFA={W%n3EkS7;QFiZZmMZh=A
z3@?mgp}s|t2Gdh5j-%wLjwI1p?#g#{Cd4mZV{}iK9GA~nEDlYJ_J=c+6F+WKK+6w*
zmzK%!YA#u&npFGUoB=^(xinpO*JDAiPx6E1pG-a&^$0(yJZi+rrd}Fqh%j+@YW0Zb
zvOd;m%d4%EUZ}zRCLUd>2FD+`k?HZcEz`=37X#yep1CFZ+Avky#+Pg#y))6Y8Bon`
zRPL;Dz^Gr6(rCqO+0eAiypGVH#lZmt@&j4QbIxK_n((RZmw8-+HQxLVnL*TQ=wGQV
zKgMJeU5cODEE*{NTz)Gf<K@MwZ*I!+i^Y*W!oTj>>0s5m<7o04u2jz-J-LJu1InP^
zp>js9JK~Bu6W9GD#f9{m8X^PUAaMHE)nSi1Id$CVkp<-`%N(yg_nKjffYS7O?<w)U
zNd`W%xah(^*Kd}Q;}40lDalqJx+L#0W6$?Ibo)(*lcZ;GIn^^Sc#v(H)p=tpPfuZ(
zAxel$_;B%MOu_*M-|>QaHF|tkWboj(-_$6kBjHYehzBU!x97h)I-frZAlaPyKx|D>
z`&Hk{?r8J9#A(=NL${j4juC0~5b~LjXcPM_qVhZ{vmCTYn}=aLY;JVLMXd^ANm-IV
zZ`t1tT^(L+EpYx5K{ZxhXk>-WrzN;gJQ$a_>NkFLVGzSR)fi=EA^B_d2GjLA{~kSa
zFhz)(;;#QC&9L@6CHWPzd6M=1U9#4aIkJ?RZ{+puCcE?Pnq#~ETv;z)npR7Ir~v=#
z{JZ5#%|S%rZBarEjXEyq8dtV5*K0~D_K73+lb5z>2sCz4Eq?#Hb!toc@nZ{9W?4T2
zv63(@-(@9sd;b#K;;Mp<h*mV<)8S%ht=idki}`KsNKk+WLAKq>;3JUvkMpAYC<6Aw
zQ2qY%=TAg!9UzB4fBtCj_V$TOT$h?8Qz_8tE$J8ZXg|aQU_}b0(<aeizj!Gi>@sIM
z4g_=9Kyx+(<JkvJv;L!D>w<<z@Bb6f+190CD{Y*cEGRB+!fDB`Drss6py%6me0e%`
z)zE(Mx1@aSuW<K6P)0)3{aaD})9B`v6Xp-_UWb+sERj<Gp8w{Zo6`F~bXX)PBYtUC
z(DB%oeoYFMT$Jc<M+1CEQrLpP|Cg4D|0WUsf%E?sRuYZ-dy{|fFs0YpECGS8LQ?}b
zlr4Tt`Lni$Q2c=!sCw<4|5A3U44hQN2Jdi|OYg%?{`zlcg?pDvn}Ja|=o{D~lDLv0
zYPa9_8rNcB7k|pEjG&I-CCQAa%w|(^k(%g?2pAIVOWTy0k{c2X;j`wI(=8erGwb}B
z#@VPxRCo`iNYdv$l`tB%X`M#?W`@TSX7XANdVm<(;+a>S>y$^|NrHoyYI%O&(RtL+
z<fM$bIUT5*0N#TDklKQYpnj8W(;GxL-QC?Ox<RN2g!kcLBxPmmBER*TLNJ@FQx}_-
z2KK4C(6AsXIxpuqL_WB*H!wNb1DGEzBO}T~2!27%IvR9%UMMQE=FBl@mIu|=@*{~P
zV}Ys?z=9=idyDEf2jY~$;T(ebw;N0l`%qBW(^Riufo1v)=KR(lGqzZGczENSM7V)B
zYo<umb?QBN0H%U?8`Nc>O>_yOF2oPE+>mn`bcR2=i;j+Pj|VOMD)$4r9Mysh5cbL$
zme$oJ(<#8q9O~R%=msTk{^sUps7i%qc^1N8nCYS#*b~2gffCjCt)u%yM9&oz?ny~W
z-MEG<m&lKB@CG#Z(etPmT3SJkdiWLI^75FFh}^}%FsPWIWniEZ5Fo*~D$=TUqy-(O
zV^2Zo<$&xK1TsKj4;C8S6bNFd!#_jQ3D;SY;lSRB=Z$xbYf(iL8((BH+`fhVHAbJz
z(o9rqH)WU8!0>P8a>}*kmI2uukk17{sr$EYAmpRKE}nn4gAxQ%9cEhsBqd2mN!wN&
zi_L~IBr67C1V?h!n@93Acg`+A2)fvLL!;b!3M>ggVD;4`&%4Hl(EOCET@z(BQ63f(
zBL#3h64)(3)=ug+e~;60OxVTcDDA@E-~R*}>^gdT7s4b+lhe}PBXr{@CWvSehVCFU
z)gJXk6Q7VUB`*)%=hrU{z{tnSt%&|5^cV%B9!f$rd~aF}8ugfEYNiZXX@&p#m^0Y3
zm5aLblY+njyA|3XAeHb9!H&9RY7AU2-+)Ft$Z#R!6A&~S6v32vJG7Dp*UuU5f*FM@
zDJ@O$<Vi3HfB>I@1iuH6f>=m&SlB)FkkHU}_+b@?jI19ht;#*3U~v%5>h0|{G&Y7J
zWFnrVR)d+<;T+H>jtCELTI`LZ@%;*d3g8t^c>oet6i}E57lt{53_yLz`weKJk-W_r
z*Q-@!53^2AQ4xEh+^WX9qk4!SSRCLzodTD^V3deX_Ixpozw;kAli*p}=vqP%+AK6P
z&0oZFSXgIW8%VZdFbpCfB{eoR{Qv-?_=s<_J}7P@e9-5vQ3autn6i~w!X-iJ3ZY^4
z?c1Hyfex6Uo!#A(LPAL|9*crG5_EM?(9#Ad=cvrsa#Nh0U0m9AGylq~$jPBEwk*@2
z+(JirMkNdzW-J(yAe5Dv@u}F@A|mNkz0x%2GVX-m`Sf>PxrAuOCLA~yYUB;ceSK9j
z4q6g_KutF=ch9}<iwyO-*Oe8IH#5GWq2YTF-)fp+28}TUA2UC12tV-f@IZMs_^@Z^
z<srl;00@#eteDuCtIlsSUE64}<x}7$Hnz3>6dsNZFaP4=0#-PvK@*}5lPM28wVw^X
z9_DKcQ`R^CEzEVTcF>%!`Jw#jF&ZgF0S$~S@B#xM?FKDUAer{<8y!@SQfiCY43AZI
zJFSg`eg6D@*t}JbS+7Wq8<y`IVV~k+R-m24Q|%O8ruO$8!DqwF!h#Z>{P%Aiz?6(F
z!${)dX&^}hW=(QA$hz$OF&n}>ASBfBNV}?JIW*$KhmP5_xVpgp6pS#HoJjZ@yUj@+
zU^4>8EvdP<qSx2giDHot-H9=7<*4K#pmI=d>NN(K_b!OEeSARA4Z>?6Ci9RO1Ll>8
zg2F)Mg%u|exDg<5EwEA5D;a-GOH2Ofkx`pNbab>5@WCK%1N-Uvx+N<st9AEM_5H{H
z*2bjU-A29bYNhNx_96^sYXg$7iATg35^b^}b$%k`FaWR%ycbFCuy}|C%5_*d!yl)&
z+F`G{ePjFVBJ7H5X}2oX-h|I?_Pqv$n5ZajHqi;+#*VAcK;}bO-2hyx<Z$f%w&Z-p
z8AmC96I>Kv$nT;&Go<J#^22!7_*FdAtY-{+#gTWs+-kz}CtL#Y2e(SoOD^s2-t=Ko
z00(hp_+vN%pEj}I{AT1w(?$ip?_Sm1lhtu`F<d#Hd?k<Zy>2>lM&}s}b;(XzqcsyU
zBh4_2WO|o5-oxEVUCxrZ8r_VS6(NW#&Eq~6{V0>Xwz1^4sC!C#wV%p=KxS|2H_1-o
z>KlD|%ERAqChNSYX)M@bFzYmj%Ha6u@2{l_lPelh$a552)&`vGy2ZA0hL-VGKb}6I
zI`;Y=7P#>#39a54<6>W8oo6J-qeV)3K%DeqR!&+Q`J3)JibpR|z*bgr`snq}NdD@n
z)*W5ql<W!gm<iYO3g^N}XG$Yv7xbE|9c7H4P609@*8f!taIY}!Md^tG>6s-hqj+dZ
zdu`-=h`ENlzzu`Iv7Pkxu~?nvKyMG9!>6u04d)zuSKDibwU_9Z)fP1Umwn><fA0T%
zRrglMs96<;%vL>5a<jjTSq)2_;3dum_}jlh;t;wJEGU1lGv@s|WXpStwtPItb?2n6
z^g7npqTjuzG>MBbLa)QSX6pE_h8Rb#4u|;ndX!#bY|bnxZ(6h`SdBX$3SLntACh>^
z^*8i8Tp7{iui~9F#%YJmv5&eGUDC_%^&BNGcAv=Bo-!%BG63CZq1pN2$x`?91+V6P
z@})QJ$Ge#yaULSZdESo}#s&-D@qS^I?RbG|RtV)VGM!LOM2aXHH{00pGKT%cw=8R-
zC$n_pqE%>xhM(fB$<uSg2gfYBvvK(^$mAT@a*C~#iOoBWCQ>5}$G(Sa^`%bindN`0
z#?^X~_Sq_(|K4{gF9nQ!=NV&G6FJ(2o3s^k?T-+<l?#EB$%B~hv-UIlRdycwib_*o
zi7HxsEm~w7`o+WzewK6Nb>ebuKJEAp$HcL1T<6<XY>tq@8$qId+%?5@){}1>YEScM
z+&HS``fyI4jfNN!38@TSGkyGbGEd6g38T2bP>|Abh}|AqHD1Y6{XEBiHHp7BFj2y7
z5fyKTlWTJmDNP5>`ntB`EiIhZK7~3hMy)=3XU{EEI;&U8t0_}URL!@C9UL_fgBoVK
z+DFG4mKRTw)RDeoGQE^uVQ#wVG`DFw|3kjM|2d7e<(c6l#^?9ey1%Y2d1S4j2gw!h
zt?Cf6b<y_6rn(zNDkW;QCnl*3EnMgCU3a@ANW3tc>go3`ReShD-lN7J>5o}<a&@vr
zMjc}Qi&85*PwT*8C3OqWj4voYi)Pwcm!G;JBc~V@RWc_e&{b{`di40BjK*z0Qq^@u
z{&1GmE?l8Dj3#mHDGD<0Vv1s$mh<Jvs~cXmaVD34#IA97KAvie(0$y_qm()PQ<1I&
zqwuUjAaLm@$+)#K+O-HVgXKO_kN$mDB7@r~?`C}S-*>!(eF+YwUDAg*ckW^M6A%!P
z<J=L`x&8*}-Me?N?VNiFc{L;nKlGX2%1leUft0CaCzatm+k(0YyT5O~A8af#Gvb$W
z9{i~nC6I;`Y2<-7Nv?{;eBHQZ8*EmrF;K?<{i`7M4$_gScBK&+jd~wyL+YY;ekLgY
zeHEg{vgC^Yn@?6xjZLg9EK-Y#?j`k0*xR!{dh}?_vOLBG2k|iX!ftYGkr$VgL_kA>
zSX6;l)!Y81xy!SyhM8ATj}QhrPWt*Yl?RA^Ur?gZ&~WcQco0_83|>yS)p!2R)c0<f
zVW2)1F#@(IEbQ!}GBQ1$suH52p+{J7{VHU%!2~D4swr!DJ_16*ChLk4#}!3;2M6Tk
z|4I0Y1da-!03(CEAT&}uf*=445eFwG0$UCAA-aXIZ*83A?{RLg8gqmd1Em2T9%q$K
zP`KbQatBdxBqxUfXEpehK`ak77j)DS0jUz9iZ5Oum=&lUCI$-;bRtgCRaSQP76^q{
z@b7{iszI5C+kBYB?Hku>K?l{*(eYDQ7z@n-?%#K$9<=D>tdi8<{^JK07=&Pgn-GMy
z5Xd0-BZ#XU?Bz<vdm!LgUSFr;<U|CQ5bh%4Z#Y$<z{7wU|6llKrR6dK9Uu@vfeLD1
ztB9_yE)|l^?^<=_e<QfbyElSOa2LgGtL_LN0$WSYh}hVV!{+G)1)%`YUn{g<klx+h
zHGVAv#q`|7iKT)#cl66Nkk#tk5e91DJ`=0QENN^^O|P17=<50<Ihp)$bBbu32@Yt`
znpF=;Wa0du$5qz*66F70YkO=3mfOj$k)OZ+n*m|?v>;^!ajDH?(O(<Retv$`d1S=I
zRG=nm%iZ(m&qJ6^Fh5Vv&a(6KK|A(AT(39?r9!ERuAvY_3!R1^86-koi1G0s($M%r
z6%06&K|+9t58y%6M^*pM+<7@J=!)?0@GxPRJ30gZwGu&NcnZ~gtr@T=f;0ofbrCJA
zkhG*_W`bI3R(3YxU*0#*NOnVy`Xh*+-n>DENrUR&49UjMZ;vgzg|0~2ekaK95f0YO
z_$}sT;4W9B#!!-<^Y=jSkZ7ze6Ft4SRF8yg1ej{|NLguVgM-y!b`B1^%X2pn)7{zG
z$<?f29PBNH_I3#LV`F0>bTBkAk!WMh*Q^MEpv~@ZUA@Pc4H6spYk9Z)2lOfkqaqAq
zZeea>>PL@!p=D2fSn1z$rW*VfnIFS%olv%x5f^WBqNxl3Lt9vGN%j*ho4ErB^(VV-
zNVYgEMkZfO{ae<8=8JiJ7G7SLPBh6dTN$*g9s5WR{tXvJh4pU@in-a@v1+F^&jh)D
zzp?neR*>dDo5H3g%qd#?%;TDdvzmXw=Lan)Jn4Zv7q6NSTMQxzL`~Djz(Dx%?;HpW
z7fI{5Q9bncBw`f^4*1Vjp|14d|Nl>H{YR+JlChwoEE6=1Vejl-Flhbw07P|rT>i7;
z&7<^Me7Ni1jF7Z&<W+C*65xyr&d+Cr?s?iLPmExn*i$F@yK?VUJ>4Uu(A3ZXdB)GM
zSB#{?^r@JDxoW&Nk_Tm4M1t0kVP?uFWxxRM@9*19c<lu025Ca_17dZ>u-*&|3}9K$
zgSM|FBtcqLmzQ3M{B45=q<JMhJ<mT+AgZ-s7l1^ndZz#H3#2Ii0(S`EGZj6(#o+1t
z_cvez2c5?ul#(?wYinu<%7Jc{y%UCHF_PQ3V2_M-7X^`&lX-3<V?xzaX?qYz>muB;
zzONnZ!elPeZ$^QF72)}RZ(!b<wSe3{L!~Xw%ommxh||7MSMLO+2m)AVjEvS=1P~uj
zS%)$#EiE}fG3B*4-<{T2%jLO=QN-WPja4Tmk^)POPfQFN4oYfj+(tfm;Cz*uN;&wt
z0u*5(6NP08WgC#oz~h5g9b!|2q|o+YRT<7Sb#?VghkgO1(z3FFA3xx5qk&B?C558Q
z@#7>l7#6B6)4>YsaGC`36Ey9c0dTW$>i9y62|<5b-qzaMD@d}y|Aa`;7@Wx9a<H93
zT3hM3f(?q9Ls6J0@4x}^k0UQES1wOMpP3nb!Q(&IrKP1idV10-Dx!f^1RHWm8JVEZ
z7M7O8cn>|?-C<8a2rjp@h(dW@3+OI?ha??o`@|E-Q*bo<&^|W<#ONbR%Ip5kPeJ`8
zj?;>Qn%WNr0_=0U;Uuv6c1gh+bIA>I77TLL<2A=UnjiMv>mUjCg~^2ws)p2*^8Q*p
zkAokirXa!%i@ro~v7_U5G?T7zvmZLr{NkcLyzh@6KepX$fnz6Rf(E`~I7fAQ-(+QZ
z`Jteo;2;MVWV3JzK#oR1UR+fb1DiDzx?ze|*F()fcuWj|+0&lx?m3XMaCC72n1?b6
z8KEx@ZIgtAaK|XH_rqI@iHU)4D|TENjLUEMx1sgMMq}}?vNnP0L}y>0G3;bom9}r-
zHn4Bs0ORb;+FIhk)+RW*A*fIaiHny8$>T=7PhhX*Jy`{tr+T@iy5ZC}<s6Dv6uri5
zDme#Hf}xOR&DaKMF4=M~udaS%sF|{c;|ow8s9!`*eOe8J(H+es(FK`3oEVhktku@9
zraXehDM6%^ot+)w=?JENaEgS@{l!2&^hCR%hQaSc3?f-b4}}t0S*D6rFw+2O;#tEQ
z2Luf=OBm;%TnihUC4`^{@W&!wU^>4qodB<Iz+w2T6WZqpxW?tAq)<V$1EFpL=j6~z
z(D~iAHlAz$;HI4u&!I#n{JSvcM8w2y&e(ndPgaC?rM>-b+D_8Hh3e4BO-2I>BMJ6{
zF#!O8KnPc5{gsf7oBPAW1~hD<#r5KzL?<K!_b;WEl<Yabd@T(K)ZM#xe~gTXa}#G|
zX8OaR+3Am%vWLgV%V=m2!s&)&Xk-LPpbTJcNU8-o3m{$MTK9V`kqPUzEnss1Dgpok
z;o)7BX4%k{e_Lvm`raV+%HBy^Z-~3Vt2}!)0g=@7bYG~FmC{y%!2nx7fY$;5s*B6t
zI~cR%1O;+#kP1PFT|jY(qN0ejbXQt2%%%ARm*2^t;tn~sO1@Sn7-WDh{n&;xV11M&
zC2}yDh33O_P;dfj-f$f#0X4p0d+>L=tkQ-goSA==h6kKZVS<&I2P3LRt3ZcySXSw_
ze{)!SPSF2BJ`Q({G&#c9yE|YH!ESFK9R)?P<W$G>N|9d-oT30*0GydKOz39A8OIXW
z3#mBlkK(EKB0AqU>U}pQ-bmx&r0UaSp8QF9dkY0#OiWaiI3NcQ<qef5!c_Zr(sLbT
zVTMgG2_FPb|2bK`OM21AH5SFM@6aJT^+ur9tui(PgNrmUa59o;yvl+my;JyW>{60@
z;wow=r4#j{;(kZL&KPAk0hz@V@o}I{G0nvq|DG>Jo0AF#$L?-LgZwB>;>;RR25R$@
z8n;uX>ammcXj)Zy6U3{Eq1?l!D1pjmQqo0ecRaqhr0s@%2JHRRN{oZC8yGM)=`a#I
z(>;y&{C`^+Pne{V3C(4k`uFe7wh}v^gLtx6HrjJ<G=Hy4?EWj?IGXws{B+#!%La2c
zLcL3Y`RUd7xO&^2_l|@vkqe9knqSeU4kZS5^`@_1t~_0JexN`&oXTgrh&5cVNSgD)
z;u~TEV90gzkTZPx6d4Lz_ndgcG)J8Fv1Hwd+)l%c6E9|v%>{SVsK#!t9&X#01(IBC
z-CxIFOW&|Bn&WDa`QyuFR!{uZaa|!1mnKT`p^W}Xo7Ly5;@Avau3TcFkP-FrfZe3}
zjz&Vv^sw*C$&0oeQ6Fh&iyaj%es!-44vI$8AQcgO_TIH4orq_tU$8gGG0cjYnsy7x
z?-%Tj?tbD*c(}VOf226I*ce_J-_?K48=C*TQN(AlLU&feX5@z;*7q32mJ!_xRz4Np
z<RhehFAFA~hP}H<qXor?!$jLc$JpdS)gHUUvMpYET$kMgtMozj-b-^ALkkaC^u%0y
zIvR|<vIj+bYq};9jgA*m*Bul1g=H%O<J0py<E+vxwU*L0F9<1=o>b-VxN`ai$3@M#
z9ZA$WHnpZsdji~W#glkx$j>1(A=}$?pU^w&2#e|R%3~+jBi!U_$$|gEmsmsRM6iY_
z#M)y+x0?3qSBdA9w_v*x(cAUcMohir56eGm>t6C}vYBw#BZk8>tydGW)C8&@wjbzp
zc|s$3k!gsyjBNjG&{c0vh~N1kwEV^uPpRemj)*nJMQ_B*;HiAn8{f;~cXdzbLUCnD
z*rRR6B)hzYL?dg$^B9+Toj+v62lGeW%x`HwF^-AA!MibOJ&B9gC(O0^{j+~;c+Dx6
zQ+}}LUfARSOANhBaq2!66PelkfIKhDkXUcyGs9f^^!?;a*Uc~sK0+lm9YHq~1H@de
zszHEI*k3oN=&IeX@n1<Or{;(t^XqWkiY?zU6>O=|`Z3dnE)%4j_?yu-JqU$8HKL2j
zGa|tkt5TzRQ}ytNcJ(_6vM!@vRW`+(#VjUF$`UnWr;<M3C^v8f6nO~MUO#zx;mCEX
z&-tn49fB3yYifFioJr=NYet`aea+N=o>@m`eHYp2;)Vge+d3*&%`|^YxAzIF^>dU3
z%-4zSg6i+ZUm?zp+lbrbRO`J|Vl2PtQ?d+nR7HQWx68KvTer9G+}{3qpzTF*?6(jr
zvXFoqx7mx&m=aUXnz>FEDUom)@^KWy-^}On?@Vk@CJFQ(Sxx^TN{V5Wtj?Nz(Xx4=
zT#9!i%RYK<xlZn(@PWMUyzsI@{Z3tQ+L%xI6#wgTv(<hU>?wYpAd}-?1KM&7Cwy*;
znB`&`ir4G3E3FtA5*e#y7CbN4CJNv4mnKd2PB$F0dUPimoAk+Eu>VDqD8*k<h*2-Q
zUm-blMp`o1&)5fFJWsY);)&-MjwE_K*4Q`5czE8sx1ML6(Y=w8lN~$Nf93NmS=w3f
z6U#xPQpN6Z0q(%T;&e%k{;6PA->&TEnw;?q_XoKXyu3s7$oz>&WAWTpJ_QNS3RDLK
zu^(c^+WNHMgqzKF3@~0p<_fl1Pd3(bjL4}CUx>!s-mU3%6~Qv)YYFr|WEXOuM!!(5
z-Q^O}b4efylG9?O!7oT)`XM$|L>PO^=75F)aay{tmcannE?*e4(vg}N+%3h)%bYwJ
zCFUOMYm+yAak5~e=XRldSbIub<H3JpotA-Vs_TA3!@I!&zh>I1O^=}dBv-#^uhO{P
ztKG-lR!TU<k;O%`Mv1SxJNvX>h2q*No{T5NU(P)DoXd_b9MhUFpwDE_kIm0PZad%#
z&NE!fcc|SxW#d2i=sVd(@)DPG4n^{J*PQOo_O8YB5|Pl3&lBI2Uit0gXSClrNv|TE
zz4n_k-RzltS|gvI;CUtFWeeM&*LZXD@>%4=UV@nU76fk_^<0zb$yp<TYXWS%_SS7*
zk@wB|;1v!Z!bXK3eupF%+P)j6Arhj&y8Y+q47x5LAp4mm81oBasY*B;|0PbWzJD?2
zpgtR2P0c_+>kW$Z5c~w3-o_;aaJF?CHkq;;0H%X~7e6>PfxSIZ9ZGQa&ri*=`2OXj
zA9`X%{sTAvzkMRzA*X0s?y*6P3@e+j<h`o3l^s&VPbHa~xrqP5-&_2{6U@xbQ-B6c
z>W7-Y6kxL;^gj94l!Ald4?z<6y87n-i_JQM79Sx9st{5E;LOM&PW}1wC7iW9&;X)Y
zZV9o$<TeYFPHhLcq-RbVbH*XS@;nuf`2QqD3+4W#?ziK5ot4@_cZ(dd0;BGzDd~g%
zWTma~{v9tKw}9$5r1;=s473mAvn{Qyh!z?!%m@Hi@0mGc6O)L<L=0gFPVty@=7FNQ
zUYY%ZR}*mqhOEJwCS@8nr><{=|ET0p{d-EAMSf8rMq{8<RuXM~<Blu5?h?1sQwTEN
zHDaw`{{pk4*RKWO0?1!M&3$A<h17kS90^bjh^SL?bAtdI0fi5r{v}F5!9>t#Tl3R^
zxR1w%y<xf^%xRX_)|!{VAb{vOSh#>#xexsRfCK>X02C@TvsBqH+ySx(5v}i?s1+I9
z1dTeVEntBla>^R&BAKzHjy5JF0MP)SV+h(6U%qtI^osg>^Asf<OXS5lITl)IhTh&n
z0Hl?cmjkQ1WGG`OEqw=YHvn?*A!BiI;euEl5FJE9y1HtxGMEm09++<Q|0=UUpa_Uw
z6J_Nhqi$RV+-~#)hg^$|fAAI%q4of0jO1%Shl_wv(W|LyC%AK9j1Wrc2zOn;#SrPP
z<v1$@@d)Y@LEHSJk`N+9y~dO*Ecbjs!M%g$KVvyj>u3@@GCkej8i<Gd7%U0jC+jhD
z8=+12LaGhd8l0Mvb$90lE(@kmbxjS_MpsU4O8)5S><lQyU0hf|I30k6HAI<8q-S{*
zzX>a9A=?Hf74ZV8BT#_}+}>seC<Nw~UMUABaFmcoBLNK$d277m`ak}%v#aac!~ZUy
zVx^~l9<hx$em``)joHJBiH+?7U@q(1HwqZqk&%&(a;T6EhiswOcn*;c!ezlAd#OC3
zqNaujcya>+3Lw4#2@s8fbt{+@3K6&684oc=t<F|yd)?LLS$l8*F%jkpSSdjG4M{!p
zodCTwV~dXj_^P6!q9IvCCk|@<03^y7{;w2YS65e4baU~&3H^6h8_Y}n0X=<v8Bi|^
zqY3^`keZpmhycCF%FizYRVaWNmzJ`_^vo_OXn3-uU2KS|t*s5y3p_z(0KuJ_ngXu}
z@wchXGkRdfH0cGn*l5CIi0mO{ro3v?kk84<fv1>(;!Q+anwFj}b_h)S+*>nd{COZR
zBQ(r5oX^ruUHKF38WpD05C@c~A$hOchxY@UaR^6ova_*vH2_v%ufxH?5q&!kWOXF~
zns8M>O9w|sUAmWo0s?@kMkGQ&5CbL(IN+~|2}l89;=l?4>K}40c-ugl(v->di9f{p
zZd{_zj1PDMqEY~&`k0u`h3;s|CB*(zQGu5_@L|BTWo`%S_6<pSc@sT7AAk%1Vu$4f
zP=oA5nabbEXIS6c?Ld*K^x_55_mjOPNFZ``8%PUAi3s>ybD|j3n-JG5$)l#B8JeCZ
zTVaijit+<c8+yE4>vVwg&d$xP&6aTf92EuC`x3A*07?t_I3Xb+aPNps4*}tUJ%^_t
z86+GC5CaKFVcXT8wAbDs!EVp=KOs05%Fp@#tqki(P<8ghtHwr0M~@fsCWRI^kZhz0
zM*Cc&1P4s%;{OSuiAbPeEb-P${?6pdJy(7tSjK=-10tf9H_~xd)P5sYCZi+m3oMm)
zjXne1zoZ;2kH0kP{diGq*7MwDBnHOq1t>?uB7zDBH0}QYVli!RolSyO)YLw7FTj%U
zO3wMW4N(lKv6Ew0W}{k(8e8Ogy!$&@Cu_wXP>3x`dwXArs6ItJ-{Kp0&b~S^7V7^(
z7w-a-^lulo_}_nuO;Fx+hZ2;AX@H@0mcKFZ0;BO4rqW$Tq%V^k^{>B13oQBX1TX(G
zq=@VM9wKsUdOWuBhjLX8t!S5a@7e*Jod689n7(X27fpWg0f_Eeor1S;V0Q2yAHLDS
zC_nD}P+`DIh+EAY*eCh8rx90ZTJT5C!zv%gVFnit_-ZgHx;D=a1bsk203>aH555j<
z{r(eugIwyH9cEvGP~gL1JQ>{K<gnucgG-q$cP<jo_0)l^{CarMy%sKP6`%Mwou)5T
zr*CHD{LKa-ALM`&`0t+>4%u8v`{&p8f07zrCC|m1)i?P}2T{@n*D4?F{8>DhZ)I}4
zfH!H#cyYcY)G+f}a4)96=c%mdVkn@ly?3-`Izn~-l-(D&A*dzwr%OyuyQ(Am+1B2l
z==vs;kN;P1UmaCt_pNK|2MB(Yii9E{h#=C9(hUOAp;FS_r6M9y0s_*~4bsvI(%qe#
z-gNiA^W{6g^T+R=GtRj8j&T_b_a5@bdf&CyTys9pGv^}3R+WI;M40FtG^-eB?RwqR
z{#G0LsWs4Pv3+=OuyMT71*sEWTdUZS#2Up+>D$0$sO|DjMRxnfFTvqqE!UO6s+NKd
z_izioJm1f(*f=_R7(AVq9!Js*WsN#+aJ<JHS@q#e+>d)0lZwA9#;e?p*Dw!!8!V1#
z(%?OlUbCL-!_=2xwmqzVT6|16@jlS$IKJ3W$?{d><?kL$V_elbZcK@D^vf@R%8Z3^
zkD2$k;%FbO;A>Z54g<H;i}KzMkO$OpA6#>NHGp+0mPd1`OrzE5)3zgT@4x^7&K0Zj
zG59i}bUR37c3NATXZYe<-M;z#;pz$DSNJ$MPZhdos`mddekOanM(Ls>Ac(2y2eY8(
zjuSiWsC%WZ<%sk2x1YoFH4<1Yp`I6_67tGvCd4tN^=X)3{;(5ERjf{2#&7-L+tzB9
zA|DB|a~^ET4U@g8sR^K_vF!~vehQepU}C4Y4q!C{otHe!m!8E6uSj3%wdswJ?GK_8
zcpRiJ*W&M1?2%j@2^rii_xKZ#C5Y8M*(!1?N1%S_bSJAibR+1u@3Q-$!$AQD&#&cL
z?d`SwT@Q>9xp)BM))gK4Q<e&z?nU&KvWgkLU9GC410qdKRRX-_l`fY<P6jm-$IVlF
z?PE2f`I6-%rf$>O*_x5u&BLRc3)DgSnat}S&%KX6NEMiG8+^RU!(*L8#8)SGx<sZx
z?h@>cVq9;J<w!GL*5kYuFyk_~zNlr|_yomwh{vl^{(-HZxZMGF`Z|sLexBB{X6Q9X
zBd$$u3(}law;QCl>v*>p<??CTa6IRS_O>|E$~vVwqZ{)-w{i+m{7Vb4vh14lh4Y*T
z&kKQxHXgf}ORsHI3%1L&-Ww1Ce}&F2K{nPKDY2Mu<Cv&OMvd9GU*fN{{ZNbP|4YMW
zfBSPLDW}^C%Sg2AR6LG-GReIglL;LkR@AWz>?H83F)x|#kTOkfbenNZYy6bEw`JO{
zL8<%tHTW5SOxX!2DCB@+0$tE+&=tL8YD5<J%*;ec6jy*%)l#`(_rMi4J^BQ&F`!$H
zlkcvomfJIc>;zn$xR>kw?u)bS`b@3*4xeA;Xs-CEo6b&V=34%s_xUVV-RP<Ibi#=w
zM{|UHA*IM9Mc4VD$)lB$i|e4)1MlSagIqJdy#XCm$Cc{l4qS@4^(moav!M~!l|2WR
z^i=tE{PEA#lZFC^PXvw{9#5TYP0U{PFPXaU`{`3_S`4bsZB+5O^k}}MGFQ9h%<@w`
z^slC|ip_Uk*Q+-gT+!(r&qqDpwcmIf;i5bt^kbEfVZgl887<rORaI0?^a~4S7wd)T
zWQ)f-L)A{(#49lao}*nd!{x?tshg9h6O&Dt<0ID{U90GcE#i64$!wRHIMQ2_u{ut{
z7H(T~_WC7T^#T+rA+osDn-5d7HTK&C_K7`?`@BE#>^&6V>czgqRXzV;`Oc#`o9aD=
z)5!t)jpAa<0+p|zyg{l|!%Cj-cC@Qu%o#!NRQH#X<Dt{m<_!z>D`~V6360lYet+#o
zti!ak?t*cQ)xva(l-IJBg><#wB-a$wR>ZE}tnSzfb#PPFCEiq&wlL5AYfamRgtB&u
z=_($%9`qwDx?ker<SZ=KlC0g_+<@=-@wyJHyQc>UJ^){j-Pi|;6E?p70iwR(;9%Hj
z@gMJ7LQbv$O}3&}Z85<Q+NBmSf$5o<7rz5~>M-u)4Z1UHP;y?mB3k|V%9SgQD1VOn
zn0dfR5k(wqc!+HC2R=Tslj2&{5hDWwLy$Fi;T0#lBg<pu;jrEZ0$nm={wm&aeqew4
zWT^8;c=bu93a5>bkjske>e}$a>gwtGgoa0>@i}hCqwM>d&S;+FW}!QSKW6WdV-|^i
z+6GGzU^0dV3buL{6W2mY3fy)i#$&DIA?Rw%#@6O;H=2;_Cmeo9ot3UC*wWSGr+whW
z<xv*<bJJT?<3hHS>Xtb5?SUNOww3|;MkiUV3%4d)7m35N)a&qDN4GW}>@OKMi?d$c
z*u{IDH}V^;Z%UiYmF>sYB6>9Xhe1PB(DJRe#h0+2oo_09tzpSlFAEEn<2yF)#A%C6
zhbod<biAx>Xi<HA*+%fm2*+Hf`yp%0Z|vv{Y=zxl#Ma9%Wgi+GowOJ%mkoeC4djvg
zabir3Rc=RbjE&U`&*LYC$mLpE=KYq@y0+B5qZs$CF^BZxEwijPR;#kAK;Qds4ZmP|
z7Vbb?!=n~8gYsw5KK}Jo4DV{r2jbm=#)`-u*l|-x2oQB9CZ=EDx%v3}Qv-$7oDUK@
zRJ|b75D0B;ZAFt~z>f#FNLn32W?DwZSf%i`C=Q^4-&k0rLQn_g#_>V_2y8p}`mbBU
z7+BnCAZG6~)`waYL1CSF9WN9WYg1&Rpzit<gi44y6!f>Z1L;Z_4;gz#C#<Z$ghgJm
zLs{V44p6+5lY8q+K|14VYhFMV5@Sz4za`k&e$k`Co5F*CYB+<R`{Obw=cEP7YJ44n
z<dpAHQc@5-V<hDfvGDk!a@vsI^&<YRHs<aNhC73?EWal2{wYhyxrie8L}t>?^cXf9
zu26P)HyJD|Tcj_)8}X;>zC+w>Tjh&h2V9hR>)qNVvI*ulMS*vUU(sBPzk4zE?ylcp
znzfIf-ud~fx36hW`d1$+*0bFiB)Gj@&pa8ZFQLS?vf<Op+Tje9WnuETE-A)QK6wK9
ztU*><s*vc)?Hf0BT)-&vvK%{0-{}~gVS;7~DS7ygq7WyLokN6;>!98`q3bQt50T;z
z8#3g-i{G@a*-ekVk`>asd*fCKFUUGTSFy5!x~l$wii(Mo({ar00hX5_2!u_G@i2Rc
zzyy(|Mu&$t@a>IWd<rr~`=bSwR_IVzR)OLaX)Y=(>>L{6GHWD*UTf^=xC+q#H1IbZ
zqE>264d!`n&H!Qu(0ynX>fEBZTySs!kP@3+k)RR-HVN-tv3imB5f#mHKXhl$9o?z-
z7H{Aq%Bo0aBzNLn?^HOQS@ZbSB!{_|se9yjwCL@0-0U$sh(~ct2g)A{I31Akc$i%7
zJ^2t9t=YD_Mm^fx1W}K{99L~n87DjME;ak3+ZwlLj;r}QG{oB1EoJ%h@|Xrku=O-Y
z48JV6#BgP*ygp4;jFwnU=F9Zc+IYHf;Yiyp>Rt21WcozwFI*hbldDUH(KEe%V@CC8
z@=Kz%w5Qml{GCntp?QCXe1|q&;u1|wD^g0rWve}@cZmZut}fbLy{Es;JjBEKYklxZ
z$_8+N>%Kb2@1fAeI_wGsYRML;O|rk=AW-!w_iCHzW1oiM-ufJ!pZCW+QDKH#n+?H^
ztffA9>YlELvBI0}dzM|KwW;AlKkP2VKEriL{b3gxg0cDIX(54+mqN0^kWl)>(1k2b
z-pOVTs<voql7hM+Xb<+Zg}@C^4Dg75gWx1AtR84iP{7a3&qGH6RhX2lRlQgb$Q4K@
zwUp0;?q#shhybBaAy$%Ks5RJG_yNq7C1?GFqBSQeDu9j5x9)w{{#0O_aS`G|k@!P3
z<mnAZn3>ZM=}!Zv$3iY=UhQ<i+&EI7V<*89UND=t5`r!b<+3}c?0V90EK>KkyNS?c
zA`|ktz{e*%r>8DF5rlYci}E|=yoK@a{V^NYS5MYFI#h0=Cm8?!`=D`wPp!`D4|D$`
z-}{XA%Q}?$M0N5ib?MJ|>SpU4Gxw~1wqc*j%AVwZ4qKq9%VNv2jh=7wT$#yzNFFmo
zL-+@MwSa|~=f*Nut%jKTwJR4d<&L;?OS?DmT{3}l>#*-VW>{NBt<XH4%X+O$!@kj8
z9TPu*=Q!dtA3A@agX#Y;P~pc$ZP32#5ryq}W0|L;YLBs%lZF{U2RXMTMc~;^58^Np
zKsGZh5sRP0*L3CPX~b|1bv*4|dWRiTF>Hp?&5VwA&kd!(eXuD|rP^px9VwYIAfQe=
zgKDT=o_uXj{MaM?OE^U#>Q40LBj5M$r&l;q8G;N7B4AhU3!S5*q(;=XoTLz`f<zb)
zE7bl53V=*Nix6o#O^A_lgPe>^GVslQemEd)Im5`d@5}ItZew@>sOT=B1=%|&&>(u1
zU}+XD`F!QVc|b>Jc)>gaSoi+-U2p`Hl$37ZdM|<?0xnPW;6cY=8C^+->aRfDLz~)X
z8#%c@TDC6a#;l(I$hBF+!O5H>&W?9_=rQ@*FCrkc!Q)h9WTr0@L+>4xQ^_&EQMz{G
z*WqUII{s4Cc88hkU$;)M!|Qi37I->sWgBvU?pfP#bGhfoP*azyGQaY5QoBvRf)Ve_
zlkMkSm*5}3aOYz7JBDuh-A{den`>^NlsW8&!HWxPq<*@6%_d|@ZC<7a`+OC<E!8t}
z9!B+lhx~3Ps-q%DCvY^{ja*%!7igM4)Sln*IJDVyYWp*r^=iI)qz3;!@39HbU#Dmd
zUd(*%-+z7w*Z8|`DAo<W)2G1fnPLXUDt1*ont$+lvWc{OigL=pMP6~08;?cx2|Hx&
z``X~>6;_#7ZMyEw?A)Wktjihhdz<*?u9(dfrSGoUZH*0#+Ne~IP#q4-zuMf5*b;N~
zGcrB4{M-ocDxiuqp$I4mDh!a1sFB%#^aa_?8A$wKP@GFk;{YVJySr=DAaw!M{R)bT
zLVzIYNrU*FnvIPpv5PZD!&pkH<>!stxZVIC8N&J7J3Elmji3;JUAlnmBKnV>obazC
zVqfxNmhhBA=35$uOt<FPrPaF!xA!TYJ09LW!Xuk^MH5{)HXzMm-E3Y({cb}yDat7z
zb4{bBR?gMeJ9Su3yZ(X4nnqAv^pV5HpObR_(bK$*Is%SUnu#IKsfF2c#{}1b{m?*7
z7p=WJt|nT&hl7&tsHo5Z;^mMI4x0FHD>{!1j=tJy*F<)l(wOicO=ZZ*zA(qKva*6S
zRb6s(gBIxoA=DpqT`B3NZOJ!~H$d60%$$UC00|Y~27&BHCW^fa;$8rxf#n7n32^v`
zAjro@aUu?k8sN580Of$31&ke7q1QzL_I{5U8B^lp-$8~Fh)%>MNhZv?^q7(QCZOX2
zq5EgQY|SELBFGd0ya-e`kk%1o_08HO#rR$T`^IYbu^X4FxW>-i>f)u}PMiZcts@5`
zpxq`#+&NO`DX*KLjAZum8SpG9<yZO{9RqrYg6m(HxV1M#LEWjGrTQBL4k-+<^IyoC
z|Loixq-gNyA3%50d1f`B&VNr!`vjUXi4hhS7Q^W0%I0wq?oEAW2>dcPYzSxph`6L*
zvGaA?#yD=xC1<;3d9B%p6ZupnvhKQPNinxJ44y#|YNiRfmm5fkX|!3I+oHnhm%n|x
zwYjx*Kcq_<@(3WUr~&N!e4?ba_s{Xi`-8CEbWF;^W1k^=wNJ5iDm1Vq=V1bnBoPnT
zL*4~-Qo1ipQ!?RW>9VxB`g25?)S*`%_e7QW*rlK^I3v5YyG|3tsV*3g?$o<4J_rbk
zc5I+46S3w7Yz<%<=#@TWE-z5cSXksbUjw+OHH6Fy7XTZdyhx_oM0zwNe|g>B4E&MU
zX*Fi8sD&qMmz}EI6vbk3PhrL$7LcH@yma>|kd?sCujRv<krjLBQwR&HR{!uh&;tV2
zXWVz`IRenk@MsVm02%}!PCZA0Nr;ar%|#w8GFL<N4*5E>leu4>NzEe7@N?Z7|L32+
zikPI_R!eO0uM`dRVU3V37@jaMp{D`~P-DVIOtufpN2*f(GwLSNUV6qf&CA*uE6BRx
zr}oW$OHSTZ>>530qepS@JdIk$S+9VfkTHJq&Ac%r=Z>M=N^$;z%pNvhpQmo(8oR%n
z6&&`daZEpp$a;F`RpF4fZnGX%P=1;W$EwwImU@>Ce%E>HjMFs)PTTAvbTi|8A}-ny
z{-m!pTaipGC1o|sy5UZg>D822=?9?uEEoa-2ljJ51a*Q=it?AI{ZRM%HV311N+&Ic
zsKB$*MCs_~^kpW3+m4M3r>o#k2i+F6Q;~pyG?Ul>sU#&MVD2G%EU=u|kNhT=vi<8l
zWv%<;w~B<D$>_><tW2GjbvQ}M9m0+D^e&Z*$Y^Rt$2!m=t^1n@%geHS>|BWY-P9;~
zvFu<Dv3m-u*Sc5=WL+svmK*bKa6P9bOaR$xP|)9y@CINVd;usoUY<5zZu`h57kNl#
z*g8HyciOQ&@9nLzi)L9zOMmPLD7LIBmBow1+XDoX9y#mATTS2RPq~B5wGq($XBA-f
zZ{RbEPm&&S*k>&~<qEoxjJ(v*Z{~t^3ucP`7NqDLZY$=Pg>$zn*Z%0r@m9Z|X(gnb
z4PYg{lDgDSg5_23Mkh_g+prsm8$ckWx9#F32JbKE;K_?`QMV`)C**cMm8ACvk{M3t
zk8*m6m)@5)^@=uj*$x+^CH(CAP8!EwS4%k+UC(Wh5q37sA_NqRh-Le-?J^iM2{i7e
zIxEizV}%wZ-k@{v%hOr%(Y^m5z=st3OBX{hoSE1n>|n?iAsw`*J1axeQ{yU+bf3>R
zP6ChZqXkROzOwYPeAzy%+is>25rRphRw<EshSOx}d3FTlDWZY#q#9SHheFvR%L)+2
zt~GG6X4LkcW!ZPmC#teVYdh@^dK5o><&oTee6aI=W)Q8KIivcP)I=+Kkk5WP+*>da
zd0Ep;8{7<Kz9zONsKMfhniTcB7Gu#L#X;W;Rcs(}F31k*LBU>5z-j;irw2q6A~|Ku
zyhrhzK!a+k_OW+fSlz;G9urq+x;g{G9q3K95gr;~`4R}tE3M7ew;FvS1*P{tnS?;7
zKuism6zC>8TH5chmoHKi1ZdPpk1D266kOIHAnUd<zv~SZBV)k(_ZMJIvq)d9KAwH7
z2B-}n@FljS5gLk@C2k2|qX(Ip%yDK0H<iu?Q2tNpo#jU8_iUB7(Ra4GV~W6b0^bDG
z1B~`_i2e+8-yr^i9XfzSyjuzc7s!s^cJ-$~svyWkhbo*{WK*|_-L9x<rjXp^+9kg=
zP|3zEEgF8Co`Zd=-InkX@_cgxrUuVrR1Mgttfup8X4)dcZ>T}xAJFyPKX2W-axM73
z%+6d~jL*pl`2G7C2<E`c2IcZaO$QC2_t=4Ipv=w?5fP!HrXE`ed}dyNKIxVtqItEc
z%VXed3!MaN9)3lwtFk+sU($CKEi3E*D`6nUM)C?k4lS!TXI~^<^XBCn6B9&AxxerD
z-|%*|<|T6F3_#9Uw}LYKzg9g4Fgv6iCA`JcAb8+jDs7sK2-1RhYX6|ip0Kp7J}fbZ
zC=j-*gas6)`-8I3yF;CwPa!ey9N1!5&_I=G$sL0z4WSuGaw4L2|0kmmJfoB`Vlv7G
za;0I=!vO&bipj`pZ~l(tbYo%498yU=+C;`b+|ATEwM|LZycGtb=kH&TKZpP_2(QI3
z0(S%66&B`cpm0FQ1{|RQub6EbWV4~liVsiRNpTx~ZsK}-f=Uyp&%%*}|01REK8i`-
zD#AQ#MroEtp+p(EY2AwG`|lTKMkBVK1i{%m=z)%h;<6k)b34GW7(M6&#%z0cH$Y>4
z!;x}KEp>#L;lC6UGK05LkdfG$yTF*mfls_Mi<mZRLxr3D2W*es4(i{}{0Xam1DY&o
zI;iewX=(5B@EnD8M8(Fo|N3<fuqJTRK@$jl3E6vFWg`ifFPsMkUJ{aQ|Di}A<->39
zYaM-=FZz#BT&ntG<PN@ZIUB^|6|L=90~SG#;G!VOM}&}ZaUMMcXlcEIA=uez639M~
zt6l+BK1d~j%sV$QMy$04xs=Z#$9({e)TL5ZX3rVP8s#$JF*qZ2hy}E28E}M{Zbc8g
zdkH;&dJi^)*Zp|k?D`k$Jw$_gMjM^!&o_hE*Y4qqdd{RPrix2Q+=Ju-qz&J`Az7UB
z<qtRiPPjpbw3c~~m`eC_>*aq~lAzL5?-^KQ;ioYRvaJ69e`~~;t+mG`lx<=HtIa1y
zcsfn5H>ObfKAL8JNE6{Iv)Q(%F>&B)Xq;gX+)DL)>j}xT^FzXK?BDc{TkM^jc6JXx
z6Y|WOJ4nm_%<s0wm0FJ9a&z9T{j#L!r%UJH=d0h1zmQMb2s;u_?tsLN4Xc&q<pqGS
z05nN`avk~Guk$g@k~7E06+l!1Hj)G)^w@er<S*yEEg#YciOq)VxI;>)`c%=YTh`@c
z8M(PCa&m#1IRfpCxjNPTo16Ko(7mIIm*I@Jay9868iB_E(TN}zy5Xnw>}L=dW97p3
za62Ow)lF-A9<~$6wcoyeKtdTF7RJiSNjp;PJ4}_Hk|J6Hn}j*+tncB}e$lTyxdpB-
zmUk^o*{@Xk1!_Pa8ohe;EC7{OT&xV-^QI%O%b~ieYUiInAA*~b1mnLrySNbHT%nc#
zgAf@P7f$6Rcn`4Jrui+hW$d$i+N=ui3AeYl5?*d}01X5rs-hDc28V~cmzH41zznL{
z+KKx5k5&8A*kjcmIsvE!@aJ7teMJ+UPmfFC>N_hX6B#)<vVjx=VJJ>@HMK4{adn~^
z`0-QqFnuGC^d`<@A-9@u^T`pOv*voCq9WDoU91JE_L1Md$uoxYSjH(TDn`b}hJ6*-
z>0_0FXM~kaDtI%~7izu*51>P-cDA<{bTEhE!A*M41%kwd;laHQVCj>9tZz`kgy^eD
z(u8~#ri6u~2dstut@?NWanrF<epRtxI0nf#(PzF5XEs@p7L}B=FyX)(94cn0p3wO@
zj@oEsZR5Mg93gG&=2j`6|8Q2wh%!iCO3D|Wk&T5Vv8(I(WzT2Oj<l4Nxj+05kSB`1
z3?1g6vPRlKXFM@>)#+OwUrYYX-qGyd5d?A!e6IWQP;|5pwvN<~Oc^yV!T0%a;oVy*
zx)@pdsJ7K10#GX0K|YV2J?wY;I`5k+e;gbEVqm+qalWDAY!E0ff=2ids-oiY>L54d
z?2xsUgJc%N=i(y_WMh13G=x}gN*Km)DM)$fge2?uKSk;361uv&lF17BW*T54GJrq-
z(5wZO2_hpRx}YnmjGUa*1WxyLUwLgdg*=d?!q0ys6{cUg_mUjB#eQ$hf+VP<^}EnZ
zOU5FJ&r3BKVGfWs-Fo-*DQF!?$jDxBk}4Y-rq<WjZ}-Rv&_%Un!03aX8n&5OP0t2Q
z0{UX}z_rY2E9L#~@9<k(QUaSqUW7-2UF*hvTA{?}&IaGS&#RH*0*t;G8g%iWMH9U)
z+5r!Ml^Oi&Ro&|+FO-y`cUhrHZ{>!4!U`@Rt!pn)<ccZE&sP{SRR*pf?jn+!`p;i-
z6zL2v2V9)Zg2R4oBt{b<$ICMdQX!w;^*)FrpHG{v1tFhrga4*Hk9?uNFMM|T|7IR;
z-@`}#F3)VjG8?^1`u6^-m|etxycIaF{6CyJlouxwTx53r<WPQNu)S)41Tq<T%KJKd
ztw(##Zbn*@=iNBiUM$_xJwI_=?Up<CDaUAahw7hOwx{Xh1qGlQnItnK*>Hr~&&P6Z
zPA_8K*tlgcxVNk*+nH4|I@q_&a=R9p^A;x>VzvtSkCrgxWq3$~_j{w86L*w}=h^u9
zANJ(;j=RYag}(6GD`rn1IbF$fHXmh7&rR_)Gp@1~QQ-ekU(CU_dmK^0uM<y(oNmb~
z%PTyWuO{QiA0E;|7b0O|Y^ut!>i*o;Ke0Rfz7}J+bkCy-+!uXm`7~KEE7`6(0f|E@
z1nO$hij3ikFJx51dCK(F!$=#tT6=%?husX7O`WlK=^gHmw-nOty457C*%5b~V0m&`
zWI*|An_h2sf4s1(7&?=_*`UA}z4YA9EM{3+6jkdvJgymTRJw(-vu|PY3*7HV8aHXm
zxzVFWCb8C^#a*4Llbx2Oyynm2y(&;#ne4xi(JT}ioYaV>6Hy88b1->Y!e5@N$)1{?
z_e!FBvnD!$UTW#6<?ZSiMgVzs#mC-ztrEfA=}DR?=}{Lw`jP`OBT3yDa|d#x_Nsc5
zcNt{@1BvSkM$N|#Ha#*i?S{jeIz7Xi)A0gl?>U<KK^6WYXFw!lv5~vIdWzAK;Fid&
zb!p9Moo85qsJ0yZZ&_!_A~R7{XHtEbRB+Pl!6(LIhbHuvR4{xlHF;tdn)~?s`q|Pl
zQk2O9RTh;bQ;Z%)6@|7KOz`x3&G`l=y>#-TO3%qFUFQy!77u>Z(tWs;4=<G{Bd5#%
z-Qzk+WNg2ctMmCN&J)trBZdhz8_CGYR%DFo>utFSebQ4@JxZ_X@Ws0SV+t`_v1V{g
z(;EY0O;|5xtzF_>Sz{!Pt@Xr15<4cw^=?U06XcJYSCUZl8Q98@=c>GWc@VWR(P3Ra
zF&ew(QsTEerqBli=Kz0rQNkY&FC!seePzte>&8D*dC2Eu<4zHgez%dt!-pHA<D>GF
z#38op*2*o`E$A)y%|s8&@Of;CKlYBzI65@D{c&d3v3Gndw|R*~;-IftkCHJ?;JZ)I
zJ+9K|)6F^+W*J2vN9oKKY>J)RD4vlF3sdEmS^MN*iAs_?{oDI#WjSNVY3|4zo_xgF
z#TT@wv{}2BytTFxRzUu-Wmds(&Cbj$$7D*z$K+?c1dF1sWNNUNr|rkM*`tnOn0d~M
z^^twcy&tHWnr3m?s;C%R+uj(P3WHrS51en)731|@J?rQ8U;-^4oELqKtPJ`E_Rq@)
z)>M9E3FgI^NnE8jJmG^jOR1Ex@;%AOh*U4qG!Lh`&hMUP+OMqU<mG&bp{!*>#{Ndo
zy_3xekCuFCuRD=58;(SQD~&5$n(O7Z$x;M~9Xn{biI$+m<_r?8if*Tcj*G}(H}uIP
zZXxB*3w>$BmjP33soZW)JomDDM?NYeEsb-<2stROQ1`JR8xE>6u+>q(J470JANi!k
zpU$1TZ6qQ5OlcB_XV<#_rCO;ePhuSAB+xCF4JVw@L6dKl?#%q*E)KS+y$ccKqK6YL
zk7c)Qm66N-I{0^Q=|9aO{mg6x$v*3!<(^pN3hRry)c;{9|DP@Gzb>Fmchk(=+}PAq
zIw~rP8Ak|~?4^Z;FZybTcLAOaEGM&D2fc%X;PtSVYR)KD=rD$(s*&!RjAk|+u|HjS
z@5q}&;c@(Y$h0_ZY;BL86xRgORy+70-i2Uy#9<w3#AYTW2!b|LWChB#hZseQxcxy{
zodCOIY-aWXxb7-9)bi)L*RVKh=k7HgWy3q~=0_fxaKwRY0h|n%3p22?!&*Oa=PtF8
zy}fd=8ATh;#9~1yWDIR>iH&o}#+r@5LY&HX=2c!TwD{y#_gW-Zrbo%lEF0Q^XFJhg
zNh${Z3`Fxv`ufR~L5)E>{yjopkd>xA&TUWl(6uUI01~#E^_ao$Be{M1xt(1R=oYsj
zb4j3LO(-QLWgFP?1oj52UH}FhD+>#$;yO~HObRU8Z{QUI#rQDYBigJyvsp}Q7;(fV
z9hdJ=YG`P%@$hIkYJulP%dm5Fg7~nsgbLvNgoTAsK~Z!&YVY^(mG2$wDp0tvv%H)I
za5j|$c#kCH<o)2}LDskw$wk8`vk`DRnQ>5sXAAL5ildK>aQl-L3lI7Vds5hxoG-Xz
z9t3vET3RvSGuUp;wF!BhD;ddt$)w6lhh8b1-uS7kqEb{^nhwsm#6jm1K0cXG$HMz3
z?iUaPXDR!2`x9P+)i#h*2}Ba`bRaOj{V_g0oesR3rWJcM>?aJ)yBPa#ajJyF!@~pu
zwUDMHa$d*pFbbaDwbav{nmIUeC*MPQFZw?933`kP2cBaQF6dR<*Y^UVI)=xOrGk0M
z1Hu0YV12qup4QXbOO-pIu}^^IMTq6a@5ueA{pvr>IVD}tSqGH6%=I9jiY}z-jhUGY
zY}|`@JPvEI;JyXgTDP>cG|yT?kGYJS7#k~4;SX)?{~hg?VuXJe8u8Yq`G?sE*MbZR
zg#s7&%U2zlGM7C@{bWwNJXLA%YyKHAlOf98v5gaG82d(%kx@}SP^C-KJ^Cs<#komW
zo?b~ROX56yB$^==U{6LK?%aRx#{6q?{a^b*|9*k2#05QTYlV@K5qM09p1D6Wo;AU+
zQ_Q;&QYB&5N(3t_D=TSffs2jlA~>^Z(R>tI?IeK>*a9QP5N>1#uAEs9OHsFNNj(^R
za6(~0K_bLfeFFpGu8@V+H#qo>_~y+}$>bSumtivmJ6qdERvC%z3C!tU&CbVHjVtyr
zzd=_E6ICU68+1S5Xu^gTnv4S@n!t}!^|1E!^lar(5Fl^pd*HPoXfsUft~W~HHGdgd
z3G0~Wk*5H_T8WjU4<<HD=}>Vh7;e}QFKCt9XIqYCYm~q!nBfcn2OaTyTOL<0_&%<p
z{ZPNMV&)$h2zN*Spg0RGe*_A7HBPu6$zWq+!^A+WiIdYo{FRB}VFeqT0*FwkCETlZ
zKnnozipYQyZ>-=`n15w%N5vqh=V5sCh!A%ZWVhYh+l4h#mhl474CzXe#b%f(HvYKW
zA6SSjnOvqblAD>HPJk>&YKZ{U8zUo$;IFc&MU|Cq3%{cxBUzt3iO<V>0`5D+I8ZHu
zC|j^9P+u)0J^eW=2}2=7fm)^3A^=$(T_K9bEg4~`W#ZqjGK#!}c*&D~BM#KoU^_xW
zLV`h|Obu0r>26$m13tfH+wN{L4DryG+0VOFtEnJghO*hn*aQs{p>Lg%qGBRcHd`$(
zTikH`3MB@Hb2Lj6LPLrC{rr~i2wQDxGKNE#1F<Q@OwJvwZ5P9Zka5B31XcseV%2nj
zVL}22u#P*>0WdS!SXtj#Sv`mD=^Y-91XU?mKiCt)%k651K><WJh}}#&Zk~hJ1;z1`
za;pv{!*-??lY18V0`Z^V2m#!9xR@G;Yx@gNw*BZm)p=yVaSH5evEz6Ndd0OgHy4(b
zWjww69l|HL7le1B5SfBv6CzVZ${?U`N2@NT_86UP#bF*{rIQDWL5gg?S@}ZOy=ude
zVi2x>o-3xmg|h@^7|=rn?wD~0a!#l6XWdLV{}_z+<#PO?p`mnn+9W;ZbU*@R<mAwh
zY5@@sfCsS7eSLLn)49@XvwKX;;`r~thD1p7zK)BVQCX=4Zx>8|WK2vb*icBvo*K60
z)>18n91s!;3KgbX$CJi}CMKC+s0%A9vY->f4z(sPLCkh=aw;%-9~qG_SQc&j9i)VK
zxVg7MSPuc)!>BeGmogB}f!QB`4x6zr?;9D>=$?eP<>hGy{R15ZliC(G&q$~Ym5b#K
z`ubR9=fD+)ucD#hJjInSApSqutHv-Gk#my$Gi;8Zz}mZ8oizvrrVI1(?n%I-^}>7#
zbbbBn*}nyJ@q&7fh<ji$m+n#0(V4Jn#pYx>voMy&xI~oi3O=2oG^Ewt6ie6O8P4tZ
z{Eva!zZ<Ck<4EtnyMS5)-!FKxtRSAJXwBcQyQ#AP_%e0T<qPjnv1dW^<hcMo;nn43
zLib`bjV8VPnc@?{83D|JoPNO&-wNa%mq9s-zgy3aUC)8=4&rO*{e$0+q+m|N(W7VB
z3Zb@zg#{Xd@-oY*nkTMjmhtUBA+n(kb3`u~wXBpB8d#epg250$CKRE+sJ>blaMQix
z<BYXT+si{NPQ2u178dm6fi38rB}hPlRGttNCoD5ClB4s7vY@;`@7NeaOFm3b<anqr
z(DIK3O-&X1_$qpn<E`qW6v&hBiM;|ZeqG{-YFF5xK<(rZor{18m&9Qy-rqoK&@7^J
ztCb&yb_3M&FuWxhGMvSO!Bp=Y%*P=&hYSG7l;{E5$;!o*4tC@^4h|S=H1hxC<jNi%
z)qt<fZa8iOg!C|^X<@3?TU}FAZwIl{zv620;@S_NxKK*%KqFzfM-SxQ9EOZ;!oY?;
zXnzkY(X~sxU0w0wR0=;+s;acX_$#<m=<||?Q;AUijQ~7rdoB5o;AI)PyK9$f%9@vG
z+_`fH(6KL6Zm^fl*_b`&K{D?wmqZ1Nm645&Vw}fmDa5yhFx|l}C$IxFL?}CE?l5Io
z%Y=1A4_*b7Spn`sY1<vZAq|Zv>(Xd=1~yL4GyqFrsgQB6#(dW~bN8Zo8ptW3a0<*T
zm$c%O){YJ|%mr`}v|ou>g~M#-j!|ZhVz|^aRvCyCR#{qGQvtUy$<@e|mt5uUjZUz%
z;Bg_32v!3e#5cCKN*osByq%-SIy=eBUE)Fs7$VrLq}W*U(y`S9BGFnVVA4~d{v6ob
zwDNKdSUCs?2w)zLI<$j%MQnzeS_BwTSi}l{{P=#fw}!L|ObpyUya5%|GW$@y>kQ|R
z8!B~^odG`&o-tOyqiUY7dLkFGu7LD(udn|=7Axo$P=>*Ryv#EXv<+84B1lFXi_Ktt
z8LM*B`1oq!AEVd}^4`Y{R!U&pIa|;C7k;~j(@%jRoH0aSHUsyeYSX`5p4}$i2l#i-
zK$(WML5httpJLzk#{Yo1{AYaf-%a9w;XMViE*E|oIh95#=&>mF8i;Rx`)KSL#%;{Y
ztW_W6S42{>V|p(=ccj@?SnFYw&9*UL_AHr3de;3G{j_F_jO^ybxAUgQ?h9R}nxXEB
zT1De-xpt(B6N)@#?!Qxq&v~#xd!t_*OI`Occ5mq{y5ccq*KSo9)N1@NGK@;=`Wl71
zY)hwt!bo~Fqp~yM`mJWY<VFMaz<GR<H-9ynkUdvNAmj08pZ>%}zPj~rk2rVO%QYqV
zwwNzZ1j`*t#p1*wN9B|2{9c|G7!KU4GAGB}IgQGqDj9sKoI-G>YsR&pUoPJm>2yXT
z!`rw>bfiqE4d~}NGu9)Q(snYIWAeKq+Wh7?SR@CzN^#PgEz&dl%MC>=OH2z=+cP8l
z{iY+LkHe(K?6gG))I``>nz<CTB9b#-<&KxcE--HvNa<ONtc106`ioYNTBPi}Vb76_
zOV4qrSwB`54e2U8b$*ieVC!Jdftf42p};!o<5KgZqJauB2WkU!pR;<Nt*myByi~Fn
z!@a%us(~0=*$@*tGpenvoa-~yVu1&{islb&B0tv?NzD^(|Li5(C3;^KW5Ze&tiT%d
zf^j}=)FdOZKM^a}DeVB60h8_Z^>mYjT<s$Q_U&Dgt^K26*@yWh)w)i_-+E;qR&P3_
z(tT&nm8x#93(Y5!=pI!TRWzZ~O5a#0=>ML>wqF#}ywvA>=!vTOoYJSV)^pOLzp4H)
zw)Mf+d@?upC*SYfbX6a1f1}^vzE)|Dv|9sZVss)$m7~&S%dg6%;59&vi6V50AMLho
z4MSB_I#@lx4Eb@CuIz}4Ue`B2$!*bJ%Gxouzn|Er>OT60GV^y`Qq41|iwx(X4aTn-
zlIvFXI?#bsW@6An{ZgEh<fdG>=VwD}XXbF)$O&{?p}G+Hm>F)`sP580>Cf(=<IAW_
zqhwRD5|Wd$qZB;{%X@V57j*$soLtDm_Yo*^q)GLVTOlk`V@!{4&E6e$<ytUc&fF1J
zjw`u>HI<cEpZSJ2vozapID>Cf?PD2wJS^<+k>b?%<ZPu~PhAf0QLHMpCY-AbA_POn
zulPU4f9X)_M0Lw@r<UQ3PCQ4w@So_eu@?=>_DkvSVZNSDH>2!Qr1J3|+t+foys&=t
zQDw7Eg>L)8*v5>+xs_%;yI+qk%~^ITz%`&5@I{X$G4gGC%Zr0G%1QgCb|*YLPI)~R
z2AEr^?JC!P43Hcj9@t6KTWL&jcrR*ZY^TNZVz&BzsF+x3*hJmd%GsrjZE9lPa#52B
zkI(s`!jm37Bfh4U4|C>M5YNU9AQy>zgg*~+b8`a<FJO7q($#g1G>brPp0z4W!R(iU
zVRp$4TYH6r?iL-&jRcnhF1pF~Y88SXg(2-m&V1SM`c%17SCnLl#_=BS9%YrRmEtt5
zFn^Zyw3D!o7SPts#Qm0mJ0r#A(9OlLHt1X#q|Erh&TC6Qf$hAaFVDe^(w{NUBN|>5
z;`Le(b#z%vlycOrCKZ&)D{GbwD_QL;^ke0!?Q16=@2wT#)G2UzT|6lMvSwzK@k*SC
zUy*0=cyCmBrEBuFASNOpz1uK@=H-%LX?dC)40h670=ysy7r|=)wk3>;8vifw5RG5H
zoJ>kp$QP!3)_5XZij#O_`(Xv+W!?kk7q=DmqTD`w48n7Ai1Ku)X*QpW8fjgaHJ03&
z4SQH|@UnokpeW{eU2-ON(&p{m!a`jWz90tf{nS>Jf?AQ-$D~H(lplDTf?gW6QWE+$
z0mLO{Y^UY|D2mHW;eNsMp-ppmM?+d7UpJ|1%1g>mUw(I(I6Qfnx*@9(I?;Rcrl-2E
zVG(i3j`RIQFe>I8S7%VH>Ja!6SUq&1MB)=BrtgpwEclH#&By1jlYLa+n%f#MO9-h1
z*fE554tyS`t{rRw$LpTpQtXi#nw!f4o#7pMzda5sS1LS{H*&(c{4vvl72Uiz9nXU}
zeZo^|5yj8-TlY40MAaEW&3F0_dhx9@n=Kw1%?H@!j*lwORnF!|Xr4v{mDik?VhoQT
zYCFEie_cNrvr0Q@WyJHs)v;q=UGi~Qh)a$?Ov1eAN6Q3uRLM57Q=QSwfl?ajrd_8E
zNh`GaJYM<Q5}!|2e|(SOxVkLft;Fi_OU^AKIhH$)-{d-Nj2)p2scRq&^c(KHlAs=h
zm7o&bUg$z9|B__{LJB5uj=(Bsri~Sw0VV~`QF13c4^Ji_JwpB=O?tZwbbnH3Unh&{
zlZR{Pq<n4T!a9(CaU^rSnv00lh=)W&#>l9FF}i(;{kj>ojpT4Zx0+ZF+9<m|-z&c}
zQTb*e;b!T!9)G+~(O2cy#l*#C{#i+cL#>3nOp*sLsy;GH!NGl(+7d$K_iXaIv-`ef
z54HIP7bniDx_i7fdueflVXJKB$#wrMs-g;A6Gysq>Hg<!Q6^DB=0jX!_vt0-dbrGz
z^GVdDX(#Q8a)LnPcpJ=8K+@t);c|5197kp<*!o0zIy0IA$)Nz^ankkLMTD4nF#o4T
z4dM_&A7OA^A<*vY?M<4So4dG&+Hoer^=9MX0PO0s;89J@dmxSk<K^!iBS6-hH{v?(
z2g#$Wl}DxBi-q9%LeTaQ0{h`%AfMR5hc$6^)dVLGkAlA!@=92lnG+5UoFo(g($dk1
zbLF47SA9KN<l{ZN0jC|#;7&c(>~{6sLlW0WRT=bwf<kF@A}kafjQcNkQwWR8+f%zj
zlgQiu=#}BTIFz>QcV;UM3wFbi=w?cax_J!qzH2ieyU{>Yfxl7fXsqBq^`c;@MgdqT
zT7g0Lda#;0m2$cLJ&~$XO@^ht&(RFrrS{=Qx61k_dj^dqYg;6o7{Z;G#`$AwbxF#G
zZgu`qmkgw|ieMBfI<L6GcHrr3@1bG?>q>#w2k4aV4W0hjr!}xx{ZP?0p}WpVqd!l2
zdGw&;Xf+XmYb`5qMv4RNBFv!XS>+1A8o}cl?IhqG_x2WAOwiNQlaP}3!d6)KQEe$1
z;Nq&mh%+`a3PN!n!seFou+3vG0E<B*EB%nSK|R}|R$f-t+u8XY-na;O)qqsM_AAcE
z`+1ByRaxNgLHKH7XZHe_>Hg;C&!S>tJ41$XO|#ZUmX`A1WJAWf_ldLR2VgYc|DH6G
zLrJUqkC3RzF6Q3cTSX(jCGPYeceglks?U-t0G#+<fC<8Isl}1EYW{Q&ia3WFMS3ap
z#l(<7%*e*hzFJybU9AHLx-=US_<VqX8;M_fSdr1w-=6}JHJ_VmSTZ=t0RO?i5GWAb
zwMwZ28@)0J{hOKhUJ(Jt*Ea$xql*#~g#h*d)-!lBeq~I|nF{|ez;ABKKD~bF0yRak
z?yZl2W+1~5G^h|q!2O$9_f`V|-CJ5&>4Pv3AP&Vh6EOp@9gn>2$x*X*W=2Nu$Vesv
zc?ASKyoHmInwpv>F!{*G&>EgPquXLhp>K-34RK^E(1SvVHGoL$*u5Hl6S~ss8yfm1
zCLYu2ta5X3s9Xyu4?LpX2_gYYaoFK;nrO?NU0TXD24mWDfSsKk`b`4b@5P=wKo9XA
zr0@~e7}A71XD{FDZ4su7M+nw(2f1Q1G=!+mhui5@kS!HljW<c<<r!9GOwV)18%z>d
zzn;x158QUt;mpd(>HqcX={;5Q4-k~d$oPX^2|_C+ZS7O<fxVp_BY=J6neX6Sd7-A3
z4pKn?lmHgvb30T5NaiaQKn=+~M#&0vFb9#)^<R8)6KdnQ%MzX$B1o>h9yJFQOhVT}
ztdI=^u7K0nE>uA<ume){V8JvPd5|OoK_yCX1co3RFK^abHAWj~Di9U`(i*&Z#Fz>|
zH?Yl%Q5IEQ5E%iwdv~Pxg|>Fi9S(C+=W*mlmgA&Hi&?=~F60iCcXsXfgsad@^ugy+
z&#2>uHDN(2OZ+oX;MWG~uQB9||Ct6J^5J`c&-quL>T+Q!a)xX7wV?eZ(Ar1uB7zX0
brZHC!BWlC_*4k;2ze|Y73g-yEeE+`y5dT$u

literal 0
HcmV?d00001

diff --git a/examples/proxmox.md b/examples/proxmox.md
new file mode 100644
index 000000000..a8d588029
--- /dev/null
+++ b/examples/proxmox.md
@@ -0,0 +1,91 @@
+# Proxmox PVE/PBS
+
+## Helpful links
+
+- <https://pve.proxmox.com/wiki/User_Management>
+- <https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pveum_openid>
+
+## Proxmox OIDC limitation
+
+As of December 2024 OIDC implementation in proxmox supports only authentication.
+Authorization has to be done manually.
+Mapping user to specific groups won't work yet (steps 2,3,4).
+
+Patch for this feature exists, but it hasn't been tested extensively:
+<https://lore.proxmox.com/pve-devel/20240901165512.687801-1-thomas@atskinner.net/>
+See also:
+<https://forum.proxmox.com/threads/openid-connect-default-group.103394/>
+
+## On Kanidm
+
+### 1. Create the proxmox resource server
+
+```bash
+kanidm system oauth2 create proxmox "proxmox" https://yourproxmox.example.com
+```
+
+### 2. Create the appropriate group(s)
+
+```bash
+kanidm group create proxmox_users --name idm_admin
+kanidm group create proxmox_admins --name idm_admin
+```
+
+### 3. Add the appropriate users to the group
+
+```bash
+kanidm group add-members proxmox_users user.name
+kanidm group add-members proxmox_admins user.name
+```
+
+### 4. scope map
+
+```bash
+kanidm system oauth2 update-claim-map-join 'proxmox' 'proxmox_role' array
+kanidm system oauth2 update-claim-map 'proxmox' 'proxmox_role' 'proxmox_admins' 'admin'
+kanidm system oauth2 update-claim-map 'proxmox' 'proxmox_role' 'proxmox_users' 'user'
+```
+
+### 5. Add the scopes
+
+```bash
+kanidm system oauth2 update-scope-map proxmox proxmox_users email profile openid
+```
+
+### 6. Get the client secret
+
+```bash
+kanidm system oauth2 show-basic-secret proxmox
+```
+
+Copy the value that is returned.
+
+## On proxmox server
+
+### Using WebGUI
+
+Go to <https://yourproxmox.example.com>
+Select Datacenter->Realms->Add->OpenID Connect Server
+![](media/kanidm_proxmox.png)
+Issuer URL:
+
+- <https://idm.example.com:8443/oauth2/openid/proxmox>
+When kanidm is behind reverse proxy or when using docker port mapping:
+- <https://idm.example.com/oauth2/openid/proxmox>
+
+Realm: give some proper name or anything that's meaningful
+
+Client ID: name given in step 1 (resource server)
+
+Client Key: secret from step 6
+
+Autocreate Users: Automatically create users if they do not exist. Users are stored in Proxmox Cluster File System (pmxcfs) - /etc/pve/user.cfg
+
+### Using CLI
+
+Login to proxmox node and execute:
+
+```bash
+pveum realm add kanidm --type openid --issuer-url https://idm.example.com/oauth2/openid/proxmox --client-id proxmox --client-key="secret from step 6" --username-claim username --scopes="email profile openid" --autocreate
+```
+

From 3a3d3eb807b128103d53fc81213469f062ce5105 Mon Sep 17 00:00:00 2001
From: Krzysztof Dajka <alteriks@protonmail.com>
Date: Thu, 5 Dec 2024 09:54:21 +0100
Subject: [PATCH 02/87] Add redirect URL to proxmox documentation

---
 examples/proxmox.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/proxmox.md b/examples/proxmox.md
index a8d588029..d6ed35a70 100644
--- a/examples/proxmox.md
+++ b/examples/proxmox.md
@@ -18,10 +18,11 @@ See also:
 
 ## On Kanidm
 
-### 1. Create the proxmox resource server
+### 1. Create the proxmox resource server and configure the redirect URL
 
 ```bash
 kanidm system oauth2 create proxmox "proxmox" https://yourproxmox.example.com
+kanidm system oauth2 add-redirect-url "proxmox" https://yourproxmox.example.com
 ```
 
 ### 2. Create the appropriate group(s)
@@ -88,4 +89,3 @@ Login to proxmox node and execute:
 ```bash
 pveum realm add kanidm --type openid --issuer-url https://idm.example.com/oauth2/openid/proxmox --client-id proxmox --client-key="secret from step 6" --username-claim username --scopes="email profile openid" --autocreate
 ```
-

From 2c53ae77c5913945f3ccf0a8be2527c465281525 Mon Sep 17 00:00:00 2001
From: Krzysztof Dajka <alteriks@protonmail.com>
Date: Thu, 5 Dec 2024 09:54:51 +0100
Subject: [PATCH 03/87] Update contributors list

---
 CONTRIBUTORS.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 18d677b92..5d1e3712f 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -1,6 +1,6 @@
 ## Author
 
-- William Brown (Firstyear): william@blackhats.net.au
+- William Brown (Firstyear): <william@blackhats.net.au>
 
 ## Contributors
 
@@ -44,6 +44,7 @@
 - adamcstephens
 - Chris Olstrom (colstrom)
 - Christopher-Robin (cebbinghaus)
+- Krzysztof Dajka (alteriks)
 
 ## Acknowledgements
 

From 97a1c39d62ea58bd06db8d871538e38497e94c98 Mon Sep 17 00:00:00 2001
From: George Wu <gbw@users.noreply.github.com>
Date: Sun, 8 Dec 2024 18:52:51 -0800
Subject: [PATCH 04/87] pykanidm: Add retrieving credential reset token for a
 person. (#3279)

---
 pykanidm/kanidm/__init__.py      | 29 +++++++++++++++++++++++++----
 pykanidm/kanidm/models/person.py |  7 +++++++
 pykanidm/kanidm/types.py         | 11 ++++-------
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/pykanidm/kanidm/__init__.py b/pykanidm/kanidm/__init__.py
index cf0623069..ece21d27e 100644
--- a/pykanidm/kanidm/__init__.py
+++ b/pykanidm/kanidm/__init__.py
@@ -17,7 +17,13 @@ import yarl
 
 from kanidm.models.group import Group, GroupList, IGroup, RawGroup
 from kanidm.models.oauth2_rs import IOauth2Rs, OAuth2Rs, Oauth2RsList, RawOAuth2Rs
-from kanidm.models.person import IPerson, Person, PersonList, RawPerson
+from kanidm.models.person import (
+    IPerson,
+    Person,
+    PersonList,
+    RawPerson,
+    PersonCredentialResetToken,
+)
 from kanidm.models.service_account import (
     IServiceAccount,
     ServiceAccount,
@@ -93,7 +99,7 @@ class KanidmClient:
         """Constructor for KanidmClient"""
 
         self.logger = logger or getLogger(__name__)
-        self.instance_name = instance_name # TODO: use this in loaders etc
+        self.instance_name = instance_name  # TODO: use this in loaders etc
         if config is not None:
             self.config = config
         else:
@@ -123,7 +129,7 @@ class KanidmClient:
 
     def _configure_ssl(self) -> None:
         """Sets up SSL configuration for the client"""
-        if False in [self.config.verify_certificate, self.config.verify_hostnames ]:
+        if False in [self.config.verify_certificate, self.config.verify_hostnames]:
             logging.debug("Setting up SSL context with no verification")
             self._ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
             self._ssl_context.hostname_checks_common_name = False
@@ -135,7 +141,7 @@ class KanidmClient:
                     raise FileNotFoundError(f"CA Path not found: {self.config.ca_path}")
                 else:
                     self.logger.debug("Setting up SSL context with CA path=%s", self.config.ca_path)
-                    self._ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH,cafile=self.config.ca_path)
+                    self._ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=self.config.ca_path)
             else:
 
                 logging.debug("Setting up default SSL context")
@@ -765,6 +771,21 @@ class KanidmClient:
         endpoint = f"{Endpoints.PERSON}/{id}"
         return await self.call_delete(endpoint)
 
+    async def person_account_credential_update_token(self, id: str, ttl: Optional[int] = None) -> PersonCredentialResetToken:
+        """Create a password reset token for person with an optional time to live in seconds"""
+        endpoint = f"{Endpoints.PERSON}/{id}/_credential/_update_intent"
+        if ttl:
+            endpoint = f"{endpoint}/{ttl}"
+
+        response: ClientResponse[Any] = await self.call_get(endpoint)
+        if response.content is None:
+            raise ValueError(f"Failed to get token: {response.content}")
+        if response.status_code != 200:
+            raise ValueError(f"Failed to get token: {response.content}")
+        token = PersonCredentialResetToken.model_validate(json_lib.loads(response.content))
+
+        return token
+
     async def person_account_post_ssh_key(self, id: str, tag: str, pubkey: str) -> ClientResponse[None]:
         """Create an SSH key for a user"""
         endpoint = f"{Endpoints.PERSON}/{id}/_ssh_pubkeys"
diff --git a/pykanidm/kanidm/models/person.py b/pykanidm/kanidm/models/person.py
index 0de64ace8..db1303d91 100644
--- a/pykanidm/kanidm/models/person.py
+++ b/pykanidm/kanidm/models/person.py
@@ -38,8 +38,15 @@ class RawPerson(BaseModel):
             uuid=UUID(self.attrs["uuid"][0]),
         )
 
+
 PersonList = RootModel[List[RawPerson]]
 
 
 class IPerson(TypedDict):
     attrs: Dict[str, List[str]]
+
+
+class PersonCredentialResetToken(BaseModel):
+    token: str
+    expiry_time: int
+    model_config = ConfigDict(arbitrary_types_allowed=True)
diff --git a/pykanidm/kanidm/types.py b/pykanidm/kanidm/types.py
index 4988144de..383678967 100644
--- a/pykanidm/kanidm/types.py
+++ b/pykanidm/kanidm/types.py
@@ -1,4 +1,5 @@
 """ type objects """
+
 # pylint: disable=too-few-public-methods
 # ^ disabling this because pydantic models don't have public methods
 
@@ -31,7 +32,7 @@ class ClientResponse(BaseModel, Generic[T]):
 
 
 class AuthInitResponse(BaseModel):
-    """Aelps parse the response from the Auth 'init' stage"""
+    """Helps parse the response from the Auth 'init' stage"""
 
     class _AuthInitState(BaseModel):
         """sub-class for the AuthInitResponse model"""
@@ -146,9 +147,7 @@ class RadiusClient(BaseModel):
             socket.gethostbyname(value)
             return value
         except socket.gaierror as error:
-            raise ValueError(
-                f"ipaddr value ({value}) wasn't an IP Address, Network or valid hostname: {error}"
-            )
+            raise ValueError(f"ipaddr value ({value}) wasn't an IP Address, Network or valid hostname: {error}")
 
 
 class KanidmClientConfig(BaseModel):
@@ -196,9 +195,7 @@ class KanidmClientConfig(BaseModel):
             uri = urlparse(value)
             valid_schemes = ["http", "https"]
             if uri.scheme not in valid_schemes:
-                raise ValueError(
-                    f"Invalid URL Scheme for uri='{value}': '{uri.scheme}' - expected one of {valid_schemes}"
-                )
+                raise ValueError(f"Invalid URL Scheme for uri='{value}': '{uri.scheme}' - expected one of {valid_schemes}")
 
             # make sure the URI ends with a /
             if not value.endswith("/"):

From 5dfbf7ca79bc69e1fc54114364b2203663179d1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Dec 2024 03:44:41 +0000
Subject: [PATCH 05/87] Bump the all group with 5 updates (#3278)

Bumps the all group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [anyhow](https://github.com/dtolnay/anyhow) | `1.0.93` | `1.0.94` |
| [clap](https://github.com/clap-rs/clap) | `4.5.21` | `4.5.23` |
| [http](https://github.com/hyperium/http) | `1.1.0` | `1.2.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.41.1` | `1.42.0` |
| [tokio-util](https://github.com/tokio-rs/tokio) | `0.7.12` | `0.7.13` |


Updates `anyhow` from 1.0.93 to 1.0.94
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.93...1.0.94)

Updates `clap` from 4.5.21 to 4.5.23
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.21...clap_complete-v4.5.23)

Updates `http` from 1.1.0 to 1.2.0
- [Release notes](https://github.com/hyperium/http/releases)
- [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hyperium/http/compare/v1.1.0...v1.2.0)

Updates `tokio` from 1.41.1 to 1.42.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.41.1...tokio-1.42.0)

Updates `tokio-util` from 0.7.12 to 0.7.13
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-util-0.7.12...tokio-util-0.7.13)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: http
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio-util
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock | 64 +++++++++++++++++++++++++++---------------------------
 Cargo.toml | 10 ++++-----
 2 files changed, 37 insertions(+), 37 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f2093bae9..cb638a6cc 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -112,9 +112,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.93"
+version = "1.0.94"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775"
+checksum = "c1fd03a028ef38ba2276dce7e33fcd6369c158a1bca17946c4b1b701891c1ff7"
 
 [[package]]
 name = "arc-swap"
@@ -156,7 +156,7 @@ checksum = "a41603f7cdbf5ac4af60760f17253eb6adf6ec5b6f14a7ed830cf687d375f163"
 dependencies = [
  "askama",
  "axum-core 0.4.5",
- "http 1.1.0",
+ "http 1.2.0",
 ]
 
 [[package]]
@@ -370,7 +370,7 @@ dependencies = [
  "axum-macros",
  "bytes",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
  "hyper 1.5.1",
@@ -421,7 +421,7 @@ dependencies = [
  "async-trait",
  "bytes",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
  "mime",
@@ -445,7 +445,7 @@ dependencies = [
  "cookie 0.18.1",
  "fastrand",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
  "mime",
@@ -466,7 +466,7 @@ dependencies = [
  "async-trait",
  "axum-core 0.4.5",
  "futures-core",
- "http 1.1.0",
+ "http 1.2.0",
  "pin-project-lite",
  "serde",
  "serde_json",
@@ -492,7 +492,7 @@ checksum = "56bac90848f6a9393ac03c63c640925c4b7c8ca21654de40d53f55964667c7d8"
 dependencies = [
  "bytes",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
  "hyper 1.5.1",
@@ -799,9 +799,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.21"
+version = "4.5.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb3b4b9e5a7c7514dfa52869339ee98b3156b0bfb4e8a77c4ff4babb64b1604f"
+checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -809,9 +809,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.21"
+version = "4.5.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b17a95aa67cc7b5ebd32aa5370189aa0d79069ef1c64ce893bd30fb24bff20ec"
+checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838"
 dependencies = [
  "anstream",
  "anstyle",
@@ -842,9 +842,9 @@ dependencies = [
 
 [[package]]
 name = "clap_lex"
-version = "0.7.2"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97"
+checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 
 [[package]]
 name = "clru"
@@ -1533,7 +1533,7 @@ dependencies = [
  "cookie 0.18.1",
  "futures-core",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body-util",
  "hyper 1.5.1",
  "hyper-tls",
@@ -2328,7 +2328,7 @@ dependencies = [
  "fnv",
  "futures-core",
  "futures-sink",
- "http 1.1.0",
+ "http 1.2.0",
  "indexmap 2.6.0",
  "slab",
  "tokio",
@@ -2425,9 +2425,9 @@ dependencies = [
 
 [[package]]
 name = "http"
-version = "1.1.0"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258"
+checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea"
 dependencies = [
  "bytes",
  "fnv",
@@ -2452,7 +2452,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
 dependencies = [
  "bytes",
- "http 1.1.0",
+ "http 1.2.0",
 ]
 
 [[package]]
@@ -2463,7 +2463,7 @@ checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f"
 dependencies = [
  "bytes",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "pin-project-lite",
 ]
@@ -2529,7 +2529,7 @@ dependencies = [
  "futures-channel",
  "futures-util",
  "h2 0.4.6",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "httparse",
  "httpdate",
@@ -2561,7 +2561,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "08afdbb5c31130e3034af566421053ab03787c640246a446327f550d11bcb333"
 dependencies = [
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "hyper 1.5.1",
  "hyper-util",
  "rustls 0.23.19",
@@ -2610,7 +2610,7 @@ dependencies = [
  "bytes",
  "futures-channel",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "hyper 1.5.1",
  "pin-project-lite",
@@ -3037,7 +3037,7 @@ name = "kanidm_client"
 version = "1.5.0-dev"
 dependencies = [
  "compact_jwt 0.4.2",
- "http 1.1.0",
+ "http 1.2.0",
  "hyper 1.5.1",
  "kanidm_lib_file_permissions",
  "kanidm_proto",
@@ -3345,7 +3345,7 @@ dependencies = [
  "escargot",
  "fantoccini",
  "futures",
- "http 1.1.0",
+ "http 1.2.0",
  "jsonschema",
  "kanidm_build_profiles",
  "kanidm_client",
@@ -3717,7 +3717,7 @@ dependencies = [
  "bytes",
  "encoding_rs",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "httparse",
  "memchr",
  "mime",
@@ -4806,7 +4806,7 @@ dependencies = [
  "futures-core",
  "futures-util",
  "h2 0.4.6",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
  "hyper 1.5.1",
@@ -5743,9 +5743,9 @@ dependencies = [
 
 [[package]]
 name = "tokio"
-version = "1.41.1"
+version = "1.42.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22cfb5bee7a6a52939ca9224d6ac897bb669134078daa8735560897f69de4d33"
+checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551"
 dependencies = [
  "backtrace",
  "bytes",
@@ -5836,9 +5836,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-util"
-version = "0.7.12"
+version = "0.7.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a"
+checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078"
 dependencies = [
  "bytes",
  "futures-core",
@@ -5949,7 +5949,7 @@ dependencies = [
  "bytes",
  "futures-core",
  "futures-util",
- "http 1.1.0",
+ "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
  "http-range-header",
diff --git a/Cargo.toml b/Cargo.toml
index a71ef5681..e25ffe31e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -136,7 +136,7 @@ kanidm_utils_users = { path = "./libs/users", version = "=1.5.0-dev" }
 scim_proto = { path = "./libs/scim_proto", version = "=1.5.0-dev" }
 sketching = { path = "./libs/sketching", version = "=1.5.0-dev" }
 
-anyhow = { version = "1.0.93" }
+anyhow = { version = "1.0.94" }
 argon2 = { version = "0.5.3", features = ["alloc"] }
 askama = { version = "0.12.1", features = ["serde", "with-axum"] }
 askama_axum = { version = "0.4.0" }
@@ -157,7 +157,7 @@ base64 = "^0.22.1"
 base64urlsafedata = "0.5.0"
 bitflags = "^2.6.0"
 bytes = "^1.9.0"
-clap = { version = "^4.5.21", features = ["derive", "env"] }
+clap = { version = "^4.5.23", features = ["derive", "env"] }
 clap_complete = "^4.5.38"
 # Forced by saffron/cron
 chrono = "^0.4.35"
@@ -177,7 +177,7 @@ futures-util = { version = "^0.3.30", features = ["sink"] }
 gix = { version = "0.64.0", default-features = false }
 hashbrown = { version = "0.14.3", features = ["serde", "inline-more", "ahash"] }
 hex = "^0.4.3"
-http = "1.1.0"
+http = "1.2.0"
 hyper = { version = "1.5.1", features = [
     "full",
 ] } # hyper full includes client/server/http2
@@ -263,9 +263,9 @@ tempfile = "3.14.0"
 testkit-macros = { path = "./server/testkit-macros" }
 time = { version = "^0.3.34", features = ["formatting", "local-offset"] }
 
-tokio = "^1.41.1"
+tokio = "^1.42.0"
 tokio-openssl = "^0.6.5"
-tokio-util = "^0.7.12"
+tokio-util = "^0.7.13"
 
 toml = "^0.5.11"
 tracing = { version = "^0.1.41", features = [

From cae780e0912d63dba05eccc907dbb6b35cc75bd1 Mon Sep 17 00:00:00 2001
From: George Wu <gbw@users.noreply.github.com>
Date: Sun, 8 Dec 2024 20:50:20 -0800
Subject: [PATCH 06/87] pykanidm: Make a little dry. (#3281)

* pykanidm: Make a little dry
---
 pykanidm/kanidm/__init__.py | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/pykanidm/kanidm/__init__.py b/pykanidm/kanidm/__init__.py
index ece21d27e..e70fb82e8 100644
--- a/pykanidm/kanidm/__init__.py
+++ b/pykanidm/kanidm/__init__.py
@@ -143,7 +143,6 @@ class KanidmClient:
                     self.logger.debug("Setting up SSL context with CA path=%s", self.config.ca_path)
                     self._ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=self.config.ca_path)
             else:
-
                 logging.debug("Setting up default SSL context")
                 self._ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
 
@@ -527,9 +526,7 @@ class KanidmClient:
         """get an OAuth2 client"""
         endpoint = f"{Endpoints.OAUTH2}/{rs_name}"
         response: ClientResponse[IOauth2Rs] = await self.call_get(endpoint)
-        if response.status_code != 200:
-            raise ValueError(f"Failed to get oauth2 resource server: {response.content}")
-        if response.data is None:
+        if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get oauth2 resource server: {response.content}")
         return RawOAuth2Rs(**response.data).as_oauth2_rs
 
@@ -589,9 +586,7 @@ class KanidmClient:
         """Get a service account"""
         endpoint = f"{Endpoints.SERVICE_ACCOUNT}/{name}"
         response: ClientResponse[IServiceAccount] = await self.call_get(endpoint)
-        if response.status_code != 200:
-            raise ValueError(f"Failed to get service account: {response.content}")
-        if response.data is None:
+        if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get service account: {response.content}")
         return RawServiceAccount(**response.data).as_service_account
 
@@ -678,9 +673,7 @@ class KanidmClient:
         """Get a group"""
         endpoint = f"{Endpoints.GROUP}/{name}"
         response: ClientResponse[IGroup] = await self.call_get(endpoint)
-        if response.status_code != 200:
-            raise ValueError(f"Failed to get group: {response.content}")
-        if response.data is None:
+        if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get group: {response.content}")
         return RawGroup(**response.data).as_group
 
@@ -725,9 +718,7 @@ class KanidmClient:
         """Get a person by name"""
         endpoint = f"{Endpoints.PERSON}/{name}"
         response: ClientResponse[IPerson] = await self.call_get(endpoint)
-        if response.status_code != 200:
-            raise ValueError(f"Failed to get person: {response.content}")
-        if response.data is None:
+        if response.status_code != 200 or response.data is None:
             raise ValueError(f"Failed to get person: {response.content}")
         return RawPerson(**response.data).as_person
 
@@ -778,9 +769,7 @@ class KanidmClient:
             endpoint = f"{endpoint}/{ttl}"
 
         response: ClientResponse[Any] = await self.call_get(endpoint)
-        if response.content is None:
-            raise ValueError(f"Failed to get token: {response.content}")
-        if response.status_code != 200:
+        if response.status_code != 200 or response.content is None:
             raise ValueError(f"Failed to get token: {response.content}")
         token = PersonCredentialResetToken.model_validate(json_lib.loads(response.content))
 

From 07b9ca89390e43b4e4fc6c73995e874e6809b6fd Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 10 Dec 2024 13:49:57 +1000
Subject: [PATCH 07/87] Allow group managers to modify entry-managed-by (#3272)

When we added entry-managed-by, we allowed it to be set on group creation but not post-group-creation. The idea was to delegate ownership of the group. However, this has the obvious trap that an account group like idm_admins can't alter entry-managed-by post creation, needing the use of the admin account which has access control privs, or a delete and recreate of the entry.

Since the idm admin could delete and recreate the group with a new entry manager, there is functionally no difference to allowing them to modify the entry-managed-by here of low priv groups. This changes the group manager access control by default to allow this.
---
 server/lib/src/constants/acp.rs     | 62 +++++++++++++++++++++++++++++
 server/lib/src/server/migrations.rs |  5 ++-
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs
index eae453e92..5868832e5 100644
--- a/server/lib/src/constants/acp.rs
+++ b/server/lib/src/constants/acp.rs
@@ -1797,6 +1797,68 @@ lazy_static! {
     };
 }
 
+lazy_static! {
+    pub static ref IDM_ACP_GROUP_MANAGE_DL9: BuiltinAcp = BuiltinAcp{
+        classes: vec![
+            EntryClass::Object,
+            EntryClass::AccessControlProfile,
+            EntryClass::AccessControlCreate,
+            EntryClass::AccessControlDelete,
+            EntryClass::AccessControlModify,
+            EntryClass::AccessControlSearch
+            ],
+        name: "idm_acp_group_manage",
+        uuid: UUID_IDM_ACP_GROUP_MANAGE_V1,
+        description: "Builtin IDM Control for creating and deleting groups in the directory",
+        receiver: BuiltinAcpReceiver::Group ( vec![UUID_IDM_GROUP_ADMINS] ),
+         // group which is not in HP, Recycled, Tombstone
+         target: BuiltinAcpTarget::Filter( ProtoFilter::And(vec![
+            match_class_filter!(EntryClass::Group),
+            FILTER_ANDNOT_HP_OR_RECYCLED_OR_TOMBSTONE.clone(),
+        ])),
+        search_attrs: vec![
+            Attribute::Class,
+            Attribute::Name,
+            Attribute::Uuid,
+            Attribute::Spn,
+            Attribute::Uuid,
+            Attribute::Description,
+            Attribute::Mail,
+            Attribute::Member,
+            Attribute::DynMember,
+            Attribute::EntryManagedBy,
+        ],
+        create_attrs: vec![
+            Attribute::Class,
+            Attribute::Name,
+            Attribute::Uuid,
+            Attribute::Description,
+            Attribute::Mail,
+            Attribute::Member,
+            Attribute::EntryManagedBy,
+        ],
+        create_classes: vec![
+            EntryClass::Object,
+            EntryClass::Group,
+        ],
+        modify_present_attrs: vec![
+            Attribute::Name,
+            Attribute::Description,
+            Attribute::Mail,
+            Attribute::Member,
+            Attribute::EntryManagedBy,
+        ],
+        modify_removed_attrs: vec![
+            Attribute::Name,
+            Attribute::Description,
+            Attribute::Mail,
+            Attribute::Member,
+            Attribute::EntryManagedBy,
+        ],
+        ..Default::default()
+    };
+}
+
 lazy_static! {
     pub static ref IDM_ACP_GROUP_UNIX_MANAGE_V1: BuiltinAcp = BuiltinAcp {
         classes: vec![
diff --git a/server/lib/src/server/migrations.rs b/server/lib/src/server/migrations.rs
index 2819ae997..e9fb0668b 100644
--- a/server/lib/src/server/migrations.rs
+++ b/server/lib/src/server/migrations.rs
@@ -660,7 +660,10 @@ impl QueryServerWriteTransaction<'_> {
 
         self.reload()?;
 
-        let idm_data = [IDM_ACP_OAUTH2_MANAGE_DL9.clone().into()];
+        let idm_data = [
+            IDM_ACP_OAUTH2_MANAGE_DL9.clone().into(),
+            IDM_ACP_GROUP_MANAGE_DL9.clone().into(),
+        ];
 
         idm_data
             .into_iter()

From b2906829e21d2f25d664308f9803ca66a383f5d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 11 Dec 2024 14:49:46 +0000
Subject: [PATCH 08/87] Bump the all group across 1 directory with 6 updates
 (#3280)

Bumps the all group with 6 updates in the /pykanidm directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.2` | `2.10.3` |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.11.8` | `3.11.10` |
| [pylint-pydantic](https://github.com/fcfangcc/pylint-pydantic) | `0.3.2` | `0.3.4` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.8` | `7.6.9` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.47` | `9.5.48` |
| [ruff](https://github.com/astral-sh/ruff) | `0.8.1` | `0.8.2` |



Updates `pydantic` from 2.10.2 to 2.10.3
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.2...v2.10.3)

Updates `aiohttp` from 3.11.8 to 3.11.10
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.11.8...v3.11.10)

Updates `pylint-pydantic` from 0.3.2 to 0.3.4
- [Release notes](https://github.com/fcfangcc/pylint-pydantic/releases)
- [Commits](https://github.com/fcfangcc/pylint-pydantic/compare/v0.3.2...v0.3.4)

Updates `coverage` from 7.6.8 to 7.6.9
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.8...7.6.9)

Updates `mkdocs-material` from 9.5.47 to 9.5.48
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.47...9.5.48)

Updates `ruff` from 0.8.1 to 0.8.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.1...0.8.2)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pylint-pydantic
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 336 ++++++++++++++++++++--------------------
 pykanidm/pyproject.toml |   8 +-
 2 files changed, 172 insertions(+), 172 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index ea28a8346..2cbcce635 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -13,87 +13,87 @@ files = [
 
 [[package]]
 name = "aiohttp"
-version = "3.11.8"
+version = "3.11.10"
 description = "Async http client/server framework (asyncio)"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "aiohttp-3.11.8-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:2d2ca685c6a851ce64e511fbcb906e4dd97d13e567ca7ecb5cb30b184e15dc6d"},
-    {file = "aiohttp-3.11.8-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:52913bb8a0a72a57479f54b281300c9d23036aa9aa3ebbc9a32a643484eadfc2"},
-    {file = "aiohttp-3.11.8-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:35dafc70051b6cbd6dafb533b4e3f0df6225a4896be373ef86367b2987409331"},
-    {file = "aiohttp-3.11.8-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:561b9596a9f90266673ef0b950c27e04ab597cdb53785e2ac91b83b33c31b509"},
-    {file = "aiohttp-3.11.8-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d479c1fdcc920056a06d04059db52eb8590ecbbb3acdcaeeea26a88ff782e94a"},
-    {file = "aiohttp-3.11.8-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9ce8eb6444bb6e862feca664ce365afa8e2e32db24dcf1a502719a8a002f9274"},
-    {file = "aiohttp-3.11.8-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:df9bf08eb93611b1d4d6245b6fecf88728e90eece00e00d554e1b0c445557d83"},
-    {file = "aiohttp-3.11.8-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5a20ddaa58fea717177fac9a4a1fb8b39be868aa4fed2af6de4313b7a08f0f71"},
-    {file = "aiohttp-3.11.8-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:9f4aadfea6b48cfa17aef1a68ba6bee5a0246374f5a588e299a4f4ff5bd1c77b"},
-    {file = "aiohttp-3.11.8-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:aa7deebb4bc5143745e6282139d7b9de50beb6d06609df64d2c993ef496bc7eb"},
-    {file = "aiohttp-3.11.8-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:fe503a76b9e3a13b62e64545693c9463afe9d429e0909120f7bb66de91ed8bc2"},
-    {file = "aiohttp-3.11.8-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:1c5838a68e31712354129add1b5fe32b06aa05275f835130edc650e6288af05f"},
-    {file = "aiohttp-3.11.8-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:832e58d9454fe501b0d092cdf660c0e34e16005f61acd06e1c79b0fc45019c94"},
-    {file = "aiohttp-3.11.8-cp310-cp310-win32.whl", hash = "sha256:00618c37a350884c08e87cf9a6532be274d564227ac49e0b474cf41f27e1f190"},
-    {file = "aiohttp-3.11.8-cp310-cp310-win_amd64.whl", hash = "sha256:8eeaac75203da1a54afe1faea3c855a1973026b54929112aa9b67bceadbcb0ca"},
-    {file = "aiohttp-3.11.8-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:f8dd02b44555893adfe7cc4b3b454fee04f9dcec45cf66ef5bb53ebf393f0505"},
-    {file = "aiohttp-3.11.8-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:658052941324edea3dee1f681375e70779f55e437e07bdfc4b5bbe65ad53cefb"},
-    {file = "aiohttp-3.11.8-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:6c829471a9e2266da4a0666f8a9e215f19320f79778af379c1c7db324ac24ed2"},
-    {file = "aiohttp-3.11.8-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d21951756690f5d86d0215da38eb0fd65def03b5e2a1c08a4a39718a6d0d48f2"},
-    {file = "aiohttp-3.11.8-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2fa50ddc6b21cc1ae23e13524d6f75b27e279fdf5cf905b2df6fd171891ac4e2"},
-    {file = "aiohttp-3.11.8-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2a5afbd805e449048ecebb1a256176e953d4ca9e48bab387d4d1c8524f1c7a95"},
-    {file = "aiohttp-3.11.8-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ea68db69f2a4ddc24b28b8e754fc0b963ed7f9b9a76137f06fe44643d6821fbd"},
-    {file = "aiohttp-3.11.8-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:80b3ac163145660ce660aed2f1005e6d4de840d39728990b7250525eeec4e4a8"},
-    {file = "aiohttp-3.11.8-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:e9ac0cce897904b77e109e5403ed713187dbdf96832bfd061ac07164264be16c"},
-    {file = "aiohttp-3.11.8-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:3260c77cff4e35245bc517658bd54d7a64787f71f3c4f723877c82f22835b032"},
-    {file = "aiohttp-3.11.8-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:f7fd9c11ffad6b022bf02a41a70418cb2ab3b33f2c27842a5999e3ab78daf280"},
-    {file = "aiohttp-3.11.8-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:16bda233a7b159ab08107e8858fedca90a9de287057fab54cafde51bd83f9819"},
-    {file = "aiohttp-3.11.8-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:4867008617bbf86e9fb5b00f72dd0e3a00a579b32233caff834320867f9b7cac"},
-    {file = "aiohttp-3.11.8-cp311-cp311-win32.whl", hash = "sha256:17e6b9d8e29e3bfc7f893f327e92c9769d3582cee2fb1652c1431ac3f60115a0"},
-    {file = "aiohttp-3.11.8-cp311-cp311-win_amd64.whl", hash = "sha256:7f3be4961a5c2c670f31caab7641a37ea2a97031f0d8ae15bcfd36b6bf273200"},
-    {file = "aiohttp-3.11.8-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:0e3b5bfef913d6be270c81976fbc0cbf66625cd92663bbb7e03b3adbd6aa4ac6"},
-    {file = "aiohttp-3.11.8-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:cb51a81cb637b9a072c9cfae1839e35c6579638861eb3479eb5d6e6ce8bc6782"},
-    {file = "aiohttp-3.11.8-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:dd2ca84e5f7a35f313a62eb7d6a50bac6760b60bafce34586750712731c0aeff"},
-    {file = "aiohttp-3.11.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:47c6663df9446aa848b478413219600da4b54bc0409e1ac4bc80fb1a81501363"},
-    {file = "aiohttp-3.11.8-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c665ed4b52256614858b20711bbbd2755b0e19ec86870f8ff1645acf9ae9e760"},
-    {file = "aiohttp-3.11.8-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:35d4545e7684da7a954ffc2dce495462cb16a902dffdebe98572408f6aaaee83"},
-    {file = "aiohttp-3.11.8-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:85be3899e6860dd2cd3f4370ded6708e939d00d5ec922a8eb328d114db605a47"},
-    {file = "aiohttp-3.11.8-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a0ed9f1f2697713c48efc9ec483ad5d062e4aa91854f090a3eba0b19c002851d"},
-    {file = "aiohttp-3.11.8-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:c0dbae99737badf3f5e862088a118e28d3b36f03eb608a6382eddfd68178e05b"},
-    {file = "aiohttp-3.11.8-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:beae08f900b2980af4353a0200eb162b39f276fd8a6e43079a540f83964671f4"},
-    {file = "aiohttp-3.11.8-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:d6f9e5fd1b3ecbaca3e04a15a02d1fa213248608caee99fd5bdddd4759959cf7"},
-    {file = "aiohttp-3.11.8-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:a7def89a41fe32120d89cd4577f5efbab3c52234c5890066ced8a2f7202dff88"},
-    {file = "aiohttp-3.11.8-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:98f596cf59292e779bc387f22378a3d2c5e052c9fe2bf822ac4f547c6fe57758"},
-    {file = "aiohttp-3.11.8-cp312-cp312-win32.whl", hash = "sha256:b64fa6b76b35b695cd3e5c42a4e568cbea8d41c9e59165e2a43da00976e2027e"},
-    {file = "aiohttp-3.11.8-cp312-cp312-win_amd64.whl", hash = "sha256:afba47981ff73b1794c00dce774334dcfe62664b3b4f78f278b77d21ce9daf43"},
-    {file = "aiohttp-3.11.8-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:a81525430da5ca356fae6e889daeb6f5cc0d5f0cef88e59cdde48e2394ea1365"},
-    {file = "aiohttp-3.11.8-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:7565689e86a88c1d258351ebd14e343337b76a56ca5c0a2c1db96ec28149386f"},
-    {file = "aiohttp-3.11.8-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d0f9dbe9763c014c408ad51a027dc9582518e992dc63e2ffe359ac1b4840a560"},
-    {file = "aiohttp-3.11.8-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8ca580edc3ccd7f6ea76ad9cf59f5a8756d338e770b5eda7be26bcda8fa7ef53"},
-    {file = "aiohttp-3.11.8-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:7d141631a7348038fc7b5d1a81b3c9afa9aa056188ded7902fe754028fdea5c5"},
-    {file = "aiohttp-3.11.8-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:64e6b14608a56a4c76c60daac730b0c0eeaf9d10dfc3231f7fc26521a0d628fd"},
-    {file = "aiohttp-3.11.8-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0983d0ce329f2f9dbeb355c3744bd6333f34e0dc56025b6b7d4f285b90acb51e"},
-    {file = "aiohttp-3.11.8-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d96b93a46a3742880fa21bcb35c6c40cf27714ec0fb8ec85fe444d73b95131b9"},
-    {file = "aiohttp-3.11.8-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f4f1779c3142d913c509c2ed1de8b8f920e07a5cd65ac1f57c61cfb6bfded5a4"},
-    {file = "aiohttp-3.11.8-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:48be7cff468c9c0d86a02e6a826e1fe159094b16d5aa2c17703e7317f791b0f9"},
-    {file = "aiohttp-3.11.8-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:daea456b79ca2bacc7f062845bbb1139c3b3231fc83169da5a682cf385416dd1"},
-    {file = "aiohttp-3.11.8-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:c92e763cf641e10ad9342597d20060ba23de5e411aada96660e679e3f9371189"},
-    {file = "aiohttp-3.11.8-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:a750ee5a177e0f873d6b2d7d0fa6e1e7c658fc0ca8ea56438dcba2ac94bedb09"},
-    {file = "aiohttp-3.11.8-cp313-cp313-win32.whl", hash = "sha256:4448c9c7f77bad48a6569062c0c16deb77fbb7363de1dc71ed087f66fb3b3c96"},
-    {file = "aiohttp-3.11.8-cp313-cp313-win_amd64.whl", hash = "sha256:481075a1949de79a8a6841e0086f2f5f464785c592cf527ed0db2c0cbd0e1ba2"},
-    {file = "aiohttp-3.11.8-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:72779bfb34d6d6b51e55a7f4901b410e416b5431738b367d49696928c91a2ca8"},
-    {file = "aiohttp-3.11.8-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3e6523f39071a01757048985e4cc22d04aa130bc40d9128503f3a61a3ee98328"},
-    {file = "aiohttp-3.11.8-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:220bbce18b3046973465be45415430f1cab39d7fdc40cbcf0a8c05485c6902fe"},
-    {file = "aiohttp-3.11.8-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:336bbf7a33dd8cb4a7afb98c70e9935a81e5e88f7ac595ba2e84b1fb5da190d6"},
-    {file = "aiohttp-3.11.8-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3c5e4f1ba5059b85e05c551961a448ce2689c6249ed6a2e2174796842c191d10"},
-    {file = "aiohttp-3.11.8-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e9f9fd5c672c962389429abd11ed32c9c93f7932fd58584cae1e43951b141c6b"},
-    {file = "aiohttp-3.11.8-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58bd94ad48143e1d42e05fc055da41de0a9933f378ad87760595b8aec83d317b"},
-    {file = "aiohttp-3.11.8-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9bf52642b12d70d78c18882915201bc5345f7c8f0f2ab8919d99b886aa6475a7"},
-    {file = "aiohttp-3.11.8-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:fee12d8487b0df2b683424cca2a0d8fb7281d5607518d742e98119a74af01026"},
-    {file = "aiohttp-3.11.8-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:65fd04f1fea668ad1af48ac31b752000e222dccffedcad3de8ccf9d34489ccd3"},
-    {file = "aiohttp-3.11.8-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:c3f397e0511a0ec4fe331e602fc057dfd336d352062deb9969ebd81e253a149c"},
-    {file = "aiohttp-3.11.8-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:cf8f05f4abe3288fe2e106e1461fd20d8abf6103886ddfb6d746a5b8fb830d2b"},
-    {file = "aiohttp-3.11.8-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:7d71d4ac0792ff89541179394d303be846a0b6cd3821ae67286ee69ecec16f9f"},
-    {file = "aiohttp-3.11.8-cp39-cp39-win32.whl", hash = "sha256:2b6f8716044ae5e5f2a3b4e4b6bfee48e97c8b2a92e56f43aadd728c7fd26b7d"},
-    {file = "aiohttp-3.11.8-cp39-cp39-win_amd64.whl", hash = "sha256:da343903214bf9f9d314b913caa499fa19e26d73e6e23a3db7d4898ea6d47028"},
-    {file = "aiohttp-3.11.8.tar.gz", hash = "sha256:7bc9d64a2350cbb29a9732334e1a0743cbb6844de1731cbdf5949b235653f3fd"},
+    {file = "aiohttp-3.11.10-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"},
+    {file = "aiohttp-3.11.10-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:80886dac673ceaef499de2f393fc80bb4481a129e6cb29e624a12e3296cc088f"},
+    {file = "aiohttp-3.11.10-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:61b9bae80ed1f338c42f57c16918853dc51775fb5cb61da70d590de14d8b5fb4"},
+    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9e2e576caec5c6a6b93f41626c9c02fc87cd91538b81a3670b2e04452a63def6"},
+    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:02c13415b5732fb6ee7ff64583a5e6ed1c57aa68f17d2bda79c04888dfdc2769"},
+    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4cfce37f31f20800a6a6620ce2cdd6737b82e42e06e6e9bd1b36f546feb3c44f"},
+    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3bbbfff4c679c64e6e23cb213f57cc2c9165c9a65d63717108a644eb5a7398df"},
+    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:49c7dbbc1a559ae14fc48387a115b7d4bbc84b4a2c3b9299c31696953c2a5219"},
+    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:68386d78743e6570f054fe7949d6cb37ef2b672b4d3405ce91fafa996f7d9b4d"},
+    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:9ef405356ba989fb57f84cac66f7b0260772836191ccefbb987f414bcd2979d9"},
+    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:5d6958671b296febe7f5f859bea581a21c1d05430d1bbdcf2b393599b1cdce77"},
+    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:99b7920e7165be5a9e9a3a7f1b680f06f68ff0d0328ff4079e5163990d046767"},
+    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0dc49f42422163efb7e6f1df2636fe3db72713f6cd94688e339dbe33fe06d61d"},
+    {file = "aiohttp-3.11.10-cp310-cp310-win32.whl", hash = "sha256:40d1c7a7f750b5648642586ba7206999650208dbe5afbcc5284bcec6579c9b91"},
+    {file = "aiohttp-3.11.10-cp310-cp310-win_amd64.whl", hash = "sha256:68ff6f48b51bd78ea92b31079817aff539f6c8fc80b6b8d6ca347d7c02384e33"},
+    {file = "aiohttp-3.11.10-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:77c4aa15a89847b9891abf97f3d4048f3c2d667e00f8a623c89ad2dccee6771b"},
+    {file = "aiohttp-3.11.10-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:909af95a72cedbefe5596f0bdf3055740f96c1a4baa0dd11fd74ca4de0b4e3f1"},
+    {file = "aiohttp-3.11.10-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:386fbe79863eb564e9f3615b959e28b222259da0c48fd1be5929ac838bc65683"},
+    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3de34936eb1a647aa919655ff8d38b618e9f6b7f250cc19a57a4bf7fd2062b6d"},
+    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:0c9527819b29cd2b9f52033e7fb9ff08073df49b4799c89cb5754624ecd98299"},
+    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:65a96e3e03300b41f261bbfd40dfdbf1c301e87eab7cd61c054b1f2e7c89b9e8"},
+    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:98f5635f7b74bcd4f6f72fcd85bea2154b323a9f05226a80bc7398d0c90763b0"},
+    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:03b6002e20938fc6ee0918c81d9e776bebccc84690e2b03ed132331cca065ee5"},
+    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:6362cc6c23c08d18ddbf0e8c4d5159b5df74fea1a5278ff4f2c79aed3f4e9f46"},
+    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:3691ed7726fef54e928fe26344d930c0c8575bc968c3e239c2e1a04bd8cf7838"},
+    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:31d5093d3acd02b31c649d3a69bb072d539d4c7659b87caa4f6d2bcf57c2fa2b"},
+    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:8b3cf2dc0f0690a33f2d2b2cb15db87a65f1c609f53c37e226f84edb08d10f52"},
+    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:fbbaea811a2bba171197b08eea288b9402faa2bab2ba0858eecdd0a4105753a3"},
+    {file = "aiohttp-3.11.10-cp311-cp311-win32.whl", hash = "sha256:4b2c7ac59c5698a7a8207ba72d9e9c15b0fc484a560be0788b31312c2c5504e4"},
+    {file = "aiohttp-3.11.10-cp311-cp311-win_amd64.whl", hash = "sha256:974d3a2cce5fcfa32f06b13ccc8f20c6ad9c51802bb7f829eae8a1845c4019ec"},
+    {file = "aiohttp-3.11.10-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:b78f053a7ecfc35f0451d961dacdc671f4bcbc2f58241a7c820e9d82559844cf"},
+    {file = "aiohttp-3.11.10-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:ab7485222db0959a87fbe8125e233b5a6f01f4400785b36e8a7878170d8c3138"},
+    {file = "aiohttp-3.11.10-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:cf14627232dfa8730453752e9cdc210966490992234d77ff90bc8dc0dce361d5"},
+    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:076bc454a7e6fd646bc82ea7f98296be0b1219b5e3ef8a488afbdd8e81fbac50"},
+    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:482cafb7dc886bebeb6c9ba7925e03591a62ab34298ee70d3dd47ba966370d2c"},
+    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:bf3d1a519a324af764a46da4115bdbd566b3c73fb793ffb97f9111dbc684fc4d"},
+    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:24213ba85a419103e641e55c27dc7ff03536c4873470c2478cce3311ba1eee7b"},
+    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b99acd4730ad1b196bfb03ee0803e4adac371ae8efa7e1cbc820200fc5ded109"},
+    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:14cdb5a9570be5a04eec2ace174a48ae85833c2aadc86de68f55541f66ce42ab"},
+    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:7e97d622cb083e86f18317282084bc9fbf261801b0192c34fe4b1febd9f7ae69"},
+    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:012f176945af138abc10c4a48743327a92b4ca9adc7a0e078077cdb5dbab7be0"},
+    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:44224d815853962f48fe124748227773acd9686eba6dc102578defd6fc99e8d9"},
+    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c87bf31b7fdab94ae3adbe4a48e711bfc5f89d21cf4c197e75561def39e223bc"},
+    {file = "aiohttp-3.11.10-cp312-cp312-win32.whl", hash = "sha256:06a8e2ee1cbac16fe61e51e0b0c269400e781b13bcfc33f5425912391a542985"},
+    {file = "aiohttp-3.11.10-cp312-cp312-win_amd64.whl", hash = "sha256:be2b516f56ea883a3e14dda17059716593526e10fb6303189aaf5503937db408"},
+    {file = "aiohttp-3.11.10-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:8cc5203b817b748adccb07f36390feb730b1bc5f56683445bfe924fc270b8816"},
+    {file = "aiohttp-3.11.10-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:5ef359ebc6949e3a34c65ce20230fae70920714367c63afd80ea0c2702902ccf"},
+    {file = "aiohttp-3.11.10-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:9bca390cb247dbfaec3c664326e034ef23882c3f3bfa5fbf0b56cad0320aaca5"},
+    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:811f23b3351ca532af598405db1093f018edf81368e689d1b508c57dcc6b6a32"},
+    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ddf5f7d877615f6a1e75971bfa5ac88609af3b74796ff3e06879e8422729fd01"},
+    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6ab29b8a0beb6f8eaf1e5049252cfe74adbaafd39ba91e10f18caeb0e99ffb34"},
+    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c49a76c1038c2dd116fa443eba26bbb8e6c37e924e2513574856de3b6516be99"},
+    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7f3dc0e330575f5b134918976a645e79adf333c0a1439dcf6899a80776c9ab39"},
+    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:efb15a17a12497685304b2d976cb4939e55137df7b09fa53f1b6a023f01fcb4e"},
+    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:db1d0b28fcb7f1d35600150c3e4b490775251dea70f894bf15c678fdd84eda6a"},
+    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:15fccaf62a4889527539ecb86834084ecf6e9ea70588efde86e8bc775e0e7542"},
+    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:593c114a2221444f30749cc5e5f4012488f56bd14de2af44fe23e1e9894a9c60"},
+    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:7852bbcb4d0d2f0c4d583f40c3bc750ee033265d80598d0f9cb6f372baa6b836"},
+    {file = "aiohttp-3.11.10-cp313-cp313-win32.whl", hash = "sha256:65e55ca7debae8faaffee0ebb4b47a51b4075f01e9b641c31e554fd376595c6c"},
+    {file = "aiohttp-3.11.10-cp313-cp313-win_amd64.whl", hash = "sha256:beb39a6d60a709ae3fb3516a1581777e7e8b76933bb88c8f4420d875bb0267c6"},
+    {file = "aiohttp-3.11.10-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:0580f2e12de2138f34debcd5d88894786453a76e98febaf3e8fe5db62d01c9bf"},
+    {file = "aiohttp-3.11.10-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a55d2ad345684e7c3dd2c20d2f9572e9e1d5446d57200ff630e6ede7612e307f"},
+    {file = "aiohttp-3.11.10-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:04814571cb72d65a6899db6099e377ed00710bf2e3eafd2985166f2918beaf59"},
+    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e44a9a3c053b90c6f09b1bb4edd880959f5328cf63052503f892c41ea786d99f"},
+    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:502a1464ccbc800b4b1995b302efaf426e8763fadf185e933c2931df7db9a199"},
+    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:613e5169f8ae77b1933e42e418a95931fb4867b2991fc311430b15901ed67079"},
+    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4cca22a61b7fe45da8fc73c3443150c3608750bbe27641fc7558ec5117b27fdf"},
+    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:86a5dfcc39309470bd7b68c591d84056d195428d5d2e0b5ccadfbaf25b026ebc"},
+    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:77ae58586930ee6b2b6f696c82cf8e78c8016ec4795c53e36718365f6959dc82"},
+    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:78153314f26d5abef3239b4a9af20c229c6f3ecb97d4c1c01b22c4f87669820c"},
+    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:98283b94cc0e11c73acaf1c9698dea80c830ca476492c0fe2622bd931f34b487"},
+    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:53bf2097e05c2accc166c142a2090e4c6fd86581bde3fd9b2d3f9e93dda66ac1"},
+    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:c5532f0441fc09c119e1dca18fbc0687e64fbeb45aa4d6a87211ceaee50a74c4"},
+    {file = "aiohttp-3.11.10-cp39-cp39-win32.whl", hash = "sha256:47ad15a65fb41c570cd0ad9a9ff8012489e68176e7207ec7b82a0940dddfd8be"},
+    {file = "aiohttp-3.11.10-cp39-cp39-win_amd64.whl", hash = "sha256:c6b9e6d7e41656d78e37ce754813fa44b455c3d0d0dced2a047def7dc5570b74"},
+    {file = "aiohttp-3.11.10.tar.gz", hash = "sha256:b1fc6b45010a8d0ff9e88f9f2418c6fd408c99c211257334aff41597ebece42e"},
 ]
 
 [package.dependencies]
@@ -468,73 +468,73 @@ files = [
 
 [[package]]
 name = "coverage"
-version = "7.6.8"
+version = "7.6.9"
 description = "Code coverage measurement for Python"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "coverage-7.6.8-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b39e6011cd06822eb964d038d5dff5da5d98652b81f5ecd439277b32361a3a50"},
-    {file = "coverage-7.6.8-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:63c19702db10ad79151a059d2d6336fe0c470f2e18d0d4d1a57f7f9713875dcf"},
-    {file = "coverage-7.6.8-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3985b9be361d8fb6b2d1adc9924d01dec575a1d7453a14cccd73225cb79243ee"},
-    {file = "coverage-7.6.8-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:644ec81edec0f4ad17d51c838a7d01e42811054543b76d4ba2c5d6af741ce2a6"},
-    {file = "coverage-7.6.8-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1f188a2402f8359cf0c4b1fe89eea40dc13b52e7b4fd4812450da9fcd210181d"},
-    {file = "coverage-7.6.8-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:e19122296822deafce89a0c5e8685704c067ae65d45e79718c92df7b3ec3d331"},
-    {file = "coverage-7.6.8-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:13618bed0c38acc418896005732e565b317aa9e98d855a0e9f211a7ffc2d6638"},
-    {file = "coverage-7.6.8-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:193e3bffca48ad74b8c764fb4492dd875038a2f9925530cb094db92bb5e47bed"},
-    {file = "coverage-7.6.8-cp310-cp310-win32.whl", hash = "sha256:3988665ee376abce49613701336544041f2117de7b7fbfe91b93d8ff8b151c8e"},
-    {file = "coverage-7.6.8-cp310-cp310-win_amd64.whl", hash = "sha256:f56f49b2553d7dd85fd86e029515a221e5c1f8cb3d9c38b470bc38bde7b8445a"},
-    {file = "coverage-7.6.8-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:86cffe9c6dfcfe22e28027069725c7f57f4b868a3f86e81d1c62462764dc46d4"},
-    {file = "coverage-7.6.8-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:d82ab6816c3277dc962cfcdc85b1efa0e5f50fb2c449432deaf2398a2928ab94"},
-    {file = "coverage-7.6.8-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:13690e923a3932e4fad4c0ebfb9cb5988e03d9dcb4c5150b5fcbf58fd8bddfc4"},
-    {file = "coverage-7.6.8-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4be32da0c3827ac9132bb488d331cb32e8d9638dd41a0557c5569d57cf22c9c1"},
-    {file = "coverage-7.6.8-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:44e6c85bbdc809383b509d732b06419fb4544dca29ebe18480379633623baafb"},
-    {file = "coverage-7.6.8-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:768939f7c4353c0fac2f7c37897e10b1414b571fd85dd9fc49e6a87e37a2e0d8"},
-    {file = "coverage-7.6.8-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:e44961e36cb13c495806d4cac67640ac2866cb99044e210895b506c26ee63d3a"},
-    {file = "coverage-7.6.8-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:3ea8bb1ab9558374c0ab591783808511d135a833c3ca64a18ec927f20c4030f0"},
-    {file = "coverage-7.6.8-cp311-cp311-win32.whl", hash = "sha256:629a1ba2115dce8bf75a5cce9f2486ae483cb89c0145795603d6554bdc83e801"},
-    {file = "coverage-7.6.8-cp311-cp311-win_amd64.whl", hash = "sha256:fb9fc32399dca861584d96eccd6c980b69bbcd7c228d06fb74fe53e007aa8ef9"},
-    {file = "coverage-7.6.8-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:e683e6ecc587643f8cde8f5da6768e9d165cd31edf39ee90ed7034f9ca0eefee"},
-    {file = "coverage-7.6.8-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1defe91d41ce1bd44b40fabf071e6a01a5aa14de4a31b986aa9dfd1b3e3e414a"},
-    {file = "coverage-7.6.8-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d7ad66e8e50225ebf4236368cc43c37f59d5e6728f15f6e258c8639fa0dd8e6d"},
-    {file = "coverage-7.6.8-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3fe47da3e4fda5f1abb5709c156eca207eacf8007304ce3019eb001e7a7204cb"},
-    {file = "coverage-7.6.8-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:202a2d645c5a46b84992f55b0a3affe4f0ba6b4c611abec32ee88358db4bb649"},
-    {file = "coverage-7.6.8-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:4674f0daa1823c295845b6a740d98a840d7a1c11df00d1fd62614545c1583787"},
-    {file = "coverage-7.6.8-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:74610105ebd6f33d7c10f8907afed696e79c59e3043c5f20eaa3a46fddf33b4c"},
-    {file = "coverage-7.6.8-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:37cda8712145917105e07aab96388ae76e787270ec04bcb9d5cc786d7cbb8443"},
-    {file = "coverage-7.6.8-cp312-cp312-win32.whl", hash = "sha256:9e89d5c8509fbd6c03d0dd1972925b22f50db0792ce06324ba069f10787429ad"},
-    {file = "coverage-7.6.8-cp312-cp312-win_amd64.whl", hash = "sha256:379c111d3558272a2cae3d8e57e6b6e6f4fe652905692d54bad5ea0ca37c5ad4"},
-    {file = "coverage-7.6.8-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:0b0c69f4f724c64dfbfe79f5dfb503b42fe6127b8d479b2677f2b227478db2eb"},
-    {file = "coverage-7.6.8-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:c15b32a7aca8038ed7644f854bf17b663bc38e1671b5d6f43f9a2b2bd0c46f63"},
-    {file = "coverage-7.6.8-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:63068a11171e4276f6ece913bde059e77c713b48c3a848814a6537f35afb8365"},
-    {file = "coverage-7.6.8-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6f4548c5ead23ad13fb7a2c8ea541357474ec13c2b736feb02e19a3085fac002"},
-    {file = "coverage-7.6.8-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3b4b4299dd0d2c67caaaf286d58aef5e75b125b95615dda4542561a5a566a1e3"},
-    {file = "coverage-7.6.8-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c9ebfb2507751f7196995142f057d1324afdab56db1d9743aab7f50289abd022"},
-    {file = "coverage-7.6.8-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:c1b4474beee02ede1eef86c25ad4600a424fe36cff01a6103cb4533c6bf0169e"},
-    {file = "coverage-7.6.8-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:d9fd2547e6decdbf985d579cf3fc78e4c1d662b9b0ff7cc7862baaab71c9cc5b"},
-    {file = "coverage-7.6.8-cp313-cp313-win32.whl", hash = "sha256:8aae5aea53cbfe024919715eca696b1a3201886ce83790537d1c3668459c7146"},
-    {file = "coverage-7.6.8-cp313-cp313-win_amd64.whl", hash = "sha256:ae270e79f7e169ccfe23284ff5ea2d52a6f401dc01b337efb54b3783e2ce3f28"},
-    {file = "coverage-7.6.8-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:de38add67a0af869b0d79c525d3e4588ac1ffa92f39116dbe0ed9753f26eba7d"},
-    {file = "coverage-7.6.8-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:b07c25d52b1c16ce5de088046cd2432b30f9ad5e224ff17c8f496d9cb7d1d451"},
-    {file = "coverage-7.6.8-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:62a66ff235e4c2e37ed3b6104d8b478d767ff73838d1222132a7a026aa548764"},
-    {file = "coverage-7.6.8-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:09b9f848b28081e7b975a3626e9081574a7b9196cde26604540582da60235fdf"},
-    {file = "coverage-7.6.8-cp313-cp313t-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:093896e530c38c8e9c996901858ac63f3d4171268db2c9c8b373a228f459bbc5"},
-    {file = "coverage-7.6.8-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:9a7b8ac36fd688c8361cbc7bf1cb5866977ece6e0b17c34aa0df58bda4fa18a4"},
-    {file = "coverage-7.6.8-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:38c51297b35b3ed91670e1e4efb702b790002e3245a28c76e627478aa3c10d83"},
-    {file = "coverage-7.6.8-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:2e4e0f60cb4bd7396108823548e82fdab72d4d8a65e58e2c19bbbc2f1e2bfa4b"},
-    {file = "coverage-7.6.8-cp313-cp313t-win32.whl", hash = "sha256:6535d996f6537ecb298b4e287a855f37deaf64ff007162ec0afb9ab8ba3b8b71"},
-    {file = "coverage-7.6.8-cp313-cp313t-win_amd64.whl", hash = "sha256:c79c0685f142ca53256722a384540832420dff4ab15fec1863d7e5bc8691bdcc"},
-    {file = "coverage-7.6.8-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3ac47fa29d8d41059ea3df65bd3ade92f97ee4910ed638e87075b8e8ce69599e"},
-    {file = "coverage-7.6.8-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:24eda3a24a38157eee639ca9afe45eefa8d2420d49468819ac5f88b10de84f4c"},
-    {file = "coverage-7.6.8-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e4c81ed2820b9023a9a90717020315e63b17b18c274a332e3b6437d7ff70abe0"},
-    {file = "coverage-7.6.8-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bd55f8fc8fa494958772a2a7302b0354ab16e0b9272b3c3d83cdb5bec5bd1779"},
-    {file = "coverage-7.6.8-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f39e2f3530ed1626c66e7493be7a8423b023ca852aacdc91fb30162c350d2a92"},
-    {file = "coverage-7.6.8-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:716a78a342679cd1177bc8c2fe957e0ab91405bd43a17094324845200b2fddf4"},
-    {file = "coverage-7.6.8-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:177f01eeaa3aee4a5ffb0d1439c5952b53d5010f86e9d2667963e632e30082cc"},
-    {file = "coverage-7.6.8-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:912e95017ff51dc3d7b6e2be158dedc889d9a5cc3382445589ce554f1a34c0ea"},
-    {file = "coverage-7.6.8-cp39-cp39-win32.whl", hash = "sha256:4db3ed6a907b555e57cc2e6f14dc3a4c2458cdad8919e40b5357ab9b6db6c43e"},
-    {file = "coverage-7.6.8-cp39-cp39-win_amd64.whl", hash = "sha256:428ac484592f780e8cd7b6b14eb568f7c85460c92e2a37cb0c0e5186e1a0d076"},
-    {file = "coverage-7.6.8-pp39.pp310-none-any.whl", hash = "sha256:5c52a036535d12590c32c49209e79cabaad9f9ad8aa4cbd875b68c4d67a9cbce"},
-    {file = "coverage-7.6.8.tar.gz", hash = "sha256:8b2b8503edb06822c86d82fa64a4a5cb0760bb8f31f26e138ec743f422f37cfc"},
+    {file = "coverage-7.6.9-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:85d9636f72e8991a1706b2b55b06c27545448baf9f6dbf51c4004609aacd7dcb"},
+    {file = "coverage-7.6.9-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:608a7fd78c67bee8936378299a6cb9f5149bb80238c7a566fc3e6717a4e68710"},
+    {file = "coverage-7.6.9-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:96d636c77af18b5cb664ddf12dab9b15a0cfe9c0bde715da38698c8cea748bfa"},
+    {file = "coverage-7.6.9-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d75cded8a3cff93da9edc31446872d2997e327921d8eed86641efafd350e1df1"},
+    {file = "coverage-7.6.9-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f7b15f589593110ae767ce997775d645b47e5cbbf54fd322f8ebea6277466cec"},
+    {file = "coverage-7.6.9-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:44349150f6811b44b25574839b39ae35291f6496eb795b7366fef3bd3cf112d3"},
+    {file = "coverage-7.6.9-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:d891c136b5b310d0e702e186d70cd16d1119ea8927347045124cb286b29297e5"},
+    {file = "coverage-7.6.9-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:db1dab894cc139f67822a92910466531de5ea6034ddfd2b11c0d4c6257168073"},
+    {file = "coverage-7.6.9-cp310-cp310-win32.whl", hash = "sha256:41ff7b0da5af71a51b53f501a3bac65fb0ec311ebed1632e58fc6107f03b9198"},
+    {file = "coverage-7.6.9-cp310-cp310-win_amd64.whl", hash = "sha256:35371f8438028fdccfaf3570b31d98e8d9eda8bb1d6ab9473f5a390969e98717"},
+    {file = "coverage-7.6.9-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:932fc826442132dde42ee52cf66d941f581c685a6313feebed358411238f60f9"},
+    {file = "coverage-7.6.9-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:085161be5f3b30fd9b3e7b9a8c301f935c8313dcf928a07b116324abea2c1c2c"},
+    {file = "coverage-7.6.9-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ccc660a77e1c2bf24ddbce969af9447a9474790160cfb23de6be4fa88e3951c7"},
+    {file = "coverage-7.6.9-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c69e42c892c018cd3c8d90da61d845f50a8243062b19d228189b0224150018a9"},
+    {file = "coverage-7.6.9-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0824a28ec542a0be22f60c6ac36d679e0e262e5353203bea81d44ee81fe9c6d4"},
+    {file = "coverage-7.6.9-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:4401ae5fc52ad8d26d2a5d8a7428b0f0c72431683f8e63e42e70606374c311a1"},
+    {file = "coverage-7.6.9-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:98caba4476a6c8d59ec1eb00c7dd862ba9beca34085642d46ed503cc2d440d4b"},
+    {file = "coverage-7.6.9-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:ee5defd1733fd6ec08b168bd4f5387d5b322f45ca9e0e6c817ea6c4cd36313e3"},
+    {file = "coverage-7.6.9-cp311-cp311-win32.whl", hash = "sha256:f2d1ec60d6d256bdf298cb86b78dd715980828f50c46701abc3b0a2b3f8a0dc0"},
+    {file = "coverage-7.6.9-cp311-cp311-win_amd64.whl", hash = "sha256:0d59fd927b1f04de57a2ba0137166d31c1a6dd9e764ad4af552912d70428c92b"},
+    {file = "coverage-7.6.9-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:99e266ae0b5d15f1ca8d278a668df6f51cc4b854513daab5cae695ed7b721cf8"},
+    {file = "coverage-7.6.9-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:9901d36492009a0a9b94b20e52ebfc8453bf49bb2b27bca2c9706f8b4f5a554a"},
+    {file = "coverage-7.6.9-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:abd3e72dd5b97e3af4246cdada7738ef0e608168de952b837b8dd7e90341f015"},
+    {file = "coverage-7.6.9-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ff74026a461eb0660366fb01c650c1d00f833a086b336bdad7ab00cc952072b3"},
+    {file = "coverage-7.6.9-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:65dad5a248823a4996724a88eb51d4b31587aa7aa428562dbe459c684e5787ae"},
+    {file = "coverage-7.6.9-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:22be16571504c9ccea919fcedb459d5ab20d41172056206eb2994e2ff06118a4"},
+    {file = "coverage-7.6.9-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:0f957943bc718b87144ecaee70762bc2bc3f1a7a53c7b861103546d3a403f0a6"},
+    {file = "coverage-7.6.9-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0ae1387db4aecb1f485fb70a6c0148c6cdaebb6038f1d40089b1fc84a5db556f"},
+    {file = "coverage-7.6.9-cp312-cp312-win32.whl", hash = "sha256:1a330812d9cc7ac2182586f6d41b4d0fadf9be9049f350e0efb275c8ee8eb692"},
+    {file = "coverage-7.6.9-cp312-cp312-win_amd64.whl", hash = "sha256:b12c6b18269ca471eedd41c1b6a1065b2f7827508edb9a7ed5555e9a56dcfc97"},
+    {file = "coverage-7.6.9-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:899b8cd4781c400454f2f64f7776a5d87bbd7b3e7f7bda0cb18f857bb1334664"},
+    {file = "coverage-7.6.9-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:61f70dc68bd36810972e55bbbe83674ea073dd1dcc121040a08cdf3416c5349c"},
+    {file = "coverage-7.6.9-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8a289d23d4c46f1a82d5db4abeb40b9b5be91731ee19a379d15790e53031c014"},
+    {file = "coverage-7.6.9-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7e216d8044a356fc0337c7a2a0536d6de07888d7bcda76febcb8adc50bdbbd00"},
+    {file = "coverage-7.6.9-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3c026eb44f744acaa2bda7493dad903aa5bf5fc4f2554293a798d5606710055d"},
+    {file = "coverage-7.6.9-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e77363e8425325384f9d49272c54045bbed2f478e9dd698dbc65dbc37860eb0a"},
+    {file = "coverage-7.6.9-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:777abfab476cf83b5177b84d7486497e034eb9eaea0d746ce0c1268c71652077"},
+    {file = "coverage-7.6.9-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:447af20e25fdbe16f26e84eb714ba21d98868705cb138252d28bc400381f6ffb"},
+    {file = "coverage-7.6.9-cp313-cp313-win32.whl", hash = "sha256:d872ec5aeb086cbea771c573600d47944eea2dcba8be5f3ee649bfe3cb8dc9ba"},
+    {file = "coverage-7.6.9-cp313-cp313-win_amd64.whl", hash = "sha256:fd1213c86e48dfdc5a0cc676551db467495a95a662d2396ecd58e719191446e1"},
+    {file = "coverage-7.6.9-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:ba9e7484d286cd5a43744e5f47b0b3fb457865baf07bafc6bee91896364e1419"},
+    {file = "coverage-7.6.9-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:e5ea1cf0872ee455c03e5674b5bca5e3e68e159379c1af0903e89f5eba9ccc3a"},
+    {file = "coverage-7.6.9-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2d10e07aa2b91835d6abec555ec8b2733347956991901eea6ffac295f83a30e4"},
+    {file = "coverage-7.6.9-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:13a9e2d3ee855db3dd6ea1ba5203316a1b1fd8eaeffc37c5b54987e61e4194ae"},
+    {file = "coverage-7.6.9-cp313-cp313t-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9c38bf15a40ccf5619fa2fe8f26106c7e8e080d7760aeccb3722664c8656b030"},
+    {file = "coverage-7.6.9-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:d5275455b3e4627c8e7154feaf7ee0743c2e7af82f6e3b561967b1cca755a0be"},
+    {file = "coverage-7.6.9-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:8f8770dfc6e2c6a2d4569f411015c8d751c980d17a14b0530da2d7f27ffdd88e"},
+    {file = "coverage-7.6.9-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:8d2dfa71665a29b153a9681edb1c8d9c1ea50dfc2375fb4dac99ea7e21a0bcd9"},
+    {file = "coverage-7.6.9-cp313-cp313t-win32.whl", hash = "sha256:5e6b86b5847a016d0fbd31ffe1001b63355ed309651851295315031ea7eb5a9b"},
+    {file = "coverage-7.6.9-cp313-cp313t-win_amd64.whl", hash = "sha256:97ddc94d46088304772d21b060041c97fc16bdda13c6c7f9d8fcd8d5ae0d8611"},
+    {file = "coverage-7.6.9-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:adb697c0bd35100dc690de83154627fbab1f4f3c0386df266dded865fc50a902"},
+    {file = "coverage-7.6.9-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:be57b6d56e49c2739cdf776839a92330e933dd5e5d929966fbbd380c77f060be"},
+    {file = "coverage-7.6.9-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f1592791f8204ae9166de22ba7e6705fa4ebd02936c09436a1bb85aabca3e599"},
+    {file = "coverage-7.6.9-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4e12ae8cc979cf83d258acb5e1f1cf2f3f83524d1564a49d20b8bec14b637f08"},
+    {file = "coverage-7.6.9-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bb5555cff66c4d3d6213a296b360f9e1a8e323e74e0426b6c10ed7f4d021e464"},
+    {file = "coverage-7.6.9-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:b9389a429e0e5142e69d5bf4a435dd688c14478a19bb901735cdf75e57b13845"},
+    {file = "coverage-7.6.9-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:592ac539812e9b46046620341498caf09ca21023c41c893e1eb9dbda00a70cbf"},
+    {file = "coverage-7.6.9-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:a27801adef24cc30871da98a105f77995e13a25a505a0161911f6aafbd66e678"},
+    {file = "coverage-7.6.9-cp39-cp39-win32.whl", hash = "sha256:8e3c3e38930cfb729cb8137d7f055e5a473ddaf1217966aa6238c88bd9fd50e6"},
+    {file = "coverage-7.6.9-cp39-cp39-win_amd64.whl", hash = "sha256:e28bf44afa2b187cc9f41749138a64435bf340adfcacb5b2290c070ce99839d4"},
+    {file = "coverage-7.6.9-pp39.pp310-none-any.whl", hash = "sha256:f3ca78518bc6bc92828cd11867b121891d75cae4ea9e908d72030609b996db1b"},
+    {file = "coverage-7.6.9.tar.gz", hash = "sha256:4a8d8977b0c6ef5aeadcb644da9e69ae0dcfe66ec7f368c89c72e058bd71164d"},
 ]
 
 [package.extras]
@@ -1032,13 +1032,13 @@ pyyaml = ">=5.1"
 
 [[package]]
 name = "mkdocs-material"
-version = "9.5.47"
+version = "9.5.48"
 description = "Documentation that simply works"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "mkdocs_material-9.5.47-py3-none-any.whl", hash = "sha256:53fb9c9624e7865da6ec807d116cd7be24b3cb36ab31b1d1d1a9af58c56009a2"},
-    {file = "mkdocs_material-9.5.47.tar.gz", hash = "sha256:fc3b7a8e00ad896660bd3a5cc12ca0cb28bdc2bcbe2a946b5714c23ac91b0ede"},
+    {file = "mkdocs_material-9.5.48-py3-none-any.whl", hash = "sha256:b695c998f4b939ce748adbc0d3bff73fa886a670ece948cf27818fa115dc16f8"},
+    {file = "mkdocs_material-9.5.48.tar.gz", hash = "sha256:a582531e8b34f4c7ed38c29d5c44763053832cf2a32f7409567e0c74749a47db"},
 ]
 
 [package.dependencies]
@@ -1495,13 +1495,13 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "2.10.2"
+version = "2.10.3"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic-2.10.2-py3-none-any.whl", hash = "sha256:cfb96e45951117c3024e6b67b25cdc33a3cb7b2fa62e239f7af1378358a1d99e"},
-    {file = "pydantic-2.10.2.tar.gz", hash = "sha256:2bc2d7f17232e0841cbba4641e65ba1eb6fafb3a08de3a091ff3ce14a197c4fa"},
+    {file = "pydantic-2.10.3-py3-none-any.whl", hash = "sha256:be04d85bbc7b65651c5f8e6b9976ed9c6f41782a55524cef079a34a0bb82144d"},
+    {file = "pydantic-2.10.3.tar.gz", hash = "sha256:cb5ac360ce894ceacd69c403187900a02c4b20b693a9dd1d643e1effab9eadf9"},
 ]
 
 [package.dependencies]
@@ -1685,12 +1685,12 @@ pylint = ">=1.7"
 
 [[package]]
 name = "pylint-pydantic"
-version = "0.3.2"
+version = "0.3.4"
 description = "A Pylint plugin to help Pylint understand the Pydantic"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pylint_pydantic-0.3.2-py3-none-any.whl", hash = "sha256:e5cec02370aa68ac8eff138e5d573b0ac049bab864e9a6c3a9057cf043440aa1"},
+    {file = "pylint_pydantic-0.3.4-py3-none-any.whl", hash = "sha256:f82fdf6b05045102fef2bd8b553a118aadf80155116f374a76eb201c47160a68"},
 ]
 
 [package.dependencies]
@@ -2135,29 +2135,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.8.1"
+version = "0.8.2"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.8.1-py3-none-linux_armv6l.whl", hash = "sha256:fae0805bd514066f20309f6742f6ee7904a773eb9e6c17c45d6b1600ca65c9b5"},
-    {file = "ruff-0.8.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:b8a4f7385c2285c30f34b200ca5511fcc865f17578383db154e098150ce0a087"},
-    {file = "ruff-0.8.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:cd054486da0c53e41e0086e1730eb77d1f698154f910e0cd9e0d64274979a209"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2029b8c22da147c50ae577e621a5bfbc5d1fed75d86af53643d7a7aee1d23871"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2666520828dee7dfc7e47ee4ea0d928f40de72056d929a7c5292d95071d881d1"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:333c57013ef8c97a53892aa56042831c372e0bb1785ab7026187b7abd0135ad5"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:288326162804f34088ac007139488dcb43de590a5ccfec3166396530b58fb89d"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b12c39b9448632284561cbf4191aa1b005882acbc81900ffa9f9f471c8ff7e26"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:364e6674450cbac8e998f7b30639040c99d81dfb5bbc6dfad69bc7a8f916b3d1"},
-    {file = "ruff-0.8.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b22346f845fec132aa39cd29acb94451d030c10874408dbf776af3aaeb53284c"},
-    {file = "ruff-0.8.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:b2f2f7a7e7648a2bfe6ead4e0a16745db956da0e3a231ad443d2a66a105c04fa"},
-    {file = "ruff-0.8.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:adf314fc458374c25c5c4a4a9270c3e8a6a807b1bec018cfa2813d6546215540"},
-    {file = "ruff-0.8.1-py3-none-musllinux_1_2_i686.whl", hash = "sha256:a885d68342a231b5ba4d30b8c6e1b1ee3a65cf37e3d29b3c74069cdf1ee1e3c9"},
-    {file = "ruff-0.8.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d2c16e3508c8cc73e96aa5127d0df8913d2290098f776416a4b157657bee44c5"},
-    {file = "ruff-0.8.1-py3-none-win32.whl", hash = "sha256:93335cd7c0eaedb44882d75a7acb7df4b77cd7cd0d2255c93b28791716e81790"},
-    {file = "ruff-0.8.1-py3-none-win_amd64.whl", hash = "sha256:2954cdbe8dfd8ab359d4a30cd971b589d335a44d444b6ca2cb3d1da21b75e4b6"},
-    {file = "ruff-0.8.1-py3-none-win_arm64.whl", hash = "sha256:55873cc1a473e5ac129d15eccb3c008c096b94809d693fc7053f588b67822737"},
-    {file = "ruff-0.8.1.tar.gz", hash = "sha256:3583db9a6450364ed5ca3f3b4225958b24f78178908d5c4bc0f46251ccca898f"},
+    {file = "ruff-0.8.2-py3-none-linux_armv6l.whl", hash = "sha256:c49ab4da37e7c457105aadfd2725e24305ff9bc908487a9bf8d548c6dad8bb3d"},
+    {file = "ruff-0.8.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:ec016beb69ac16be416c435828be702ee694c0d722505f9c1f35e1b9c0cc1bf5"},
+    {file = "ruff-0.8.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:f05cdf8d050b30e2ba55c9b09330b51f9f97d36d4673213679b965d25a785f3c"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:60f578c11feb1d3d257b2fb043ddb47501ab4816e7e221fbb0077f0d5d4e7b6f"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:cbd5cf9b0ae8f30eebc7b360171bd50f59ab29d39f06a670b3e4501a36ba5897"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b402ddee3d777683de60ff76da801fa7e5e8a71038f57ee53e903afbcefdaa58"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:705832cd7d85605cb7858d8a13d75993c8f3ef1397b0831289109e953d833d29"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:32096b41aaf7a5cc095fa45b4167b890e4c8d3fd217603f3634c92a541de7248"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e769083da9439508833cfc7c23e351e1809e67f47c50248250ce1ac52c21fb93"},
+    {file = "ruff-0.8.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5fe716592ae8a376c2673fdfc1f5c0c193a6d0411f90a496863c99cd9e2ae25d"},
+    {file = "ruff-0.8.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:81c148825277e737493242b44c5388a300584d73d5774defa9245aaef55448b0"},
+    {file = "ruff-0.8.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:d261d7850c8367704874847d95febc698a950bf061c9475d4a8b7689adc4f7fa"},
+    {file = "ruff-0.8.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:1ca4e3a87496dc07d2427b7dd7ffa88a1e597c28dad65ae6433ecb9f2e4f022f"},
+    {file = "ruff-0.8.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:729850feed82ef2440aa27946ab39c18cb4a8889c1128a6d589ffa028ddcfc22"},
+    {file = "ruff-0.8.2-py3-none-win32.whl", hash = "sha256:ac42caaa0411d6a7d9594363294416e0e48fc1279e1b0e948391695db2b3d5b1"},
+    {file = "ruff-0.8.2-py3-none-win_amd64.whl", hash = "sha256:2aae99ec70abf43372612a838d97bfe77d45146254568d94926e8ed5bbb409ea"},
+    {file = "ruff-0.8.2-py3-none-win_arm64.whl", hash = "sha256:fb88e2a506b70cfbc2de6fae6681c4f944f7dd5f2fe87233a7233d888bad73e8"},
+    {file = "ruff-0.8.2.tar.gz", hash = "sha256:b84f4f414dda8ac7f75075c1fa0b905ac0ff25361f42e6d5da681a465e0f78e5"},
 ]
 
 [[package]]
@@ -2414,4 +2414,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "d5fc77baf896f8ff41baa174c20f9070bb9dba6b38ba47c64f667d47272eae76"
+content-hash = "19465d40ffacb007e20b369a30a8209a62413742686ad11679e5d32a658017ca"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index a1fafefc4..269058ece 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -31,21 +31,21 @@ Authlib = "^1.2.0"
 mypy = "^1.13"
 pytest = "^8.3.4"
 types-toml = "^0.10.8"
-pylint-pydantic = "^0.3.2"
-coverage = "^7.6.8"
+pylint-pydantic = "^0.3.4"
+coverage = "^7.6.9"
 pylint-pytest = "^1.1.7"
 pytest-asyncio = "^0.24.0"
 pytest-mock = "^3.14.0"
 pytest-aiohttp = "^1.0.5"
 black = "^24.10.0"
 mkdocs = "^1.5.3"
-mkdocs-material = "^9.5.47"
+mkdocs-material = "^9.5.48"
 mkdocstrings = "^0.27.0"
 mkdocstrings-python = "^1.12.2"
 pook = "^2.1.2"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.8.2"
+ruff = ">=0.5.1,<0.8.3"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From 4ee9a3a098642dfa8a979f51322ae2646be5f1d3 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 12 Dec 2024 07:53:22 +1000
Subject: [PATCH 09/87] Minor tweaks to cred reset ui (#3284)

---
 server/core/templates/credentials_reset.html  |  5 ++--
 .../templates/credentials_reset_form.html     |  5 ++--
 .../templates/credentials_update_partial.html | 26 +++++--------------
 .../templates/credentials_update_primary.html |  6 ++---
 4 files changed, 16 insertions(+), 26 deletions(-)

diff --git a/server/core/templates/credentials_reset.html b/server/core/templates/credentials_reset.html
index 5028b9706..bf593093b 100644
--- a/server/core/templates/credentials_reset.html
+++ b/server/core/templates/credentials_reset.html
@@ -5,13 +5,14 @@
 (% endblock %)
 
 (% block body %)
-<main class="form-cred-reset-body container my-auto">
+<main class="container-lg my-auto">
     <div class="text-center">
         <h3>Updating Credentials</h3>
         <p><strong>User:</strong> (( names ))</p>
         <p><strong>Kanidm domain:</strong> (( domain_info.display_name() ))</p>
     </div>
-    <hr class="my-4" />
+    <div class="ps-sm-4 ps-md-5 pt-sm-0 pt-4">
     (( credentials_update_partial|safe ))
+    </div>
 </main>
 (% endblock %)
diff --git a/server/core/templates/credentials_reset_form.html b/server/core/templates/credentials_reset_form.html
index 38a64849e..ec37c7be7 100644
--- a/server/core/templates/credentials_reset_form.html
+++ b/server/core/templates/credentials_reset_form.html
@@ -22,8 +22,9 @@
             src="/pkg/img/logo-square.svg?v=((crate::https::cache_buster::get_cache_buster_key()))"
             alt="(( domain_info.display_name() ))" class="kanidm_logo" />
         (% endif %)
-        <h2>Credential Reset</h2>
-        <h3>(( domain_info.display_name() ))</h3>
+        <h2>(( domain_info.display_name() ))</h2>
+        <div />
+        <h3>Credential Reset</h3>
     </center>
     <form class="mb-3">
         <div>
diff --git a/server/core/templates/credentials_update_partial.html b/server/core/templates/credentials_update_partial.html
index e96ac73f5..c6b80128c 100644
--- a/server/core/templates/credentials_update_partial.html
+++ b/server/core/templates/credentials_update_partial.html
@@ -81,24 +81,12 @@
             (% when CUCredState::Modifiable %)
             (% include "credentials_update_passkeys.html" %)
             <!-- Here we are modifiable so we can render the button to add passkeys  -->
-            <div class="btn-group mt-4">
-                <button type="button" class="btn btn-secondary"
-                    hx-post="/ui/reset/add_passkey"
-                    hx-vals='{"class": "Any"}'
-                    hx-target="#credentialUpdateDynamicSection">
-                    Add Passkey
-                </button>
-                <button type="button"
-                    class="btn btn-secondary dropdown-toggle dropdown-toggle-split"
-                    data-bs-toggle="dropdown" aria-expanded="false">
-                    <span class="visually-hidden">Toggle Dropdown</span>
-                </button>
-                <ul class="dropdown-menu">
-                    <li><a class="dropdown-item" hx-post="/ui/api/cancel_mfareg"
-                            hx-swap="none">Cancel MFA Registration
-                            session</a></li>
-                </ul>
-            </div>
+            <button type="button" class="btn btn-primary"
+                hx-post="/ui/reset/add_passkey"
+                hx-vals='{"class": "Any"}'
+                hx-target="#credentialUpdateDynamicSection">
+                Add Passkey
+            </button>
 
             (% when CUCredState::DeleteOnly %)
             (% if passkeys.len() > 0 %)
@@ -117,7 +105,7 @@
             <hr class="my-4" />
             <h4>UNIX Password</h4>
             <p>This password is used when authenticating to a UNIX-like system</p>
-            <button type="button" class="btn btn-secondary"
+            <button type="button" class="btn btn-primary"
                 hx-post="/ui/reset/set_unixcred"
                 hx-target="#credentialUpdateDynamicSection">
                 Set UNIX Password
diff --git a/server/core/templates/credentials_update_primary.html b/server/core/templates/credentials_update_primary.html
index 99703a96e..52e1263d1 100644
--- a/server/core/templates/credentials_update_primary.html
+++ b/server/core/templates/credentials_update_primary.html
@@ -25,7 +25,7 @@
                             <h6><b>Password</b></h6>
                         </div>
                         <div class="flex-shrink-0 ps-3">
-                            <button type="button" class="btn btn-sm btn-secondary" hx-post="/ui/reset/change_password">
+                            <button type="button" class="btn btn-sm btn-primary" hx-post="/ui/reset/change_password">
                                 Change Password
                             </button>
                         </div>
@@ -36,7 +36,7 @@
                             <p>TOTPs are 6 digit codes generated on-demand as a second authentication factor.</p>
                         </div>
                         <div class="flex-shrink-0 ps-3">
-                            <button type="button" class="btn btn-sm btn-secondary" hx-post="/ui/reset/add_totp">
+                            <button type="button" class="btn btn-sm btn-primary" hx-post="/ui/reset/add_totp">
                                 Add TOTP
                             </button>
                         </div>
@@ -121,4 +121,4 @@
             </button>
         </div>
     (% endif %)
-</div>
\ No newline at end of file
+</div>

From 60cc830ebd80571bb551217b75f753422899b376 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 12 Dec 2024 21:56:12 +1000
Subject: [PATCH 10/87] Cleanup webauthn features (#3285)

---
 Cargo.toml                            |  1 -
 tools/cli/Cargo.toml                  | 20 ++++++++++++++++++--
 tools/cli/src/cli/webauthn/mod.rs     | 14 ++++++++++++--
 tools/cli/src/cli/webauthn/mozilla.rs |  6 +++---
 tools/cli/src/cli/webauthn/u2fhid.rs  |  5 +++++
 5 files changed, 38 insertions(+), 8 deletions(-)
 create mode 100644 tools/cli/src/cli/webauthn/u2fhid.rs

diff --git a/Cargo.toml b/Cargo.toml
index e25ffe31e..9df46e583 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -284,7 +284,6 @@ uuid = "^1.11.0"
 webauthn-authenticator-rs = { version = "0.5.0", features = [
     "softpasskey",
     "softtoken",
-    "mozilla",
 ] }
 webauthn-rs = { version = "0.5.0", features = ["preview-features"] }
 webauthn-rs-core = "0.5.0"
diff --git a/tools/cli/Cargo.toml b/tools/cli/Cargo.toml
index 959cdc4e7..b5ac95e20 100644
--- a/tools/cli/Cargo.toml
+++ b/tools/cli/Cargo.toml
@@ -78,9 +78,25 @@ url = { workspace = true }
 workspace = true
 features = ["win10"]
 
-[target."cfg(not(any(target_os = \"windows\")))".dependencies.webauthn-authenticator-rs]
+[target."cfg(target_os = \"linux\")".dependencies.webauthn-authenticator-rs]
 workspace = true
-features = ["u2fhid"]
+features = [
+    "u2fhid",
+    "mozilla",
+]
+
+[target."cfg(target_os = \"macos\")".dependencies.webauthn-authenticator-rs]
+workspace = true
+features = [
+    "u2fhid",
+    "mozilla",
+]
+
+[target."cfg(target_os = \"freebsd\")".dependencies.webauthn-authenticator-rs]
+workspace = true
+features = [
+    "mozilla",
+]
 
 ## Debian packaging
 [package.metadata.deb]
diff --git a/tools/cli/src/cli/webauthn/mod.rs b/tools/cli/src/cli/webauthn/mod.rs
index f3ae84e59..0af5641f1 100644
--- a/tools/cli/src/cli/webauthn/mod.rs
+++ b/tools/cli/src/cli/webauthn/mod.rs
@@ -1,6 +1,16 @@
-#[cfg(not(any(target_os = "windows")))]
+#[cfg(target_os = "linux")]
+mod u2fhid;
+#[cfg(target_os = "linux")]
+use u2fhid::get_authenticator_backend;
+
+#[cfg(target_os = "macos")]
 mod mozilla;
-#[cfg(not(any(target_os = "windows")))]
+#[cfg(target_os = "macos")]
+use mozilla::get_authenticator_backend;
+
+#[cfg(target_os = "freebsd")]
+mod mozilla;
+#[cfg(target_os = "freebsd")]
 use mozilla::get_authenticator_backend;
 
 #[cfg(target_os = "windows")]
diff --git a/tools/cli/src/cli/webauthn/mozilla.rs b/tools/cli/src/cli/webauthn/mozilla.rs
index dfe0d3ca8..4e392d52c 100644
--- a/tools/cli/src/cli/webauthn/mozilla.rs
+++ b/tools/cli/src/cli/webauthn/mozilla.rs
@@ -1,5 +1,5 @@
-use webauthn_authenticator_rs::u2fhid::U2FHid;
+use webauthn_authenticator_rs::mozilla::MozillaAuthenticator;
 
-pub fn get_authenticator_backend() -> U2FHid {
-    U2FHid::new()
+pub fn get_authenticator_backend() -> MozillaAuthenticator {
+    MozillaAuthenticator::default()
 }
diff --git a/tools/cli/src/cli/webauthn/u2fhid.rs b/tools/cli/src/cli/webauthn/u2fhid.rs
new file mode 100644
index 000000000..dfe0d3ca8
--- /dev/null
+++ b/tools/cli/src/cli/webauthn/u2fhid.rs
@@ -0,0 +1,5 @@
+use webauthn_authenticator_rs::u2fhid::U2FHid;
+
+pub fn get_authenticator_backend() -> U2FHid {
+    U2FHid::new()
+}

From 5dfba2a0ef1f8d2348c32afc8012d57896325f7f Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Fri, 13 Dec 2024 10:23:54 +1000
Subject: [PATCH 11/87] Add CORS headers to jwks and userinfo (#3283)

When using jwks from a single page application, the keys and
userinfo were unable to be retrieved due to missing cors headers.
---
 server/core/src/https/oauth2.rs | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/server/core/src/https/oauth2.rs b/server/core/src/https/oauth2.rs
index cfb783b6e..aedeb3ba7 100644
--- a/server/core/src/https/oauth2.rs
+++ b/server/core/src/https/oauth2.rs
@@ -20,7 +20,6 @@ use axum::{
     Extension, Form, Json, Router,
 };
 use axum_macros::debug_handler;
-use compact_jwt::{JwkKeySet, OidcToken};
 use kanidm_proto::constants::uri::{
     OAUTH2_AUTHORISE, OAUTH2_AUTHORISE_PERMIT, OAUTH2_AUTHORISE_REJECT,
 };
@@ -587,13 +586,13 @@ pub async fn oauth2_openid_userinfo_get(
     Path(client_id): Path<String>,
     Extension(kopid): Extension<KOpId>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
-) -> Result<Json<OidcToken>, HTTPOauth2Error> {
+) -> Response {
     // The token we want to inspect is in the authorisation header.
     let client_token = match client_auth_info.bearer_token {
         Some(val) => val,
         None => {
             error!("Bearer Authentication Not Provided");
-            return Err(HTTPOauth2Error(Oauth2Error::AuthenticationRequired));
+            return HTTPOauth2Error(Oauth2Error::AuthenticationRequired).into_response();
         }
     };
 
@@ -603,8 +602,13 @@ pub async fn oauth2_openid_userinfo_get(
         .await;
 
     match res {
-        Ok(uir) => Ok(Json(uir)),
-        Err(e) => Err(HTTPOauth2Error(e)),
+        Ok(uir) => (
+            StatusCode::OK,
+            [(ACCESS_CONTROL_ALLOW_ORIGIN, "*")],
+            Json(uir),
+        )
+            .into_response(),
+        Err(e) => HTTPOauth2Error(e).into_response(),
     }
 }
 
@@ -612,13 +616,18 @@ pub async fn oauth2_openid_publickey_get(
     State(state): State<ServerState>,
     Path(client_id): Path<String>,
     Extension(kopid): Extension<KOpId>,
-) -> Result<Json<JwkKeySet>, WebError> {
-    state
+) -> Response {
+    let res = state
         .qe_r_ref
         .handle_oauth2_openid_publickey(client_id, kopid.eventid)
         .await
         .map(Json::from)
-        .map_err(WebError::from)
+        .map_err(WebError::from);
+
+    match res {
+        Ok(jsn) => (StatusCode::OK, [(ACCESS_CONTROL_ALLOW_ORIGIN, "*")], jsn).into_response(),
+        Err(web_err) => web_err.response_with_access_control_origin_header(),
+    }
 }
 
 /// This is called directly by the resource server, where we then issue
@@ -789,7 +798,7 @@ pub fn route_setup(state: ServerState) -> Router<ServerState> {
         // // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
         .route(
             "/oauth2/openid/:client_id/public_key.jwk",
-            get(oauth2_openid_publickey_get),
+            get(oauth2_openid_publickey_get).options(oauth2_preflight_options),
         )
         // // ⚠️  ⚠️   WARNING  ⚠️  ⚠️
         // // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OAUTH2 DISCOVERY URLS

From a8d149db16c2dfe24a92cdccb1b44a2c60d7bfa4 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Fri, 13 Dec 2024 13:19:10 +1000
Subject: [PATCH 12/87] remove unused webauthn features. (#3286)

While improving the webauthn feature handling yesterday I accidentally left mozilla enabled on linux which doesn't need it and u2fhid on macos.

In the future the plan is to swap fully to u2fhid, but in the mean time we need mozilla for freebsd support. That's something I'll need to work on later with @micolous.
---
 tools/cli/Cargo.toml | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/tools/cli/Cargo.toml b/tools/cli/Cargo.toml
index b5ac95e20..58a0b5128 100644
--- a/tools/cli/Cargo.toml
+++ b/tools/cli/Cargo.toml
@@ -74,29 +74,23 @@ serde_json = { workspace = true }
 uuid = { workspace = true }
 url = { workspace = true }
 
+## See src/cli/webauthn/mod.rs for which features are
+## required for which target_os here
 [target."cfg(target_os = \"windows\")".dependencies.webauthn-authenticator-rs]
 workspace = true
 features = ["win10"]
 
 [target."cfg(target_os = \"linux\")".dependencies.webauthn-authenticator-rs]
 workspace = true
-features = [
-    "u2fhid",
-    "mozilla",
-]
+features = ["u2fhid"]
 
 [target."cfg(target_os = \"macos\")".dependencies.webauthn-authenticator-rs]
 workspace = true
-features = [
-    "u2fhid",
-    "mozilla",
-]
+features = ["mozilla"]
 
 [target."cfg(target_os = \"freebsd\")".dependencies.webauthn-authenticator-rs]
 workspace = true
-features = [
-    "mozilla",
-]
+features = ["mozilla"]
 
 ## Debian packaging
 [package.metadata.deb]

From d62c17cd0e9b14e58e17e64fbd7b17a520f1bcab Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 15 Dec 2024 20:27:40 +0000
Subject: [PATCH 13/87] Bump the all group in /pykanidm with 2 updates (#3293)

Bumps the all group in /pykanidm with 2 updates: [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `pytest-asyncio` from 0.24.0 to 0.25.0
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.24.0...v0.25.0)

Updates `ruff` from 0.8.2 to 0.8.3
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.2...0.8.3)

---
updated-dependencies:
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 52 ++++++++++++++++++++---------------------
 pykanidm/pyproject.toml |  4 ++--
 2 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 2cbcce635..6f8caf724 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand.
 
 [[package]]
 name = "aiohappyeyeballs"
@@ -1774,20 +1774,20 @@ testing = ["coverage (==6.2)", "mypy (==0.931)"]
 
 [[package]]
 name = "pytest-asyncio"
-version = "0.24.0"
+version = "0.25.0"
 description = "Pytest support for asyncio"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.9"
 files = [
-    {file = "pytest_asyncio-0.24.0-py3-none-any.whl", hash = "sha256:a811296ed596b69bf0b6f3dc40f83bcaf341b155a269052d82efa2b25ac7037b"},
-    {file = "pytest_asyncio-0.24.0.tar.gz", hash = "sha256:d081d828e576d85f875399194281e92bf8a68d60d72d1a2faf2feddb6c46b276"},
+    {file = "pytest_asyncio-0.25.0-py3-none-any.whl", hash = "sha256:db5432d18eac6b7e28b46dcd9b69921b55c3b1086e85febfe04e70b18d9e81b3"},
+    {file = "pytest_asyncio-0.25.0.tar.gz", hash = "sha256:8c0610303c9e0442a5db8604505fc0f545456ba1528824842b37b4a626cbf609"},
 ]
 
 [package.dependencies]
 pytest = ">=8.2,<9"
 
 [package.extras]
-docs = ["sphinx (>=5.3)", "sphinx-rtd-theme (>=1.0)"]
+docs = ["sphinx (>=5.3)", "sphinx-rtd-theme (>=1)"]
 testing = ["coverage (>=6.2)", "hypothesis (>=5.7.1)"]
 
 [[package]]
@@ -2135,29 +2135,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.8.2"
+version = "0.8.3"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.8.2-py3-none-linux_armv6l.whl", hash = "sha256:c49ab4da37e7c457105aadfd2725e24305ff9bc908487a9bf8d548c6dad8bb3d"},
-    {file = "ruff-0.8.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:ec016beb69ac16be416c435828be702ee694c0d722505f9c1f35e1b9c0cc1bf5"},
-    {file = "ruff-0.8.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:f05cdf8d050b30e2ba55c9b09330b51f9f97d36d4673213679b965d25a785f3c"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:60f578c11feb1d3d257b2fb043ddb47501ab4816e7e221fbb0077f0d5d4e7b6f"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:cbd5cf9b0ae8f30eebc7b360171bd50f59ab29d39f06a670b3e4501a36ba5897"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b402ddee3d777683de60ff76da801fa7e5e8a71038f57ee53e903afbcefdaa58"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:705832cd7d85605cb7858d8a13d75993c8f3ef1397b0831289109e953d833d29"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:32096b41aaf7a5cc095fa45b4167b890e4c8d3fd217603f3634c92a541de7248"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e769083da9439508833cfc7c23e351e1809e67f47c50248250ce1ac52c21fb93"},
-    {file = "ruff-0.8.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5fe716592ae8a376c2673fdfc1f5c0c193a6d0411f90a496863c99cd9e2ae25d"},
-    {file = "ruff-0.8.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:81c148825277e737493242b44c5388a300584d73d5774defa9245aaef55448b0"},
-    {file = "ruff-0.8.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:d261d7850c8367704874847d95febc698a950bf061c9475d4a8b7689adc4f7fa"},
-    {file = "ruff-0.8.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:1ca4e3a87496dc07d2427b7dd7ffa88a1e597c28dad65ae6433ecb9f2e4f022f"},
-    {file = "ruff-0.8.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:729850feed82ef2440aa27946ab39c18cb4a8889c1128a6d589ffa028ddcfc22"},
-    {file = "ruff-0.8.2-py3-none-win32.whl", hash = "sha256:ac42caaa0411d6a7d9594363294416e0e48fc1279e1b0e948391695db2b3d5b1"},
-    {file = "ruff-0.8.2-py3-none-win_amd64.whl", hash = "sha256:2aae99ec70abf43372612a838d97bfe77d45146254568d94926e8ed5bbb409ea"},
-    {file = "ruff-0.8.2-py3-none-win_arm64.whl", hash = "sha256:fb88e2a506b70cfbc2de6fae6681c4f944f7dd5f2fe87233a7233d888bad73e8"},
-    {file = "ruff-0.8.2.tar.gz", hash = "sha256:b84f4f414dda8ac7f75075c1fa0b905ac0ff25361f42e6d5da681a465e0f78e5"},
+    {file = "ruff-0.8.3-py3-none-linux_armv6l.whl", hash = "sha256:8d5d273ffffff0acd3db5bf626d4b131aa5a5ada1276126231c4174543ce20d6"},
+    {file = "ruff-0.8.3-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:e4d66a21de39f15c9757d00c50c8cdd20ac84f55684ca56def7891a025d7e939"},
+    {file = "ruff-0.8.3-py3-none-macosx_11_0_arm64.whl", hash = "sha256:c356e770811858bd20832af696ff6c7e884701115094f427b64b25093d6d932d"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9c0a60a825e3e177116c84009d5ebaa90cf40dfab56e1358d1df4e29a9a14b13"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:75fb782f4db39501210ac093c79c3de581d306624575eddd7e4e13747e61ba18"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7f26bc76a133ecb09a38b7868737eded6941b70a6d34ef53a4027e83913b6502"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:01b14b2f72a37390c1b13477c1c02d53184f728be2f3ffc3ace5b44e9e87b90d"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:53babd6e63e31f4e96ec95ea0d962298f9f0d9cc5990a1bbb023a6baf2503a82"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1ae441ce4cf925b7f363d33cd6570c51435972d697e3e58928973994e56e1452"},
+    {file = "ruff-0.8.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d7c65bc0cadce32255e93c57d57ecc2cca23149edd52714c0c5d6fa11ec328cd"},
+    {file = "ruff-0.8.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:5be450bb18f23f0edc5a4e5585c17a56ba88920d598f04a06bd9fd76d324cb20"},
+    {file = "ruff-0.8.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:8faeae3827eaa77f5721f09b9472a18c749139c891dbc17f45e72d8f2ca1f8fc"},
+    {file = "ruff-0.8.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:db503486e1cf074b9808403991663e4277f5c664d3fe237ee0d994d1305bb060"},
+    {file = "ruff-0.8.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:6567be9fb62fbd7a099209257fef4ad2c3153b60579818b31a23c886ed4147ea"},
+    {file = "ruff-0.8.3-py3-none-win32.whl", hash = "sha256:19048f2f878f3ee4583fc6cb23fb636e48c2635e30fb2022b3a1cd293402f964"},
+    {file = "ruff-0.8.3-py3-none-win_amd64.whl", hash = "sha256:f7df94f57d7418fa7c3ffb650757e0c2b96cf2501a0b192c18e4fb5571dfada9"},
+    {file = "ruff-0.8.3-py3-none-win_arm64.whl", hash = "sha256:fe2756edf68ea79707c8d68b78ca9a58ed9af22e430430491ee03e718b5e4936"},
+    {file = "ruff-0.8.3.tar.gz", hash = "sha256:5e7558304353b84279042fc584a4f4cb8a07ae79b2bf3da1a7551d960b5626d3"},
 ]
 
 [[package]]
@@ -2414,4 +2414,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "19465d40ffacb007e20b369a30a8209a62413742686ad11679e5d32a658017ca"
+content-hash = "6396dc4ab6d72485a70114af26bcae24c090e264f555cf809ea1c51ac0194212"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index 269058ece..97c2c0db3 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -34,7 +34,7 @@ types-toml = "^0.10.8"
 pylint-pydantic = "^0.3.4"
 coverage = "^7.6.9"
 pylint-pytest = "^1.1.7"
-pytest-asyncio = "^0.24.0"
+pytest-asyncio = "^0.25.0"
 pytest-mock = "^3.14.0"
 pytest-aiohttp = "^1.0.5"
 black = "^24.10.0"
@@ -45,7 +45,7 @@ mkdocstrings-python = "^1.12.2"
 pook = "^2.1.2"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.8.3"
+ruff = ">=0.5.1,<0.8.4"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From 6abdb12e351dc60e6e329c02a40719c5bfd4a8b9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 07:50:01 +1000
Subject: [PATCH 14/87] Bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7
 in the all group (#3295)

Bumps the all group with 1 update: [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action).


Updates `mozilla-actions/sccache-action` from 0.0.6 to 0.0.7
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](https://github.com/mozilla-actions/sccache-action/compare/v0.0.6...v0.0.7)

---
updated-dependencies:
- dependency-name: mozilla-actions/sccache-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/clippy.yml                 | 4 ++--
 .github/workflows/kanidm_individual_book.yml | 2 +-
 .github/workflows/rust_build.yml             | 6 +++---
 .github/workflows/windows_build.yml          | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml
index c28a635ca..a3710d26f 100644
--- a/.github/workflows/clippy.yml
+++ b/.github/workflows/clippy.yml
@@ -19,7 +19,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
       - name: Install dependencies
@@ -39,7 +39,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
       - name: "Run cargo fmt"
diff --git a/.github/workflows/kanidm_individual_book.yml b/.github/workflows/kanidm_individual_book.yml
index 763181979..a9173522d 100644
--- a/.github/workflows/kanidm_individual_book.yml
+++ b/.github/workflows/kanidm_individual_book.yml
@@ -24,7 +24,7 @@ jobs:
         with:
           ref: ${{ inputs.tag }}
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
       - name: Install deps
diff --git a/.github/workflows/rust_build.yml b/.github/workflows/rust_build.yml
index 13e743f65..3bd4983e9 100644
--- a/.github/workflows/rust_build.yml
+++ b/.github/workflows/rust_build.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
 
@@ -74,7 +74,7 @@ jobs:
         with:
           toolchain: ${{ matrix.rust_version }}
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
 
@@ -116,7 +116,7 @@ jobs:
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
 
diff --git a/.github/workflows/windows_build.yml b/.github/workflows/windows_build.yml
index 2737298c0..215d77331 100644
--- a/.github/workflows/windows_build.yml
+++ b/.github/workflows/windows_build.yml
@@ -28,7 +28,7 @@ jobs:
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
       - name: Setup sccache
-        uses: mozilla-actions/sccache-action@v0.0.6
+        uses: mozilla-actions/sccache-action@v0.0.7
         with:
           version: "v0.4.2"
       - run: cargo build -p kanidm_client -p kanidm_tools --bin kanidm

From 6db0cdc345532d48672ce230931b3e0115d50ebb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 15 Dec 2024 22:17:05 +0000
Subject: [PATCH 15/87] Bump the all group with 6 updates (#3294)

Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [chrono](https://github.com/chronotope/chrono) | `0.4.38` | `0.4.39` |
| [libc](https://github.com/rust-lang/libc) | `0.2.167` | `0.2.168` |
| [rustls](https://github.com/rustls/rustls) | `0.23.19` | `0.23.20` |
| [serde](https://github.com/serde-rs/serde) | `1.0.215` | `1.0.216` |
| [tower](https://github.com/tower-rs/tower) | `0.5.1` | `0.5.2` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.2` | `0.21.3` |


Updates `chrono` from 0.4.38 to 0.4.39
- [Release notes](https://github.com/chronotope/chrono/releases)
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md)
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.38...v0.4.39)

Updates `libc` from 0.2.167 to 0.2.168
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.168/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.167...0.2.168)

Updates `rustls` from 0.23.19 to 0.23.20
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.19...v/0.23.20)

Updates `serde` from 1.0.215 to 1.0.216
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.215...v1.0.216)

Updates `tower` from 0.5.1 to 0.5.2
- [Release notes](https://github.com/tower-rs/tower/releases)
- [Commits](https://github.com/tower-rs/tower/compare/tower-0.5.1...tower-0.5.2)

Updates `fantoccini` from 0.21.2 to 0.21.3
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.2...v0.21.3)

---
updated-dependencies:
- dependency-name: chrono
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: libc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tower
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock                | 46 +++++++++++++++++++--------------------
 Cargo.toml                |  8 +++----
 server/core/Cargo.toml    |  2 +-
 server/testkit/Cargo.toml |  2 +-
 4 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index cb638a6cc..be390d35f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -389,7 +389,7 @@ dependencies = [
  "serde_urlencoded",
  "sync_wrapper 1.0.1",
  "tokio",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -452,7 +452,7 @@ dependencies = [
  "multer",
  "pin-project-lite",
  "serde",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-layer",
  "tower-service",
 ]
@@ -773,9 +773,9 @@ checksum = "17cc5e6b5ab06331c33589842070416baa137e8b0eb912b008cfd4a78ada7919"
 
 [[package]]
 name = "chrono"
-version = "0.4.38"
+version = "0.4.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
+checksum = "7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825"
 dependencies = [
  "android-tzdata",
  "iana-time-zone",
@@ -1525,9 +1525,9 @@ dependencies = [
 
 [[package]]
 name = "fantoccini"
-version = "0.21.2"
+version = "0.21.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd52b63e98251013cd5a9e881b9d460fc530e5df4eec58930c9694d6497c53e5"
+checksum = "8e681009c468d99de858e7757b0cfd5f16311ca999b13ccf543c87da3c04c2c5"
 dependencies = [
  "base64 0.22.1",
  "cookie 0.18.1",
@@ -2564,7 +2564,7 @@ dependencies = [
  "http 1.2.0",
  "hyper 1.5.1",
  "hyper-util",
- "rustls 0.23.19",
+ "rustls 0.23.20",
  "rustls-native-certs",
  "rustls-pki-types",
  "tokio",
@@ -3263,7 +3263,7 @@ dependencies = [
  "tokio-openssl",
  "tokio-util",
  "toml",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-http",
  "tracing",
  "url",
@@ -3452,9 +3452,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.167"
+version = "0.2.168"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09d6582e104315a817dff97f75133544b2e094ee22447d2acf4a74e189ba06fc"
+checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d"
 
 [[package]]
 name = "libloading"
@@ -4571,7 +4571,7 @@ dependencies = [
  "quinn-proto",
  "quinn-udp",
  "rustc-hash 2.0.0",
- "rustls 0.23.19",
+ "rustls 0.23.20",
  "socket2",
  "thiserror",
  "tokio",
@@ -4588,7 +4588,7 @@ dependencies = [
  "rand",
  "ring",
  "rustc-hash 2.0.0",
- "rustls 0.23.19",
+ "rustls 0.23.20",
  "slab",
  "thiserror",
  "tinyvec",
@@ -4821,7 +4821,7 @@ dependencies = [
  "percent-encoding",
  "pin-project-lite",
  "quinn",
- "rustls 0.23.19",
+ "rustls 0.23.20",
  "rustls-native-certs",
  "rustls-pemfile 2.2.0",
  "rustls-pki-types",
@@ -4983,9 +4983,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.19"
+version = "0.23.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1"
+checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
 dependencies = [
  "once_cell",
  "ring",
@@ -5179,9 +5179,9 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
 
 [[package]]
 name = "serde"
-version = "1.0.215"
+version = "1.0.216"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"
+checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e"
 dependencies = [
  "serde_derive",
 ]
@@ -5217,9 +5217,9 @@ dependencies = [
 
 [[package]]
 name = "serde_derive"
-version = "1.0.215"
+version = "1.0.216"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
+checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5817,7 +5817,7 @@ version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4"
 dependencies = [
- "rustls 0.23.19",
+ "rustls 0.23.20",
  "rustls-pki-types",
  "tokio",
 ]
@@ -5923,14 +5923,14 @@ dependencies = [
 
 [[package]]
 name = "tower"
-version = "0.5.1"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2873938d487c3cfb9aed7546dc9f2711d867c9f90c46b889989a2cb84eba6b4f"
+checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9"
 dependencies = [
  "futures-core",
  "futures-util",
  "pin-project-lite",
- "sync_wrapper 0.1.2",
+ "sync_wrapper 1.0.1",
  "tokio",
  "tokio-stream",
  "tower-layer",
diff --git a/Cargo.toml b/Cargo.toml
index 9df46e583..f3086d524 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -160,7 +160,7 @@ bytes = "^1.9.0"
 clap = { version = "^4.5.23", features = ["derive", "env"] }
 clap_complete = "^4.5.38"
 # Forced by saffron/cron
-chrono = "^0.4.35"
+chrono = "^0.4.39"
 compact_jwt = { version = "^0.4.2", default-features = false }
 concread = "^0.5.3"
 cron = "0.12.1"
@@ -196,7 +196,7 @@ lazy_static = "^1.5.0"
 ldap3_client = "^0.5.2"
 ldap3_proto = { version = "^0.5.2", features = ["serde"] }
 
-libc = "^0.2.167"
+libc = "^0.2.168"
 libnss = "^0.8.0"
 libsqlite3-sys = "^0.25.2"
 lodepng = "3.10.7"
@@ -239,13 +239,13 @@ reqwest = { version = "0.12.9", default-features = false, features = [
     "rustls-tls-native-roots",
 ] }
 rusqlite = { version = "^0.28.0", features = ["array", "bundled"] }
-rustls = { version = "0.23.19", default-features = false, features = [
+rustls = { version = "0.23.20", default-features = false, features = [
     "aws_lc_rs",
 ] }
 
 sd-notify = "^0.4.3"
 selinux = "^0.4.6"
-serde = "^1.0.215"
+serde = "^1.0.216"
 serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
 serde_json = "^1.0.133"
 serde_urlencoded = "^0.7.1"
diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml
index 417d30623..bfe846abb 100644
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@@ -57,7 +57,7 @@ tokio = { workspace = true, features = ["net", "sync", "io-util", "macros"] }
 tokio-openssl = { workspace = true }
 tokio-util = { workspace = true, features = ["codec"] }
 toml = { workspace = true }
-tower = { version = "0.5.1", features = ["tokio-stream", "tracing"] }
+tower = { version = "0.5.2", features = ["tokio-stream", "tracing"] }
 tower-http = { version = "0.6.2", features = [
     "compression-gzip",
     "fs",
diff --git a/server/testkit/Cargo.toml b/server/testkit/Cargo.toml
index 6ab65a16f..7dae25abc 100644
--- a/server/testkit/Cargo.toml
+++ b/server/testkit/Cargo.toml
@@ -53,7 +53,7 @@ assert_cmd = "2.0.16"
 compact_jwt = { workspace = true }
 escargot = "0.5.13"
 # used for webdriver testing
-fantoccini = { version = "0.21.2" }
+fantoccini = { version = "0.21.3" }
 futures = { workspace = true }
 oauth2_ext = { workspace = true, default-features = false, features = [
     "reqwest",

From 5d75c9b247a0920e1dd6ac08661333cfd8f6f695 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Mon, 16 Dec 2024 09:43:29 +1000
Subject: [PATCH 16/87] Autocomplete password during reauth with TOTP (#3290)

During a re-auth flow, the password was not autocompleted once
totp was autocompleted. This is because in a normal login flow
the autocomplete is performed on the first login.html page,
but in a re-auth we skip that page.

This adds the proper handling to allow the pw to autofill
in the background once the TOTP is completed.
---
 server/core/src/https/views/login.rs  | 29 ++++++++++++++++++++++++++-
 server/core/templates/login.html      |  2 +-
 server/core/templates/login_totp.html | 11 ++++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index ce19a26f5..3b5c2b6ba 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -552,6 +552,8 @@ pub async fn view_login_mech_choose_post(
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct LoginTotpForm {
+    #[serde(default, deserialize_with = "empty_string_as_none")]
+    password: Option<String>,
     totp: String,
 }
 
@@ -560,7 +562,7 @@ pub async fn view_login_totp_post(
     Extension(kopid): Extension<KOpId>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
     DomainInfo(domain_info): DomainInfo,
-    jar: CookieJar,
+    mut jar: CookieJar,
     Form(login_totp_form): Form<LoginTotpForm>,
 ) -> Response {
     // trim leading and trailing white space.
@@ -583,6 +585,31 @@ pub async fn view_login_totp_post(
         }
     };
 
+    // In some flows the PW manager may not have autocompleted the pw until
+    // this point. This could be due to a re-auth flow which skips the username
+    // prompt, the use of remember-me+return which then skips the autocomplete.
+    //
+    // In the case the pw *is* bg filled, we need to add it to the session context
+    // here.
+    //
+    // It's probably not "optimal" to be getting the context out and signing it
+    // here to re-add it, but it also helps keep the flow neater in general.
+
+    if let Some(password_autofill) = login_totp_form.password {
+        let mut session_context =
+            cookies::get_signed::<SessionContext>(&state, &jar, COOKIE_AUTH_SESSION_ID)
+                .unwrap_or_default();
+
+        session_context.password = Some(password_autofill);
+
+        // If we can't write this back to the jar, we warn and move on.
+        if let Ok(update_jar) = add_session_cookie(&state, jar.clone(), &session_context) {
+            jar = update_jar;
+        } else {
+            warn!("Unable to update session_context, ignoring...");
+        }
+    }
+
     let auth_cred = AuthCredential::Totp(totp);
     credential_step(state, kopid, jar, client_auth_info, auth_cred, domain_info).await
 }
diff --git a/server/core/templates/login.html b/server/core/templates/login.html
index 9a5b89e63..74b8e21c4 100644
--- a/server/core/templates/login.html
+++ b/server/core/templates/login.html
@@ -23,7 +23,7 @@
 		/>
 	</div>
 
-	<!-- BEGIN: to work better with password managers -->
+	<!-- BEGIN: allows a password manager to autocomplete these fields in the BG. -->
 	<input
 		class="d-none"
 		id="password"
diff --git a/server/core/templates/login_totp.html b/server/core/templates/login_totp.html
index 5a17dc5cd..4ebcd46fc 100644
--- a/server/core/templates/login_totp.html
+++ b/server/core/templates/login_totp.html
@@ -10,6 +10,17 @@
 (% endmatch %)
 <form id="login" action="/ui/login/totp" method="post">
 	<div class="input-group mb-3">
+		<!-- BEGIN: allows a password manager to autocomplete these fields in the BG. -->
+		<input
+			class="d-none"
+			id="password"
+			name="password"
+			type="password"
+			autocomplete="current-password"
+			value=""
+		/>
+		<!-- END -->
+
 		<input
 			autofocus=true
 			class="autofocus form-control"

From 6c3b8500a230a9c2463ea2d51a3cb93fde7d18c7 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Mon, 16 Dec 2024 10:28:00 +1000
Subject: [PATCH 17/87] Use specific errors for intent token revoked (#3291)

Rather than the generic 'invalid state' error, we now return
proper site-specific errors for credential commit failures, with
error messages to explain what went wrong.
---
 proto/src/internal/error.rs                    | 16 +++++++++++++++-
 server/core/src/https/views/constants.rs       |  2 ++
 server/core/templates/unrecoverable_error.html |  3 ++-
 server/lib/src/idm/credupdatesession.rs        |  7 +++----
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/proto/src/internal/error.rs b/proto/src/internal/error.rs
index 2e2b35872..75a7d5711 100644
--- a/proto/src/internal/error.rs
+++ b/proto/src/internal/error.rs
@@ -152,6 +152,15 @@ pub enum OperationError {
     CU0001WebauthnAttestationNotTrusted,
     CU0002WebauthnRegistrationError,
     CU0003WebauthnUserNotVerified,
+
+    // The session is inconsistent and can't be committed, but the errors
+    // can be resolved.
+    CU0004SessionInconsistent,
+    // Another session used this intent token, and so it can't be committed.
+    CU0005IntentTokenConflict,
+    // The intent token was invalidated before we could commit.
+    CU0006IntentTokenInvalidated,
+
     // ValueSet errors
     VS0001IncomingReplSshPublicKey,
     VS0002CertificatePublicKeyDigest,
@@ -295,7 +304,7 @@ impl Display for OperationError {
 
 impl OperationError {
     /// Return the message associated with the error if there is one.
-    fn message(&self) -> Option<String> {
+    pub fn message(&self) -> Option<String> {
         match self {
             Self::SessionExpired => None,
             Self::EmptyRequest => None,
@@ -364,6 +373,11 @@ impl OperationError {
             Self::CU0001WebauthnAttestationNotTrusted => None,
             Self::CU0002WebauthnRegistrationError => None,
             Self::CU0003WebauthnUserNotVerified => Some("User Verification bit not set while registering credential, you may need to configure a PIN on this device.".into()),
+
+            Self::CU0004SessionInconsistent => Some("The session is unable to be committed due to unresolved warnings.".into()),
+            Self::CU0005IntentTokenConflict => Some("The intent token used to create this session has been reused in another browser/tab and may not proceed.".into()),
+            Self::CU0006IntentTokenInvalidated => Some("The intent token has been invalidated/revoked before the commit could be accepted. Has it been used in another browser or tab?".into()),
+
             Self::DB0001MismatchedRestoreVersion => None,
             Self::DB0002MismatchedRestoreVersion => None,
             Self::DB0003FilterResolveCacheBuild => None,
diff --git a/server/core/src/https/views/constants.rs b/server/core/src/https/views/constants.rs
index d04737ce7..3d3811015 100644
--- a/server/core/src/https/views/constants.rs
+++ b/server/core/src/https/views/constants.rs
@@ -24,6 +24,7 @@ impl std::fmt::Display for UiMessage {
 pub(crate) enum Urls {
     Apps,
     CredReset,
+    CredResetError,
     Profile,
     UpdateCredentials,
     Oauth2Resume,
@@ -36,6 +37,7 @@ impl AsRef<str> for Urls {
         match self {
             Self::Apps => "/ui/apps",
             Self::CredReset => "/ui/reset",
+            Self::CredResetError => "/ui/reset/err",
             Self::Profile => "/ui/profile",
             Self::UpdateCredentials => "/ui/update_credentials",
             Self::Oauth2Resume => "/ui/oauth2/resume",
diff --git a/server/core/templates/unrecoverable_error.html b/server/core/templates/unrecoverable_error.html
index 068d8fc89..39d6b9098 100644
--- a/server/core/templates/unrecoverable_error.html
+++ b/server/core/templates/unrecoverable_error.html
@@ -9,8 +9,9 @@
 	<h2>Error</h2>
 	<main id="main">
 		<p>An unrecoverable error occurred. Please contact your administrator with the details below.</p>
-		<p>Error Code: (( err_code ))</p>
 		<p>Operation ID: (( operation_id ))</p>
+		<p>Error Code: (( err_code ))</p>
+		<a href=((Urls::Ui))>Return</a>
 	</main>
 (% endblock %)
 
diff --git a/server/lib/src/idm/credupdatesession.rs b/server/lib/src/idm/credupdatesession.rs
index 540061480..6e949d207 100644
--- a/server/lib/src/idm/credupdatesession.rs
+++ b/server/lib/src/idm/credupdatesession.rs
@@ -1311,8 +1311,7 @@ impl IdmServerProxyWriteTransaction<'_> {
                 "Session is unable to commit due to: {}",
                 commit_failure_reasons
             );
-            // TODO: perhaps it would be more helpful to add a new operation error that describes what the issue is
-            return Err(OperationError::InvalidState);
+            return Err(OperationError::CU0004SessionInconsistent);
         }
 
         // Setup mods for the various bits. We always assert an *exact* state.
@@ -1339,7 +1338,7 @@ impl IdmServerProxyWriteTransaction<'_> {
                 }) => {
                     if *session_id != session_token.sessionid {
                         security_info!("Session originated from an intent token, but the intent token has initiated a conflicting second update session. Refusing to commit changes.");
-                        return Err(OperationError::InvalidState);
+                        return Err(OperationError::CU0005IntentTokenConflict);
                     } else {
                         *max_ttl
                     }
@@ -1351,7 +1350,7 @@ impl IdmServerProxyWriteTransaction<'_> {
                 })
                 | None => {
                     security_info!("Session originated from an intent token, but the intent token has transitioned to an invalid state. Refusing to commit changes.");
-                    return Err(OperationError::InvalidState);
+                    return Err(OperationError::CU0006IntentTokenInvalidated);
                 }
             };
 

From 7e9c33ab036b71e42a9adfaea12f6f0599b4d3b7 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 17 Dec 2024 11:37:16 +1000
Subject: [PATCH 18/87] Limit OAuth2 resumption to session (#3296)

OAuth2 session resumption was accidentally made a permanent cookie
which led to continuing issues with it causing invalid redirections
after login. Make this a session only cookie.
---
 proto/src/internal/error.rs            | 34 ++++++++++++++------------
 server/core/src/https/views/cookies.rs |  9 -------
 server/core/src/https/views/login.rs   |  7 ++++--
 server/core/src/https/views/oauth2.rs  |  6 ++++-
 4 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/proto/src/internal/error.rs b/proto/src/internal/error.rs
index 75a7d5711..2fe30a42a 100644
--- a/proto/src/internal/error.rs
+++ b/proto/src/internal/error.rs
@@ -268,6 +268,7 @@ pub enum OperationError {
     // Web UI
     UI0001ChallengeSerialisation,
     UI0002InvalidState,
+    UI0003InvalidOauth2Resume,
 
     // Unixd Things
     KU001InitWhileSessionActive,
@@ -457,25 +458,26 @@ impl OperationError {
             Self::SC0009IndexTypeSyntaxInvalid => Some("A SCIM IndexType contained invalid syntax".into()),
             Self::SC0010DateTimeSyntaxInvalid => Some("A SCIM DateTime contained invalid syntax".into()),
 
-    Self::SC0011AddressSyntaxInvalid => Some("A SCIM Address contained invalid syntax".into()),
-    Self::SC0012CertificateSyntaxInvalid => Some("A SCIM Certificate contained invalid binary data".into()),
-    Self::SC0013CertificateInvalidDer => Some("A SCIM Certificate did not contain valid DER".into()),
-    Self::SC0014CertificateInvalidDigest => Some("A SCIM Certificate was unable to be digested".into()),
-    Self::SC0015CredentialTypeSyntaxInvalid => Some("A SCIM CredentialType contained invalid syntax".into()),
-    Self::SC0016InameSyntaxInvalid => Some("A SCIM Iname string contained invalid syntax".into()),
-    Self::SC0017Iutf8SyntaxInvalid => Some("A SCIM Iutf8 string contained invalid syntax".into()),
-    Self::SC0018NsUniqueIdSyntaxInvalid => Some("A SCIM NsUniqueID contained invalid syntax".into()),
-    Self::SC0019Oauth2ScopeSyntaxInvalid => Some("A SCIM Oauth2 Scope contained invalid syntax".into()),
-    Self::SC0020Oauth2ScopeMapSyntaxInvalid => Some("A SCIM Oauth2 Scope Map contained invalid syntax".into()),
-    Self::SC0021Oauth2ScopeMapMissingGroupIdentifier => Some("A SCIM Oauth2 Scope Map was missing a group name or uuid".into()),
-    Self::SC0022Oauth2ClaimMapSyntaxInvalid => Some("A SCIM Oauth2 Claim Map contained invalid syntax".into()),
-    Self::SC0023Oauth2ClaimMapMissingGroupIdentifier => Some("A SCIM Claim Map was missing a group name or uuid".into()),
-    Self::SC0024SshPublicKeySyntaxInvalid => Some("A SCIM Ssh Public Key contained invalid syntax".into()),
-    Self::SC0025UiHintSyntaxInvalid => Some("A SCIM UiHint contained invalid syntax".into()),
-    Self::SC0026Utf8SyntaxInvalid => Some("A SCIM Utf8 String Scope Map contained invalid syntax".into()),
+            Self::SC0011AddressSyntaxInvalid => Some("A SCIM Address contained invalid syntax".into()),
+            Self::SC0012CertificateSyntaxInvalid => Some("A SCIM Certificate contained invalid binary data".into()),
+            Self::SC0013CertificateInvalidDer => Some("A SCIM Certificate did not contain valid DER".into()),
+            Self::SC0014CertificateInvalidDigest => Some("A SCIM Certificate was unable to be digested".into()),
+            Self::SC0015CredentialTypeSyntaxInvalid => Some("A SCIM CredentialType contained invalid syntax".into()),
+            Self::SC0016InameSyntaxInvalid => Some("A SCIM Iname string contained invalid syntax".into()),
+            Self::SC0017Iutf8SyntaxInvalid => Some("A SCIM Iutf8 string contained invalid syntax".into()),
+            Self::SC0018NsUniqueIdSyntaxInvalid => Some("A SCIM NsUniqueID contained invalid syntax".into()),
+            Self::SC0019Oauth2ScopeSyntaxInvalid => Some("A SCIM Oauth2 Scope contained invalid syntax".into()),
+            Self::SC0020Oauth2ScopeMapSyntaxInvalid => Some("A SCIM Oauth2 Scope Map contained invalid syntax".into()),
+            Self::SC0021Oauth2ScopeMapMissingGroupIdentifier => Some("A SCIM Oauth2 Scope Map was missing a group name or uuid".into()),
+            Self::SC0022Oauth2ClaimMapSyntaxInvalid => Some("A SCIM Oauth2 Claim Map contained invalid syntax".into()),
+            Self::SC0023Oauth2ClaimMapMissingGroupIdentifier => Some("A SCIM Claim Map was missing a group name or uuid".into()),
+            Self::SC0024SshPublicKeySyntaxInvalid => Some("A SCIM Ssh Public Key contained invalid syntax".into()),
+            Self::SC0025UiHintSyntaxInvalid => Some("A SCIM UiHint contained invalid syntax".into()),
+            Self::SC0026Utf8SyntaxInvalid => Some("A SCIM Utf8 String Scope Map contained invalid syntax".into()),
 
             Self::UI0001ChallengeSerialisation => Some("The WebAuthn challenge was unable to be serialised.".into()),
             Self::UI0002InvalidState => Some("The credential update process returned an invalid state transition.".into()),
+            Self::UI0003InvalidOauth2Resume => Some("The server attemped to resume OAuth2, but no OAuth2 session is in progress.".into()),
             Self::VL0001ValueSshPublicKeyString => None,
             Self::VS0001IncomingReplSshPublicKey => None,
             Self::VS0002CertificatePublicKeyDigest |
diff --git a/server/core/src/https/views/cookies.rs b/server/core/src/https/views/cookies.rs
index be2f817c8..7b1abc00e 100644
--- a/server/core/src/https/views/cookies.rs
+++ b/server/core/src/https/views/cookies.rs
@@ -10,11 +10,6 @@ pub fn destroy(jar: CookieJar, ck_id: &str) -> CookieJar {
     if let Some(ck) = jar.get(ck_id) {
         let mut ck = ck.clone();
         ck.make_removal();
-        /*
-        if let Some(path) = ck.path().cloned() {
-            ck.set_path(&path);
-        }
-        */
         jar.add(ck)
     } else {
         jar
@@ -37,8 +32,6 @@ pub fn make_unsigned<'a>(
     // then webauthn won't work anyway!
     token_cookie.set_domain(state.domain.clone());
     token_cookie.set_path(path);
-    // These last forever.
-    token_cookie.make_permanent();
     token_cookie
 }
 
@@ -71,8 +64,6 @@ pub fn make_signed<'a, T: Serialize>(
     token_cookie.set_http_only(true);
     token_cookie.set_path(path);
     token_cookie.set_domain(state.domain.clone());
-    // These last forever, we have our own internal expiration handling.
-    token_cookie.make_permanent();
     Some(token_cookie)
 }
 
diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index 3b5c2b6ba..da8d3fee3 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -926,22 +926,25 @@ async fn view_login_step(
 
                         // Important - this can be make unsigned as token_str has it's own
                         // signatures.
-                        let bearer_cookie = cookies::make_unsigned(
+                        let mut bearer_cookie = cookies::make_unsigned(
                             &state,
                             COOKIE_BEARER_TOKEN,
                             token_str.clone(),
                             "/",
                         );
+                        // Important - can be permanent as the token has its own expiration time internally
+                        bearer_cookie.make_permanent();
 
                         jar = if session_context.remember_me {
                             // Important - can be unsigned as username is just for remember
                             // me and no other purpose.
-                            let username_cookie = cookies::make_unsigned(
+                            let mut username_cookie = cookies::make_unsigned(
                                 &state,
                                 COOKIE_USERNAME,
                                 session_context.username.clone(),
                                 Urls::Login.as_ref(),
                             );
+                            username_cookie.make_permanent();
                             jar.add(username_cookie)
                         } else {
                             jar
diff --git a/server/core/src/https/views/oauth2.rs b/server/core/src/https/views/oauth2.rs
index bea06985c..982f2414d 100644
--- a/server/core/src/https/views/oauth2.rs
+++ b/server/core/src/https/views/oauth2.rs
@@ -112,7 +112,7 @@ async fn oauth2_auth_req(
         return (
             jar,
             UnrecoverableErrorView {
-                err_code: OperationError::InvalidState,
+                err_code: OperationError::UI0003InvalidOauth2Resume,
                 operation_id: kopid.eventid,
             },
         )
@@ -176,6 +176,10 @@ async fn oauth2_auth_req(
                 cookies::make_signed(&state, COOKIE_OAUTH2_REQ, &auth_req, Urls::Ui.as_ref())
                     .map(|mut cookie| {
                         cookie.set_same_site(SameSite::Strict);
+                        // Expire at the end of the session.
+                        cookie.set_expires(None);
+                        // Could experiment with this to a shorter value, but session should be enough.
+                        cookie.set_max_age(None);
                         jar.add(cookie)
                     })
                     .ok_or(OperationError::InvalidSessionState);

From eba8dff23a0d84bce78af7aa0f2884d7dbe0ac6e Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 17 Dec 2024 13:08:17 +1000
Subject: [PATCH 19/87] Ignore system users for UPG synthesiseation (#3297)

Our unix resolver would attempt the right thing to synthesise
user private groups on linux as these are an important security
boundary. However, it turns out that almost every distro has
botched their default system user accounts, and many are
installed with numeric-only UPGs that don't resolve. In the
case that later the user does attempt to fix that, because we
synthesised as UPG for the system account, the user trying to
add the UPG would now fail. In some cases this could cause
system updates to be prevented from installing.

This change limits UPG synth to user accounts only (uid > 1000)
which is the common uid boundary on unix-like platforms.
---
 .../resolver/src/idprovider/system.rs         | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/unix_integration/resolver/src/idprovider/system.rs b/unix_integration/resolver/src/idprovider/system.rs
index 3c11c3aff..a73db482c 100644
--- a/unix_integration/resolver/src/idprovider/system.rs
+++ b/unix_integration/resolver/src/idprovider/system.rs
@@ -8,6 +8,9 @@ use kanidm_unix_common::unix_passwd::{CryptPw, EtcGroup, EtcShadow, EtcUser};
 use kanidm_unix_common::unix_proto::PamAuthRequest;
 use kanidm_unix_common::unix_proto::{NssGroup, NssUser};
 
+// The minimum GID that Kanidm will consider for creating a UPG
+const SYSTEM_GID_BOUNDARY: u32 = 1000;
+
 pub struct SystemProviderInternal {
     users: HashMap<Id, Arc<EtcUser>>,
     user_list: Vec<Arc<EtcUser>>,
@@ -223,22 +226,22 @@ impl SystemProvider {
             let uid = Id::Gid(user.uid);
             let gid = Id::Gid(user.gid);
 
-            if user.uid != user.gid {
-                error!(name = %user.name, uid = %user.uid, gid = %user.gid, "user uid and gid are not the same, this may be a security risk!");
-            }
-
             // Security checks.
-            if let Some(group) = system_ids_txn.groups.get(&gid) {
+            if user.uid != user.gid {
+                warn!(name = %user.name, uid = %user.uid, gid = %user.gid, "user uid and gid are not the same, this may be a security risk!");
+            } else if let Some(group) = system_ids_txn.groups.get(&gid) {
                 if group.name != user.name {
-                    error!(name = %user.name, uid = %user.uid, gid = %user.gid, "user private group does not appear to have the same name as the user, this may be a security risk!");
+                    warn!(name = %user.name, uid = %user.uid, gid = %user.gid, "user private group does not appear to have the same name as the user, this may be a security risk!");
                 }
                 if !(group.members.is_empty()
                     || (group.members.len() == 1 && group.members.first() == Some(&user.name)))
                 {
-                    error!(name = %user.name, uid = %user.uid, gid = %user.gid, members = ?group.members, "user private group must not have members, THIS IS A SECURITY RISK!");
+                    warn!(name = %user.name, uid = %user.uid, gid = %user.gid, members = ?group.members, "user private group must not have members, THIS IS A SECURITY RISK!");
                 }
+            } else if user.uid < SYSTEM_GID_BOUNDARY {
+                warn!(name = %user.name, uid = %user.uid, gid = %user.gid, "user private group is not present on system, ignoring as this is a system account.");
             } else {
-                info!(name = %user.name, uid = %user.uid, gid = %user.gid, "user private group is not present on system, synthesising it");
+                info!(name = %user.name, uid = %user.uid, gid = %user.gid, "user private group is not present on system, synthesising it.");
                 let group = Arc::new(EtcGroup {
                     name: user.name.clone(),
                     password: String::new(),

From 0b2f349aec55098e5794ca136cdfed702dba8723 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 17 Dec 2024 14:18:30 +1000
Subject: [PATCH 20/87] SCIM Sync Missing Annotation (#3300)

A missing serde annotion in SCIM Sync caused groups to fail to
sync unless they had a description. This resolves the failure
by adding the correct annotation to skip None fields in groups.
---
 proto/src/scim_v1/synch.rs               | 1 +
 tools/iam_migrations/freeipa/src/main.rs | 2 +-
 tools/iam_migrations/ldap/src/main.rs    | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/proto/src/scim_v1/synch.rs b/proto/src/scim_v1/synch.rs
index 37e014d29..24a3adb81 100644
--- a/proto/src/scim_v1/synch.rs
+++ b/proto/src/scim_v1/synch.rs
@@ -220,6 +220,7 @@ pub struct ScimExternalMember {
     pub external_id: String,
 }
 
+#[skip_serializing_none]
 #[derive(Serialize, Deserialize, Debug, Clone)]
 #[serde(rename_all = "snake_case")]
 pub struct ScimSyncGroup {
diff --git a/tools/iam_migrations/freeipa/src/main.rs b/tools/iam_migrations/freeipa/src/main.rs
index fe19bc8ac..24f621c45 100644
--- a/tools/iam_migrations/freeipa/src/main.rs
+++ b/tools/iam_migrations/freeipa/src/main.rs
@@ -942,7 +942,7 @@ fn ipa_to_scim_entry(
             .build();
 
         let scim_entry_generic: ScimEntry = scim_sync_person.try_into().map_err(|json_err| {
-            error!(?json_err, "Unable to convert group to scim_sync_group");
+            error!(?json_err, "Unable to convert person to scim_sync_person");
         })?;
 
         Ok(Some(scim_entry_generic))
diff --git a/tools/iam_migrations/ldap/src/main.rs b/tools/iam_migrations/ldap/src/main.rs
index b912d5240..05e939632 100644
--- a/tools/iam_migrations/ldap/src/main.rs
+++ b/tools/iam_migrations/ldap/src/main.rs
@@ -633,7 +633,7 @@ fn ldap_to_scim_entry(
             .build();
 
         let scim_entry_generic: ScimEntry = scim_sync_person.try_into().map_err(|json_err| {
-            error!(?json_err, "Unable to convert group to scim_sync_group");
+            error!(?json_err, "Unable to convert person to scim_sync_person");
         })?;
 
         Ok(Some(scim_entry_generic))

From 44e7348f3bf7f2491c96503bf53e553345be80b0 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 17 Dec 2024 16:57:26 +1000
Subject: [PATCH 21/87] Incorrect member name in groups (#3302)

Member was accidentally set to members which prevented
group synchronisation.
---
 proto/src/scim_v1/synch.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/proto/src/scim_v1/synch.rs b/proto/src/scim_v1/synch.rs
index 24a3adb81..ac359c5da 100644
--- a/proto/src/scim_v1/synch.rs
+++ b/proto/src/scim_v1/synch.rs
@@ -230,7 +230,7 @@ pub struct ScimSyncGroup {
     pub name: String,
     pub description: Option<String>,
     pub gidnumber: Option<u32>,
-    pub members: Vec<ScimExternalMember>,
+    pub member: Vec<ScimExternalMember>,
 }
 
 impl TryInto<ScimEntry> for ScimSyncGroup {
@@ -260,7 +260,7 @@ impl ScimSyncGroup {
                 name,
                 description: None,
                 gidnumber: None,
-                members: Vec::with_capacity(0),
+                member: Vec::with_capacity(0),
             },
         }
     }
@@ -289,7 +289,7 @@ impl ScimSyncGroupBuilder {
     where
         I: Iterator<Item = String>,
     {
-        self.inner.members = member_iter
+        self.inner.member = member_iter
             .map(|external_id| ScimExternalMember { external_id })
             .collect();
         self

From 1fbbf323fa8f57538dca3f69aae6bd7e258c6488 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 18 Dec 2024 17:43:56 +1000
Subject: [PATCH 22/87] Allow reseting account policy values to defaults
 (#3306)

* Allow reseting account policy values to defaults

This allows the admin cli to reset account policy values to
defaults by clearing them. Due to how account policy resolves
a lack of value implies the default.
---
 libs/client/src/group.rs                  | 57 +++++++++++++++++
 tools/cli/src/cli/group/account_policy.rs | 76 +++++++++++++++++++++++
 tools/cli/src/opt/kanidm.rs               | 50 +++++++++++++++
 3 files changed, 183 insertions(+)

diff --git a/libs/client/src/group.rs b/libs/client/src/group.rs
index a1d426fa4..a33b98554 100644
--- a/libs/client/src/group.rs
+++ b/libs/client/src/group.rs
@@ -37,6 +37,14 @@ impl KanidmClient {
         .await
     }
 
+    pub async fn group_account_policy_authsession_expiry_reset(
+        &self,
+        id: &str,
+    ) -> Result<(), ClientError> {
+        self.perform_delete_request(&format!("/v1/group/{}/_attr/authsession_expiry", id))
+            .await
+    }
+
     pub async fn group_account_policy_credential_type_minimum_set(
         &self,
         id: &str,
@@ -61,6 +69,17 @@ impl KanidmClient {
         .await
     }
 
+    pub async fn group_account_policy_password_minimum_length_reset(
+        &self,
+        id: &str,
+    ) -> Result<(), ClientError> {
+        self.perform_delete_request(&format!(
+            "/v1/group/{}/_attr/auth_password_minimum_length",
+            id
+        ))
+        .await
+    }
+
     pub async fn group_account_policy_privilege_expiry_set(
         &self,
         id: &str,
@@ -73,6 +92,14 @@ impl KanidmClient {
         .await
     }
 
+    pub async fn group_account_policy_privilege_expiry_reset(
+        &self,
+        id: &str,
+    ) -> Result<(), ClientError> {
+        self.perform_delete_request(&format!("/v1/group/{}/_attr/privilege_expiry", id))
+            .await
+    }
+
     pub async fn group_account_policy_webauthn_attestation_set(
         &self,
         id: &str,
@@ -85,6 +112,17 @@ impl KanidmClient {
         .await
     }
 
+    pub async fn group_account_policy_webauthn_attestation_reset(
+        &self,
+        id: &str,
+    ) -> Result<(), ClientError> {
+        self.perform_delete_request(&format!(
+            "/v1/group/{}/_attr/webauthn_attestation_ca_list",
+            id
+        ))
+        .await
+    }
+
     pub async fn group_account_policy_limit_search_max_results(
         &self,
         id: &str,
@@ -97,6 +135,14 @@ impl KanidmClient {
         .await
     }
 
+    pub async fn group_account_policy_limit_search_max_results_reset(
+        &self,
+        id: &str,
+    ) -> Result<(), ClientError> {
+        self.perform_delete_request(&format!("/v1/group/{}/_attr/limit_search_max_results", id))
+            .await
+    }
+
     pub async fn group_account_policy_limit_search_max_filter_test(
         &self,
         id: &str,
@@ -109,6 +155,17 @@ impl KanidmClient {
         .await
     }
 
+    pub async fn group_account_policy_limit_search_max_filter_test_reset(
+        &self,
+        id: &str,
+    ) -> Result<(), ClientError> {
+        self.perform_delete_request(&format!(
+            "/v1/group/{}/_attr/limit_search_max_filter_test",
+            id
+        ))
+        .await
+    }
+
     pub async fn group_account_policy_allow_primary_cred_fallback(
         &self,
         id: &str,
diff --git a/tools/cli/src/cli/group/account_policy.rs b/tools/cli/src/cli/group/account_policy.rs
index 1f5b6603d..d90aecc1e 100644
--- a/tools/cli/src/cli/group/account_policy.rs
+++ b/tools/cli/src/cli/group/account_policy.rs
@@ -12,6 +12,12 @@ impl GroupAccountPolicyOpt {
             | GroupAccountPolicyOpt::LimitSearchMaxResults { copt, .. }
             | GroupAccountPolicyOpt::LimitSearchMaxFilterTest { copt, .. }
             | GroupAccountPolicyOpt::AllowPrimaryCredFallback { copt, .. }
+            | GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { copt, .. }
+            | GroupAccountPolicyOpt::ResetAuthSessionExpiry { copt, .. }
+            | GroupAccountPolicyOpt::ResetPasswordMinimumLength { copt, .. }
+            | GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { copt, .. }
+            | GroupAccountPolicyOpt::ResetLimitSearchMaxResults { copt, .. }
+            | GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { copt, .. }
             | GroupAccountPolicyOpt::PrivilegedSessionExpiry { copt, .. } => copt.debug,
         }
     }
@@ -37,6 +43,19 @@ impl GroupAccountPolicyOpt {
                     println!("Updated authsession expiry.");
                 }
             }
+
+            GroupAccountPolicyOpt::ResetAuthSessionExpiry { name, copt } => {
+                let client = copt.to_client(OpType::Write).await;
+                if let Err(e) = client
+                    .group_account_policy_authsession_expiry_reset(name)
+                    .await
+                {
+                    handle_client_error(e, copt.output_mode);
+                } else {
+                    println!("Successfully reset authsession expiry.");
+                }
+            }
+
             GroupAccountPolicyOpt::CredentialTypeMinimum { name, value, copt } => {
                 let client = copt.to_client(OpType::Write).await;
                 if let Err(e) = client
@@ -59,6 +78,17 @@ impl GroupAccountPolicyOpt {
                     println!("Updated password minimum length.");
                 }
             }
+            GroupAccountPolicyOpt::ResetPasswordMinimumLength { name, copt } => {
+                let client = copt.to_client(OpType::Write).await;
+                if let Err(e) = client
+                    .group_account_policy_password_minimum_length_reset(name)
+                    .await
+                {
+                    handle_client_error(e, copt.output_mode);
+                } else {
+                    println!("Successfully reset password minimum length.");
+                }
+            }
             GroupAccountPolicyOpt::PrivilegedSessionExpiry { name, expiry, copt } => {
                 let client = copt.to_client(OpType::Write).await;
                 if let Err(e) = client
@@ -70,6 +100,17 @@ impl GroupAccountPolicyOpt {
                     println!("Updated privilege session expiry.");
                 }
             }
+            GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { name, copt } => {
+                let client = copt.to_client(OpType::Write).await;
+                if let Err(e) = client
+                    .group_account_policy_privilege_expiry_reset(name)
+                    .await
+                {
+                    handle_client_error(e, copt.output_mode);
+                } else {
+                    println!("Successfully reset privilege session expiry.");
+                }
+            }
             GroupAccountPolicyOpt::WebauthnAttestationCaList {
                 name,
                 attestation_ca_list_json,
@@ -85,6 +126,19 @@ impl GroupAccountPolicyOpt {
                     println!("Updated webauthn attestation CA list.");
                 }
             }
+
+            GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { name, copt } => {
+                let client = copt.to_client(OpType::Write).await;
+                if let Err(e) = client
+                    .group_account_policy_webauthn_attestation_reset(name)
+                    .await
+                {
+                    handle_client_error(e, copt.output_mode);
+                } else {
+                    println!("Successfully reset webauthn attestation CA list.");
+                }
+            }
+
             GroupAccountPolicyOpt::LimitSearchMaxResults {
                 name,
                 maximum,
@@ -100,6 +154,17 @@ impl GroupAccountPolicyOpt {
                     println!("Updated search maximum results limit.");
                 }
             }
+            GroupAccountPolicyOpt::ResetLimitSearchMaxResults { name, copt } => {
+                let client = copt.to_client(OpType::Write).await;
+                if let Err(e) = client
+                    .group_account_policy_limit_search_max_results_reset(name)
+                    .await
+                {
+                    handle_client_error(e, copt.output_mode);
+                } else {
+                    println!("Successfully reset search maximum results limit to default.");
+                }
+            }
             GroupAccountPolicyOpt::LimitSearchMaxFilterTest {
                 name,
                 maximum,
@@ -115,6 +180,17 @@ impl GroupAccountPolicyOpt {
                     println!("Updated search maximum filter test limit.");
                 }
             }
+            GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { name, copt } => {
+                let client = copt.to_client(OpType::Write).await;
+                if let Err(e) = client
+                    .group_account_policy_limit_search_max_filter_test_reset(name)
+                    .await
+                {
+                    handle_client_error(e, copt.output_mode);
+                } else {
+                    println!("Successfully reset search maximum filter test limit.");
+                }
+            }
             GroupAccountPolicyOpt::AllowPrimaryCredFallback { name, allow, copt } => {
                 let client = copt.to_client(OpType::Write).await;
                 if let Err(e) = client
diff --git a/tools/cli/src/opt/kanidm.rs b/tools/cli/src/opt/kanidm.rs
index a1f27f83c..7515205d0 100644
--- a/tools/cli/src/opt/kanidm.rs
+++ b/tools/cli/src/opt/kanidm.rs
@@ -197,6 +197,8 @@ pub enum GroupAccountPolicyOpt {
         #[clap(flatten)]
         copt: CommonOpt,
     },
+
+
     /// Set the maximum time for privilege session expiry in seconds.
     #[clap(name = "privilege-expiry")]
     PrivilegedSessionExpiry {
@@ -205,6 +207,8 @@ pub enum GroupAccountPolicyOpt {
         #[clap(flatten)]
         copt: CommonOpt,
     },
+
+
     /// The WebAuthn attestation CA list that should be enforced
     /// on members of this group. Prevents use of passkeys that are
     /// not in this list. To create this list, use `fido-mds-tool`
@@ -216,6 +220,7 @@ pub enum GroupAccountPolicyOpt {
         #[clap(flatten)]
         copt: CommonOpt,
     },
+
     /// Sets the maximum number of entries that may be returned in a
     /// search operation.
     #[clap(name = "limit-search-max-results")]
@@ -245,6 +250,51 @@ pub enum GroupAccountPolicyOpt {
         #[clap(flatten)]
         copt: CommonOpt,
     },
+
+    /// Reset the maximum time for session expiry to its default value
+    #[clap(name = "reset-auth-expiry")]
+    ResetAuthSessionExpiry {
+        name: String,
+        #[clap(flatten)]
+        copt: CommonOpt,
+    },
+    /// Reset the minimum character length of passwords to its default value.
+    #[clap(name = "reset-password-minimum-length")]
+    ResetPasswordMinimumLength {
+        name: String,
+        #[clap(flatten)]
+        copt: CommonOpt,
+    },
+    /// Reset the maximum time for privilege session expiry to its default value.
+    #[clap(name = "reset-privilege-expiry")]
+    ResetPrivilegedSessionExpiry {
+        name: String,
+        #[clap(flatten)]
+        copt: CommonOpt,
+    },
+    /// Reset the WebAuthn attestation CA list to its default value
+    /// allowing any passkey to be used by members of this group.
+    #[clap(name = "reset-webauthn-attestation-ca-list")]
+    ResetWebauthnAttestationCaList {
+        name: String,
+        #[clap(flatten)]
+        copt: CommonOpt,
+    },
+    /// Reset the searche maxmium results limit to its default value.
+    #[clap(name = "reset-limit-search-max-results")]
+    ResetLimitSearchMaxResults {
+        name: String,
+        #[clap(flatten)]
+        copt: CommonOpt,
+    },
+    /// Reset the max filter test limit to its default value.
+    #[clap(name = "reset-limit-search-max-filter-test")]
+    ResetLimitSearchMaxFilterTest {
+        name: String,
+        #[clap(flatten)]
+        copt: CommonOpt,
+    },
+
 }
 
 #[derive(Debug, Subcommand)]

From 50a7d9d700a98dc57e5224d95efda73eeff3b2d9 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 19 Dec 2024 13:30:35 +1000
Subject: [PATCH 23/87] Allow opt-in of easter eggs (#3308)

So that we can start to add some more easter eggs to the server,
we also need to respect user preferences that may not want them.

This adds a configuration setting to the domain allowing a release
build to opt-in to easter eggs, and development builds to opt-out
of them.
---
 libs/client/src/domain.rs           |  9 +++++
 proto/src/attribute.rs              |  3 ++
 proto/src/constants.rs              |  1 +
 server/lib/src/constants/acp.rs     | 58 +++++++++++++++++++++++++++++
 server/lib/src/constants/schema.rs  | 32 ++++++++++++++++
 server/lib/src/constants/uuids.rs   |  2 +
 server/lib/src/server/migrations.rs |  3 ++
 server/lib/src/server/mod.rs        | 12 ++++++
 tools/cli/src/cli/domain/mod.rs     | 14 +++++++
 tools/cli/src/opt/kanidm.rs         |  9 +++++
 10 files changed, 143 insertions(+)

diff --git a/libs/client/src/domain.rs b/libs/client/src/domain.rs
index 50457e647..f0c766658 100644
--- a/libs/client/src/domain.rs
+++ b/libs/client/src/domain.rs
@@ -1,4 +1,5 @@
 use crate::{ClientError, KanidmClient};
+use kanidm_proto::constants::ATTR_DOMAIN_ALLOW_EASTER_EGGS;
 use kanidm_proto::internal::ImageValue;
 use reqwest::multipart;
 
@@ -8,6 +9,14 @@ impl KanidmClient {
         self.perform_delete_request("/v1/domain/_image").await
     }
 
+    pub async fn idm_set_domain_allow_easter_eggs(&self, enable: bool) -> Result<(), ClientError> {
+        self.perform_put_request(
+            &format!("{}{}", "/v1/domain/_attr/", ATTR_DOMAIN_ALLOW_EASTER_EGGS),
+            vec![enable.to_string()],
+        )
+        .await
+    }
+
     /// Add or update the domain logo/image
     pub async fn idm_domain_update_image(&self, image: ImageValue) -> Result<(), ClientError> {
         let file_content_type = image.filetype.as_content_type_str();
diff --git a/proto/src/attribute.rs b/proto/src/attribute.rs
index 9e25c103b..f0c00e907 100644
--- a/proto/src/attribute.rs
+++ b/proto/src/attribute.rs
@@ -53,6 +53,7 @@ pub enum Attribute {
     DisplayName,
     Dn,
     Domain,
+    DomainAllowEasterEggs,
     DomainDevelopmentTaint,
     DomainDisplayName,
     DomainLdapBasedn,
@@ -282,6 +283,7 @@ impl Attribute {
             Attribute::DisplayName => ATTR_DISPLAYNAME,
             Attribute::Dn => ATTR_DN,
             Attribute::Domain => ATTR_DOMAIN,
+            Attribute::DomainAllowEasterEggs => ATTR_DOMAIN_ALLOW_EASTER_EGGS,
             Attribute::DomainDevelopmentTaint => ATTR_DOMAIN_DEVELOPMENT_TAINT,
             Attribute::DomainDisplayName => ATTR_DOMAIN_DISPLAY_NAME,
             Attribute::DomainLdapBasedn => ATTR_DOMAIN_LDAP_BASEDN,
@@ -464,6 +466,7 @@ impl Attribute {
             ATTR_DISPLAYNAME => Attribute::DisplayName,
             ATTR_DN => Attribute::Dn,
             ATTR_DOMAIN => Attribute::Domain,
+            ATTR_DOMAIN_ALLOW_EASTER_EGGS => Attribute::DomainAllowEasterEggs,
             ATTR_DOMAIN_DISPLAY_NAME => Attribute::DomainDisplayName,
             ATTR_DOMAIN_DEVELOPMENT_TAINT => Attribute::DomainDevelopmentTaint,
             ATTR_DOMAIN_LDAP_BASEDN => Attribute::DomainLdapBasedn,
diff --git a/proto/src/constants.rs b/proto/src/constants.rs
index b1ed216a9..c6d8b3b0a 100644
--- a/proto/src/constants.rs
+++ b/proto/src/constants.rs
@@ -89,6 +89,7 @@ pub const ATTR_DESCRIPTION: &str = "description";
 pub const ATTR_DIRECTMEMBEROF: &str = "directmemberof";
 pub const ATTR_DISPLAYNAME: &str = "displayname";
 pub const ATTR_DN: &str = "dn";
+pub const ATTR_DOMAIN_ALLOW_EASTER_EGGS: &str = "domain_allow_easter_eggs";
 pub const ATTR_DOMAIN_DEVELOPMENT_TAINT: &str = "domain_development_taint";
 pub const ATTR_DOMAIN_DISPLAY_NAME: &str = "domain_display_name";
 pub const ATTR_DOMAIN_LDAP_BASEDN: &str = "domain_ldap_basedn";
diff --git a/server/lib/src/constants/acp.rs b/server/lib/src/constants/acp.rs
index 5868832e5..7c0487745 100644
--- a/server/lib/src/constants/acp.rs
+++ b/server/lib/src/constants/acp.rs
@@ -1129,6 +1129,64 @@ lazy_static! {
     };
 }
 
+lazy_static! {
+    pub static ref IDM_ACP_DOMAIN_ADMIN_DL9: BuiltinAcp = BuiltinAcp {
+        classes: vec![
+            EntryClass::Object,
+            EntryClass::AccessControlProfile,
+            EntryClass::AccessControlModify,
+            EntryClass::AccessControlSearch
+        ],
+        name: "idm_acp_domain_admin",
+        uuid: UUID_IDM_ACP_DOMAIN_ADMIN_V1,
+        description: "Builtin IDM Control for granting domain info administration locally",
+        receiver: BuiltinAcpReceiver::Group(vec![UUID_DOMAIN_ADMINS]),
+        target: BuiltinAcpTarget::Filter(ProtoFilter::And(vec![
+            ProtoFilter::Eq(
+                Attribute::Uuid.to_string(),
+                STR_UUID_DOMAIN_INFO.to_string()
+            ),
+            FILTER_ANDNOT_TOMBSTONE_OR_RECYCLED.clone()
+        ])),
+        search_attrs: vec![
+            Attribute::Class,
+            Attribute::Name,
+            Attribute::Uuid,
+            Attribute::DomainAllowEasterEggs,
+            Attribute::DomainDisplayName,
+            Attribute::DomainName,
+            Attribute::DomainLdapBasedn,
+            Attribute::DomainSsid,
+            Attribute::DomainUuid,
+            Attribute::KeyInternalData,
+            Attribute::LdapAllowUnixPwBind,
+            Attribute::Version,
+            Attribute::Image,
+        ],
+        modify_removed_attrs: vec![
+            Attribute::DomainDisplayName,
+            Attribute::DomainSsid,
+            Attribute::DomainLdapBasedn,
+            Attribute::DomainAllowEasterEggs,
+            Attribute::LdapAllowUnixPwBind,
+            Attribute::KeyActionRevoke,
+            Attribute::KeyActionRotate,
+            Attribute::Image,
+        ],
+        modify_present_attrs: vec![
+            Attribute::DomainDisplayName,
+            Attribute::DomainLdapBasedn,
+            Attribute::DomainSsid,
+            Attribute::DomainAllowEasterEggs,
+            Attribute::LdapAllowUnixPwBind,
+            Attribute::KeyActionRevoke,
+            Attribute::KeyActionRotate,
+            Attribute::Image,
+        ],
+        ..Default::default()
+    };
+}
+
 lazy_static! {
     pub static ref IDM_ACP_SYNC_ACCOUNT_MANAGE_V1: BuiltinAcp = BuiltinAcp {
         classes: vec![
diff --git a/server/lib/src/constants/schema.rs b/server/lib/src/constants/schema.rs
index 19a9d9907..a5d943e34 100644
--- a/server/lib/src/constants/schema.rs
+++ b/server/lib/src/constants/schema.rs
@@ -770,6 +770,14 @@ pub static ref SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT_DL7: SchemaAttribute = Schem
     ..Default::default()
 };
 
+pub static ref SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS_DL9: SchemaAttribute = SchemaAttribute {
+    uuid: UUID_SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS,
+    name: Attribute::DomainAllowEasterEggs,
+    description: "A flag to enable easter eggs in the server that may not always be wanted by all users/deployments.".to_string(),
+    syntax: SyntaxType::Boolean,
+    ..Default::default()
+};
+
 pub static ref SCHEMA_ATTR_REFERS_DL7: SchemaAttribute = SchemaAttribute {
     uuid: UUID_SCHEMA_ATTR_REFERS,
     name: Attribute::Refers,
@@ -1177,6 +1185,30 @@ pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL8: SchemaClass = SchemaClass {
     ..Default::default()
 };
 
+pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL9: SchemaClass = SchemaClass {
+    uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
+    name: EntryClass::DomainInfo.into(),
+    description: "Local domain information and configuration".to_string(),
+
+    systemmay: vec![
+        Attribute::DomainSsid,
+        Attribute::DomainLdapBasedn,
+        Attribute::LdapAllowUnixPwBind,
+        Attribute::Image,
+        Attribute::PatchLevel,
+        Attribute::DomainDevelopmentTaint,
+        Attribute::DomainAllowEasterEggs,
+    ],
+    systemmust: vec![
+        Attribute::Name,
+        Attribute::DomainUuid,
+        Attribute::DomainName,
+        Attribute::DomainDisplayName,
+        Attribute::Version,
+    ],
+    ..Default::default()
+};
+
 pub static ref SCHEMA_CLASS_POSIXGROUP: SchemaClass = SchemaClass {
     uuid: UUID_SCHEMA_CLASS_POSIXGROUP,
     name: EntryClass::PosixGroup.into(),
diff --git a/server/lib/src/constants/uuids.rs b/server/lib/src/constants/uuids.rs
index f92e39389..708cd218b 100644
--- a/server/lib/src/constants/uuids.rs
+++ b/server/lib/src/constants/uuids.rs
@@ -321,6 +321,8 @@ pub const UUID_SCHEMA_ATTR_APPLICATION_PASSWORD: Uuid =
 pub const UUID_SCHEMA_ATTR_CREATED_AT_CID: Uuid = uuid!("00000000-0000-0000-0000-ffff00000184");
 pub const UUID_SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK: Uuid =
     uuid!("00000000-0000-0000-0000-ffff00000185");
+pub const UUID_SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS: Uuid =
+    uuid!("00000000-0000-0000-0000-ffff00000186");
 
 // System and domain infos
 // I'd like to strongly criticise william of the past for making poor choices about these allocations.
diff --git a/server/lib/src/server/migrations.rs b/server/lib/src/server/migrations.rs
index e9fb0668b..b402df520 100644
--- a/server/lib/src/server/migrations.rs
+++ b/server/lib/src/server/migrations.rs
@@ -647,7 +647,9 @@ impl QueryServerWriteTransaction<'_> {
         // Now update schema
         let idm_schema_changes = [
             SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE_DL9.clone().into(),
+            SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS_DL9.clone().into(),
             SCHEMA_CLASS_OAUTH2_RS_DL9.clone().into(),
+            SCHEMA_CLASS_DOMAIN_INFO_DL9.clone().into(),
         ];
 
         idm_schema_changes
@@ -663,6 +665,7 @@ impl QueryServerWriteTransaction<'_> {
         let idm_data = [
             IDM_ACP_OAUTH2_MANAGE_DL9.clone().into(),
             IDM_ACP_GROUP_MANAGE_DL9.clone().into(),
+            IDM_ACP_DOMAIN_ADMIN_DL9.clone().into(),
         ];
 
         idm_data
diff --git a/server/lib/src/server/mod.rs b/server/lib/src/server/mod.rs
index a4bfec94f..f8ab0fc81 100644
--- a/server/lib/src/server/mod.rs
+++ b/server/lib/src/server/mod.rs
@@ -79,6 +79,7 @@ pub struct DomainInfo {
     pub(crate) d_patch_level: u32,
     pub(crate) d_devel_taint: bool,
     pub(crate) d_ldap_allow_unix_pw_bind: bool,
+    pub(crate) d_allow_easter_eggs: bool,
     // In future this should be image reference instead of the image itself.
     d_image: Option<ImageValue>,
 }
@@ -103,6 +104,10 @@ impl DomainInfo {
     pub fn has_custom_image(&self) -> bool {
         self.d_image.is_some()
     }
+
+    pub fn allow_easter_eggs(&self) -> bool {
+        self.d_allow_easter_eggs
+    }
 }
 
 #[derive(Debug, Clone, PartialEq, Eq, Default)]
@@ -1657,6 +1662,7 @@ impl QueryServer {
             // Automatically derive our current taint mode based on the PRERELEASE setting.
             d_devel_taint: option_env!("KANIDM_PRE_RELEASE").is_some(),
             d_ldap_allow_unix_pw_bind: false,
+            d_allow_easter_eggs: false,
             d_image: None,
         }));
 
@@ -2284,6 +2290,11 @@ impl<'a> QueryServerWriteTransaction<'a> {
                 .get_ava_single_bool(Attribute::DomainDevelopmentTaint)
                 .unwrap_or_default();
 
+        let domain_allow_easter_eggs = domain_info
+            .get_ava_single_bool(Attribute::DomainAllowEasterEggs)
+            // This defaults to false for release versions, and true in development
+            .unwrap_or(option_env!("KANIDM_PRE_RELEASE").is_some());
+
         // We have to set the domain version here so that features which check for it
         // will now see it's been increased. This also prevents recursion during reloads
         // inside of a domain migration.
@@ -2293,6 +2304,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
         mut_d_info.d_vers = domain_info_version;
         mut_d_info.d_patch_level = domain_info_patch_level;
         mut_d_info.d_devel_taint = domain_info_devel_taint;
+        mut_d_info.d_allow_easter_eggs = domain_allow_easter_eggs;
 
         // We must both be at the correct domain version *and* the correct patch level. If we are
         // not, then we only proceed to migrate *if* our server boot phase is correct.
diff --git a/tools/cli/src/cli/domain/mod.rs b/tools/cli/src/cli/domain/mod.rs
index 9ad264d0a..70067a50d 100644
--- a/tools/cli/src/cli/domain/mod.rs
+++ b/tools/cli/src/cli/domain/mod.rs
@@ -12,6 +12,7 @@ impl DomainOpt {
             | DomainOpt::SetImage { copt, .. }
             | DomainOpt::RemoveImage { copt }
             | DomainOpt::SetLdapAllowUnixPasswordBind { copt, .. }
+            | DomainOpt::SetAllowEasterEggs { copt, .. }
             | DomainOpt::RevokeKey { copt, .. }
             | DomainOpt::Show(copt) => copt.debug,
         }
@@ -51,6 +52,19 @@ impl DomainOpt {
                     Err(e) => handle_client_error(e, copt.output_mode),
                 }
             }
+            DomainOpt::SetAllowEasterEggs { copt, enable } => {
+                let client = copt.to_client(OpType::Write).await;
+                match client.idm_set_domain_allow_easter_eggs(*enable).await {
+                    Ok(_) => {
+                        if *enable {
+                            println!("Success 🎉 🥚 🎉")
+                        } else {
+                            println!("Success")
+                        }
+                    }
+                    Err(e) => handle_client_error(e, copt.output_mode),
+                }
+            }
             DomainOpt::Show(copt) => {
                 let client = copt.to_client(OpType::Read).await;
                 match client.idm_domain_get().await {
diff --git a/tools/cli/src/opt/kanidm.rs b/tools/cli/src/opt/kanidm.rs
index 7515205d0..83a61fe4c 100644
--- a/tools/cli/src/opt/kanidm.rs
+++ b/tools/cli/src/opt/kanidm.rs
@@ -1332,6 +1332,15 @@ pub enum DomainOpt {
         #[clap(name = "allow", action = clap::ArgAction::Set)]
         enable: bool,
     },
+    /// Enable or disable easter eggs in the server. This includes seasonal icons, kanidm
+    /// birthday surprises and other fun components. Defaults to false for production releases
+    /// and true in development builds.
+    SetAllowEasterEggs {
+        #[clap(flatten)]
+        copt: CommonOpt,
+        #[clap(name = "allow", action = clap::ArgAction::Set)]
+        enable: bool,
+    },
     #[clap(name = "show")]
     /// Show information about this system's domain
     Show(CommonOpt),

From 11438a9dd51e0d2bbdb5740cc72bda0b6f4078ac Mon Sep 17 00:00:00 2001
From: William Brown <william@blackhats.net.au>
Date: Tue, 17 Dec 2024 15:16:32 +1000
Subject: [PATCH 24/87] Improved Cookie Removal

If a path isn't set then cookies aren't removed. More aggressively
remove cookies when they are no longer required.
---
 server/core/src/https/views/cookies.rs        | 11 +++--
 server/core/src/https/views/login.rs          | 33 +++++--------
 server/core/src/https/views/oauth2.rs         |  9 +---
 server/core/src/https/views/reset.rs          | 47 +++++++++++--------
 .../templates/credentials_update_partial.html |  3 +-
 5 files changed, 50 insertions(+), 53 deletions(-)

diff --git a/server/core/src/https/views/cookies.rs b/server/core/src/https/views/cookies.rs
index 7b1abc00e..966d0ee65 100644
--- a/server/core/src/https/views/cookies.rs
+++ b/server/core/src/https/views/cookies.rs
@@ -6,11 +6,16 @@ use compact_jwt::{Jws, JwsSigner};
 use serde::de::DeserializeOwned;
 use serde::Serialize;
 
+#[instrument(name = "views::cookies::destroy", level = "debug", skip(jar))]
 pub fn destroy(jar: CookieJar, ck_id: &str) -> CookieJar {
     if let Some(ck) = jar.get(ck_id) {
-        let mut ck = ck.clone();
-        ck.make_removal();
-        jar.add(ck)
+        let mut removal_cookie = ck.clone();
+        removal_cookie.make_removal();
+        // Need to be set to / to remove on all parent paths.
+        // If you don't set a path, NOTHING IS REMOVED!!!
+        removal_cookie.set_path("/");
+
+        jar.add(removal_cookie)
     } else {
         jar
     }
diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index da8d3fee3..7a54f1a0d 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -15,6 +15,7 @@ use axum::{
 use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use kanidm_proto::internal::{
     COOKIE_AUTH_SESSION_ID, COOKIE_BEARER_TOKEN, COOKIE_OAUTH2_REQ, COOKIE_USERNAME,
+    COOKIE_CU_SESSION_TOKEN
 };
 use kanidm_proto::v1::{
     AuthAllowed, AuthCredential, AuthIssueSession, AuthMech, AuthRequest, AuthStep,
@@ -161,7 +162,7 @@ pub async fn view_logout_get(
     Extension(kopid): Extension<KOpId>,
     mut jar: CookieJar,
 ) -> Response {
-    if let Err(err_code) = state
+    let response = if let Err(err_code) = state
         .qe_w_ref
         .handle_logout(client_auth_info, kopid.eventid)
         .await
@@ -172,12 +173,16 @@ pub async fn view_logout_get(
         }
         .into_response()
     } else {
-        let response = Redirect::to(Urls::Login.as_ref()).into_response();
+        Redirect::to(Urls::Login.as_ref()).into_response()
+    };
 
-        jar = cookies::destroy(jar, COOKIE_BEARER_TOKEN);
+    // Always clear cookies even on an error.
+    jar = cookies::destroy(jar, COOKIE_BEARER_TOKEN);
+    jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
+    jar = cookies::destroy(jar, COOKIE_AUTH_SESSION_ID);
+    jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
 
-        (jar, response).into_response()
-    }
+    (jar, response).into_response()
 }
 
 pub async fn view_reauth_get(
@@ -190,14 +195,7 @@ pub async fn view_reauth_get(
 ) -> Response {
     // No matter what, we always clear the stored oauth2 cookie to prevent
     // ui loops
-    let jar = if let Some(authreq_cookie) = jar.get(COOKIE_OAUTH2_REQ) {
-        let mut authreq_cookie = authreq_cookie.clone();
-        authreq_cookie.make_removal();
-        authreq_cookie.set_path(Urls::Ui.as_ref());
-        jar.add(authreq_cookie)
-    } else {
-        jar
-    };
+    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
 
     let session_valid_result = state
         .qe_r_ref
@@ -324,14 +322,7 @@ pub async fn view_index_get(
 
     // No matter what, we always clear the stored oauth2 cookie to prevent
     // ui loops
-    let jar = if let Some(authreq_cookie) = jar.get(COOKIE_OAUTH2_REQ) {
-        let mut authreq_cookie = authreq_cookie.clone();
-        authreq_cookie.make_removal();
-        authreq_cookie.set_path(Urls::Ui.as_ref());
-        jar.add(authreq_cookie)
-    } else {
-        jar
-    };
+    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
 
     match session_valid_result {
         Ok(()) => {
diff --git a/server/core/src/https/views/oauth2.rs b/server/core/src/https/views/oauth2.rs
index 982f2414d..ce0a7de7c 100644
--- a/server/core/src/https/views/oauth2.rs
+++ b/server/core/src/https/views/oauth2.rs
@@ -96,14 +96,7 @@ async fn oauth2_auth_req(
 ) -> Response {
     // No matter what, we always clear the stored oauth2 cookie to prevent
     // ui loops
-    let jar = if let Some(authreq_cookie) = jar.get(COOKIE_OAUTH2_REQ) {
-        let mut authreq_cookie = authreq_cookie.clone();
-        authreq_cookie.make_removal();
-        authreq_cookie.set_path(Urls::Ui.as_ref());
-        jar.add(authreq_cookie)
-    } else {
-        jar
-    };
+    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
 
     // If the auth_req was cross-signed, old, or just bad, error. But we have *cleared* it
     // from the cookie which means we won't see it again.
diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs
index 60f2ef7bc..d64b6cdf4 100644
--- a/server/core/src/https/views/reset.rs
+++ b/server/core/src/https/views/reset.rs
@@ -3,7 +3,7 @@ use axum::extract::{Query, State};
 use axum::http::{StatusCode, Uri};
 use axum::response::{ErrorResponse, IntoResponse, Redirect, Response};
 use axum::{Extension, Form};
-use axum_extra::extract::cookie::{Cookie, SameSite};
+use axum_extra::extract::cookie::SameSite;
 use axum_extra::extract::CookieJar;
 use axum_htmx::{
     HxEvent, HxLocation, HxPushUrl, HxRequest, HxReselect, HxResponseTrigger, HxReswap, HxRetarget,
@@ -30,6 +30,7 @@ use super::navbar::NavbarCtx;
 use crate::https::extractors::{DomainInfo, DomainInfoRead, VerifiedClientInformation};
 use crate::https::middleware::KOpId;
 use crate::https::views::constants::ProfileMenuItems;
+use crate::https::views::cookies;
 use crate::https::views::errors::HtmxError;
 use crate::https::views::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
 use crate::https::ServerState;
@@ -210,7 +211,7 @@ pub(crate) async fn commit(
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     state
         .qe_w_ref
@@ -218,7 +219,10 @@ pub(crate) async fn commit(
         .map_err(|op_err| HtmxError::new(&kopid, op_err))
         .await?;
 
-    Ok((HxLocation::from(Uri::from_static("/ui")), "").into_response())
+    // No longer need the cookie jar.
+    let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
+
+    Ok((jar, HxLocation::from(Uri::from_static("/ui")), "").into_response())
 }
 
 pub(crate) async fn cancel_cred_update(
@@ -228,7 +232,7 @@ pub(crate) async fn cancel_cred_update(
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     state
         .qe_w_ref
@@ -236,7 +240,11 @@ pub(crate) async fn cancel_cred_update(
         .map_err(|op_err| HtmxError::new(&kopid, op_err))
         .await?;
 
+    // No longer need the cookie jar.
+    let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
+
     Ok((
+        jar,
         HxLocation::from(Uri::from_static(Urls::Profile.as_ref())),
         "",
     )
@@ -250,7 +258,7 @@ pub(crate) async fn cancel_mfareg(
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     let cu_status = state
         .qe_r_ref
@@ -268,7 +276,7 @@ pub(crate) async fn remove_alt_creds(
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     let cu_status = state
         .qe_r_ref
@@ -286,7 +294,7 @@ pub(crate) async fn remove_unixcred(
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     let cu_status = state
         .qe_r_ref
@@ -309,7 +317,7 @@ pub(crate) async fn remove_totp(
     jar: CookieJar,
     Form(totp): Form<TOTPRemoveData>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     let cu_status = state
         .qe_r_ref
@@ -332,7 +340,7 @@ pub(crate) async fn remove_passkey(
     jar: CookieJar,
     Form(passkey): Form<PasskeyRemoveData>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
 
     let cu_status = state
         .qe_r_ref
@@ -355,7 +363,7 @@ pub(crate) async fn finish_passkey(
     jar: CookieJar,
     Form(passkey_create): Form<PasskeyCreateForm>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token = get_cu_session(jar).await?;
+    let cu_session_token = get_cu_session(&jar).await?;
 
     match serde_json::from_str(passkey_create.creation_data.as_str()) {
         Ok(creation_data) => {
@@ -393,7 +401,7 @@ pub(crate) async fn view_new_passkey(
     jar: CookieJar,
     Form(init_form): Form<PasskeyInitForm>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token = get_cu_session(jar).await?;
+    let cu_session_token = get_cu_session(&jar).await?;
     let cu_req = match init_form.class {
         PasskeyClass::Any => CURequest::PasskeyInit,
         PasskeyClass::Attested => CURequest::AttestedPasskeyInit,
@@ -445,7 +453,7 @@ pub(crate) async fn view_new_totp(
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
-    let cu_session_token = get_cu_session(jar).await?;
+    let cu_session_token = get_cu_session(&jar).await?;
     let push_url = HxPushUrl(Uri::from_static("/ui/reset/add_totp"));
 
     let cu_status = state
@@ -497,7 +505,7 @@ pub(crate) async fn add_totp(
     jar: CookieJar,
     new_totp_form: Form<NewTotp>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token = get_cu_session(jar).await?;
+    let cu_session_token = get_cu_session(&jar).await?;
 
     let check_totpcode = u32::from_str(&new_totp_form.check_totpcode).unwrap_or_default();
 
@@ -569,7 +577,7 @@ pub(crate) async fn view_new_pwd(
     jar: CookieJar,
     opt_form: Option<Form<NewPassword>>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
     let swapped_handler_trigger =
         HxResponseTrigger::after_swap([HxEvent::new("addPasswordSwapped".to_string())]);
 
@@ -679,10 +687,9 @@ fn add_cu_cookie(
     state: &ServerState,
     cu_session_token: CUSessionToken,
 ) -> CookieJar {
-    let mut token_cookie = Cookie::new(COOKIE_CU_SESSION_TOKEN, cu_session_token.token);
-    token_cookie.set_secure(state.secure_cookies);
+    let mut token_cookie =
+        cookies::make_unsigned(state, COOKIE_CU_SESSION_TOKEN, cu_session_token.token, "/");
     token_cookie.set_same_site(SameSite::Strict);
-    token_cookie.set_http_only(true);
     jar.add(token_cookie)
 }
 
@@ -694,7 +701,7 @@ pub(crate) async fn view_set_unixcred(
     jar: CookieJar,
     opt_form: Option<Form<NewPassword>>,
 ) -> axum::response::Result<Response> {
-    let cu_session_token: CUSessionToken = get_cu_session(jar).await?;
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
     let swapped_handler_trigger =
         HxResponseTrigger::after_swap([HxEvent::new("addPasswordSwapped".to_string())]);
 
@@ -781,7 +788,7 @@ pub(crate) async fn view_reset_get(
                 | OperationError::InvalidState,
             ) => {
                 // If our previous credential update session expired we want to see the reset form again.
-                jar = jar.remove(Cookie::from(COOKIE_CU_SESSION_TOKEN));
+                jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
 
                 if let Some(token) = params.token {
                     let token_uri_string = format!("{}?token={}", Urls::CredReset, token);
@@ -917,7 +924,7 @@ fn get_cu_response(
     }
 }
 
-async fn get_cu_session(jar: CookieJar) -> Result<CUSessionToken, Response> {
+async fn get_cu_session(jar: &CookieJar) -> Result<CUSessionToken, Response> {
     let cookie = jar.get(COOKIE_CU_SESSION_TOKEN);
     if let Some(cookie) = cookie {
         let cu_session_token = cookie.value();
diff --git a/server/core/templates/credentials_update_partial.html b/server/core/templates/credentials_update_partial.html
index c6b80128c..7dfdea067 100644
--- a/server/core/templates/credentials_update_partial.html
+++ b/server/core/templates/credentials_update_partial.html
@@ -147,7 +147,8 @@
                     <div class="mt-2 pt-2 border-top">
                         <button class="btn btn-danger"
                             hx-post="/ui/api/cu_cancel"
-                            hx-target="#main">Discard Changes</button>
+                            hx-boost="false"
+                        >Discard Changes</button>
                         <span class="d-inline-block" tabindex="0"
                             data-bs-toggle="tooltip"
                             data-bs-title="Unresolved warnings">

From c59f560e50135fd3b8759acbbd58d0f1a9e0fd9c Mon Sep 17 00:00:00 2001
From: William Brown <william@blackhats.net.au>
Date: Tue, 17 Dec 2024 16:25:19 +1000
Subject: [PATCH 25/87] Re-add enrol another device flow

This was a commonly requested re-addition to the new webui. This
adds the ability for someone to scan a qr code or follow a link
to enrol another device to their account.
---
 server/core/src/https/mod.rs                  |  23 ++--
 server/core/src/https/views/constants.rs      |   3 +
 server/core/src/https/views/enrol.rs          | 116 ++++++++++++++++++
 server/core/src/https/views/login.rs          |   4 +-
 server/core/src/https/views/mod.rs            |   2 +
 server/core/static/img/icons/phone-flip.svg   |   3 +
 .../credential_update_add_totp_partial.html   |   3 +-
 server/core/templates/enrol_device.html       |  17 +++
 .../templates/user_settings_partial_base.html |   2 +
 9 files changed, 162 insertions(+), 11 deletions(-)
 create mode 100644 server/core/src/https/views/enrol.rs
 create mode 100644 server/core/static/img/icons/phone-flip.svg
 create mode 100644 server/core/templates/enrol_device.html

diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index d3cd43f5a..ae48307fa 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -53,6 +53,7 @@ use tokio::{
 use tokio_openssl::SslStream;
 use tower::Service;
 use tower_http::{services::ServeDir, trace::TraceLayer};
+use url::Url;
 use uuid::Uuid;
 
 use std::io::ErrorKind;
@@ -62,16 +63,17 @@ use std::{net::SocketAddr, str::FromStr};
 
 #[derive(Clone)]
 pub struct ServerState {
-    pub status_ref: &'static StatusActor,
-    pub qe_w_ref: &'static QueryServerWriteV1,
-    pub qe_r_ref: &'static QueryServerReadV1,
+    pub(crate) status_ref: &'static StatusActor,
+    pub(crate) qe_w_ref: &'static QueryServerWriteV1,
+    pub(crate) qe_r_ref: &'static QueryServerReadV1,
     // Store the token management parts.
-    pub jws_signer: JwsHs256Signer,
+    pub(crate) jws_signer: JwsHs256Signer,
     pub(crate) trust_x_forward_for: bool,
-    pub csp_header: HeaderValue,
-    pub domain: String,
+    pub(crate) csp_header: HeaderValue,
+    pub(crate) origin: Url,
+    pub(crate) domain: String,
     // This is set to true by default, and is only false on integration tests.
-    pub secure_cookies: bool,
+    pub(crate) secure_cookies: bool,
 }
 
 impl ServerState {
@@ -209,6 +211,12 @@ pub async fn create_https_server(
 
     let trust_x_forward_for = config.trust_x_forward_for;
 
+    let origin = Url::parse(&config.origin)
+        // Should be impossible!
+        .map_err(|err| {
+            error!(?err, "Unable to parse origin URL - refusing to start. You must correct the value for origin. {:?}", config.origin);
+        })?;
+
     let state = ServerState {
         status_ref,
         qe_w_ref,
@@ -216,6 +224,7 @@ pub async fn create_https_server(
         jws_signer,
         trust_x_forward_for,
         csp_header,
+        origin,
         domain: config.domain.clone(),
         secure_cookies: config.integration_test_config.is_none(),
     };
diff --git a/server/core/src/https/views/constants.rs b/server/core/src/https/views/constants.rs
index 3d3811015..55c5f84aa 100644
--- a/server/core/src/https/views/constants.rs
+++ b/server/core/src/https/views/constants.rs
@@ -5,6 +5,7 @@ use serde::{Deserialize, Serialize};
 pub(crate) enum ProfileMenuItems {
     UserProfile,
     Credentials,
+    EnrolDevice,
     UnixPassword,
 }
 
@@ -25,6 +26,7 @@ pub(crate) enum Urls {
     Apps,
     CredReset,
     CredResetError,
+    EnrolDevice,
     Profile,
     UpdateCredentials,
     Oauth2Resume,
@@ -38,6 +40,7 @@ impl AsRef<str> for Urls {
             Self::Apps => "/ui/apps",
             Self::CredReset => "/ui/reset",
             Self::CredResetError => "/ui/reset/err",
+            Self::EnrolDevice => "/ui/enrol",
             Self::Profile => "/ui/profile",
             Self::UpdateCredentials => "/ui/update_credentials",
             Self::Oauth2Resume => "/ui/oauth2/resume",
diff --git a/server/core/src/https/views/enrol.rs b/server/core/src/https/views/enrol.rs
new file mode 100644
index 000000000..abe35acab
--- /dev/null
+++ b/server/core/src/https/views/enrol.rs
@@ -0,0 +1,116 @@
+use askama::Template;
+use askama_axum::IntoResponse;
+
+use axum::extract::State;
+use axum::response::Response;
+use axum::Extension;
+
+use axum_extra::extract::CookieJar;
+use kanidm_proto::internal::UserAuthToken;
+
+use qrcode::render::svg;
+use qrcode::QrCode;
+use url::Url;
+
+use std::time::Duration;
+
+use super::constants::Urls;
+use super::navbar::NavbarCtx;
+use crate::https::extractors::{DomainInfo, VerifiedClientInformation};
+use crate::https::middleware::KOpId;
+use crate::https::views::constants::ProfileMenuItems;
+use crate::https::views::errors::HtmxError;
+use crate::https::views::login::{LoginDisplayCtx, Reauth, ReauthPurpose};
+use crate::https::ServerState;
+
+#[derive(Template)]
+#[template(path = "user_settings.html")]
+struct ProfileView {
+    navbar_ctx: NavbarCtx,
+    profile_partial: EnrolDeviceView,
+}
+
+#[derive(Template)]
+#[template(path = "enrol_device.html")]
+pub(crate) struct EnrolDeviceView {
+    menu_active_item: ProfileMenuItems,
+    secret: String,
+    qr_code_svg: String,
+    uri: Url,
+}
+
+pub(crate) async fn view_enrol_get(
+    State(state): State<ServerState>,
+    Extension(kopid): Extension<KOpId>,
+    VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
+    jar: CookieJar,
+) -> axum::response::Result<Response> {
+    let uat: UserAuthToken = state
+        .qe_r_ref
+        .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
+        .await
+        .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+
+    let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
+    let can_rw = uat.purpose_readwrite_active(time);
+
+    // The user lacks an elevated session, request a re-auth.
+    if !can_rw {
+        let display_ctx = LoginDisplayCtx {
+            domain_info,
+            oauth2: None,
+            reauth: Some(Reauth {
+                username: uat.spn,
+                purpose: ReauthPurpose::ProfileSettings,
+            }),
+            error: None,
+        };
+
+        return Ok(super::login::view_reauth_get(
+            state,
+            client_auth_info,
+            kopid,
+            jar,
+            Urls::EnrolDevice.as_ref(),
+            display_ctx,
+        )
+        .await);
+    }
+
+    let cu_intent = state
+        .qe_w_ref
+        .handle_idmcredentialupdateintent(
+            client_auth_info,
+            uat.spn,
+            Some(Duration::from_secs(900)),
+            kopid.eventid,
+        )
+        .await
+        .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+
+    let secret = cu_intent.token;
+
+    let mut uri = state.origin.clone();
+    uri.set_path(Urls::CredReset.as_ref());
+    uri.set_query(Some(format!("token={secret}").as_str()));
+
+    let qr_code_svg = match QrCode::new(uri.as_str()) {
+        Ok(qr) => qr.render::<svg::Color>().build(),
+        Err(qr_err) => {
+            error!("Failed to create TOTP QR code: {qr_err}");
+            "QR Code Generation Failed".to_string()
+        }
+    };
+
+    Ok(ProfileView {
+        navbar_ctx: NavbarCtx { domain_info },
+        profile_partial: EnrolDeviceView {
+            menu_active_item: ProfileMenuItems::EnrolDevice,
+            qr_code_svg,
+            secret,
+            uri,
+        },
+    }
+    .into_response())
+}
diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index 7a54f1a0d..ec6b7e38b 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -14,8 +14,8 @@ use axum::{
 };
 use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
 use kanidm_proto::internal::{
-    COOKIE_AUTH_SESSION_ID, COOKIE_BEARER_TOKEN, COOKIE_OAUTH2_REQ, COOKIE_USERNAME,
-    COOKIE_CU_SESSION_TOKEN
+    COOKIE_AUTH_SESSION_ID, COOKIE_BEARER_TOKEN, COOKIE_CU_SESSION_TOKEN, COOKIE_OAUTH2_REQ,
+    COOKIE_USERNAME,
 };
 use kanidm_proto::v1::{
     AuthAllowed, AuthCredential, AuthIssueSession, AuthMech, AuthRequest, AuthStep,
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index 7fb53d472..a2d2da324 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -16,6 +16,7 @@ use crate::https::ServerState;
 mod apps;
 mod constants;
 mod cookies;
+mod enrol;
 mod errors;
 mod login;
 mod navbar;
@@ -37,6 +38,7 @@ pub fn view_router() -> Router<ServerState> {
             get(|| async { Redirect::permanent(Urls::Login.as_ref()) }),
         )
         .route("/apps", get(apps::view_apps_get))
+        .route("/enrol", get(enrol::view_enrol_get))
         .route("/reset", get(reset::view_reset_get))
         .route("/update_credentials", get(reset::view_self_reset_get))
         .route("/profile", get(profile::view_profile_get))
diff --git a/server/core/static/img/icons/phone-flip.svg b/server/core/static/img/icons/phone-flip.svg
new file mode 100644
index 000000000..1a144f27a
--- /dev/null
+++ b/server/core/static/img/icons/phone-flip.svg
@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-phone-flip" viewBox="0 0 16 16">
+  <path fill-rule="evenodd" d="M11 1H5a1 1 0 0 0-1 1v6a.5.5 0 0 1-1 0V2a2 2 0 0 1 2-2h6a2 2 0 0 1 2 2v6a.5.5 0 0 1-1 0V2a1 1 0 0 0-1-1m1 13a1 1 0 0 1-1 1H5a1 1 0 0 1-1-1v-2a.5.5 0 0 0-1 0v2a2 2 0 0 0 2 2h6a2 2 0 0 0 2-2v-2a.5.5 0 0 0-1 0zM1.713 7.954a.5.5 0 1 0-.419-.908c-.347.16-.654.348-.882.57C.184 7.842 0 8.139 0 8.5c0 .546.408.94.823 1.201.44.278 1.043.51 1.745.696C3.978 10.773 5.898 11 8 11q.148 0 .294-.002l-1.148 1.148a.5.5 0 0 0 .708.708l2-2a.5.5 0 0 0 0-.708l-2-2a.5.5 0 1 0-.708.708l1.145 1.144L8 10c-2.04 0-3.87-.221-5.174-.569-.656-.175-1.151-.374-1.47-.575C1.012 8.639 1 8.506 1 8.5c0-.003 0-.059.112-.17.115-.112.31-.242.6-.376Zm12.993-.908a.5.5 0 0 0-.419.908c.292.134.486.264.6.377.113.11.113.166.113.169s0 .065-.13.187c-.132.122-.352.26-.677.4-.645.28-1.596.523-2.763.687a.5.5 0 0 0 .14.99c1.212-.17 2.26-.43 3.02-.758.38-.164.713-.357.96-.587.246-.229.45-.537.45-.919 0-.362-.184-.66-.412-.883s-.535-.411-.882-.571M7.5 2a.5.5 0 0 0 0 1h1a.5.5 0 0 0 0-1z"/>
+</svg>
diff --git a/server/core/templates/credential_update_add_totp_partial.html b/server/core/templates/credential_update_add_totp_partial.html
index f9b1ec729..e9df734e6 100644
--- a/server/core/templates/credential_update_add_totp_partial.html
+++ b/server/core/templates/credential_update_add_totp_partial.html
@@ -1,8 +1,7 @@
 <div>
     <div id="totpInfo">
         (% if let Some(TotpInit with { secret, qr_code_svg, steps, digits, algo, uri }) = totp_init %)
-            <div>((qr_code_svg|safe))
-            </div>
+            <div>((qr_code_svg|safe))</div>
             <code>((uri|safe))</code>
 
             <h3>TOTP details</h3>
diff --git a/server/core/templates/enrol_device.html b/server/core/templates/enrol_device.html
new file mode 100644
index 000000000..c314bdfdd
--- /dev/null
+++ b/server/core/templates/enrol_device.html
@@ -0,0 +1,17 @@
+(% extends "user_settings_partial_base.html" %)
+
+(% block selected_setting_group %)
+Enrol Another Device
+(% endblock %)
+
+(% block settings_window %)
+<p>You can enrol another device to your account by scanning the QR code or following the link below.</p>
+
+<div id="intentInfo">
+    <div>((qr_code_svg|safe))</div>
+    <ul>
+        <li>Url: <code>((uri|safe))</code></li>
+        <li>Secret: <code>(( secret ))</code></li>
+    </ul>
+</div>
+(% endblock %)
diff --git a/server/core/templates/user_settings_partial_base.html b/server/core/templates/user_settings_partial_base.html
index f091f4c31..b0490d456 100644
--- a/server/core/templates/user_settings_partial_base.html
+++ b/server/core/templates/user_settings_partial_base.html
@@ -20,6 +20,8 @@
             ProfileMenuItems::UserProfile, "person") %)
             (% call side_menu_item("Credentials", (Urls::UpdateCredentials),
             ProfileMenuItems::Credentials, "shield-lock") %)
+            (% call side_menu_item("Enrol Device", (Urls::EnrolDevice),
+            ProfileMenuItems::EnrolDevice, "phone-flip") %)
         </ul>
         <div id="settings-window" class="flex-grow-1 ps-sm-4 ps-md-5 pt-sm-0 pt-4">
             <div>

From 4f2eb8b5f86c31b0c2cc85747959a4c6dfc0a27b Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 19 Dec 2024 15:46:15 +1000
Subject: [PATCH 26/87] Automatically trigger passkeys on login view (#3307)

Add an on-load handler to pkhtml.js so that when the partial
view is displayed passkey auth is automatically prompted for.
If the users browser blocks this event, the fallback manual
buttons still exist.
---
 server/core/static/pkhtml.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/core/static/pkhtml.js b/server/core/static/pkhtml.js
index c6284aebe..3cff9f8fc 100644
--- a/server/core/static/pkhtml.js
+++ b/server/core/static/pkhtml.js
@@ -40,3 +40,8 @@ try {
     });
 } catch (_error) {};
 
+try {
+    window.addEventListener("load", (event) => {
+        asskey_login()
+    });
+} catch (_error) {};

From 2174b9b251d88f9c2e0fc17478098a85576db1d2 Mon Sep 17 00:00:00 2001
From: Be <be.0@gmx.com>
Date: Thu, 19 Dec 2024 21:02:02 -0600
Subject: [PATCH 27/87] client: read attestation CA list JSON from file (#3232)

instead of passing a giant blob of JSON as a command argument.
Before, it was not possible to allow all valid authenticators
certified by the FIDO Alliance because

fido-mds-list query -o "status gte valid"

outputs a JSON string longer than Linux allows for command
arguments.

Co-authored-by: Firstyear <william@blackhats.net.au>
---
 tools/cli/src/cli/group/account_policy.rs | 9 +++++++--
 tools/cli/src/opt/kanidm.rs               | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/tools/cli/src/cli/group/account_policy.rs b/tools/cli/src/cli/group/account_policy.rs
index d90aecc1e..3f6d0f49a 100644
--- a/tools/cli/src/cli/group/account_policy.rs
+++ b/tools/cli/src/cli/group/account_policy.rs
@@ -113,12 +113,17 @@ impl GroupAccountPolicyOpt {
             }
             GroupAccountPolicyOpt::WebauthnAttestationCaList {
                 name,
-                attestation_ca_list_json,
+                attestation_ca_list_json_file,
                 copt,
             } => {
                 let client = copt.to_client(OpType::Write).await;
+                let json = std::fs::read_to_string(attestation_ca_list_json_file).unwrap_or_else(|e| {
+                    error!("Could not read attestation CA list JSON file {attestation_ca_list_json_file:?}: {e:?}");
+                    std::process::exit(1);
+                });
+
                 if let Err(e) = client
-                    .group_account_policy_webauthn_attestation_set(name, attestation_ca_list_json)
+                    .group_account_policy_webauthn_attestation_set(name, &json)
                     .await
                 {
                     handle_client_error(e, copt.output_mode);
diff --git a/tools/cli/src/opt/kanidm.rs b/tools/cli/src/opt/kanidm.rs
index 83a61fe4c..1fb39d0ba 100644
--- a/tools/cli/src/opt/kanidm.rs
+++ b/tools/cli/src/opt/kanidm.rs
@@ -216,7 +216,7 @@ pub enum GroupAccountPolicyOpt {
     #[clap(name = "webauthn-attestation-ca-list")]
     WebauthnAttestationCaList {
         name: String,
-        attestation_ca_list_json: String,
+        attestation_ca_list_json_file: PathBuf,
         #[clap(flatten)]
         copt: CommonOpt,
     },

From c6432cad830c021e59e270b6cd8aa5dc4297c3b2 Mon Sep 17 00:00:00 2001
From: Be <be.0@gmx.com>
Date: Thu, 19 Dec 2024 21:18:52 -0600
Subject: [PATCH 28/87] book: explain how to use fido-mds-tool (#3231)

explain how to use fido-mds-tool  to configure Webauthn attestation
---
 book/src/accounts/account_policy.md | 41 ++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/book/src/accounts/account_policy.md b/book/src/accounts/account_policy.md
index d7d4985b5..024006cf9 100644
--- a/book/src/accounts/account_policy.md
+++ b/book/src/accounts/account_policy.md
@@ -31,6 +31,8 @@ weakest to strongest:
 - `passkey`
 - `attested_passkey`
 
+`attested_passkey` requires [configuring an allowlist of trusted authenticators](#setting-webauthn-attestation-ca-lists).
+
 ### Password Minimum Length
 
 The minimum length for passwords (if they are allowed).
@@ -45,7 +47,7 @@ read/write session.
 The list of certificate authorities and device aaguids that must be used by members of this policy.
 This allows limiting devices to specific models.
 
-To generate this list you should use `fido-mds-tool`.
+To generate this list you should [use `fido-mds-tool`](#setting-webauthn-attestation-ca-lists).
 
 ## Policy Resolution
 
@@ -149,15 +151,42 @@ kanidm group account-policy privilege-expiry my_admin_group 86400 # NB: will be
 
 ### Setting Webauthn Attestation CA Lists
 
-The list should be generated with `fido-mds-tool`. This will emit JSON that can be directly used
-with Kanidm.
+To verify Webauthn authenticators with attestation, Kanidm needs an allowlist of
+authenticators to trust. Generate this list with the `fido-mds-tool` from
+the [webauthn-rs project](https://github.com/kanidm/webauthn-rs). If you have a
+Rust toolchain installed, it can built and installed from source with
 
 ```bash
-kanidm group account-policy webauthn-attestation-ca-list <group name> <attestation ca list json>
-kanidm group account-policy webauthn-attestation-ca-list idm_all_persons '{"cas":{"D6E4b4Drh .... }'
+cargo install fido-mds-tool
 ```
 
-> NOTE: `fido-mds-tool` is available in the `kanidm:tools` container.
+Alternatively, `fido-mds-tool` is available in the
+[tools container](../installing_client_tools.md#tools-container).
+
+First, fetch the MDS data provided by the FIDO Alliance:
+```bash
+fido-mds-tool fetch
+```
+
+Then, query the MDS data to generate your allowlist of authenticators.
+For example, to trust all authenticators made by Yubico, run
+
+```bash
+fido-mds-tool query --output-cert-roots "desc cnt yubikey" > trusted-authenticators
+```
+
+For details of how to query the MDS data, run
+
+```bash
+fido-mds-tool query --help
+```
+
+Once you have generated the authenticator allowlist, use it to configure Kanidm's
+account policy for a group. For example, to set the allowlist for all persons, run
+
+```bash
+kanidm group account-policy webauthn-attestation-ca-list idm_all_persons trusted-authenticators
+```
 
 ## Global Settings
 

From 9f499f3913485eef4d3afe49c1c203533af33a6c Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Fri, 20 Dec 2024 17:16:07 +1000
Subject: [PATCH 29/87] Further SCIM sync testing, minor fixes (#3305)

This adds further testing of SCIM sync, especially around
conversion of the SCIM Sync Person and Group types into
SCIM Entry. This test would have prevented #3298 and
 #3299 from occuring.

During testing two more fixes were found. external_id should have
been required (not optional) and a group with no members would
cause a serialisation issue.
---
 proto/src/scim_v1/mod.rs                 | 70 +++++++++--------
 proto/src/scim_v1/synch.rs               | 24 +++---
 server/lib/src/idm/scim.rs               | 98 +++++++++++++++++++++++-
 tools/iam_migrations/freeipa/src/main.rs |  9 +--
 tools/iam_migrations/ldap/src/main.rs    |  9 +--
 5 files changed, 146 insertions(+), 64 deletions(-)

diff --git a/proto/src/scim_v1/mod.rs b/proto/src/scim_v1/mod.rs
index 93333e69f..76b6c807d 100644
--- a/proto/src/scim_v1/mod.rs
+++ b/proto/src/scim_v1/mod.rs
@@ -120,12 +120,15 @@ mod tests {
         // Group
         let group_uuid = uuid::uuid!("2d0a9e7c-cc08-4ca2-8d7f-114f9abcfc8a");
 
-        let group = ScimSyncGroup::builder("testgroup".to_string(), group_uuid)
-            .set_description(Some("test desc".to_string()))
-            .set_gidnumber(Some(12345))
-            .set_members(vec!["member_a".to_string(), "member_a".to_string()].into_iter())
-            .set_external_id(Some("cn=testgroup".to_string()))
-            .build();
+        let group = ScimSyncGroup::builder(
+            group_uuid,
+            "cn=testgroup".to_string(),
+            "testgroup".to_string(),
+        )
+        .set_description(Some("test desc".to_string()))
+        .set_gidnumber(Some(12345))
+        .set_members(vec!["member_a".to_string(), "member_a".to_string()].into_iter())
+        .build();
 
         let entry: Result<ScimEntry, _> = group.try_into();
 
@@ -136,32 +139,35 @@ mod tests {
 
         let user_sshkey = "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBENubZikrb8hu+HeVRdZ0pp/VAk2qv4JDbuJhvD0yNdWDL2e3cBbERiDeNPkWx58Q4rVnxkbV1fa8E2waRtT91wAAAAEc3NoOg== testuser@fidokey";
 
-        let person =
-            ScimSyncPerson::builder(user_uuid, "testuser".to_string(), "Test User".to_string())
-                .set_password_import(Some("new_password".to_string()))
-                .set_unix_password_import(Some("new_password".to_string()))
-                .set_totp_import(vec![ScimTotp {
-                    external_id: "Totp".to_string(),
-                    secret: "abcd".to_string(),
-                    algo: "SHA3".to_string(),
-                    step: 60,
-                    digits: 8,
-                }])
-                .set_mail(vec![MultiValueAttr {
-                    primary: Some(true),
-                    value: "testuser@example.com".to_string(),
-                    ..Default::default()
-                }])
-                .set_ssh_publickey(vec![ScimSshPubKey {
-                    label: "Key McKeyface".to_string(),
-                    value: user_sshkey.to_string(),
-                }])
-                .set_login_shell(Some("/bin/false".to_string()))
-                .set_account_valid_from(Some("2023-11-28T04:57:55Z".to_string()))
-                .set_account_expire(Some("2023-11-28T04:57:55Z".to_string()))
-                .set_gidnumber(Some(54321))
-                .set_external_id(Some("cn=testuser".to_string()))
-                .build();
+        let person = ScimSyncPerson::builder(
+            user_uuid,
+            "cn=testuser".to_string(),
+            "testuser".to_string(),
+            "Test User".to_string(),
+        )
+        .set_password_import(Some("new_password".to_string()))
+        .set_unix_password_import(Some("new_password".to_string()))
+        .set_totp_import(vec![ScimTotp {
+            external_id: "Totp".to_string(),
+            secret: "abcd".to_string(),
+            algo: "SHA3".to_string(),
+            step: 60,
+            digits: 8,
+        }])
+        .set_mail(vec![MultiValueAttr {
+            primary: Some(true),
+            value: "testuser@example.com".to_string(),
+            ..Default::default()
+        }])
+        .set_ssh_publickey(vec![ScimSshPubKey {
+            label: "Key McKeyface".to_string(),
+            value: user_sshkey.to_string(),
+        }])
+        .set_login_shell(Some("/bin/false".to_string()))
+        .set_account_valid_from(Some("2023-11-28T04:57:55Z".to_string()))
+        .set_account_expire(Some("2023-11-28T04:57:55Z".to_string()))
+        .set_gidnumber(Some(54321))
+        .build();
 
         let entry: Result<ScimEntry, _> = person.try_into();
 
diff --git a/proto/src/scim_v1/synch.rs b/proto/src/scim_v1/synch.rs
index ac359c5da..30eeee9c7 100644
--- a/proto/src/scim_v1/synch.rs
+++ b/proto/src/scim_v1/synch.rs
@@ -119,7 +119,12 @@ pub struct ScimSyncPersonBuilder {
 }
 
 impl ScimSyncPerson {
-    pub fn builder(id: Uuid, name: String, displayname: String) -> ScimSyncPersonBuilder {
+    pub fn builder(
+        id: Uuid,
+        external_id: String,
+        name: String,
+        displayname: String,
+    ) -> ScimSyncPersonBuilder {
         ScimSyncPersonBuilder {
             inner: ScimSyncPerson {
                 entry: ScimEntryHeader {
@@ -128,7 +133,7 @@ impl ScimSyncPerson {
                         SCIM_SCHEMA_SYNC_PERSON.to_string(),
                     ],
                     id,
-                    external_id: None,
+                    external_id: Some(external_id),
                     meta: None,
                 },
                 name,
@@ -205,11 +210,6 @@ impl ScimSyncPersonBuilder {
         self
     }
 
-    pub fn set_external_id(mut self, external_id: Option<String>) -> Self {
-        self.inner.entry.external_id = external_id;
-        self
-    }
-
     pub fn build(self) -> ScimSyncPerson {
         self.inner
     }
@@ -230,6 +230,7 @@ pub struct ScimSyncGroup {
     pub name: String,
     pub description: Option<String>,
     pub gidnumber: Option<u32>,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
     pub member: Vec<ScimExternalMember>,
 }
 
@@ -248,13 +249,13 @@ pub struct ScimSyncGroupBuilder {
 }
 
 impl ScimSyncGroup {
-    pub fn builder(name: String, id: Uuid) -> ScimSyncGroupBuilder {
+    pub fn builder(id: Uuid, external_id: String, name: String) -> ScimSyncGroupBuilder {
         ScimSyncGroupBuilder {
             inner: ScimSyncGroup {
                 entry: ScimEntryHeader {
                     schemas: vec![SCIM_SCHEMA_SYNC_GROUP.to_string()],
                     id,
-                    external_id: None,
+                    external_id: Some(external_id),
                     meta: None,
                 },
                 name,
@@ -295,11 +296,6 @@ impl ScimSyncGroupBuilder {
         self
     }
 
-    pub fn set_external_id(mut self, external_id: Option<String>) -> Self {
-        self.inner.entry.external_id = external_id;
-        self
-    }
-
     pub fn build(self) -> ScimSyncGroup {
         self.inner
     }
diff --git a/server/lib/src/idm/scim.rs b/server/lib/src/idm/scim.rs
index f127e375a..65eb3eeb8 100644
--- a/server/lib/src/idm/scim.rs
+++ b/server/lib/src/idm/scim.rs
@@ -1584,10 +1584,6 @@ mod tests {
         assert!(matches!(sync_state, ScimSyncState::Refresh));
 
         drop(idms_prox_read);
-
-        // Use the current state and update.
-
-        // TODO!!!
     }
 
     #[idm_test]
@@ -3167,6 +3163,100 @@ mod tests {
         assert!(idms_prox_write.commit().is_ok());
     }
 
+    #[idm_test]
+    /// Assert that a SCIM JSON proto entry correctly serialises and deserialises
+    /// and can be applied as a changeset. This serialisation is performed during
+    /// the ScimEntry::try_from step.
+    async fn test_idm_scim_sync_json_proto(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
+        let ct = Duration::from_secs(TEST_CURRENT_TIME);
+        let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
+        let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
+        let sse = ScimSyncUpdateEvent { ident };
+
+        // Minimum Viable Person
+        let person_1 = ScimSyncPerson::builder(
+            Uuid::new_v4(),
+            "cn=testperson_1".to_string(),
+            "testperson_1".to_string(),
+            "Test Person One".to_string(),
+        )
+        .build()
+        .try_into()
+        .unwrap();
+
+        // Minimum Viable Group
+        let group_1 = ScimSyncGroup::builder(
+            Uuid::new_v4(),
+            "cn=testgroup_1".to_string(),
+            "testgroup_1".to_string(),
+        )
+        .build()
+        .try_into()
+        .unwrap();
+
+        let user_sshkey = "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBENubZikrb8hu+HeVRdZ0pp/VAk2qv4JDbuJhvD0yNdWDL2e3cBbERiDeNPkWx58Q4rVnxkbV1fa8E2waRtT91wAAAAEc3NoOg== testuser@fidokey";
+
+        // All Attribute Person
+        let person_2 = ScimSyncPerson::builder(
+            Uuid::new_v4(),
+            "cn=testperson_2".to_string(),
+            "testperson_2".to_string(),
+            "Test Person Two".to_string(),
+        )
+        .set_password_import(Some("ipaNTHash: iEb36u6PsRetBr3YMLdYbA".to_string()))
+        .set_unix_password_import(Some("ipaNTHash: iEb36u6PsRetBr3YMLdYbA".to_string()))
+        .set_totp_import(vec![ScimTotp {
+            external_id: "Totp".to_string(),
+            secret: "QICWZTON72IBS5MXWNURKAONC3JNOOOFMLKNRTIPXBYQ4BLRSEBM7KF5".to_string(),
+            algo: "sha256".to_string(),
+            step: 60,
+            digits: 8,
+        }])
+        .set_mail(vec![MultiValueAttr {
+            primary: Some(true),
+            value: "testuser@example.com".to_string(),
+            ..Default::default()
+        }])
+        .set_ssh_publickey(vec![ScimSshPubKey {
+            label: "Key McKeyface".to_string(),
+            value: user_sshkey.to_string(),
+        }])
+        .set_login_shell(Some("/bin/zsh".to_string()))
+        .set_account_valid_from(Some("2023-11-28T04:57:55Z".to_string()))
+        .set_account_expire(Some("2023-11-28T04:57:55Z".to_string()))
+        .set_gidnumber(Some(12346))
+        .build()
+        .try_into()
+        .unwrap();
+
+        // All Attribute Group
+        let group_2 = ScimSyncGroup::builder(
+            Uuid::new_v4(),
+            "cn=testgroup_2".to_string(),
+            "testgroup_2".to_string(),
+        )
+        .set_description(Some("description".to_string()))
+        .set_gidnumber(Some(12345))
+        .set_members(vec!["cn=testperson_1".to_string(), "cn=testperson_2".to_string()].into_iter())
+        .build()
+        .try_into()
+        .unwrap();
+
+        let entries = vec![person_1, group_1, person_2, group_2];
+
+        let changes = ScimSyncRequest {
+            from_state: ScimSyncState::Refresh,
+            to_state: ScimSyncState::Active {
+                cookie: vec![1, 2, 3, 4],
+            },
+            entries,
+            retain: ScimSyncRetentionMode::Ignore,
+        };
+
+        assert!(idms_prox_write.scim_sync_apply(&sse, &changes, ct).is_ok());
+        assert!(idms_prox_write.commit().is_ok());
+    }
+
     const TEST_SYNC_SCIM_IPA_1: &str = r#"
 {
   "from_state": "Refresh",
diff --git a/tools/iam_migrations/freeipa/src/main.rs b/tools/iam_migrations/freeipa/src/main.rs
index 24f621c45..7e682b69c 100644
--- a/tools/iam_migrations/freeipa/src/main.rs
+++ b/tools/iam_migrations/freeipa/src/main.rs
@@ -926,9 +926,8 @@ fn ipa_to_scim_entry(
         let account_valid_from = None;
 
         let login_shell = entry.remove_ava_single(Attribute::LoginShell.as_ref());
-        let external_id = Some(entry.dn);
 
-        let scim_sync_person = ScimSyncPerson::builder(id, user_name, display_name)
+        let scim_sync_person = ScimSyncPerson::builder(id, entry.dn, user_name, display_name)
             .set_gidnumber(gidnumber)
             .set_password_import(password_import)
             .set_unix_password_import(unix_password_import)
@@ -938,7 +937,6 @@ fn ipa_to_scim_entry(
             .set_ssh_publickey(ssh_publickey)
             .set_account_expire(account_expire)
             .set_account_valid_from(account_valid_from)
-            .set_external_id(external_id)
             .build();
 
         let scim_entry_generic: ScimEntry = scim_sync_person.try_into().map_err(|json_err| {
@@ -983,13 +981,10 @@ fn ipa_to_scim_entry(
             .map(|set| set.into_iter().collect())
             .unwrap_or_default();
 
-        let external_id = Some(entry.dn);
-
-        let scim_sync_group = ScimSyncGroup::builder(name, id)
+        let scim_sync_group = ScimSyncGroup::builder(id, entry.dn, name)
             .set_description(description)
             .set_gidnumber(gidnumber)
             .set_members(members.into_iter())
-            .set_external_id(external_id)
             .build();
 
         let scim_entry_generic: ScimEntry = scim_sync_group.try_into().map_err(|json_err| {
diff --git a/tools/iam_migrations/ldap/src/main.rs b/tools/iam_migrations/ldap/src/main.rs
index 05e939632..8e5d52894 100644
--- a/tools/iam_migrations/ldap/src/main.rs
+++ b/tools/iam_migrations/ldap/src/main.rs
@@ -617,9 +617,8 @@ fn ldap_to_scim_entry(
         let login_shell = entry
             .get_ava_single(&sync_config.person_attr_login_shell)
             .map(str::to_string);
-        let external_id = Some(entry.dn);
 
-        let scim_sync_person = ScimSyncPerson::builder(id, user_name, display_name)
+        let scim_sync_person = ScimSyncPerson::builder(id, entry.dn, user_name, display_name)
             .set_gidnumber(gidnumber)
             .set_password_import(password_import)
             .set_unix_password_import(unix_password_import)
@@ -629,7 +628,6 @@ fn ldap_to_scim_entry(
             .set_ssh_publickey(ssh_publickey)
             .set_account_expire(account_expire)
             .set_account_valid_from(account_valid_from)
-            .set_external_id(external_id)
             .build();
 
         let scim_entry_generic: ScimEntry = scim_sync_person.try_into().map_err(|json_err| {
@@ -678,13 +676,10 @@ fn ldap_to_scim_entry(
             .map(|set| set.into_iter().collect())
             .unwrap_or_default();
 
-        let external_id = Some(entry.dn);
-
-        let scim_sync_group = ScimSyncGroup::builder(name, id)
+        let scim_sync_group = ScimSyncGroup::builder(id, entry.dn, name)
             .set_description(description)
             .set_gidnumber(gidnumber)
             .set_members(members.into_iter())
-            .set_external_id(external_id)
             .build();
 
         let scim_entry_generic: ScimEntry = scim_sync_group.try_into().map_err(|json_err| {

From b6f63f3605a7260ccbce58a382226ba040896882 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Sat, 21 Dec 2024 15:17:12 +1000
Subject: [PATCH 30/87] kanidm-unixd example config enfixening (#3314)

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312

* fix(coverage): moving to using cargo-tarpaulin

* kanidm-unixd default config via PPA problem with version 2 on debian bookworm
Fixes #3312
---
 .gitignore                                   |   6 +-
 Makefile                                     |  31 +++------
 book/src/developers/faq.md                   |   4 ++
 build_rs_cov.profraw                         | Bin 6680 -> 0 bytes
 examples/kanidm-safe-default                 |   4 +-
 examples/unixd-safe-default                  |  16 +++--
 scripts/test_coverage.sh                     |  64 -------------------
 unix_integration/common/src/unix_config.rs   |  32 ++++++++++
 unix_integration/resolver/src/unix_config.rs |  35 ++++++++++
 9 files changed, 97 insertions(+), 95 deletions(-)
 delete mode 100644 build_rs_cov.profraw
 delete mode 100755 scripts/test_coverage.sh

diff --git a/.gitignore b/.gitignore
index 5e73cfa4e..e3f702e83 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,9 +17,12 @@ tools/orca/example_profiles/small/orca-edited.toml
 /docs/
 # webui things we don't need
 *.d.ts
-
 server/web_ui/*/pkg/*.js
 
+# coverage-related things
+*.profraw
+tarpaulin-report.html
+
 # kanidm simple packaging
 deployment-config/
 kanidm_simple_pkg/
@@ -35,6 +38,7 @@ pykanidm/site/
 # oauth2 integration test things
 scripts/oauth_proxy/client.secret
 scripts/oauth_proxy/envfile
+
 # local config things
 .envrc
 
diff --git a/Makefile b/Makefile
index f44c275bb..bff9bbef9 100644
--- a/Makefile
+++ b/Makefile
@@ -314,26 +314,15 @@ cert/clean:
 	rm -f /tmp/kanidm/ca.txt*
 	rm -f /tmp/kanidm/ca.{cnf,srl,srl.old}
 
-.PHONY: rust/coverage
-coverage/test: ## Run coverage tests
-coverage/test:
-	LLVM_PROFILE_FILE="$(PWD)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test $(TESTS)
-
-.PHONY: coverage/grcov
-coverage/grcov: ## Run grcov
-coverage/grcov:
-	rm -rf ./target/coverage/html
-	grcov . --binary-path ./target/debug/deps/ \
-		-s . \
-		-t html \
-		--branch \
-		--ignore-not-existing \
-		--ignore '../*' \
-		--ignore "/*" \
-		--ignore "target/*" \
-		-o target/coverage/html
 
 .PHONY: coverage
-coverage: ## Run all the coverage tests
-coverage: coverage/test coverage/grcov
-	echo "Coverage report is in ./target/coverage/html/index.html"
+coverage: ## Run the coverage tests using cargo-tarpaulin
+	cargo tarpaulin --out Html
+	@echo "Coverage file at file://$(PWD)/tarpaulin-report.html"
+
+
+.PHONY: coveralls
+coveralls: ## Run cargo tarpaulin and upload to coveralls
+coveralls:
+	cargo tarpaulin --coveralls $(COVERALLS_REPO_TOKEN)
+	@echo "Coveralls repo information is at https://coveralls.io/github/kanidm/kanidm"
\ No newline at end of file
diff --git a/book/src/developers/faq.md b/book/src/developers/faq.md
index ea2fab6f9..6025ac335 100644
--- a/book/src/developers/faq.md
+++ b/book/src/developers/faq.md
@@ -114,3 +114,7 @@ When a service like sudo, sshd, su, etc. wants to authenticate someone, it opens
 that service, then performs authentication according to the modules defined in the pam.d config. For
 example, if you run `ls -al /etc/pam.d /usr/etc/pam.d` in SUSE, you can see the services and their
 respective pam.d config.
+
+## Test coverage
+
+We're trying to regularly get coverage reports into [Coveralls](https://coveralls.io/github/kanidm/kanidm), you can run the local testing with `make coverage` once you've installed [cargo-tarpaulin](https://crates.io/crates/cargo-tarpaulin).
diff --git a/build_rs_cov.profraw b/build_rs_cov.profraw
deleted file mode 100644
index 75521227e58e789879b7ce2c4f14efeddd7c4715..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6680
zcmeI$c{o(-9{_NXE!#-46|$=^W52~Tmcd;6F0!QTYlw*!V;vNd-;L}MBFdVjjJ2|6
z>t0)g3Z+8!<+|PKz0Y&c^UHMp{5{Wa{&{`h^ZlIne82BG=NUurarE->cHiDZ@$Zku
zze9=yNDK|bslLs4Z)|`4i1~ldFi+dP3!3~Tru;s4EpgX)c%$XD<zewcfm+&^!2cKW
zb&48t!0QmJ^md$n?cI=zZUOAKNEYAMhot=zLa)UxCXw(2KWGR%KTOZOt>3)IP*M!|
z>Gf~*|Fa<E59s>y>1j)!n{Mj?{{W_sJ>;K;E_oUWJRYWh$a}`kX|KF+YSzi40#xJK
z7&4w7QcnSiDkR;BQV4i0G9FrgaJbSa{~zk2z$0M#?MS?LmK{o^**Qq@A@?o4fi-yj
z-%o{lRDu{K0-p)fpTLY67e_kT0PhUbV~PVw`BtH4fk(phh6PJD!CMPrA%Y*0t75Io
zR#$hfAG&{`>wVleJ7sO~b0dR6Pu!X)$gIB`vj2H4=Z6*9e0@)1Y2zi_X69d!Ss&_g
z4Wc3krlgEf0)I~EoR+}V!}R+Dc?L0!dk+OziPCW?-m1=o=@~6a?Mc=TnR$?p*5Zbw
zi-KW#DHAX2WOcu2GYk1vr0#uXJD6UnR_avQ;OjF}Dn}Alt~~a|knzyxXP1%*O}ej;
z1@Lq*{WRlcOD(}St*v<(^YfP$Cc0O4zJF*T`~R>mocB^k`)A;vk@3*$zt|ABi3tlo
z4tzXJFIQ2+9j~hP3-A^&{i0@Vu;^Pa9Ps=weM*RYj+{)|Uf`#fckUmw{wUp(rWkqI
zH^4uD>7(0Cz36Tn&jB6})7K02I2=)Gp~^uAL^E0S8Dn7jS=$Qls`KuHz|+C>e@d#H
z>BN<X0^hv^uYaf^&2ny%E>g#QO=u{(!y<`{XN26pR++qR?o{IIz*mv+(ES@_3XA5o
zta~5u)=7?i#y}<*rdLL<bg*<rY-OKJ(QqKS`DwxQ7m{Rq+qh%Vs!jJZd}mnn5imW9
zu-cSRA=nB0z#_c<kEkjiP+lPz3o$n`Rp#c=X2SIHJcLhFZI%7NJHzyN%JPURZ^Ge=
zNh4<_8oA?;Fg;_NKG7)I&=&aB&+zIe`kbwq*UO8X?Cz&nS!YkHhv`4wi3}V&$T|N>
zBquzE+VnjUrq|w6=ZWqll7KgW>7V0PaP}Lidw}PJ>61MUMk&cQ#2DPmuBlQ(HoaQd
zxqmc}=kFdZi$bf%D+KV}WIXiw3omlMCcI|L!A}gU9m!p!O@irJsz@A*wlp65uG6(;
z3C-u*!SsFZ?D@0Iem7ZOxLi44R?Hy=(?=j8Z3CR9?*KnHzjObf^|u)Gm5x=9%k;YZ
zhgB1m$6p20zwa@7((Bg90(>w`Z%z|qxc=dJcF!oo37euQUoDv4%0Ozm5lv(Q9s$$S
z=#jMetBV7pof-&Rug8oB=HT^DOHqH)Z{mGB{oLb%qRQLGnJ~S&DO!bHDBrejrSSKp
zVDkWHn7+gDI?t3z@jKv=Fn!6nP07G)&phB)Kf$Y?r{KKa&{pm&gDSfbr$vBOJsA)E
z|G_`mo~nc;y1bF&O-<DLb;2_;9{T-XWlS+wW}l*G%HtPJ1AGNF`D8r!-2l8s4n$xx
zO6{j(drR4<^PY|(@G!li*rKVZtE}=lKd)O|`fRVYV0sUqU)=?ArGHCdb~H~7tzF}U
z>2DBjPnF>8^icWF1e{uWe5XI|ynoR8sUO7i_Px}Y{G;UfXm678r7AKW`u>2%ps!#A
z$G`u)Ljm63ASO4mgA;up!S^qy18HC$tOG_c56y$lgX90JBj`8u`hPV4qr9KZhx-4=
z-#P&L2OYul2S#YW!2Jpxf0PgPKO2Md{b>Bz^FZ^!`JnUA7}^);adI*6(7Yp3_@Nk<
zg(JR_^14#bW&F<__0eCxs!*<VxU&NnC8a0Xc2q2i)>p@eP3AL&K^V(u67$wB{7_M1
zJ97vUft}>5*oQl{PSj?@`5nJoVJ~>UoI1)@3KgwU7&{<*y6bdAwM27Fplkm+-ZJ)W
z*+n^;HrKn?4*MX2#F^dkL9f^LSC0HTFe5-^&2{9}x+lfF{W~>v5ynTYjH@qLpQDG?
z(8H?BEtTR|Hyzkd(0`KIc#+VGKm}p;x{MFTaP{iiD@^CkM+G*qy>1gMG)->%6rOmP
zD!Hw8EJS>YsWP?VP3d@}Jz;LBON|?)KFpd<tjX=x!B{$qRu}p4v?YqtkL5h$tkxRY
z?{c=F^l149#w4jaqk-<n32}rE*fBj97S1cy$L!Ww4s24DF<hkCCZ(u_($;)wz@0c1
zh7b%Qe1^}|)AgyzJA{OgMUR7ppD@mP@Sx7dlK36Jj+tfV&yT%$!yci%7j^vumEzue
z7-;ZVSXA_j7z;NmaE+Z5Fz{LYtv*B&C4rR=jo%<;&oZP1$!`*PIQQhD>k7i;6LK$?
znUtltnqsVk_6=xYvDSom?bGq{fz5Yo(~2_<OtvsLK9sVe-b(cRnWeeWQeRFJyLD;w
zRKVyj`OCVykD6Ipx)Ai@lMi!vWY|`CDif>e+W)@#?yuWN-My+Qrhij4o8b%_&S28f
zs6_0#QLmXg$tFr`LNEDc$L*<6=H_x6L$;ZVzCri$e2qk8IEUrTkKGi`aZ0z@^vo7X
z4JKWXik+BM3`x?sva3tME}S=$m5I-Bz<eZHyb~oiN?DAJ7Z=A6T@}Z<qNpexGhgZO
zbf5xv2e53n&_xw4pyGA$O-9BehPubHy-NF#%~`pZOl3E)Rl+YyarL-66aFGs^?j__
zXGgoN!<IB7HnbzOSH}Zg^F;6Ci2X#G#=pzy)n;f!GE&%WYNB&nvWL4vExeKJQdwOc
z>~7|_6!}Otk@z|10Bz>AXAIJV_k=`q6dq0m9@F<ghc@J^=+{&lm{_D@4aMDhv|=Oq
z6ZH39FnP**R(g$rc$siniO@yYaFd?LVKz~e@qUIFr9B@r<8JG;LS?qZ{MC2YkNIWO
z#}4>S=Wg%6hc<QR9goHf(w=3P)Hz>kb{?70H%q6AR`;=T__%?6r2BFqUCpGQSMyCc
TwxE@3$$65)`ge})FAwEk`4IL)

diff --git a/examples/kanidm-safe-default b/examples/kanidm-safe-default
index 9a06b5c14..388d8a1c7 100644
--- a/examples/kanidm-safe-default
+++ b/examples/kanidm-safe-default
@@ -1,7 +1,7 @@
-## Kanidm minimal Service Configuration - /etc/kanidm/config
+# Kanidm minimal Service Configuration - /etc/kanidm/config
 # For a full example and documentation, see /usr/share/kanidm/kanidm
 # or `example/kanidm` in the source repository.
 
 # Replace this with your kanidmd URI and uncomment the line
-#uri = "https://idm.example.com"
+# uri = "https://idm.example.com"
 verify_ca = true
diff --git a/examples/unixd-safe-default b/examples/unixd-safe-default
index b231f4cd1..14d9daac3 100644
--- a/examples/unixd-safe-default
+++ b/examples/unixd-safe-default
@@ -1,17 +1,19 @@
-## Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
+# Kanidm Unixd minimal Service Configuration - /etc/kanidm/unixd
 # For a full example and documentation, see /usr/share/kanidm-unixd/unixd
-# or `example/unixd` in the source repository.
+# or `example/unixd` in the source repository
 
 version = '2'
 
+[kanidm]
 # default_shell = "/bin/sh"
-
 # home_attr = "uuid"
 # home_alias = "spn"
 # use_etc_skel = false
 
-
 # Defines a set of POSIX groups where membership of any of these groups
-# will be allowed to login via PAM.
-# Replace your group below and uncomment this line:
-#pam_allowed_login_groups = ["your_posix_login_group"]
+# will be allowed to login via PAM
+#
+# WITHOUT THIS SET, NOBODY WILL BE ABLE TO LOG IN VIA PAM
+#
+# Replace your group below and uncomment this line
+# pam_allowed_login_groups = ["your_posix_login_group"]
diff --git a/scripts/test_coverage.sh b/scripts/test_coverage.sh
deleted file mode 100755
index 1898ae018..000000000
--- a/scripts/test_coverage.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ "$(rustup default | grep -cE '^nightly' )" -eq 0 ]; then
-    echo "You need to switch to rust nightly!"
-    exit 1
-fi
-
-# if [ "$(which rustfilt | wc -l )" -eq 0 ]; then
-#     echo "You need to have rustfilt on the path"
-#     echo "cargo install rustfilt"
-#     exit 1
-# fi
-if [ "$(which llvm-cov | wc -l )" -eq 0 ]; then
-    echo "You need to have llvm-cov on the path"
-    exit 1
-fi
-export CARGO_INCREMENTAL=0
-
-
-export LLVM_PROFILE_FILE
-echo "Profile files going into ${LLVM_PROFILE_FILE}"
-
-echo "Running tests"
-#shellcheck disable=SC2068
-
-LLVM_PROFILE_FILE="$(pwd)/target/profile/coverage-%p-%m.profraw" RUSTFLAGS="-C instrument-coverage" cargo test
-
-grcov . --binary-path ./target/debug/deps/ \
-    -s . \
-    -t html \
-    --branch \
-    --ignore-not-existing \
-    --ignore '../*' \
-    --ignore "/*" \
-    -o target/coverage/html
-
-
-# PROFDATA="./target/profile/kanidm.profdata"
-
-# llvm-profdata merge  ./target/profile/*.profraw -o "${PROFDATA}"
-
-# llvm-cov report --ignore-filename-regex="\.cargo" \
-#     --enable-name-compression \
-#     $( \
-#       for file in \
-#         $( \
-#           RUSTFLAGS="-C instrument-coverage" \
-#             cargo test --tests --no-run --message-format=json \
-#               | jq -r "select(.profile.test == true) | .filenames[]" \
-#               | grep -v dSYM - \
-#         ); \
-#       do \
-#         printf "%s %s " -object $file; \
-#       done \
-#     ) \
-#   --instr-profile="${PROFDATA}" --summary-only
-
-# llvm-cov show -Xdemangler=rustfilt target/debug/kanidmd \
-#     -instr-profile="${PROFDATA}" \
-#     -show-line-counts-or-regions \
-#     -show-instantiations \
-#     -name-regex="kani.*"
\ No newline at end of file
diff --git a/unix_integration/common/src/unix_config.rs b/unix_integration/common/src/unix_config.rs
index 931b6d735..02a9b43b1 100644
--- a/unix_integration/common/src/unix_config.rs
+++ b/unix_integration/common/src/unix_config.rs
@@ -141,3 +141,35 @@ impl KanidmUnixdConfig {
         })
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use std::path::PathBuf;
+
+    use super::*;
+
+    #[test]
+    fn test_load_example_configs() {
+        // Test the various included configs
+
+        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
+
+        for file in PathBuf::from(&examples_dir)
+            .canonicalize()
+            .expect(&format!("Can't find examples dir at {}", examples_dir))
+            .read_dir()
+            .expect("Can't read examples dir!")
+        {
+            let file = file.unwrap();
+            let filename = file.file_name().into_string().unwrap();
+            if filename.starts_with("unixd") {
+                print!("Checking that {} parses as a valid config...", filename);
+
+                KanidmUnixdConfig::new()
+                    .read_options_from_optional_config(file.path())
+                    .expect("Failed to parse");
+                println!("OK");
+            }
+        }
+    }
+}
diff --git a/unix_integration/resolver/src/unix_config.rs b/unix_integration/resolver/src/unix_config.rs
index d25fe3338..e8a739401 100644
--- a/unix_integration/resolver/src/unix_config.rs
+++ b/unix_integration/resolver/src/unix_config.rs
@@ -501,3 +501,38 @@ impl UnixdConfig {
         })
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use std::path::PathBuf;
+
+    use super::*;
+
+    #[test]
+    fn test_load_example_configs() {
+        // Test the various included configs
+
+        let examples_dir = env!("CARGO_MANIFEST_DIR").to_string() + "/../../examples/";
+
+        for file in PathBuf::from(&examples_dir)
+            .canonicalize()
+            .expect(&format!("Can't find examples dir at {}", examples_dir))
+            .read_dir()
+            .expect("Can't read examples dir!")
+        {
+            let file = file.unwrap();
+            let filename = file.file_name().into_string().unwrap();
+            if filename.starts_with("unixd") {
+                print!("Checking that {} parses as a valid config...", filename);
+
+                UnixdConfig::new()
+                    .read_options_from_optional_config(file.path())
+                    .inspect_err(|e| {
+                        println!("Failed to parse: {:?}", e);
+                    })
+                    .expect("Failed to parse!");
+                println!("OK");
+            }
+        }
+    }
+}

From bbefb0b1b16b56a9cc638e23e85643f57e742021 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sat, 21 Dec 2024 16:45:06 +1000
Subject: [PATCH 31/87] Update to latest webauthn-rs/time (#3315)

This updates to the latest webauthn-rs release. When
updating, an issue with time was found that changes
the behaviour of it's parser for rfc3339. This also
updates our tests to accomodate that change.

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 Cargo.lock              | 801 ++++++++++++++++++++--------------------
 Cargo.toml              |  12 +-
 server/lib/src/value.rs |   5 +-
 tools/cli/Cargo.toml    |   1 +
 4 files changed, 413 insertions(+), 406 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index be390d35f..be6b1b7af 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -42,9 +42,9 @@ dependencies = [
 
 [[package]]
 name = "allocator-api2"
-version = "0.2.18"
+version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f"
+checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923"
 
 [[package]]
 name = "android-tzdata"
@@ -63,9 +63,9 @@ dependencies = [
 
 [[package]]
 name = "anstream"
-version = "0.6.17"
+version = "0.6.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23a1e53f0f5d86382dafe1cf314783b2044280f406e7e1506368220ad11b1338"
+checksum = "8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b"
 dependencies = [
  "anstyle",
  "anstyle-parse",
@@ -78,9 +78,9 @@ dependencies = [
 
 [[package]]
 name = "anstyle"
-version = "1.0.9"
+version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8365de52b16c035ff4fcafe0092ba9390540e3e352870ac09933bebcaa2c8c56"
+checksum = "55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9"
 
 [[package]]
 name = "anstyle-parse"
@@ -192,9 +192,9 @@ dependencies = [
 
 [[package]]
 name = "asn1-rs"
-version = "0.3.1"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30ff05a702273012438132f449575dbc804e27b2f3cbe3069aa237d26c98fa33"
+checksum = "5493c3bedbacf7fd7382c6346bbd66687d12bbaad3a89a2d2c303ee6cf20b048"
 dependencies = [
  "asn1-rs-derive",
  "asn1-rs-impl",
@@ -202,31 +202,31 @@ dependencies = [
  "nom",
  "num-traits",
  "rusticata-macros",
- "thiserror",
+ "thiserror 1.0.69",
  "time",
 ]
 
 [[package]]
 name = "asn1-rs-derive"
-version = "0.1.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db8b7511298d5b7784b40b092d9e9dcd3a627a5707e4b5e507931ab0d44eeebf"
+checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 1.0.109",
- "synstructure 0.12.6",
+ "syn 2.0.90",
+ "synstructure",
 ]
 
 [[package]]
 name = "asn1-rs-impl"
-version = "0.1.0"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed"
+checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 1.0.109",
+ "syn 2.0.90",
 ]
 
 [[package]]
@@ -247,9 +247,9 @@ dependencies = [
 
 [[package]]
 name = "async-compression"
-version = "0.4.17"
+version = "0.4.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0cb8f1d480b0ea3783ab015936d2a55c87e219676f0c0b7dec61494043f21857"
+checksum = "df895a515f70646414f4b45c0b79082783b80552b373a68283012928df56f522"
 dependencies = [
  "flate2",
  "futures-core",
@@ -298,21 +298,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
 
 [[package]]
-name = "authenticator-ctap2-2021"
-version = "0.3.2-dev.1"
+name = "authenticator"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d06c690e5e2800f70c0cf8773a9fe7680d66e719dae9b4cabedd13ef4885d056"
+checksum = "82d71e457dc518a15eecc90d3b0660dee4b51623b34ac4262c9326e0d7e0f8e2"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.7",
  "bitflags 1.3.2",
  "cfg-if",
- "core-foundation",
+ "core-foundation 0.9.4",
  "devd-rs",
  "libc",
  "libudev",
  "log",
  "memoffset",
- "nom",
  "openssl",
  "openssl-sys",
  "rand",
@@ -344,7 +343,7 @@ dependencies = [
  "futures-util",
  "http 0.2.12",
  "http-body 0.4.6",
- "hyper 0.14.31",
+ "hyper 0.14.32",
  "itoa",
  "matchit",
  "memchr",
@@ -373,7 +372,7 @@ dependencies = [
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "hyper-util",
  "itoa",
  "matchit",
@@ -387,7 +386,7 @@ dependencies = [
  "serde_json",
  "serde_path_to_error",
  "serde_urlencoded",
- "sync_wrapper 1.0.1",
+ "sync_wrapper 1.0.2",
  "tokio",
  "tower 0.5.2",
  "tower-layer",
@@ -427,7 +426,7 @@ dependencies = [
  "mime",
  "pin-project-lite",
  "rustversion",
- "sync_wrapper 1.0.1",
+ "sync_wrapper 1.0.2",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -495,7 +494,7 @@ dependencies = [
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "hyper-util",
  "pin-project-lite",
  "tokio",
@@ -550,20 +549,9 @@ checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
 
 [[package]]
 name = "base64urlsafedata"
-version = "0.1.3"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18b3d30abb74120a9d5267463b9e0045fdccc4dd152e7249d966612dc1721384"
-dependencies = [
- "base64 0.21.7",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "base64urlsafedata"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a56894edf5cd1efa7068d7454adeb7ce0b3da4ffa5ab08cfc06165bbc62f0c7"
+checksum = "72f0ad38ce7fbed55985ad5b2197f05cff8324ee6eb6638304e78f0108fae56c"
 dependencies = [
  "base64 0.21.7",
  "paste",
@@ -696,12 +684,12 @@ checksum = "3eeab4423108c5d7c744f4d234de88d18d636100093ae04caf4825134b9c3a32"
 
 [[package]]
 name = "bstr"
-version = "1.10.0"
+version = "1.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40723b8fb387abc38f4f4a37c09073622e41dd12327033091ef8950659e6dc0c"
+checksum = "786a307d683a5bf92e6fd5fd69a7eb613751668d1d8d67d802846dfe367c62c8"
 dependencies = [
  "memchr",
- "regex-automata 0.4.8",
+ "regex-automata 0.4.9",
  "serde",
 ]
 
@@ -719,9 +707,9 @@ checksum = "5ce89b21cab1437276d2650d57e971f9d548a2d9037cc231abdc0562b97498ce"
 
 [[package]]
 name = "bytemuck"
-version = "1.19.0"
+version = "1.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8334215b81e418a0a7bdb8ef0849474f40bb10c8b71f1c4ed315cff49f32494d"
+checksum = "ef657dfab802224e671f5818e9a4935f9b1957ed18e58292690cc39e7a4092a3"
 
 [[package]]
 name = "byteorder"
@@ -737,9 +725,9 @@ checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
 
 [[package]]
 name = "cc"
-version = "1.1.31"
+version = "1.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2e7962b54006dcfcc61cb72735f4d89bb97061dd6a7ed882ec6b8ee53714c6f"
+checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e"
 dependencies = [
  "shlex",
 ]
@@ -821,9 +809,9 @@ dependencies = [
 
 [[package]]
 name = "clap_complete"
-version = "4.5.38"
+version = "4.5.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9647a559c112175f17cf724dc72d3645680a883c58481332779192b0d8e7a01"
+checksum = "ac2e663e3e3bed2d32d065a8404024dad306e699a04263ec59919529f803aee9"
 dependencies = [
  "clap",
 ]
@@ -866,29 +854,12 @@ checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
 
 [[package]]
 name = "compact_jwt"
-version = "0.2.10"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7aa76ef19968577838a34d02848136bb9b6bdbfd7675fb968fe9c931bc434b33"
-dependencies = [
- "base64 0.13.1",
- "base64urlsafedata 0.1.3",
- "hex",
- "openssl",
- "serde",
- "serde_json",
- "tracing",
- "url",
- "uuid",
-]
-
-[[package]]
-name = "compact_jwt"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6b6493b1c78b7c33fbbb00d8d60d633439fd0c0e44826fb4834efc28121ef266"
+checksum = "12bbab6445446e8d0b07468a01d0bfdae15879de5c440c5e47ae4ae0e18a1fba"
 dependencies = [
  "base64 0.21.7",
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "hex",
  "kanidm-hsm-crypto",
  "openssl",
@@ -919,15 +890,15 @@ dependencies = [
 
 [[package]]
 name = "console"
-version = "0.15.8"
+version = "0.15.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e1f83fc076bd6dd27517eacdf25fef6c4dfe5f1d7448bafaaf3a26f13b5e4eb"
+checksum = "ea3c6ecd8059b57859df5c69830340ed3c41d30e3da0c1cbed90a96ac853041b"
 dependencies = [
  "encode_unicode",
- "lazy_static",
  "libc",
+ "once_cell",
  "unicode-width",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -959,12 +930,13 @@ dependencies = [
 
 [[package]]
 name = "cookie_store"
-version = "0.21.0"
+version = "0.21.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4934e6b7e8419148b6ef56950d277af8561060b56afd59e2aadf98b59fce6baa"
+checksum = "2eac901828f88a5241ee0600950ab981148a18f2f756900ffba1b125ca6a3ef9"
 dependencies = [
  "cookie 0.18.1",
- "idna 0.5.0",
+ "document-features",
+ "idna",
  "log",
  "publicsuffix",
  "serde",
@@ -984,6 +956,16 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "core-foundation"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.7"
@@ -992,9 +974,9 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
 
 [[package]]
 name = "cpufeatures"
-version = "0.2.14"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0"
+checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3"
 dependencies = [
  "libc",
 ]
@@ -1034,18 +1016,18 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-channel"
-version = "0.5.13"
+version = "0.5.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2"
+checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471"
 dependencies = [
  "crossbeam-utils",
 ]
 
 [[package]]
 name = "crossbeam-deque"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d"
+checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51"
 dependencies = [
  "crossbeam-epoch",
  "crossbeam-utils",
@@ -1062,18 +1044,18 @@ dependencies = [
 
 [[package]]
 name = "crossbeam-queue"
-version = "0.3.11"
+version = "0.3.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df0346b5d5e76ac2fe4e327c5fd1118d6be7c51dfb18f9b7922923f287471e35"
+checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115"
 dependencies = [
  "crossbeam-utils",
 ]
 
 [[package]]
 name = "crossbeam-utils"
-version = "0.8.20"
+version = "0.8.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80"
+checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
 
 [[package]]
 name = "crypto-common"
@@ -1224,9 +1206,9 @@ dependencies = [
 
 [[package]]
 name = "der-parser"
-version = "7.0.0"
+version = "9.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe398ac75057914d7d07307bf67dc7f3f574a26783b4fc7805a20ffa9f506e82"
+checksum = "5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553"
 dependencies = [
  "asn1-rs",
  "displaydoc",
@@ -1380,6 +1362,15 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
 
+[[package]]
+name = "document-features"
+version = "0.2.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb6969eaabd2421f8a2775cfd2471a2b634372b4a25d41e3bd647b79912850a0"
+dependencies = [
+ "litrs",
+]
+
 [[package]]
 name = "dunce"
 version = "1.0.5"
@@ -1409,9 +1400,9 @@ dependencies = [
 
 [[package]]
 name = "encode_unicode"
-version = "0.3.6"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
+checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0"
 
 [[package]]
 name = "encoding_rs"
@@ -1470,12 +1461,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
 
 [[package]]
 name = "errno"
-version = "0.3.9"
+version = "0.3.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
+checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -1519,7 +1510,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e24cb5a94bcae1e5408b0effca5cd7172ea3c5755049c5f3af4cd283a165298"
 dependencies = [
  "bit-set 0.8.0",
- "regex-automata 0.4.8",
+ "regex-automata 0.4.9",
  "regex-syntax 0.8.5",
 ]
 
@@ -1535,7 +1526,7 @@ dependencies = [
  "futures-util",
  "http 1.2.0",
  "http-body-util",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "hyper-tls",
  "hyper-util",
  "mime",
@@ -1556,9 +1547,9 @@ checksum = "a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183"
 
 [[package]]
 name = "fastrand"
-version = "2.1.1"
+version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6"
+checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
 
 [[package]]
 name = "fernet"
@@ -1608,9 +1599,9 @@ checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec"
 
 [[package]]
 name = "flate2"
-version = "1.0.34"
+version = "1.0.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1b589b4dc103969ad3cf85c950899926ec64300a1a46d76c03a6072957036f0"
+checksum = "c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
@@ -1635,9 +1626,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
 [[package]]
 name = "foldhash"
-version = "0.1.3"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f81ec6369c545a7d40e4589b5597581fa1c441fe1cce96dd1de43159910a36a2"
+checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f"
 
 [[package]]
 name = "foreign-types"
@@ -1866,7 +1857,7 @@ dependencies = [
  "gix-validate",
  "once_cell",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -1879,17 +1870,17 @@ dependencies = [
  "gix-date",
  "gix-utils",
  "itoa",
- "thiserror",
+ "thiserror 1.0.69",
  "winnow 0.6.20",
 ]
 
 [[package]]
 name = "gix-chunk"
-version = "0.4.9"
+version = "0.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c28b58ba04f0c004722344390af9dbc85888fbb84be1981afb934da4114d4cf"
+checksum = "c6ffbeb3a5c0b8b84c3fe4133a6f8c82fa962f4caefe8d0762eced025d3eb4f7"
 dependencies = [
- "thiserror",
+ "thiserror 2.0.8",
 ]
 
 [[package]]
@@ -1903,7 +1894,7 @@ dependencies = [
  "gix-features",
  "gix-hash",
  "memmap2",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -1922,22 +1913,22 @@ dependencies = [
  "memchr",
  "once_cell",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
  "unicode-bom",
  "winnow 0.6.20",
 ]
 
 [[package]]
 name = "gix-config-value"
-version = "0.14.9"
+version = "0.14.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3de3fdca9c75fa4b83a76583d265fa49b1de6b088ebcd210749c24ceeb74660"
+checksum = "49aaeef5d98390a3bcf9dbc6440b520b793d1bf3ed99317dc407b02be995b28e"
 dependencies = [
  "bitflags 2.6.0",
  "bstr",
  "gix-path",
  "libc",
- "thiserror",
+ "thiserror 2.0.8",
 ]
 
 [[package]]
@@ -1948,7 +1939,7 @@ checksum = "9eed6931f21491ee0aeb922751bd7ec97b4b2fe8fbfedcb678e2a2dce5f3b8c0"
 dependencies = [
  "bstr",
  "itoa",
- "thiserror",
+ "thiserror 1.0.69",
  "time",
 ]
 
@@ -1961,7 +1952,7 @@ dependencies = [
  "bstr",
  "gix-hash",
  "gix-object",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -1977,7 +1968,7 @@ dependencies = [
  "gix-path",
  "gix-ref",
  "gix-sec",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -1995,7 +1986,7 @@ dependencies = [
  "once_cell",
  "prodash",
  "sha1_smol",
- "thiserror",
+ "thiserror 1.0.69",
  "walkdir",
 ]
 
@@ -2029,7 +2020,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f93d7df7366121b5018f947a04d37f034717e113dcf9ccd85c34b58e57a74d5e"
 dependencies = [
  "faster-hex",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2051,7 +2042,7 @@ checksum = "e3bc7fe297f1f4614774989c00ec8b1add59571dc9b024b4c00acb7dedd4e19d"
 dependencies = [
  "gix-tempfile",
  "gix-utils",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2080,7 +2071,7 @@ dependencies = [
  "gix-validate",
  "itoa",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
  "winnow 0.6.20",
 ]
 
@@ -2101,7 +2092,7 @@ dependencies = [
  "gix-quote",
  "parking_lot",
  "tempfile",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2119,31 +2110,31 @@ dependencies = [
  "gix-path",
  "memmap2",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
 name = "gix-path"
-version = "0.10.12"
+version = "0.10.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c04e5a94fdb56b1e91eb7df2658ad16832428b8eeda24ff1a0f0288de2bce554"
+checksum = "afc292ef1a51e340aeb0e720800338c805975724c1dfbd243185452efd8645b7"
 dependencies = [
  "bstr",
  "gix-trace",
  "home",
  "once_cell",
- "thiserror",
+ "thiserror 2.0.8",
 ]
 
 [[package]]
 name = "gix-quote"
-version = "0.4.13"
+version = "0.4.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f89f9a1525dcfd9639e282ea939f5ab0d09d93cf2b90c1fc6104f1b9582a8e49"
+checksum = "64a1e282216ec2ab2816cd57e6ed88f8009e634aec47562883c05ac8a7009a63"
 dependencies = [
  "bstr",
  "gix-utils",
- "thiserror",
+ "thiserror 2.0.8",
 ]
 
 [[package]]
@@ -2163,7 +2154,7 @@ dependencies = [
  "gix-utils",
  "gix-validate",
  "memmap2",
- "thiserror",
+ "thiserror 1.0.69",
  "winnow 0.6.20",
 ]
 
@@ -2178,7 +2169,7 @@ dependencies = [
  "gix-revision",
  "gix-validate",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2192,7 +2183,7 @@ dependencies = [
  "gix-hash",
  "gix-object",
  "gix-revwalk",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2207,14 +2198,14 @@ dependencies = [
  "gix-hashtable",
  "gix-object",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
 name = "gix-sec"
-version = "0.10.9"
+version = "0.10.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2007538eda296445c07949cf04f4a767307d887184d6b3e83e2d636533ddc6e"
+checksum = "a8b876ef997a955397809a2ec398d6a45b7a55b4918f2446344330f778d14fd6"
 dependencies = [
  "bitflags 2.6.0",
  "gix-path",
@@ -2255,7 +2246,7 @@ dependencies = [
  "gix-object",
  "gix-revwalk",
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2268,7 +2259,7 @@ dependencies = [
  "gix-features",
  "gix-path",
  "home",
- "thiserror",
+ "thiserror 1.0.69",
  "url",
 ]
 
@@ -2289,7 +2280,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "82c27dd34a49b1addf193c92070bcbf3beaf6e10f16a78544de6372e146a0acf"
 dependencies = [
  "bstr",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -2310,7 +2301,7 @@ dependencies = [
  "futures-sink",
  "futures-util",
  "http 0.2.12",
- "indexmap 2.6.0",
+ "indexmap 2.7.0",
  "slab",
  "tokio",
  "tokio-util",
@@ -2319,9 +2310,9 @@ dependencies = [
 
 [[package]]
 name = "h2"
-version = "0.4.6"
+version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "524e8ac6999421f49a846c2d4411f337e53497d8ec55d67753beffa43c5d9205"
+checksum = "ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e"
 dependencies = [
  "atomic-waker",
  "bytes",
@@ -2329,7 +2320,7 @@ dependencies = [
  "futures-core",
  "futures-sink",
  "http 1.2.0",
- "indexmap 2.6.0",
+ "indexmap 2.7.0",
  "slab",
  "tokio",
  "tokio-util",
@@ -2361,9 +2352,9 @@ dependencies = [
 
 [[package]]
 name = "hashbrown"
-version = "0.15.0"
+version = "0.15.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e087f84d4f86bf4b218b927129862374b72199ae7d8657835f1e89000eea4fb"
+checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
 dependencies = [
  "allocator-api2",
  "equivalent",
@@ -2385,12 +2376,6 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
 
-[[package]]
-name = "hermit-abi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
-
 [[package]]
 name = "hex"
 version = "0.4.3"
@@ -2399,11 +2384,11 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
 [[package]]
 name = "home"
-version = "0.5.9"
+version = "0.5.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
+checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -2470,9 +2455,9 @@ dependencies = [
 
 [[package]]
 name = "http-range-header"
-version = "0.4.1"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08a397c49fec283e3d6211adbe480be95aae5f304cfb923e9970e08956d5168a"
+checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
 
 [[package]]
 name = "httparse"
@@ -2497,9 +2482,9 @@ dependencies = [
 
 [[package]]
 name = "hyper"
-version = "0.14.31"
+version = "0.14.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c08302e8fa335b151b788c775ff56e7a03ae64ff85c548ee820fecb70356e85"
+checksum = "41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7"
 dependencies = [
  "bytes",
  "futures-channel",
@@ -2521,14 +2506,14 @@ dependencies = [
 
 [[package]]
 name = "hyper"
-version = "1.5.1"
+version = "1.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97818827ef4f364230e16705d4706e2897df2bb60617d6ca15d598025a3c481f"
+checksum = "256fb8d4bd6413123cc9d91832d78325c48ff41677595be797d90f42969beae0"
 dependencies = [
  "bytes",
  "futures-channel",
  "futures-util",
- "h2 0.4.6",
+ "h2 0.4.7",
  "http 1.2.0",
  "http-body 1.0.1",
  "httparse",
@@ -2548,7 +2533,7 @@ checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
 dependencies = [
  "futures-util",
  "http 0.2.12",
- "hyper 0.14.31",
+ "hyper 0.14.32",
  "rustls 0.21.12",
  "tokio",
  "tokio-rustls 0.24.1",
@@ -2556,21 +2541,21 @@ dependencies = [
 
 [[package]]
 name = "hyper-rustls"
-version = "0.27.3"
+version = "0.27.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08afdbb5c31130e3034af566421053ab03787c640246a446327f550d11bcb333"
+checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2"
 dependencies = [
  "futures-util",
  "http 1.2.0",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "hyper-util",
  "rustls 0.23.20",
  "rustls-native-certs",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls 0.26.0",
+ "tokio-rustls 0.26.1",
  "tower-service",
- "webpki-roots 0.26.6",
+ "webpki-roots 0.26.7",
 ]
 
 [[package]]
@@ -2579,7 +2564,7 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1"
 dependencies = [
- "hyper 0.14.31",
+ "hyper 0.14.32",
  "pin-project-lite",
  "tokio",
  "tokio-io-timeout",
@@ -2593,7 +2578,7 @@ checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
 dependencies = [
  "bytes",
  "http-body-util",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "hyper-util",
  "native-tls",
  "tokio",
@@ -2612,7 +2597,7 @@ dependencies = [
  "futures-util",
  "http 1.2.0",
  "http-body 1.0.1",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "pin-project-lite",
  "socket2",
  "tokio",
@@ -2780,34 +2765,23 @@ dependencies = [
 
 [[package]]
 name = "idna"
-version = "0.3.0"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6"
+checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e"
 dependencies = [
- "unicode-bidi",
- "unicode-normalization",
+ "idna_adapter",
+ "smallvec",
+ "utf8_iter",
 ]
 
 [[package]]
-name = "idna"
-version = "0.5.0"
+name = "idna_adapter"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
-dependencies = [
- "unicode-bidi",
- "unicode-normalization",
-]
-
-[[package]]
-name = "idna"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bd69211b9b519e98303c015e21a007e293db403b6c85b9b124e133d25e242cdd"
+checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71"
 dependencies = [
  "icu_normalizer",
  "icu_properties",
- "smallvec",
- "utf8_iter",
 ]
 
 [[package]]
@@ -2851,12 +2825,12 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.6.0"
+version = "2.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da"
+checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
 dependencies = [
  "equivalent",
- "hashbrown 0.15.0",
+ "hashbrown 0.15.2",
  "serde",
 ]
 
@@ -2912,9 +2886,9 @@ dependencies = [
 
 [[package]]
 name = "itoa"
-version = "1.0.11"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
+checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
 
 [[package]]
 name = "jpeg-decoder"
@@ -2924,18 +2898,19 @@ checksum = "f5d4a7da358eff58addd2877a45865158f0d78c911d43a5784ceb7bbf52833b0"
 
 [[package]]
 name = "js-sys"
-version = "0.3.72"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9"
+checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7"
 dependencies = [
+ "once_cell",
  "wasm-bindgen",
 ]
 
 [[package]]
 name = "jsonschema"
-version = "0.26.1"
+version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "893d6229c7315763ca0df9b29ab7661ee419f286577a02847c5521b462e071af"
+checksum = "26a960f0c34d5423581d858ce94815cc11f0171b09939409097969ed269ede1b"
 dependencies = [
  "ahash",
  "base64 0.22.1",
@@ -2943,7 +2918,7 @@ dependencies = [
  "email_address",
  "fancy-regex 0.14.0",
  "fraction",
- "idna 1.0.2",
+ "idna",
  "itoa",
  "num-cmp",
  "once_cell",
@@ -3036,9 +3011,9 @@ dependencies = [
 name = "kanidm_client"
 version = "1.5.0-dev"
 dependencies = [
- "compact_jwt 0.4.2",
+ "compact_jwt",
  "http 1.2.0",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "kanidm_lib_file_permissions",
  "kanidm_proto",
  "reqwest 0.12.9",
@@ -3075,7 +3050,7 @@ version = "1.5.0-dev"
 dependencies = [
  "argon2",
  "base64 0.22.1",
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "hex",
  "kanidm-hsm-crypto",
  "kanidm_proto",
@@ -3130,7 +3105,7 @@ dependencies = [
  "anyhow",
  "clap",
  "clap_complete",
- "compact_jwt 0.4.2",
+ "compact_jwt",
  "dialoguer",
  "kanidm_build_profiles",
  "kanidm_client",
@@ -3234,12 +3209,12 @@ dependencies = [
  "axum-server",
  "bytes",
  "chrono",
- "compact_jwt 0.4.2",
+ "compact_jwt",
  "cron",
  "filetime",
  "futures",
  "futures-util",
- "hyper 1.5.1",
+ "hyper 1.5.2",
  "hyper-util",
  "kanidm_build_profiles",
  "kanidm_lib_crypto",
@@ -3279,9 +3254,9 @@ name = "kanidmd_lib"
 version = "1.5.0-dev"
 dependencies = [
  "base64 0.22.1",
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "bitflags 2.6.0",
- "compact_jwt 0.4.2",
+ "compact_jwt",
  "concread",
  "dhat",
  "dyn-clone",
@@ -3341,7 +3316,7 @@ name = "kanidmd_testkit"
 version = "1.5.0-dev"
 dependencies = [
  "assert_cmd",
- "compact_jwt 0.4.2",
+ "compact_jwt",
  "escargot",
  "fantoccini",
  "futures",
@@ -3444,7 +3419,7 @@ dependencies = [
  "nom",
  "peg",
  "serde",
- "thiserror",
+ "thiserror 1.0.69",
  "tokio-util",
  "tracing",
  "uuid",
@@ -3452,15 +3427,15 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.168"
+version = "0.2.169"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d"
+checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
 
 [[package]]
 name = "libloading"
-version = "0.8.5"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4"
+checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34"
 dependencies = [
  "cfg-if",
  "windows-targets 0.52.6",
@@ -3468,9 +3443,9 @@ dependencies = [
 
 [[package]]
 name = "libm"
-version = "0.2.8"
+version = "0.2.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058"
+checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa"
 
 [[package]]
 name = "libmimalloc-sys"
@@ -3543,9 +3518,15 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
 
 [[package]]
 name = "litemap"
-version = "0.7.3"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704"
+checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104"
+
+[[package]]
+name = "litrs"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4ce301924b7887e9d637144fdade93f9dfff9b60981d4ac161db09720d39aa5"
 
 [[package]]
 name = "lock_api"
@@ -3581,7 +3562,7 @@ version = "0.12.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38"
 dependencies = [
- "hashbrown 0.15.0",
+ "hashbrown 0.15.2",
 ]
 
 [[package]]
@@ -3631,9 +3612,9 @@ dependencies = [
 
 [[package]]
 name = "memoffset"
-version = "0.6.5"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aa361d4faea93603064a027415f07bd8e1d5c88c9fbf68bf56a285428fd79ce"
+checksum = "d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1"
 dependencies = [
  "autocfg",
 ]
@@ -3671,9 +3652,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "miniz_oxide"
-version = "0.8.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2d80299ef12ff69b16a84bb182e3b9df68b5a91574d3d4fa6e41b65deec4df1"
+checksum = "4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394"
 dependencies = [
  "adler2",
 ]
@@ -3698,11 +3679,10 @@ dependencies = [
 
 [[package]]
 name = "mio"
-version = "1.0.2"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec"
+checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
- "hermit-abi",
  "libc",
  "wasi",
  "windows-sys 0.52.0",
@@ -3737,7 +3717,7 @@ dependencies = [
  "openssl-probe",
  "openssl-sys",
  "schannel",
- "security-framework",
+ "security-framework 2.11.1",
  "security-framework-sys",
  "tempfile",
 ]
@@ -3979,7 +3959,7 @@ dependencies = [
  "serde_json",
  "serde_path_to_error",
  "sha2",
- "thiserror",
+ "thiserror 1.0.69",
  "url",
 ]
 
@@ -4003,9 +3983,9 @@ dependencies = [
 
 [[package]]
 name = "oid-registry"
-version = "0.4.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38e20717fa0541f39bd146692035c37bedfa532b3e5071b35761082407546b2a"
+checksum = "a8d8034d9489cdaf79228eb9f6a3b8d7bb32ba00d6645ebd48eef4077ceb5bd9"
 dependencies = [
  "asn1-rs",
 ]
@@ -4098,7 +4078,7 @@ dependencies = [
  "opentelemetry_sdk",
  "prost",
  "serde",
- "thiserror",
+ "thiserror 1.0.69",
  "tokio",
  "tonic",
 ]
@@ -4136,7 +4116,7 @@ dependencies = [
  "js-sys",
  "once_cell",
  "pin-project-lite",
- "thiserror",
+ "thiserror 1.0.69",
  "urlencoding",
 ]
 
@@ -4158,7 +4138,7 @@ dependencies = [
  "rand",
  "regex",
  "serde_json",
- "thiserror",
+ "thiserror 1.0.69",
  "tokio",
  "tokio-stream",
 ]
@@ -4316,7 +4296,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
 dependencies = [
  "fixedbitset",
- "indexmap 2.6.0",
+ "indexmap 2.7.0",
  "serde",
  "serde_derive",
 ]
@@ -4421,9 +4401,9 @@ dependencies = [
 
 [[package]]
 name = "predicates"
-version = "3.1.2"
+version = "3.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e9086cc7640c29a356d1a29fd134380bee9d8f79a17410aa76e7ad295f42c97"
+checksum = "a5d19ee57562043d37e82899fade9a22ebab7be9cef5026b07fda9cdd4293573"
 dependencies = [
  "anstyle",
  "difflib",
@@ -4432,15 +4412,15 @@ dependencies = [
 
 [[package]]
 name = "predicates-core"
-version = "1.0.8"
+version = "1.0.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae8177bee8e75d6846599c6b9ff679ed51e882816914eec639944d7c9aa11931"
+checksum = "727e462b119fe9c93fd0eb1429a5f7647394014cf3c04ab2c0350eeb09095ffa"
 
 [[package]]
 name = "predicates-tree"
-version = "1.0.11"
+version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41b740d195ed3166cd147c8047ec98db0e22ec019eb8eeb76d343b795304fb13"
+checksum = "72dd2d6d381dfb73a193c7fca536518d7caee39fc8503f74e7dc0be0531b425c"
 dependencies = [
  "predicates-core",
  "termtree",
@@ -4536,11 +4516,11 @@ checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
 
 [[package]]
 name = "publicsuffix"
-version = "2.2.3"
+version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96a8c1bda5ae1af7f99a2962e49df150414a43d62404644d98dd5c3a93d07457"
+checksum = "6f42ea446cab60335f76979ec15e12619a2165b5ae2c12166bef27d283a9fadf"
 dependencies = [
- "idna 0.3.0",
+ "idna",
  "psl-types",
 ]
 
@@ -4562,45 +4542,49 @@ checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
 
 [[package]]
 name = "quinn"
-version = "0.11.5"
+version = "0.11.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c7c5fdde3cdae7203427dc4f0a68fe0ed09833edc525a03456b153b79828684"
+checksum = "62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef"
 dependencies = [
  "bytes",
  "pin-project-lite",
  "quinn-proto",
  "quinn-udp",
- "rustc-hash 2.0.0",
+ "rustc-hash 2.1.0",
  "rustls 0.23.20",
  "socket2",
- "thiserror",
+ "thiserror 2.0.8",
  "tokio",
  "tracing",
 ]
 
 [[package]]
 name = "quinn-proto"
-version = "0.11.8"
+version = "0.11.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fadfaed2cd7f389d0161bb73eeb07b7b78f8691047a6f3e73caaeae55310a4a6"
+checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d"
 dependencies = [
  "bytes",
+ "getrandom",
  "rand",
  "ring",
- "rustc-hash 2.0.0",
+ "rustc-hash 2.1.0",
  "rustls 0.23.20",
+ "rustls-pki-types",
  "slab",
- "thiserror",
+ "thiserror 2.0.8",
  "tinyvec",
  "tracing",
+ "web-time",
 ]
 
 [[package]]
 name = "quinn-udp"
-version = "0.5.5"
+version = "0.5.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fe68c2e9e1a1234e218683dbdf9f9dfcb094113c5ac2b938dfcb9bab4c4140b"
+checksum = "1c40286217b4ba3a71d644d752e6a0b71f13f1b6a2c5311acfcbe0c2418ed904"
 dependencies = [
+ "cfg_aliases",
  "libc",
  "once_cell",
  "socket2",
@@ -4649,9 +4633,9 @@ dependencies = [
 
 [[package]]
 name = "redox_syscall"
-version = "0.5.7"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f"
+checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
 dependencies = [
  "bitflags 2.6.0",
 ]
@@ -4664,7 +4648,7 @@ checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43"
 dependencies = [
  "getrandom",
  "libredox",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
@@ -4695,9 +4679,9 @@ checksum = "5daffa8f5ca827e146485577fa9dba9bd9c6921e06e954ab8f6408c10f753086"
 
 [[package]]
 name = "referencing"
-version = "0.26.1"
+version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb853437e467c693ac1dc8c1520105a31b8c2588544ff2f3cfa5a7c706c6c069"
+checksum = "fb8e15af8558cb157432dd3d88c1d1e982d0a5755cf80ce593b6499260aebc49"
 dependencies = [
  "ahash",
  "fluent-uri",
@@ -4714,7 +4698,7 @@ checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191"
 dependencies = [
  "aho-corasick",
  "memchr",
- "regex-automata 0.4.8",
+ "regex-automata 0.4.9",
  "regex-syntax 0.8.5",
 ]
 
@@ -4729,9 +4713,9 @@ dependencies = [
 
 [[package]]
 name = "regex-automata"
-version = "0.4.8"
+version = "0.4.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "368758f23274712b504848e9d5a6f010445cc8b87a7cdb4d7cbee666c1288da3"
+checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -4764,7 +4748,7 @@ dependencies = [
  "h2 0.3.26",
  "http 0.2.12",
  "http-body 0.4.6",
- "hyper 0.14.31",
+ "hyper 0.14.32",
  "hyper-rustls 0.24.2",
  "ipnet",
  "js-sys",
@@ -4805,12 +4789,12 @@ dependencies = [
  "futures-channel",
  "futures-core",
  "futures-util",
- "h2 0.4.6",
+ "h2 0.4.7",
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.1",
- "hyper-rustls 0.27.3",
+ "hyper 1.5.2",
+ "hyper-rustls 0.27.5",
  "hyper-util",
  "ipnet",
  "js-sys",
@@ -4828,16 +4812,16 @@ dependencies = [
  "serde",
  "serde_json",
  "serde_urlencoded",
- "sync_wrapper 1.0.1",
+ "sync_wrapper 1.0.2",
  "tokio",
- "tokio-rustls 0.26.0",
+ "tokio-rustls 0.26.1",
  "tokio-util",
  "tower-service",
  "url",
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
- "webpki-roots 0.26.6",
+ "webpki-roots 0.26.7",
  "windows-registry",
 ]
 
@@ -4943,9 +4927,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
 
 [[package]]
 name = "rustc-hash"
-version = "2.0.0"
+version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "583034fd73374156e66797ed8e5b0d5690409c9226b22d87cb7f19821c05d152"
+checksum = "c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497"
 
 [[package]]
 name = "rusticata-macros"
@@ -4958,15 +4942,15 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.40"
+version = "0.38.42"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "99e4ea3e1cdc4b559b8e5650f9c8e5998e3e5c1343b4eaf034565f32318d63c0"
+checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85"
 dependencies = [
  "bitflags 2.6.0",
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4997,15 +4981,14 @@ dependencies = [
 
 [[package]]
 name = "rustls-native-certs"
-version = "0.8.0"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fcaf18a4f2be7326cd874a5fa579fae794320a0f388d365dca7e480e55f83f8a"
+checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3"
 dependencies = [
  "openssl-probe",
- "rustls-pemfile 2.2.0",
  "rustls-pki-types",
  "schannel",
- "security-framework",
+ "security-framework 3.1.0",
 ]
 
 [[package]]
@@ -5028,9 +5011,12 @@ dependencies = [
 
 [[package]]
 name = "rustls-pki-types"
-version = "1.10.0"
+version = "1.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b"
+checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37"
+dependencies = [
+ "web-time",
+]
 
 [[package]]
 name = "rustls-webpki"
@@ -5076,9 +5062,9 @@ dependencies = [
 
 [[package]]
 name = "schannel"
-version = "0.1.26"
+version = "0.1.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01227be5826fa0690321a2ba6c5cd57a19cf3f6a09e76973b58e61de6ab9d1c1"
+checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
 dependencies = [
  "windows-sys 0.59.0",
 ]
@@ -5087,7 +5073,7 @@ dependencies = [
 name = "scim_proto"
 version = "1.5.0-dev"
 dependencies = [
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "peg",
  "serde",
  "serde_json",
@@ -5129,7 +5115,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
 dependencies = [
  "bitflags 2.6.0",
- "core-foundation",
+ "core-foundation 0.9.4",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81d3f8c9bfcc3cbb6b0179eb57042d75b1582bdc65c3cb95f3fa999509c03cbc"
+dependencies = [
+ "bitflags 2.6.0",
+ "core-foundation 0.10.0",
  "core-foundation-sys",
  "libc",
  "security-framework-sys",
@@ -5137,9 +5136,9 @@ dependencies = [
 
 [[package]]
 name = "security-framework-sys"
-version = "2.12.0"
+version = "2.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea4a292869320c0272d7bc55a5a6aafaff59b4f63404a003887b679a2e05b4b6"
+checksum = "1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5"
 dependencies = [
  "core-foundation-sys",
  "libc",
@@ -5156,14 +5155,14 @@ dependencies = [
  "once_cell",
  "reference-counted-singleton",
  "selinux-sys",
- "thiserror",
+ "thiserror 1.0.69",
 ]
 
 [[package]]
 name = "selinux-sys"
-version = "0.6.12"
+version = "0.6.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d557667087c5b4791e180b80979cd1a92fdb9bfd92cfd4b9ab199c4d7402423"
+checksum = "e5e6e2b8e07a8ff45c90f8e3611bf10c4da7a28d73a26f9ede04f927da234f52"
 dependencies = [
  "bindgen 0.70.1",
  "cc",
@@ -5173,9 +5172,9 @@ dependencies = [
 
 [[package]]
 name = "semver"
-version = "1.0.23"
+version = "1.0.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b"
+checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
 
 [[package]]
 name = "serde"
@@ -5270,7 +5269,7 @@ dependencies = [
  "chrono",
  "hex",
  "indexmap 1.9.3",
- "indexmap 2.6.0",
+ "indexmap 2.7.0",
  "serde",
  "serde_derive",
  "serde_json",
@@ -5415,9 +5414,9 @@ dependencies = [
 
 [[package]]
 name = "socket2"
-version = "0.5.7"
+version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c"
+checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8"
 dependencies = [
  "libc",
  "windows-sys 0.52.0",
@@ -5452,7 +5451,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34285eaade87ba166c4f17c0ae1e35d52659507db81888beae277e962b9e5a02"
 dependencies = [
  "base64 0.21.7",
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "nom",
  "openssl",
  "serde",
@@ -5541,25 +5540,13 @@ checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160"
 
 [[package]]
 name = "sync_wrapper"
-version = "1.0.1"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394"
+checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
 dependencies = [
  "futures-core",
 ]
 
-[[package]]
-name = "synstructure"
-version = "0.12.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 1.0.109",
- "unicode-xid",
-]
-
 [[package]]
 name = "synstructure"
 version = "0.13.1"
@@ -5578,7 +5565,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7"
 dependencies = [
  "bitflags 1.3.2",
- "core-foundation",
+ "core-foundation 0.9.4",
  "system-configuration-sys",
 ]
 
@@ -5613,9 +5600,9 @@ dependencies = [
 
 [[package]]
 name = "termtree"
-version = "0.4.1"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3369f5ac52d5eb6ab48c6b4ffdc8efbcad6b89c765749064ba298f2c68a16a76"
+checksum = "8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683"
 
 [[package]]
 name = "testkit-macros"
@@ -5628,18 +5615,38 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "1.0.65"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
 dependencies = [
- "thiserror-impl",
+ "thiserror-impl 1.0.69",
+]
+
+[[package]]
+name = "thiserror"
+version = "2.0.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08f5383f3e0071702bf93ab5ee99b52d26936be9dedd9413067cbdcddcb6141a"
+dependencies = [
+ "thiserror-impl 2.0.8",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.65"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae71770322cbd277e69d762a16c444af02aa0575ac0d174f0b9562d3b37f8602"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.90",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "2.0.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5664,9 +5671,9 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.36"
+version = "0.3.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885"
+checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21"
 dependencies = [
  "deranged",
  "itoa",
@@ -5687,9 +5694,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
 
 [[package]]
 name = "time-macros"
-version = "0.2.18"
+version = "0.2.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
+checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de"
 dependencies = [
  "num-conv",
  "time-core",
@@ -5707,9 +5714,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec"
-version = "1.8.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938"
+checksum = "022db8904dfa342efe721985167e9fcd16c29b226db4397ed752a761cfce81e8"
 dependencies = [
  "tinyvec_macros",
 ]
@@ -5750,7 +5757,7 @@ dependencies = [
  "backtrace",
  "bytes",
  "libc",
- "mio 1.0.2",
+ "mio 1.0.3",
  "parking_lot",
  "pin-project-lite",
  "signal-hook-registry",
@@ -5813,20 +5820,19 @@ dependencies = [
 
 [[package]]
 name = "tokio-rustls"
-version = "0.26.0"
+version = "0.26.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4"
+checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37"
 dependencies = [
  "rustls 0.23.20",
- "rustls-pki-types",
  "tokio",
 ]
 
 [[package]]
 name = "tokio-stream"
-version = "0.1.16"
+version = "0.1.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f4e6ce100d0eb49a2734f8c0812bcd324cf357d21810932c5df6b96ef2b86f1"
+checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047"
 dependencies = [
  "futures-core",
  "pin-project-lite",
@@ -5868,7 +5874,7 @@ version = "0.19.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421"
 dependencies = [
- "indexmap 2.6.0",
+ "indexmap 2.7.0",
  "toml_datetime",
  "winnow 0.5.40",
 ]
@@ -5888,7 +5894,7 @@ dependencies = [
  "h2 0.3.26",
  "http 0.2.12",
  "http-body 0.4.6",
- "hyper 0.14.31",
+ "hyper 0.14.32",
  "hyper-timeout",
  "percent-encoding",
  "pin-project",
@@ -5930,7 +5936,7 @@ dependencies = [
  "futures-core",
  "futures-util",
  "pin-project-lite",
- "sync_wrapper 1.0.1",
+ "sync_wrapper 1.0.2",
  "tokio",
  "tokio-stream",
  "tower-layer",
@@ -6018,7 +6024,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee40835db14ddd1e3ba414292272eddde9dad04d3d4b65509656414d1c42592f"
 dependencies = [
  "smallvec",
- "thiserror",
+ "thiserror 1.0.69",
  "tokio",
  "tracing",
  "tracing-subscriber",
@@ -6135,12 +6141,6 @@ version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7e51b68083f157f853b6379db119d1c1be0e6e4dec98101079dec41f6f5cf6df"
 
-[[package]]
-name = "unicode-bidi"
-version = "0.3.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ab17db44d7388991a428b2ee655ce0c212e862eff1768a455c58f9aad6e7893"
-
 [[package]]
 name = "unicode-bom"
 version = "2.0.3"
@@ -6149,9 +6149,9 @@ checksum = "7eec5d1121208364f6793f7d2e222bf75a915c19557537745b195b253dd64217"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.13"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe"
+checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83"
 
 [[package]]
 name = "unicode-normalization"
@@ -6170,15 +6170,9 @@ checksum = "f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493"
 
 [[package]]
 name = "unicode-width"
-version = "0.1.14"
+version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
-
-[[package]]
-name = "unicode-xid"
-version = "0.2.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
+checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd"
 
 [[package]]
 name = "untrusted"
@@ -6188,12 +6182,12 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
 [[package]]
 name = "url"
-version = "2.5.2"
+version = "2.5.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c"
+checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60"
 dependencies = [
  "form_urlencoded",
- "idna 0.5.0",
+ "idna",
  "percent-encoding",
  "serde",
 ]
@@ -6228,7 +6222,7 @@ version = "4.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23"
 dependencies = [
- "indexmap 2.6.0",
+ "indexmap 2.7.0",
  "serde",
  "serde_json",
  "utoipa-gen",
@@ -6352,9 +6346,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.95"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e"
+checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396"
 dependencies = [
  "cfg-if",
  "once_cell",
@@ -6363,13 +6357,12 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.95"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358"
+checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
 dependencies = [
  "bumpalo",
  "log",
- "once_cell",
  "proc-macro2",
  "quote",
  "syn 2.0.90",
@@ -6378,21 +6371,22 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.45"
+version = "0.4.49"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc7ec4f8827a71586374db3e87abdb5a2bb3a15afed140221307c3ec06b1f63b"
+checksum = "38176d9b44ea84e9184eff0bc34cc167ed044f816accfe5922e54d84cf48eca2"
 dependencies = [
  "cfg-if",
  "js-sys",
+ "once_cell",
  "wasm-bindgen",
  "web-sys",
 ]
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.95"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56"
+checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -6400,9 +6394,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.95"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68"
+checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -6413,15 +6407,25 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.95"
+version = "0.2.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d"
+checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6"
 
 [[package]]
 name = "web-sys"
-version = "0.3.72"
+version = "0.3.76"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6488b90108c040df0fe62fa815cbdee25124641df01814dd7282749234c6112"
+checksum = "04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "web-time"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -6429,11 +6433,11 @@ dependencies = [
 
 [[package]]
 name = "webauthn-attestation-ca"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b0f2ebaf5650ca15b515a761f31ed6477fa2312491cf632a71102ac22b82784"
+checksum = "29e77e8859ecb93b00e4a8e56ae45f8a8dd69b1539e3d32cf4cce1db9a3a0b99"
 dependencies = [
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "openssl",
  "serde",
  "tracing",
@@ -6442,15 +6446,15 @@ dependencies = [
 
 [[package]]
 name = "webauthn-authenticator-rs"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c0200dacdf1e6f9e48c6d6671de3d001b0ccd30ac21df115bcc07de2ed12bef"
+checksum = "1bc2f8b61965979d9dd561dc8288a89e01ecf224179b40d5d496141225b540b4"
 dependencies = [
  "async-stream",
  "async-trait",
- "authenticator-ctap2-2021",
+ "authenticator",
  "base64 0.21.7",
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "bitflags 1.3.2",
  "futures",
  "hex",
@@ -6476,11 +6480,11 @@ dependencies = [
 
 [[package]]
 name = "webauthn-rs"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb9d7cdc9ec26e3e06f7e8ee1433e6fa3627c6c075ab3effbc3a2280c2f526c0"
+checksum = "8b44347ee0d66f222043663a6aaf5ec78022b9b11c3a9ed488c21f2bd5680856"
 dependencies = [
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "serde",
  "tracing",
  "url",
@@ -6490,13 +6494,13 @@ dependencies = [
 
 [[package]]
 name = "webauthn-rs-core"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf1ee1dc7f4138b8fd05a74a6eae93ddaf504c5a60861f1eb95d9de3172900b3"
+checksum = "2ef48f07ed8f3dfe304d6c48e85317feba0439675f31a13063b2936c9b4eaf0d"
 dependencies = [
  "base64 0.21.7",
- "base64urlsafedata 0.5.0",
- "compact_jwt 0.2.10",
+ "base64urlsafedata",
+ "compact_jwt",
  "der-parser",
  "hex",
  "nom",
@@ -6506,7 +6510,7 @@ dependencies = [
  "serde",
  "serde_cbor_2",
  "serde_json",
- "thiserror",
+ "thiserror 1.0.69",
  "tracing",
  "url",
  "uuid",
@@ -6517,12 +6521,12 @@ dependencies = [
 
 [[package]]
 name = "webauthn-rs-proto"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f1c6dc254607f48eec3bdb35b86b377202436859ca1e4c9290afafd7349dcc3"
+checksum = "14e1367f70e7dc7b83afc971ce8a54d578f4fdf488ea093021180e073744a69f"
 dependencies = [
  "base64 0.21.7",
- "base64urlsafedata 0.5.0",
+ "base64urlsafedata",
  "serde",
  "serde_json",
  "url",
@@ -6542,7 +6546,7 @@ dependencies = [
  "serde",
  "serde_derive",
  "serde_json",
- "thiserror",
+ "thiserror 1.0.69",
  "time",
  "unicode-segmentation",
  "url",
@@ -6556,9 +6560,9 @@ checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
 
 [[package]]
 name = "webpki-roots"
-version = "0.26.6"
+version = "0.26.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "841c67bff177718f1d4dfefde8d8f0e78f9b6589319ba88312f567fc5841a958"
+checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e"
 dependencies = [
  "rustls-pki-types",
 ]
@@ -6921,27 +6925,26 @@ dependencies = [
 
 [[package]]
 name = "x509-parser"
-version = "0.13.2"
+version = "0.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9fb9bace5b5589ffead1afb76e43e34cff39cd0f3ce7e170ae0c29e53b88eb1c"
+checksum = "fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69"
 dependencies = [
  "asn1-rs",
- "base64 0.13.1",
  "data-encoding",
  "der-parser",
  "lazy_static",
  "nom",
  "oid-registry",
  "rusticata-macros",
- "thiserror",
+ "thiserror 1.0.69",
  "time",
 ]
 
 [[package]]
 name = "yoke"
-version = "0.7.4"
+version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c5b1314b079b0930c31e3af543d8ee1757b1951ae1e1565ec704403a7240ca5"
+checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40"
 dependencies = [
  "serde",
  "stable_deref_trait",
@@ -6951,14 +6954,14 @@ dependencies = [
 
 [[package]]
 name = "yoke-derive"
-version = "0.7.4"
+version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95"
+checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn 2.0.90",
- "synstructure 0.13.1",
+ "synstructure",
 ]
 
 [[package]]
@@ -6984,23 +6987,23 @@ dependencies = [
 
 [[package]]
 name = "zerofrom"
-version = "0.1.4"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55"
+checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e"
 dependencies = [
  "zerofrom-derive",
 ]
 
 [[package]]
 name = "zerofrom-derive"
-version = "0.1.4"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5"
+checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn 2.0.90",
- "synstructure 0.13.1",
+ "synstructure",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index f3086d524..d35acac92 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -154,7 +154,7 @@ axum = { version = "0.7.9", features = [
 axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
 base32 = "^0.5.1"
 base64 = "^0.22.1"
-base64urlsafedata = "0.5.0"
+base64urlsafedata = "0.5.1"
 bitflags = "^2.6.0"
 bytes = "^1.9.0"
 clap = { version = "^4.5.23", features = ["derive", "env"] }
@@ -261,7 +261,7 @@ svg = "0.13.1"
 syn = { version = "2.0.90", features = ["full"] }
 tempfile = "3.14.0"
 testkit-macros = { path = "./server/testkit-macros" }
-time = { version = "^0.3.34", features = ["formatting", "local-offset"] }
+time = { version = "^0.3.36", features = ["formatting", "local-offset"] }
 
 tokio = "^1.42.0"
 tokio-openssl = "^0.6.5"
@@ -281,13 +281,13 @@ utoipa = { version = "4.2.0", features = ["url", "uuid"] }
 utoipa-swagger-ui = "6.0.0"
 uuid = "^1.11.0"
 
-webauthn-authenticator-rs = { version = "0.5.0", features = [
+webauthn-authenticator-rs = { version = "0.5.1", features = [
     "softpasskey",
     "softtoken",
 ] }
-webauthn-rs = { version = "0.5.0", features = ["preview-features"] }
-webauthn-rs-core = "0.5.0"
-webauthn-rs-proto = "0.5.0"
+webauthn-rs = { version = "0.5.1", features = ["preview-features"] }
+webauthn-rs-core = "0.5.1"
+webauthn-rs-proto = "0.5.1"
 
 whoami = "^1.5.2"
 walkdir = "2"
diff --git a/server/lib/src/value.rs b/server/lib/src/value.rs
index 3bde2cdd7..08f6148de 100644
--- a/server/lib/src/value.rs
+++ b/server/lib/src/value.rs
@@ -2409,10 +2409,13 @@ mod tests {
         assert!(val1.validate());
         let val2 = Value::new_datetime_s("2020-09-25T01:22:02+00:00").expect("Must be valid");
         assert!(val2.validate());
+        // Spaces are now valid in rfc3339 for parsing.
+        let val3 = Value::new_datetime_s("2020-09-25 01:22:02+00:00").expect("Must be valid");
+        assert!(val3.validate());
+
         assert!(Value::new_datetime_s("2020-09-25T01:22:02").is_none());
         assert!(Value::new_datetime_s("2020-09-25").is_none());
         assert!(Value::new_datetime_s("2020-09-25T01:22:02+10").is_none());
-        assert!(Value::new_datetime_s("2020-09-25 01:22:02+00:00").is_none());
 
         // Manually craft
         let inv1 = Value::DateTime(
diff --git a/tools/cli/Cargo.toml b/tools/cli/Cargo.toml
index 58a0b5128..e0acdd794 100644
--- a/tools/cli/Cargo.toml
+++ b/tools/cli/Cargo.toml
@@ -87,6 +87,7 @@ features = ["u2fhid"]
 [target."cfg(target_os = \"macos\")".dependencies.webauthn-authenticator-rs]
 workspace = true
 features = ["mozilla"]
+# features = ["u2fhid"]
 
 [target."cfg(target_os = \"freebsd\")".dependencies.webauthn-authenticator-rs]
 workspace = true

From c4441c1fca4f5a98db5827b4f1fd9a1ddfbaf256 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sat, 21 Dec 2024 17:08:39 +1000
Subject: [PATCH 32/87] nss/pam resolver should reauth faster (#3309)

This can have visible impacts on accounts that don't have a pam password
cached yet, but then appear to "stall" for a minute or two until it works
due to the fact that the provider was offline and waiting to reauth.

When we are still connected but our provider auth session has expired
we should reconnect faster. This reduces the timeout for reauthentication
for the provider so that it can return to the online state sooner. We
also loop when we detect the provider session is no longer authenticated
so that we can reauth immediately, rather than causing a noticable
interuption.
---
 .../resolver/src/idprovider/kanidm.rs         | 45 ++++++++++++-------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/unix_integration/resolver/src/idprovider/kanidm.rs b/unix_integration/resolver/src/idprovider/kanidm.rs
index b72fd289b..d0a6a8159 100644
--- a/unix_integration/resolver/src/idprovider/kanidm.rs
+++ b/unix_integration/resolver/src/idprovider/kanidm.rs
@@ -23,6 +23,7 @@ use kanidm_unix_common::unix_proto::PamAuthRequest;
 const KANIDM_HMAC_KEY: &str = "kanidm-hmac-key";
 const KANIDM_PWV1_KEY: &str = "kanidm-pw-v1";
 
+// If the provider is offline, we need to backoff and wait a bit.
 const OFFLINE_NEXT_CHECK: Duration = Duration::from_secs(60);
 
 #[derive(Debug, Clone)]
@@ -243,6 +244,7 @@ impl UserToken {
 }
 
 impl KanidmProviderInternal {
+    #[instrument(level = "debug", skip_all)]
     async fn check_online(&mut self, tpm: &mut tpm::BoxedDynTpm, now: SystemTime) -> bool {
         match self.state {
             // Proceed
@@ -255,23 +257,35 @@ impl KanidmProviderInternal {
         }
     }
 
+    #[instrument(level = "debug", skip_all)]
     async fn attempt_online(&mut self, _tpm: &mut tpm::BoxedDynTpm, now: SystemTime) -> bool {
-        match self.client.auth_anonymous().await {
-            Ok(_uat) => {
-                self.state = CacheState::Online;
-                true
-            }
-            Err(ClientError::Transport(err)) => {
-                warn!(?err, "transport failure");
-                self.state = CacheState::OfflineNextCheck(now + OFFLINE_NEXT_CHECK);
-                false
-            }
-            Err(err) => {
-                error!(?err, "Provider authentication failed");
-                self.state = CacheState::OfflineNextCheck(now + OFFLINE_NEXT_CHECK);
-                false
+        let mut max_attempts = 3;
+        while max_attempts > 0 {
+            max_attempts -= 1;
+            match self.client.auth_anonymous().await {
+                Ok(_uat) => {
+                    debug!("provider is now online");
+                    self.state = CacheState::Online;
+                    return true;
+                }
+                Err(ClientError::Http(StatusCode::UNAUTHORIZED, reason, opid)) => {
+                    error!(?reason, ?opid, "Provider authentication returned unauthorized, {max_attempts} attempts remaining.");
+                    // Provider needs to re-auth ASAP. We set this state value here
+                    // so that if we exceed max attempts, the next caller knows to check
+                    // online immediately.
+                    self.state = CacheState::OfflineNextCheck(now);
+                    // attempt again immediately!!!!
+                    continue;
+                }
+                Err(err) => {
+                    error!(?err, "Provider online failed");
+                    self.state = CacheState::OfflineNextCheck(now + OFFLINE_NEXT_CHECK);
+                    return false;
+                }
             }
         }
+        warn!("Exceeded maximum number of attempts to bring provider online");
+        return false;
     }
 }
 
@@ -351,7 +365,8 @@ impl IdProvider for KanidmProvider {
                         e, opid
                     ),
                 };
-                inner.state = CacheState::OfflineNextCheck(now + OFFLINE_NEXT_CHECK);
+                // Provider needs to re-auth ASAP
+                inner.state = CacheState::OfflineNextCheck(now);
                 Ok(UserTokenState::UseCached)
             }
             // 404 / Removed.

From 4113c291ed8e2993364a18d49dfa95998190eddc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Dec 2024 10:02:30 +1000
Subject: [PATCH 33/87] Bump the all group in /pykanidm with 7 updates (#3316)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pook
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 494 ++++++++++++++++++++--------------------
 pykanidm/pyproject.toml |   8 +-
 2 files changed, 251 insertions(+), 251 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 6f8caf724..2842fc808 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -13,87 +13,87 @@ files = [
 
 [[package]]
 name = "aiohttp"
-version = "3.11.10"
+version = "3.11.11"
 description = "Async http client/server framework (asyncio)"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "aiohttp-3.11.10-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"},
-    {file = "aiohttp-3.11.10-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:80886dac673ceaef499de2f393fc80bb4481a129e6cb29e624a12e3296cc088f"},
-    {file = "aiohttp-3.11.10-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:61b9bae80ed1f338c42f57c16918853dc51775fb5cb61da70d590de14d8b5fb4"},
-    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9e2e576caec5c6a6b93f41626c9c02fc87cd91538b81a3670b2e04452a63def6"},
-    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:02c13415b5732fb6ee7ff64583a5e6ed1c57aa68f17d2bda79c04888dfdc2769"},
-    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4cfce37f31f20800a6a6620ce2cdd6737b82e42e06e6e9bd1b36f546feb3c44f"},
-    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3bbbfff4c679c64e6e23cb213f57cc2c9165c9a65d63717108a644eb5a7398df"},
-    {file = "aiohttp-3.11.10-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:49c7dbbc1a559ae14fc48387a115b7d4bbc84b4a2c3b9299c31696953c2a5219"},
-    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:68386d78743e6570f054fe7949d6cb37ef2b672b4d3405ce91fafa996f7d9b4d"},
-    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:9ef405356ba989fb57f84cac66f7b0260772836191ccefbb987f414bcd2979d9"},
-    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:5d6958671b296febe7f5f859bea581a21c1d05430d1bbdcf2b393599b1cdce77"},
-    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:99b7920e7165be5a9e9a3a7f1b680f06f68ff0d0328ff4079e5163990d046767"},
-    {file = "aiohttp-3.11.10-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0dc49f42422163efb7e6f1df2636fe3db72713f6cd94688e339dbe33fe06d61d"},
-    {file = "aiohttp-3.11.10-cp310-cp310-win32.whl", hash = "sha256:40d1c7a7f750b5648642586ba7206999650208dbe5afbcc5284bcec6579c9b91"},
-    {file = "aiohttp-3.11.10-cp310-cp310-win_amd64.whl", hash = "sha256:68ff6f48b51bd78ea92b31079817aff539f6c8fc80b6b8d6ca347d7c02384e33"},
-    {file = "aiohttp-3.11.10-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:77c4aa15a89847b9891abf97f3d4048f3c2d667e00f8a623c89ad2dccee6771b"},
-    {file = "aiohttp-3.11.10-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:909af95a72cedbefe5596f0bdf3055740f96c1a4baa0dd11fd74ca4de0b4e3f1"},
-    {file = "aiohttp-3.11.10-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:386fbe79863eb564e9f3615b959e28b222259da0c48fd1be5929ac838bc65683"},
-    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3de34936eb1a647aa919655ff8d38b618e9f6b7f250cc19a57a4bf7fd2062b6d"},
-    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:0c9527819b29cd2b9f52033e7fb9ff08073df49b4799c89cb5754624ecd98299"},
-    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:65a96e3e03300b41f261bbfd40dfdbf1c301e87eab7cd61c054b1f2e7c89b9e8"},
-    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:98f5635f7b74bcd4f6f72fcd85bea2154b323a9f05226a80bc7398d0c90763b0"},
-    {file = "aiohttp-3.11.10-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:03b6002e20938fc6ee0918c81d9e776bebccc84690e2b03ed132331cca065ee5"},
-    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:6362cc6c23c08d18ddbf0e8c4d5159b5df74fea1a5278ff4f2c79aed3f4e9f46"},
-    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:3691ed7726fef54e928fe26344d930c0c8575bc968c3e239c2e1a04bd8cf7838"},
-    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:31d5093d3acd02b31c649d3a69bb072d539d4c7659b87caa4f6d2bcf57c2fa2b"},
-    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:8b3cf2dc0f0690a33f2d2b2cb15db87a65f1c609f53c37e226f84edb08d10f52"},
-    {file = "aiohttp-3.11.10-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:fbbaea811a2bba171197b08eea288b9402faa2bab2ba0858eecdd0a4105753a3"},
-    {file = "aiohttp-3.11.10-cp311-cp311-win32.whl", hash = "sha256:4b2c7ac59c5698a7a8207ba72d9e9c15b0fc484a560be0788b31312c2c5504e4"},
-    {file = "aiohttp-3.11.10-cp311-cp311-win_amd64.whl", hash = "sha256:974d3a2cce5fcfa32f06b13ccc8f20c6ad9c51802bb7f829eae8a1845c4019ec"},
-    {file = "aiohttp-3.11.10-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:b78f053a7ecfc35f0451d961dacdc671f4bcbc2f58241a7c820e9d82559844cf"},
-    {file = "aiohttp-3.11.10-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:ab7485222db0959a87fbe8125e233b5a6f01f4400785b36e8a7878170d8c3138"},
-    {file = "aiohttp-3.11.10-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:cf14627232dfa8730453752e9cdc210966490992234d77ff90bc8dc0dce361d5"},
-    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:076bc454a7e6fd646bc82ea7f98296be0b1219b5e3ef8a488afbdd8e81fbac50"},
-    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:482cafb7dc886bebeb6c9ba7925e03591a62ab34298ee70d3dd47ba966370d2c"},
-    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:bf3d1a519a324af764a46da4115bdbd566b3c73fb793ffb97f9111dbc684fc4d"},
-    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:24213ba85a419103e641e55c27dc7ff03536c4873470c2478cce3311ba1eee7b"},
-    {file = "aiohttp-3.11.10-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b99acd4730ad1b196bfb03ee0803e4adac371ae8efa7e1cbc820200fc5ded109"},
-    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:14cdb5a9570be5a04eec2ace174a48ae85833c2aadc86de68f55541f66ce42ab"},
-    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:7e97d622cb083e86f18317282084bc9fbf261801b0192c34fe4b1febd9f7ae69"},
-    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:012f176945af138abc10c4a48743327a92b4ca9adc7a0e078077cdb5dbab7be0"},
-    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:44224d815853962f48fe124748227773acd9686eba6dc102578defd6fc99e8d9"},
-    {file = "aiohttp-3.11.10-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c87bf31b7fdab94ae3adbe4a48e711bfc5f89d21cf4c197e75561def39e223bc"},
-    {file = "aiohttp-3.11.10-cp312-cp312-win32.whl", hash = "sha256:06a8e2ee1cbac16fe61e51e0b0c269400e781b13bcfc33f5425912391a542985"},
-    {file = "aiohttp-3.11.10-cp312-cp312-win_amd64.whl", hash = "sha256:be2b516f56ea883a3e14dda17059716593526e10fb6303189aaf5503937db408"},
-    {file = "aiohttp-3.11.10-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:8cc5203b817b748adccb07f36390feb730b1bc5f56683445bfe924fc270b8816"},
-    {file = "aiohttp-3.11.10-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:5ef359ebc6949e3a34c65ce20230fae70920714367c63afd80ea0c2702902ccf"},
-    {file = "aiohttp-3.11.10-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:9bca390cb247dbfaec3c664326e034ef23882c3f3bfa5fbf0b56cad0320aaca5"},
-    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:811f23b3351ca532af598405db1093f018edf81368e689d1b508c57dcc6b6a32"},
-    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ddf5f7d877615f6a1e75971bfa5ac88609af3b74796ff3e06879e8422729fd01"},
-    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:6ab29b8a0beb6f8eaf1e5049252cfe74adbaafd39ba91e10f18caeb0e99ffb34"},
-    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c49a76c1038c2dd116fa443eba26bbb8e6c37e924e2513574856de3b6516be99"},
-    {file = "aiohttp-3.11.10-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7f3dc0e330575f5b134918976a645e79adf333c0a1439dcf6899a80776c9ab39"},
-    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:efb15a17a12497685304b2d976cb4939e55137df7b09fa53f1b6a023f01fcb4e"},
-    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:db1d0b28fcb7f1d35600150c3e4b490775251dea70f894bf15c678fdd84eda6a"},
-    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:15fccaf62a4889527539ecb86834084ecf6e9ea70588efde86e8bc775e0e7542"},
-    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:593c114a2221444f30749cc5e5f4012488f56bd14de2af44fe23e1e9894a9c60"},
-    {file = "aiohttp-3.11.10-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:7852bbcb4d0d2f0c4d583f40c3bc750ee033265d80598d0f9cb6f372baa6b836"},
-    {file = "aiohttp-3.11.10-cp313-cp313-win32.whl", hash = "sha256:65e55ca7debae8faaffee0ebb4b47a51b4075f01e9b641c31e554fd376595c6c"},
-    {file = "aiohttp-3.11.10-cp313-cp313-win_amd64.whl", hash = "sha256:beb39a6d60a709ae3fb3516a1581777e7e8b76933bb88c8f4420d875bb0267c6"},
-    {file = "aiohttp-3.11.10-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:0580f2e12de2138f34debcd5d88894786453a76e98febaf3e8fe5db62d01c9bf"},
-    {file = "aiohttp-3.11.10-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a55d2ad345684e7c3dd2c20d2f9572e9e1d5446d57200ff630e6ede7612e307f"},
-    {file = "aiohttp-3.11.10-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:04814571cb72d65a6899db6099e377ed00710bf2e3eafd2985166f2918beaf59"},
-    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e44a9a3c053b90c6f09b1bb4edd880959f5328cf63052503f892c41ea786d99f"},
-    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:502a1464ccbc800b4b1995b302efaf426e8763fadf185e933c2931df7db9a199"},
-    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:613e5169f8ae77b1933e42e418a95931fb4867b2991fc311430b15901ed67079"},
-    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4cca22a61b7fe45da8fc73c3443150c3608750bbe27641fc7558ec5117b27fdf"},
-    {file = "aiohttp-3.11.10-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:86a5dfcc39309470bd7b68c591d84056d195428d5d2e0b5ccadfbaf25b026ebc"},
-    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:77ae58586930ee6b2b6f696c82cf8e78c8016ec4795c53e36718365f6959dc82"},
-    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:78153314f26d5abef3239b4a9af20c229c6f3ecb97d4c1c01b22c4f87669820c"},
-    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:98283b94cc0e11c73acaf1c9698dea80c830ca476492c0fe2622bd931f34b487"},
-    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:53bf2097e05c2accc166c142a2090e4c6fd86581bde3fd9b2d3f9e93dda66ac1"},
-    {file = "aiohttp-3.11.10-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:c5532f0441fc09c119e1dca18fbc0687e64fbeb45aa4d6a87211ceaee50a74c4"},
-    {file = "aiohttp-3.11.10-cp39-cp39-win32.whl", hash = "sha256:47ad15a65fb41c570cd0ad9a9ff8012489e68176e7207ec7b82a0940dddfd8be"},
-    {file = "aiohttp-3.11.10-cp39-cp39-win_amd64.whl", hash = "sha256:c6b9e6d7e41656d78e37ce754813fa44b455c3d0d0dced2a047def7dc5570b74"},
-    {file = "aiohttp-3.11.10.tar.gz", hash = "sha256:b1fc6b45010a8d0ff9e88f9f2418c6fd408c99c211257334aff41597ebece42e"},
+    {file = "aiohttp-3.11.11-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a60804bff28662cbcf340a4d61598891f12eea3a66af48ecfdc975ceec21e3c8"},
+    {file = "aiohttp-3.11.11-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:4b4fa1cb5f270fb3eab079536b764ad740bb749ce69a94d4ec30ceee1b5940d5"},
+    {file = "aiohttp-3.11.11-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:731468f555656767cda219ab42e033355fe48c85fbe3ba83a349631541715ba2"},
+    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb23d8bb86282b342481cad4370ea0853a39e4a32a0042bb52ca6bdde132df43"},
+    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f047569d655f81cb70ea5be942ee5d4421b6219c3f05d131f64088c73bb0917f"},
+    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:dd7659baae9ccf94ae5fe8bfaa2c7bc2e94d24611528395ce88d009107e00c6d"},
+    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:af01e42ad87ae24932138f154105e88da13ce7d202a6de93fafdafb2883a00ef"},
+    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5854be2f3e5a729800bac57a8d76af464e160f19676ab6aea74bde18ad19d438"},
+    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:6526e5fb4e14f4bbf30411216780c9967c20c5a55f2f51d3abd6de68320cc2f3"},
+    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:85992ee30a31835fc482468637b3e5bd085fa8fe9392ba0bdcbdc1ef5e9e3c55"},
+    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:88a12ad8ccf325a8a5ed80e6d7c3bdc247d66175afedbe104ee2aaca72960d8e"},
+    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:0a6d3fbf2232e3a08c41eca81ae4f1dff3d8f1a30bae415ebe0af2d2458b8a33"},
+    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:84a585799c58b795573c7fa9b84c455adf3e1d72f19a2bf498b54a95ae0d194c"},
+    {file = "aiohttp-3.11.11-cp310-cp310-win32.whl", hash = "sha256:bfde76a8f430cf5c5584553adf9926534352251d379dcb266ad2b93c54a29745"},
+    {file = "aiohttp-3.11.11-cp310-cp310-win_amd64.whl", hash = "sha256:0fd82b8e9c383af11d2b26f27a478640b6b83d669440c0a71481f7c865a51da9"},
+    {file = "aiohttp-3.11.11-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:ba74ec819177af1ef7f59063c6d35a214a8fde6f987f7661f4f0eecc468a8f76"},
+    {file = "aiohttp-3.11.11-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:4af57160800b7a815f3fe0eba9b46bf28aafc195555f1824555fa2cfab6c1538"},
+    {file = "aiohttp-3.11.11-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ffa336210cf9cd8ed117011085817d00abe4c08f99968deef0013ea283547204"},
+    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:81b8fe282183e4a3c7a1b72f5ade1094ed1c6345a8f153506d114af5bf8accd9"},
+    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3af41686ccec6a0f2bdc66686dc0f403c41ac2089f80e2214a0f82d001052c03"},
+    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:70d1f9dde0e5dd9e292a6d4d00058737052b01f3532f69c0c65818dac26dc287"},
+    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:249cc6912405917344192b9f9ea5cd5b139d49e0d2f5c7f70bdfaf6b4dbf3a2e"},
+    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0eb98d90b6690827dcc84c246811feeb4e1eea683c0eac6caed7549be9c84665"},
+    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ec82bf1fda6cecce7f7b915f9196601a1bd1a3079796b76d16ae4cce6d0ef89b"},
+    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:9fd46ce0845cfe28f108888b3ab17abff84ff695e01e73657eec3f96d72eef34"},
+    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:bd176afcf8f5d2aed50c3647d4925d0db0579d96f75a31e77cbaf67d8a87742d"},
+    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:ec2aa89305006fba9ffb98970db6c8221541be7bee4c1d027421d6f6df7d1ce2"},
+    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:92cde43018a2e17d48bb09c79e4d4cb0e236de5063ce897a5e40ac7cb4878773"},
+    {file = "aiohttp-3.11.11-cp311-cp311-win32.whl", hash = "sha256:aba807f9569455cba566882c8938f1a549f205ee43c27b126e5450dc9f83cc62"},
+    {file = "aiohttp-3.11.11-cp311-cp311-win_amd64.whl", hash = "sha256:ae545f31489548c87b0cced5755cfe5a5308d00407000e72c4fa30b19c3220ac"},
+    {file = "aiohttp-3.11.11-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:e595c591a48bbc295ebf47cb91aebf9bd32f3ff76749ecf282ea7f9f6bb73886"},
+    {file = "aiohttp-3.11.11-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:3ea1b59dc06396b0b424740a10a0a63974c725b1c64736ff788a3689d36c02d2"},
+    {file = "aiohttp-3.11.11-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:8811f3f098a78ffa16e0ea36dffd577eb031aea797cbdba81be039a4169e242c"},
+    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bd7227b87a355ce1f4bf83bfae4399b1f5bb42e0259cb9405824bd03d2f4336a"},
+    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d40f9da8cabbf295d3a9dae1295c69975b86d941bc20f0a087f0477fa0a66231"},
+    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ffb3dc385f6bb1568aa974fe65da84723210e5d9707e360e9ecb51f59406cd2e"},
+    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a8f5f7515f3552d899c61202d99dcb17d6e3b0de777900405611cd747cecd1b8"},
+    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3499c7ffbfd9c6a3d8d6a2b01c26639da7e43d47c7b4f788016226b1e711caa8"},
+    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8e2bf8029dbf0810c7bfbc3e594b51c4cc9101fbffb583a3923aea184724203c"},
+    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:b6212a60e5c482ef90f2d788835387070a88d52cf6241d3916733c9176d39eab"},
+    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:d119fafe7b634dbfa25a8c597718e69a930e4847f0b88e172744be24515140da"},
+    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:6fba278063559acc730abf49845d0e9a9e1ba74f85f0ee6efd5803f08b285853"},
+    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:92fc484e34b733704ad77210c7957679c5c3877bd1e6b6d74b185e9320cc716e"},
+    {file = "aiohttp-3.11.11-cp312-cp312-win32.whl", hash = "sha256:9f5b3c1ed63c8fa937a920b6c1bec78b74ee09593b3f5b979ab2ae5ef60d7600"},
+    {file = "aiohttp-3.11.11-cp312-cp312-win_amd64.whl", hash = "sha256:1e69966ea6ef0c14ee53ef7a3d68b564cc408121ea56c0caa2dc918c1b2f553d"},
+    {file = "aiohttp-3.11.11-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:541d823548ab69d13d23730a06f97460f4238ad2e5ed966aaf850d7c369782d9"},
+    {file = "aiohttp-3.11.11-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:929f3ed33743a49ab127c58c3e0a827de0664bfcda566108989a14068f820194"},
+    {file = "aiohttp-3.11.11-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0882c2820fd0132240edbb4a51eb8ceb6eef8181db9ad5291ab3332e0d71df5f"},
+    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b63de12e44935d5aca7ed7ed98a255a11e5cb47f83a9fded7a5e41c40277d104"},
+    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:aa54f8ef31d23c506910c21163f22b124facb573bff73930735cf9fe38bf7dff"},
+    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a344d5dc18074e3872777b62f5f7d584ae4344cd6006c17ba12103759d407af3"},
+    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b7fb429ab1aafa1f48578eb315ca45bd46e9c37de11fe45c7f5f4138091e2f1"},
+    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c341c7d868750e31961d6d8e60ff040fb9d3d3a46d77fd85e1ab8e76c3e9a5c4"},
+    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:ed9ee95614a71e87f1a70bc81603f6c6760128b140bc4030abe6abaa988f1c3d"},
+    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:de8d38f1c2810fa2a4f1d995a2e9c70bb8737b18da04ac2afbf3971f65781d87"},
+    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:a9b7371665d4f00deb8f32208c7c5e652059b0fda41cf6dbcac6114a041f1cc2"},
+    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:620598717fce1b3bd14dd09947ea53e1ad510317c85dda2c9c65b622edc96b12"},
+    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:bf8d9bfee991d8acc72d060d53860f356e07a50f0e0d09a8dfedea1c554dd0d5"},
+    {file = "aiohttp-3.11.11-cp313-cp313-win32.whl", hash = "sha256:9d73ee3725b7a737ad86c2eac5c57a4a97793d9f442599bea5ec67ac9f4bdc3d"},
+    {file = "aiohttp-3.11.11-cp313-cp313-win_amd64.whl", hash = "sha256:c7a06301c2fb096bdb0bd25fe2011531c1453b9f2c163c8031600ec73af1cc99"},
+    {file = "aiohttp-3.11.11-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:3e23419d832d969f659c208557de4a123e30a10d26e1e14b73431d3c13444c2e"},
+    {file = "aiohttp-3.11.11-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:21fef42317cf02e05d3b09c028712e1d73a9606f02467fd803f7c1f39cc59add"},
+    {file = "aiohttp-3.11.11-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:1f21bb8d0235fc10c09ce1d11ffbd40fc50d3f08a89e4cf3a0c503dc2562247a"},
+    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1642eceeaa5ab6c9b6dfeaaa626ae314d808188ab23ae196a34c9d97efb68350"},
+    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2170816e34e10f2fd120f603e951630f8a112e1be3b60963a1f159f5699059a6"},
+    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8be8508d110d93061197fd2d6a74f7401f73b6d12f8822bbcd6d74f2b55d71b1"},
+    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4eed954b161e6b9b65f6be446ed448ed3921763cc432053ceb606f89d793927e"},
+    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d6c9af134da4bc9b3bd3e6a70072509f295d10ee60c697826225b60b9959acdd"},
+    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:44167fc6a763d534a6908bdb2592269b4bf30a03239bcb1654781adf5e49caf1"},
+    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:479b8c6ebd12aedfe64563b85920525d05d394b85f166b7873c8bde6da612f9c"},
+    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:10b4ff0ad793d98605958089fabfa350e8e62bd5d40aa65cdc69d6785859f94e"},
+    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:b540bd67cfb54e6f0865ceccd9979687210d7ed1a1cc8c01f8e67e2f1e883d28"},
+    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:1dac54e8ce2ed83b1f6b1a54005c87dfed139cf3f777fdc8afc76e7841101226"},
+    {file = "aiohttp-3.11.11-cp39-cp39-win32.whl", hash = "sha256:568c1236b2fde93b7720f95a890741854c1200fba4a3471ff48b2934d2d93fd3"},
+    {file = "aiohttp-3.11.11-cp39-cp39-win_amd64.whl", hash = "sha256:943a8b052e54dfd6439fd7989f67fc6a7f2138d0a2cf0a7de5f18aa4fe7eb3b1"},
+    {file = "aiohttp-3.11.11.tar.gz", hash = "sha256:bb49c7f1e6ebf3821a42d81d494f538107610c3a705987f53068546b0e90303e"},
 ]
 
 [package.dependencies]
@@ -180,13 +180,13 @@ tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
 
 [[package]]
 name = "authlib"
-version = "1.3.2"
+version = "1.4.0"
 description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.9"
 files = [
-    {file = "Authlib-1.3.2-py2.py3-none-any.whl", hash = "sha256:ede026a95e9f5cdc2d4364a52103f5405e75aa156357e831ef2bfd0bc5094dfc"},
-    {file = "authlib-1.3.2.tar.gz", hash = "sha256:4b16130117f9eb82aa6eec97f6dd4673c3f960ac0283ccdae2897ee4bc030ba2"},
+    {file = "Authlib-1.4.0-py2.py3-none-any.whl", hash = "sha256:4bb20b978c8b636222b549317c1815e1fe62234fc1c5efe8855d84aebf3a74e3"},
+    {file = "authlib-1.4.0.tar.gz", hash = "sha256:1c1e6608b5ed3624aeeee136ca7f8c120d6f51f731aa152b153d54741840e1f2"},
 ]
 
 [package.dependencies]
@@ -1032,13 +1032,13 @@ pyyaml = ">=5.1"
 
 [[package]]
 name = "mkdocs-material"
-version = "9.5.48"
+version = "9.5.49"
 description = "Documentation that simply works"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "mkdocs_material-9.5.48-py3-none-any.whl", hash = "sha256:b695c998f4b939ce748adbc0d3bff73fa886a670ece948cf27818fa115dc16f8"},
-    {file = "mkdocs_material-9.5.48.tar.gz", hash = "sha256:a582531e8b34f4c7ed38c29d5c44763053832cf2a32f7409567e0c74749a47db"},
+    {file = "mkdocs_material-9.5.49-py3-none-any.whl", hash = "sha256:c3c2d8176b18198435d3a3e119011922f3e11424074645c24019c2dcf08a360e"},
+    {file = "mkdocs_material-9.5.49.tar.gz", hash = "sha256:3671bb282b4f53a1c72e08adbe04d2481a98f85fed392530051f80ff94a9621d"},
 ]
 
 [package.dependencies]
@@ -1215,49 +1215,49 @@ files = [
 
 [[package]]
 name = "mypy"
-version = "1.13.0"
+version = "1.14.0"
 description = "Optional static typing for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "mypy-1.13.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6607e0f1dd1fb7f0aca14d936d13fd19eba5e17e1cd2a14f808fa5f8f6d8f60a"},
-    {file = "mypy-1.13.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8a21be69bd26fa81b1f80a61ee7ab05b076c674d9b18fb56239d72e21d9f4c80"},
-    {file = "mypy-1.13.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:7b2353a44d2179846a096e25691d54d59904559f4232519d420d64da6828a3a7"},
-    {file = "mypy-1.13.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:0730d1c6a2739d4511dc4253f8274cdd140c55c32dfb0a4cf8b7a43f40abfa6f"},
-    {file = "mypy-1.13.0-cp310-cp310-win_amd64.whl", hash = "sha256:c5fc54dbb712ff5e5a0fca797e6e0aa25726c7e72c6a5850cfd2adbc1eb0a372"},
-    {file = "mypy-1.13.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:581665e6f3a8a9078f28d5502f4c334c0c8d802ef55ea0e7276a6e409bc0d82d"},
-    {file = "mypy-1.13.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:3ddb5b9bf82e05cc9a627e84707b528e5c7caaa1c55c69e175abb15a761cec2d"},
-    {file = "mypy-1.13.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:20c7ee0bc0d5a9595c46f38beb04201f2620065a93755704e141fcac9f59db2b"},
-    {file = "mypy-1.13.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3790ded76f0b34bc9c8ba4def8f919dd6a46db0f5a6610fb994fe8efdd447f73"},
-    {file = "mypy-1.13.0-cp311-cp311-win_amd64.whl", hash = "sha256:51f869f4b6b538229c1d1bcc1dd7d119817206e2bc54e8e374b3dfa202defcca"},
-    {file = "mypy-1.13.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:5c7051a3461ae84dfb5dd15eff5094640c61c5f22257c8b766794e6dd85e72d5"},
-    {file = "mypy-1.13.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:39bb21c69a5d6342f4ce526e4584bc5c197fd20a60d14a8624d8743fffb9472e"},
-    {file = "mypy-1.13.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:164f28cb9d6367439031f4c81e84d3ccaa1e19232d9d05d37cb0bd880d3f93c2"},
-    {file = "mypy-1.13.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:a4c1bfcdbce96ff5d96fc9b08e3831acb30dc44ab02671eca5953eadad07d6d0"},
-    {file = "mypy-1.13.0-cp312-cp312-win_amd64.whl", hash = "sha256:a0affb3a79a256b4183ba09811e3577c5163ed06685e4d4b46429a271ba174d2"},
-    {file = "mypy-1.13.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:a7b44178c9760ce1a43f544e595d35ed61ac2c3de306599fa59b38a6048e1aa7"},
-    {file = "mypy-1.13.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:5d5092efb8516d08440e36626f0153b5006d4088c1d663d88bf79625af3d1d62"},
-    {file = "mypy-1.13.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:de2904956dac40ced10931ac967ae63c5089bd498542194b436eb097a9f77bc8"},
-    {file = "mypy-1.13.0-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:7bfd8836970d33c2105562650656b6846149374dc8ed77d98424b40b09340ba7"},
-    {file = "mypy-1.13.0-cp313-cp313-win_amd64.whl", hash = "sha256:9f73dba9ec77acb86457a8fc04b5239822df0c14a082564737833d2963677dbc"},
-    {file = "mypy-1.13.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:100fac22ce82925f676a734af0db922ecfea991e1d7ec0ceb1e115ebe501301a"},
-    {file = "mypy-1.13.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:7bcb0bb7f42a978bb323a7c88f1081d1b5dee77ca86f4100735a6f541299d8fb"},
-    {file = "mypy-1.13.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:bde31fc887c213e223bbfc34328070996061b0833b0a4cfec53745ed61f3519b"},
-    {file = "mypy-1.13.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:07de989f89786f62b937851295ed62e51774722e5444a27cecca993fc3f9cd74"},
-    {file = "mypy-1.13.0-cp38-cp38-win_amd64.whl", hash = "sha256:4bde84334fbe19bad704b3f5b78c4abd35ff1026f8ba72b29de70dda0916beb6"},
-    {file = "mypy-1.13.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:0246bcb1b5de7f08f2826451abd947bf656945209b140d16ed317f65a17dc7dc"},
-    {file = "mypy-1.13.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7f5b7deae912cf8b77e990b9280f170381fdfbddf61b4ef80927edd813163732"},
-    {file = "mypy-1.13.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:7029881ec6ffb8bc233a4fa364736789582c738217b133f1b55967115288a2bc"},
-    {file = "mypy-1.13.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:3e38b980e5681f28f033f3be86b099a247b13c491f14bb8b1e1e134d23bb599d"},
-    {file = "mypy-1.13.0-cp39-cp39-win_amd64.whl", hash = "sha256:a6789be98a2017c912ae6ccb77ea553bbaf13d27605d2ca20a76dfbced631b24"},
-    {file = "mypy-1.13.0-py3-none-any.whl", hash = "sha256:9c250883f9fd81d212e0952c92dbfcc96fc237f4b7c92f56ac81fd48460b3e5a"},
-    {file = "mypy-1.13.0.tar.gz", hash = "sha256:0291a61b6fbf3e6673e3405cfcc0e7650bebc7939659fdca2702958038bd835e"},
+    {file = "mypy-1.14.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e971c1c667007f9f2b397ffa80fa8e1e0adccff336e5e77e74cb5f22868bee87"},
+    {file = "mypy-1.14.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:e86aaeaa3221a278c66d3d673b297232947d873773d61ca3ee0e28b2ff027179"},
+    {file = "mypy-1.14.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1628c5c3ce823d296e41e2984ff88c5861499041cb416a8809615d0c1f41740e"},
+    {file = "mypy-1.14.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:7fadb29b77fc14a0dd81304ed73c828c3e5cde0016c7e668a86a3e0dfc9f3af3"},
+    {file = "mypy-1.14.0-cp310-cp310-win_amd64.whl", hash = "sha256:3fa76988dc760da377c1e5069200a50d9eaaccf34f4ea18428a3337034ab5a44"},
+    {file = "mypy-1.14.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6e73c8a154eed31db3445fe28f63ad2d97b674b911c00191416cf7f6459fd49a"},
+    {file = "mypy-1.14.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:273e70fcb2e38c5405a188425aa60b984ffdcef65d6c746ea5813024b68c73dc"},
+    {file = "mypy-1.14.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1daca283d732943731a6a9f20fdbcaa927f160bc51602b1d4ef880a6fb252015"},
+    {file = "mypy-1.14.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:7e68047bedb04c1c25bba9901ea46ff60d5eaac2d71b1f2161f33107e2b368eb"},
+    {file = "mypy-1.14.0-cp311-cp311-win_amd64.whl", hash = "sha256:7a52f26b9c9b1664a60d87675f3bae00b5c7f2806e0c2800545a32c325920bcc"},
+    {file = "mypy-1.14.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:d5326ab70a6db8e856d59ad4cb72741124950cbbf32e7b70e30166ba7bbf61dd"},
+    {file = "mypy-1.14.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:bf4ec4980bec1e0e24e5075f449d014011527ae0055884c7e3abc6a99cd2c7f1"},
+    {file = "mypy-1.14.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:390dfb898239c25289495500f12fa73aa7f24a4c6d90ccdc165762462b998d63"},
+    {file = "mypy-1.14.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:7e026d55ddcd76e29e87865c08cbe2d0104e2b3153a523c529de584759379d3d"},
+    {file = "mypy-1.14.0-cp312-cp312-win_amd64.whl", hash = "sha256:585ed36031d0b3ee362e5107ef449a8b5dfd4e9c90ccbe36414ee405ee6b32ba"},
+    {file = "mypy-1.14.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:e9f6f4c0b27401d14c483c622bc5105eff3911634d576bbdf6695b9a7c1ba741"},
+    {file = "mypy-1.14.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:56b2280cedcb312c7a79f5001ae5325582d0d339bce684e4a529069d0e7ca1e7"},
+    {file = "mypy-1.14.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:342de51c48bab326bfc77ce056ba08c076d82ce4f5a86621f972ed39970f94d8"},
+    {file = "mypy-1.14.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:00df23b42e533e02a6f0055e54de9a6ed491cd8b7ea738647364fd3a39ea7efc"},
+    {file = "mypy-1.14.0-cp313-cp313-win_amd64.whl", hash = "sha256:e8c8387e5d9dff80e7daf961df357c80e694e942d9755f3ad77d69b0957b8e3f"},
+    {file = "mypy-1.14.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:0b16738b1d80ec4334654e89e798eb705ac0c36c8a5c4798496cd3623aa02286"},
+    {file = "mypy-1.14.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:10065fcebb7c66df04b05fc799a854b1ae24d9963c8bb27e9064a9bdb43aa8ad"},
+    {file = "mypy-1.14.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:fbb7d683fa6bdecaa106e8368aa973ecc0ddb79a9eaeb4b821591ecd07e9e03c"},
+    {file = "mypy-1.14.0-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:3498cb55448dc5533e438cd13d6ddd28654559c8c4d1fd4b5ca57a31b81bac01"},
+    {file = "mypy-1.14.0-cp38-cp38-win_amd64.whl", hash = "sha256:c7b243408ea43755f3a21a0a08e5c5ae30eddb4c58a80f415ca6b118816e60aa"},
+    {file = "mypy-1.14.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:14117b9da3305b39860d0aa34b8f1ff74d209a368829a584eb77524389a9c13e"},
+    {file = "mypy-1.14.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:af98c5a958f9c37404bd4eef2f920b94874507e146ed6ee559f185b8809c44cc"},
+    {file = "mypy-1.14.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:f0b343a1d3989547024377c2ba0dca9c74a2428ad6ed24283c213af8dbb0710b"},
+    {file = "mypy-1.14.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:cdb5563c1726c85fb201be383168f8c866032db95e1095600806625b3a648cb7"},
+    {file = "mypy-1.14.0-cp39-cp39-win_amd64.whl", hash = "sha256:74e925649c1ee0a79aa7448baf2668d81cc287dc5782cff6a04ee93f40fb8d3f"},
+    {file = "mypy-1.14.0-py3-none-any.whl", hash = "sha256:2238d7f93fc4027ed1efc944507683df3ba406445a2b6c96e79666a045aadfab"},
+    {file = "mypy-1.14.0.tar.gz", hash = "sha256:822dbd184d4a9804df5a7d5335a68cf7662930e70b8c1bc976645d1509f9a9d6"},
 ]
 
 [package.dependencies]
-mypy-extensions = ">=1.0.0"
+mypy_extensions = ">=1.0.0"
 tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
-typing-extensions = ">=4.6.0"
+typing_extensions = ">=4.6.0"
 
 [package.extras]
 dmypy = ["psutil (>=4.0)"]
@@ -1361,13 +1361,13 @@ testing = ["pytest", "pytest-benchmark"]
 
 [[package]]
 name = "pook"
-version = "2.1.2"
+version = "2.1.3"
 description = "HTTP traffic mocking and expectations made easy"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "pook-2.1.2-py3-none-any.whl", hash = "sha256:ea76784ee1440ee8dde08047c6a1f68be46a07d07a5180d068a047db5620ca1d"},
-    {file = "pook-2.1.2.tar.gz", hash = "sha256:4acbb9d13ac18b807fd3a54b414a22a16b75db6e5048bc88461479da03c4ecbf"},
+    {file = "pook-2.1.3-py3-none-any.whl", hash = "sha256:f8e75e2e41b1f6da37d0bc6b77a0f4da33c4d4de382105046efd644fe5ca2f8e"},
+    {file = "pook-2.1.3.tar.gz", hash = "sha256:441191c0f3d014b141ca71430a0c2bfa6d2369ac24703a3fdfbbf5a25146d8c0"},
 ]
 
 [package.dependencies]
@@ -1495,18 +1495,18 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "2.10.3"
+version = "2.10.4"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic-2.10.3-py3-none-any.whl", hash = "sha256:be04d85bbc7b65651c5f8e6b9976ed9c6f41782a55524cef079a34a0bb82144d"},
-    {file = "pydantic-2.10.3.tar.gz", hash = "sha256:cb5ac360ce894ceacd69c403187900a02c4b20b693a9dd1d643e1effab9eadf9"},
+    {file = "pydantic-2.10.4-py3-none-any.whl", hash = "sha256:597e135ea68be3a37552fb524bc7d0d66dcf93d395acd93a00682f1efcb8ee3d"},
+    {file = "pydantic-2.10.4.tar.gz", hash = "sha256:82f12e9723da6de4fe2ba888b5971157b3be7ad914267dea8f05f82b28254f06"},
 ]
 
 [package.dependencies]
 annotated-types = ">=0.6.0"
-pydantic-core = "2.27.1"
+pydantic-core = "2.27.2"
 typing-extensions = ">=4.12.2"
 
 [package.extras]
@@ -1515,111 +1515,111 @@ timezone = ["tzdata"]
 
 [[package]]
 name = "pydantic-core"
-version = "2.27.1"
+version = "2.27.2"
 description = "Core functionality for Pydantic validation and serialization"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic_core-2.27.1-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:71a5e35c75c021aaf400ac048dacc855f000bdfed91614b4a726f7432f1f3d6a"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:f82d068a2d6ecfc6e054726080af69a6764a10015467d7d7b9f66d6ed5afa23b"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:121ceb0e822f79163dd4699e4c54f5ad38b157084d97b34de8b232bcaad70278"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:4603137322c18eaf2e06a4495f426aa8d8388940f3c457e7548145011bb68e05"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a33cd6ad9017bbeaa9ed78a2e0752c5e250eafb9534f308e7a5f7849b0b1bfb4"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:15cc53a3179ba0fcefe1e3ae50beb2784dede4003ad2dfd24f81bba4b23a454f"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:45d9c5eb9273aa50999ad6adc6be5e0ecea7e09dbd0d31bd0c65a55a2592ca08"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:8bf7b66ce12a2ac52d16f776b31d16d91033150266eb796967a7e4621707e4f6"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:655d7dd86f26cb15ce8a431036f66ce0318648f8853d709b4167786ec2fa4807"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-musllinux_1_1_armv7l.whl", hash = "sha256:5556470f1a2157031e676f776c2bc20acd34c1990ca5f7e56f1ebf938b9ab57c"},
-    {file = "pydantic_core-2.27.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:f69ed81ab24d5a3bd93861c8c4436f54afdf8e8cc421562b0c7504cf3be58206"},
-    {file = "pydantic_core-2.27.1-cp310-none-win32.whl", hash = "sha256:f5a823165e6d04ccea61a9f0576f345f8ce40ed533013580e087bd4d7442b52c"},
-    {file = "pydantic_core-2.27.1-cp310-none-win_amd64.whl", hash = "sha256:57866a76e0b3823e0b56692d1a0bf722bffb324839bb5b7226a7dbd6c9a40b17"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:ac3b20653bdbe160febbea8aa6c079d3df19310d50ac314911ed8cc4eb7f8cb8"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:a5a8e19d7c707c4cadb8c18f5f60c843052ae83c20fa7d44f41594c644a1d330"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7f7059ca8d64fea7f238994c97d91f75965216bcbe5f695bb44f354893f11d52"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:bed0f8a0eeea9fb72937ba118f9db0cb7e90773462af7962d382445f3005e5a4"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a3cb37038123447cf0f3ea4c74751f6a9d7afef0eb71aa07bf5f652b5e6a132c"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:84286494f6c5d05243456e04223d5a9417d7f443c3b76065e75001beb26f88de"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:acc07b2cfc5b835444b44a9956846b578d27beeacd4b52e45489e93276241025"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4fefee876e07a6e9aad7a8c8c9f85b0cdbe7df52b8a9552307b09050f7512c7e"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:258c57abf1188926c774a4c94dd29237e77eda19462e5bb901d88adcab6af919"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:35c14ac45fcfdf7167ca76cc80b2001205a8d5d16d80524e13508371fb8cdd9c"},
-    {file = "pydantic_core-2.27.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:d1b26e1dff225c31897696cab7d4f0a315d4c0d9e8666dbffdb28216f3b17fdc"},
-    {file = "pydantic_core-2.27.1-cp311-none-win32.whl", hash = "sha256:2cdf7d86886bc6982354862204ae3b2f7f96f21a3eb0ba5ca0ac42c7b38598b9"},
-    {file = "pydantic_core-2.27.1-cp311-none-win_amd64.whl", hash = "sha256:3af385b0cee8df3746c3f406f38bcbfdc9041b5c2d5ce3e5fc6637256e60bbc5"},
-    {file = "pydantic_core-2.27.1-cp311-none-win_arm64.whl", hash = "sha256:81f2ec23ddc1b476ff96563f2e8d723830b06dceae348ce02914a37cb4e74b89"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:9cbd94fc661d2bab2bc702cddd2d3370bbdcc4cd0f8f57488a81bcce90c7a54f"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:5f8c4718cd44ec1580e180cb739713ecda2bdee1341084c1467802a417fe0f02"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:15aae984e46de8d376df515f00450d1522077254ef6b7ce189b38ecee7c9677c"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1ba5e3963344ff25fc8c40da90f44b0afca8cfd89d12964feb79ac1411a260ac"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:992cea5f4f3b29d6b4f7f1726ed8ee46c8331c6b4eed6db5b40134c6fe1768bb"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0325336f348dbee6550d129b1627cb8f5351a9dc91aad141ffb96d4937bd9529"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7597c07fbd11515f654d6ece3d0e4e5093edc30a436c63142d9a4b8e22f19c35"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:3bbd5d8cc692616d5ef6fbbbd50dbec142c7e6ad9beb66b78a96e9c16729b089"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:dc61505e73298a84a2f317255fcc72b710b72980f3a1f670447a21efc88f8381"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-musllinux_1_1_armv7l.whl", hash = "sha256:e1f735dc43da318cad19b4173dd1ffce1d84aafd6c9b782b3abc04a0d5a6f5bb"},
-    {file = "pydantic_core-2.27.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:f4e5658dbffe8843a0f12366a4c2d1c316dbe09bb4dfbdc9d2d9cd6031de8aae"},
-    {file = "pydantic_core-2.27.1-cp312-none-win32.whl", hash = "sha256:672ebbe820bb37988c4d136eca2652ee114992d5d41c7e4858cdd90ea94ffe5c"},
-    {file = "pydantic_core-2.27.1-cp312-none-win_amd64.whl", hash = "sha256:66ff044fd0bb1768688aecbe28b6190f6e799349221fb0de0e6f4048eca14c16"},
-    {file = "pydantic_core-2.27.1-cp312-none-win_arm64.whl", hash = "sha256:9a3b0793b1bbfd4146304e23d90045f2a9b5fd5823aa682665fbdaf2a6c28f3e"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:f216dbce0e60e4d03e0c4353c7023b202d95cbaeff12e5fd2e82ea0a66905073"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:a2e02889071850bbfd36b56fd6bc98945e23670773bc7a76657e90e6b6603c08"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:42b0e23f119b2b456d07ca91b307ae167cc3f6c846a7b169fca5326e32fdc6cf"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:764be71193f87d460a03f1f7385a82e226639732214b402f9aa61f0d025f0737"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1c00666a3bd2f84920a4e94434f5974d7bbc57e461318d6bb34ce9cdbbc1f6b2"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3ccaa88b24eebc0f849ce0a4d09e8a408ec5a94afff395eb69baf868f5183107"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c65af9088ac534313e1963443d0ec360bb2b9cba6c2909478d22c2e363d98a51"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:206b5cf6f0c513baffaeae7bd817717140770c74528f3e4c3e1cec7871ddd61a"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:062f60e512fc7fff8b8a9d680ff0ddaaef0193dba9fa83e679c0c5f5fbd018bc"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-musllinux_1_1_armv7l.whl", hash = "sha256:a0697803ed7d4af5e4c1adf1670af078f8fcab7a86350e969f454daf598c4960"},
-    {file = "pydantic_core-2.27.1-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:58ca98a950171f3151c603aeea9303ef6c235f692fe555e883591103da709b23"},
-    {file = "pydantic_core-2.27.1-cp313-none-win32.whl", hash = "sha256:8065914ff79f7eab1599bd80406681f0ad08f8e47c880f17b416c9f8f7a26d05"},
-    {file = "pydantic_core-2.27.1-cp313-none-win_amd64.whl", hash = "sha256:ba630d5e3db74c79300d9a5bdaaf6200172b107f263c98a0539eeecb857b2337"},
-    {file = "pydantic_core-2.27.1-cp313-none-win_arm64.whl", hash = "sha256:45cf8588c066860b623cd11c4ba687f8d7175d5f7ef65f7129df8a394c502de5"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:5897bec80a09b4084aee23f9b73a9477a46c3304ad1d2d07acca19723fb1de62"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:d0165ab2914379bd56908c02294ed8405c252250668ebcb438a55494c69f44ab"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6b9af86e1d8e4cfc82c2022bfaa6f459381a50b94a29e95dcdda8442d6d83864"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5f6c8a66741c5f5447e047ab0ba7a1c61d1e95580d64bce852e3df1f895c4067"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9a42d6a8156ff78981f8aa56eb6394114e0dedb217cf8b729f438f643608cbcd"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:64c65f40b4cd8b0e049a8edde07e38b476da7e3aaebe63287c899d2cff253fa5"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9fdcf339322a3fae5cbd504edcefddd5a50d9ee00d968696846f089b4432cf78"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:bf99c8404f008750c846cb4ac4667b798a9f7de673ff719d705d9b2d6de49c5f"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:8f1edcea27918d748c7e5e4d917297b2a0ab80cad10f86631e488b7cddf76a36"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-musllinux_1_1_armv7l.whl", hash = "sha256:159cac0a3d096f79ab6a44d77a961917219707e2a130739c64d4dd46281f5c2a"},
-    {file = "pydantic_core-2.27.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:029d9757eb621cc6e1848fa0b0310310de7301057f623985698ed7ebb014391b"},
-    {file = "pydantic_core-2.27.1-cp38-none-win32.whl", hash = "sha256:a28af0695a45f7060e6f9b7092558a928a28553366519f64083c63a44f70e618"},
-    {file = "pydantic_core-2.27.1-cp38-none-win_amd64.whl", hash = "sha256:2d4567c850905d5eaaed2f7a404e61012a51caf288292e016360aa2b96ff38d4"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:e9386266798d64eeb19dd3677051f5705bf873e98e15897ddb7d76f477131967"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:4228b5b646caa73f119b1ae756216b59cc6e2267201c27d3912b592c5e323b60"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0b3dfe500de26c52abe0477dde16192ac39c98f05bf2d80e76102d394bd13854"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:aee66be87825cdf72ac64cb03ad4c15ffef4143dbf5c113f64a5ff4f81477bf9"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3b748c44bb9f53031c8cbc99a8a061bc181c1000c60a30f55393b6e9c45cc5bd"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5ca038c7f6a0afd0b2448941b6ef9d5e1949e999f9e5517692eb6da58e9d44be"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6e0bd57539da59a3e4671b90a502da9a28c72322a4f17866ba3ac63a82c4498e"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ac6c2c45c847bbf8f91930d88716a0fb924b51e0c6dad329b793d670ec5db792"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:b94d4ba43739bbe8b0ce4262bcc3b7b9f31459ad120fb595627eaeb7f9b9ca01"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-musllinux_1_1_armv7l.whl", hash = "sha256:00e6424f4b26fe82d44577b4c842d7df97c20be6439e8e685d0d715feceb9fb9"},
-    {file = "pydantic_core-2.27.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:38de0a70160dd97540335b7ad3a74571b24f1dc3ed33f815f0880682e6880131"},
-    {file = "pydantic_core-2.27.1-cp39-none-win32.whl", hash = "sha256:7ccebf51efc61634f6c2344da73e366c75e735960b5654b63d7e6f69a5885fa3"},
-    {file = "pydantic_core-2.27.1-cp39-none-win_amd64.whl", hash = "sha256:a57847b090d7892f123726202b7daa20df6694cbd583b67a592e856bff603d6c"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:3fa80ac2bd5856580e242dbc202db873c60a01b20309c8319b5c5986fbe53ce6"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:d950caa237bb1954f1b8c9227b5065ba6875ac9771bb8ec790d956a699b78676"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0e4216e64d203e39c62df627aa882f02a2438d18a5f21d7f721621f7a5d3611d"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:02a3d637bd387c41d46b002f0e49c52642281edacd2740e5a42f7017feea3f2c"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:161c27ccce13b6b0c8689418da3885d3220ed2eae2ea5e9b2f7f3d48f1d52c27"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:19910754e4cc9c63bc1c7f6d73aa1cfee82f42007e407c0f413695c2f7ed777f"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:e173486019cc283dc9778315fa29a363579372fe67045e971e89b6365cc035ed"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:af52d26579b308921b73b956153066481f064875140ccd1dfd4e77db89dbb12f"},
-    {file = "pydantic_core-2.27.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:981fb88516bd1ae8b0cbbd2034678a39dedc98752f264ac9bc5839d3923fa04c"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:5fde892e6c697ce3e30c61b239330fc5d569a71fefd4eb6512fc6caec9dd9e2f"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:816f5aa087094099fff7edabb5e01cc370eb21aa1a1d44fe2d2aefdfb5599b31"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9c10c309e18e443ddb108f0ef64e8729363adbfd92d6d57beec680f6261556f3"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:98476c98b02c8e9b2eec76ac4156fd006628b1b2d0ef27e548ffa978393fd154"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c3027001c28434e7ca5a6e1e527487051136aa81803ac812be51802150d880dd"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:7699b1df36a48169cdebda7ab5a2bac265204003f153b4bd17276153d997670a"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:1c39b07d90be6b48968ddc8c19e7585052088fd7ec8d568bb31ff64c70ae3c97"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:46ccfe3032b3915586e469d4972973f893c0a2bb65669194a5bdea9bacc088c2"},
-    {file = "pydantic_core-2.27.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:62ba45e21cf6571d7f716d903b5b7b6d2617e2d5d67c0923dc47b9d41369f840"},
-    {file = "pydantic_core-2.27.1.tar.gz", hash = "sha256:62a763352879b84aa31058fc931884055fd75089cccbd9d58bb6afd01141b235"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:2d367ca20b2f14095a8f4fa1210f5a7b78b8a20009ecced6b12818f455b1e9fa"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:491a2b73db93fab69731eaee494f320faa4e093dbed776be1a829c2eb222c34c"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7969e133a6f183be60e9f6f56bfae753585680f3b7307a8e555a948d443cc05a"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:3de9961f2a346257caf0aa508a4da705467f53778e9ef6fe744c038119737ef5"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e2bb4d3e5873c37bb3dd58714d4cd0b0e6238cebc4177ac8fe878f8b3aa8e74c"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:280d219beebb0752699480fe8f1dc61ab6615c2046d76b7ab7ee38858de0a4e7"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47956ae78b6422cbd46f772f1746799cbb862de838fd8d1fbd34a82e05b0983a"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:14d4a5c49d2f009d62a2a7140d3064f686d17a5d1a268bc641954ba181880236"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:337b443af21d488716f8d0b6164de833e788aa6bd7e3a39c005febc1284f4962"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-musllinux_1_1_armv7l.whl", hash = "sha256:03d0f86ea3184a12f41a2d23f7ccb79cdb5a18e06993f8a45baa8dfec746f0e9"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:7041c36f5680c6e0f08d922aed302e98b3745d97fe1589db0a3eebf6624523af"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-win32.whl", hash = "sha256:50a68f3e3819077be2c98110c1f9dcb3817e93f267ba80a2c05bb4f8799e2ff4"},
+    {file = "pydantic_core-2.27.2-cp310-cp310-win_amd64.whl", hash = "sha256:e0fd26b16394ead34a424eecf8a31a1f5137094cabe84a1bcb10fa6ba39d3d31"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:8e10c99ef58cfdf2a66fc15d66b16c4a04f62bca39db589ae8cba08bc55331bc"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:26f32e0adf166a84d0cb63be85c562ca8a6fa8de28e5f0d92250c6b7e9e2aff7"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8c19d1ea0673cd13cc2f872f6c9ab42acc4e4f492a7ca9d3795ce2b112dd7e15"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5e68c4446fe0810e959cdff46ab0a41ce2f2c86d227d96dc3847af0ba7def306"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d9640b0059ff4f14d1f37321b94061c6db164fbe49b334b31643e0528d100d99"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:40d02e7d45c9f8af700f3452f329ead92da4c5f4317ca9b896de7ce7199ea459"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1c1fd185014191700554795c99b347d64f2bb637966c4cfc16998a0ca700d048"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d81d2068e1c1228a565af076598f9e7451712700b673de8f502f0334f281387d"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:1a4207639fb02ec2dbb76227d7c751a20b1a6b4bc52850568e52260cae64ca3b"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:3de3ce3c9ddc8bbd88f6e0e304dea0e66d843ec9de1b0042b0911c1663ffd474"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:30c5f68ded0c36466acede341551106821043e9afaad516adfb6e8fa80a4e6a6"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-win32.whl", hash = "sha256:c70c26d2c99f78b125a3459f8afe1aed4d9687c24fd677c6a4436bc042e50d6c"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-win_amd64.whl", hash = "sha256:08e125dbdc505fa69ca7d9c499639ab6407cfa909214d500897d02afb816e7cc"},
+    {file = "pydantic_core-2.27.2-cp311-cp311-win_arm64.whl", hash = "sha256:26f0d68d4b235a2bae0c3fc585c585b4ecc51382db0e3ba402a22cbc440915e4"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:9e0c8cfefa0ef83b4da9588448b6d8d2a2bf1a53c3f1ae5fca39eb3061e2f0b0"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:83097677b8e3bd7eaa6775720ec8e0405f1575015a463285a92bfdfe254529ef"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:172fce187655fece0c90d90a678424b013f8fbb0ca8b036ac266749c09438cb7"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:519f29f5213271eeeeb3093f662ba2fd512b91c5f188f3bb7b27bc5973816934"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:05e3a55d124407fffba0dd6b0c0cd056d10e983ceb4e5dbd10dda135c31071d6"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9c3ed807c7b91de05e63930188f19e921d1fe90de6b4f5cd43ee7fcc3525cb8c"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6fb4aadc0b9a0c063206846d603b92030eb6f03069151a625667f982887153e2"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:28ccb213807e037460326424ceb8b5245acb88f32f3d2777427476e1b32c48c4"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:de3cd1899e2c279b140adde9357c4495ed9d47131b4a4eaff9052f23398076b3"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-musllinux_1_1_armv7l.whl", hash = "sha256:220f892729375e2d736b97d0e51466252ad84c51857d4d15f5e9692f9ef12be4"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:a0fcd29cd6b4e74fe8ddd2c90330fd8edf2e30cb52acda47f06dd615ae72da57"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-win32.whl", hash = "sha256:1e2cb691ed9834cd6a8be61228471d0a503731abfb42f82458ff27be7b2186fc"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-win_amd64.whl", hash = "sha256:cc3f1a99a4f4f9dd1de4fe0312c114e740b5ddead65bb4102884b384c15d8bc9"},
+    {file = "pydantic_core-2.27.2-cp312-cp312-win_arm64.whl", hash = "sha256:3911ac9284cd8a1792d3cb26a2da18f3ca26c6908cc434a18f730dc0db7bfa3b"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:7d14bd329640e63852364c306f4d23eb744e0f8193148d4044dd3dacdaacbd8b"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:82f91663004eb8ed30ff478d77c4d1179b3563df6cdb15c0817cd1cdaf34d154"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:71b24c7d61131bb83df10cc7e687433609963a944ccf45190cfc21e0887b08c9"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:fa8e459d4954f608fa26116118bb67f56b93b209c39b008277ace29937453dc9"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ce8918cbebc8da707ba805b7fd0b382816858728ae7fe19a942080c24e5b7cd1"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:eda3f5c2a021bbc5d976107bb302e0131351c2ba54343f8a496dc8783d3d3a6a"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bd8086fa684c4775c27f03f062cbb9eaa6e17f064307e86b21b9e0abc9c0f02e"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:8d9b3388db186ba0c099a6d20f0604a44eabdeef1777ddd94786cdae158729e4"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:7a66efda2387de898c8f38c0cf7f14fca0b51a8ef0b24bfea5849f1b3c95af27"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-musllinux_1_1_armv7l.whl", hash = "sha256:18a101c168e4e092ab40dbc2503bdc0f62010e95d292b27827871dc85450d7ee"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:ba5dd002f88b78a4215ed2f8ddbdf85e8513382820ba15ad5ad8955ce0ca19a1"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-win32.whl", hash = "sha256:1ebaf1d0481914d004a573394f4be3a7616334be70261007e47c2a6fe7e50130"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-win_amd64.whl", hash = "sha256:953101387ecf2f5652883208769a79e48db18c6df442568a0b5ccd8c2723abee"},
+    {file = "pydantic_core-2.27.2-cp313-cp313-win_arm64.whl", hash = "sha256:ac4dbfd1691affb8f48c2c13241a2e3b60ff23247cbcf981759c768b6633cf8b"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:d3e8d504bdd3f10835468f29008d72fc8359d95c9c415ce6e767203db6127506"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:521eb9b7f036c9b6187f0b47318ab0d7ca14bd87f776240b90b21c1f4f149320"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:85210c4d99a0114f5a9481b44560d7d1e35e32cc5634c656bc48e590b669b145"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d716e2e30c6f140d7560ef1538953a5cd1a87264c737643d481f2779fc247fe1"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f66d89ba397d92f840f8654756196d93804278457b5fbede59598a1f9f90b228"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:669e193c1c576a58f132e3158f9dfa9662969edb1a250c54d8fa52590045f046"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9fdbe7629b996647b99c01b37f11170a57ae675375b14b8c13b8518b8320ced5"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d262606bf386a5ba0b0af3b97f37c83d7011439e3dc1a9298f21efb292e42f1a"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:cabb9bcb7e0d97f74df8646f34fc76fbf793b7f6dc2438517d7a9e50eee4f14d"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-musllinux_1_1_armv7l.whl", hash = "sha256:d2d63f1215638d28221f664596b1ccb3944f6e25dd18cd3b86b0a4c408d5ebb9"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:bca101c00bff0adb45a833f8451b9105d9df18accb8743b08107d7ada14bd7da"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-win32.whl", hash = "sha256:f6f8e111843bbb0dee4cb6594cdc73e79b3329b526037ec242a3e49012495b3b"},
+    {file = "pydantic_core-2.27.2-cp38-cp38-win_amd64.whl", hash = "sha256:fd1aea04935a508f62e0d0ef1f5ae968774a32afc306fb8545e06f5ff5cdf3ad"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:c10eb4f1659290b523af58fa7cffb452a61ad6ae5613404519aee4bfbf1df993"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:ef592d4bad47296fb11f96cd7dc898b92e795032b4894dfb4076cfccd43a9308"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c61709a844acc6bf0b7dce7daae75195a10aac96a596ea1b776996414791ede4"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:42c5f762659e47fdb7b16956c71598292f60a03aa92f8b6351504359dbdba6cf"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4c9775e339e42e79ec99c441d9730fccf07414af63eac2f0e48e08fd38a64d76"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:57762139821c31847cfb2df63c12f725788bd9f04bc2fb392790959b8f70f118"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0d1e85068e818c73e048fe28cfc769040bb1f475524f4745a5dc621f75ac7630"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:097830ed52fd9e427942ff3b9bc17fab52913b2f50f2880dc4a5611446606a54"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:044a50963a614ecfae59bb1eaf7ea7efc4bc62f49ed594e18fa1e5d953c40e9f"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-musllinux_1_1_armv7l.whl", hash = "sha256:4e0b4220ba5b40d727c7f879eac379b822eee5d8fff418e9d3381ee45b3b0362"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5e4f4bb20d75e9325cc9696c6802657b58bc1dbbe3022f32cc2b2b632c3fbb96"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-win32.whl", hash = "sha256:cca63613e90d001b9f2f9a9ceb276c308bfa2a43fafb75c8031c4f66039e8c6e"},
+    {file = "pydantic_core-2.27.2-cp39-cp39-win_amd64.whl", hash = "sha256:77d1bca19b0f7021b3a982e6f903dcd5b2b06076def36a652e3907f596e29f67"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:2bf14caea37e91198329b828eae1618c068dfb8ef17bb33287a7ad4b61ac314e"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:b0cb791f5b45307caae8810c2023a184c74605ec3bcbb67d13846c28ff731ff8"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:688d3fd9fcb71f41c4c015c023d12a79d1c4c0732ec9eb35d96e3388a120dcf3"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3d591580c34f4d731592f0e9fe40f9cc1b430d297eecc70b962e93c5c668f15f"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:82f986faf4e644ffc189a7f1aafc86e46ef70372bb153e7001e8afccc6e54133"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:bec317a27290e2537f922639cafd54990551725fc844249e64c523301d0822fc"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:0296abcb83a797db256b773f45773da397da75a08f5fcaef41f2044adec05f50"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:0d75070718e369e452075a6017fbf187f788e17ed67a3abd47fa934d001863d9"},
+    {file = "pydantic_core-2.27.2-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:7e17b560be3c98a8e3aa66ce828bdebb9e9ac6ad5466fba92eb74c4c95cb1151"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:c33939a82924da9ed65dab5a65d427205a73181d8098e79b6b426bdf8ad4e656"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:00bad2484fa6bda1e216e7345a798bd37c68fb2d97558edd584942aa41b7d278"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c817e2b40aba42bac6f457498dacabc568c3b7a986fc9ba7c8d9d260b71485fb"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:251136cdad0cb722e93732cb45ca5299fb56e1344a833640bf93b2803f8d1bfd"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d2088237af596f0a524d3afc39ab3b036e8adb054ee57cbb1dcf8e09da5b29cc"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:d4041c0b966a84b4ae7a09832eb691a35aec90910cd2dbe7a208de59be77965b"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:8083d4e875ebe0b864ffef72a4304827015cff328a1be6e22cc850753bfb122b"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:f141ee28a0ad2123b6611b6ceff018039df17f32ada8b534e6aa039545a3efb2"},
+    {file = "pydantic_core-2.27.2-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:7d0c8399fcc1848491f00e0314bd59fb34a9c008761bcb422a057670c3f65e35"},
+    {file = "pydantic_core-2.27.2.tar.gz", hash = "sha256:eb026e5a4c1fee05726072337ff51d1efb6f59090b7da90d30ea58625b1ffb39"},
 ]
 
 [package.dependencies]
@@ -2135,29 +2135,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.8.3"
+version = "0.8.4"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.8.3-py3-none-linux_armv6l.whl", hash = "sha256:8d5d273ffffff0acd3db5bf626d4b131aa5a5ada1276126231c4174543ce20d6"},
-    {file = "ruff-0.8.3-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:e4d66a21de39f15c9757d00c50c8cdd20ac84f55684ca56def7891a025d7e939"},
-    {file = "ruff-0.8.3-py3-none-macosx_11_0_arm64.whl", hash = "sha256:c356e770811858bd20832af696ff6c7e884701115094f427b64b25093d6d932d"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9c0a60a825e3e177116c84009d5ebaa90cf40dfab56e1358d1df4e29a9a14b13"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:75fb782f4db39501210ac093c79c3de581d306624575eddd7e4e13747e61ba18"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7f26bc76a133ecb09a38b7868737eded6941b70a6d34ef53a4027e83913b6502"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:01b14b2f72a37390c1b13477c1c02d53184f728be2f3ffc3ace5b44e9e87b90d"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:53babd6e63e31f4e96ec95ea0d962298f9f0d9cc5990a1bbb023a6baf2503a82"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1ae441ce4cf925b7f363d33cd6570c51435972d697e3e58928973994e56e1452"},
-    {file = "ruff-0.8.3-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d7c65bc0cadce32255e93c57d57ecc2cca23149edd52714c0c5d6fa11ec328cd"},
-    {file = "ruff-0.8.3-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:5be450bb18f23f0edc5a4e5585c17a56ba88920d598f04a06bd9fd76d324cb20"},
-    {file = "ruff-0.8.3-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:8faeae3827eaa77f5721f09b9472a18c749139c891dbc17f45e72d8f2ca1f8fc"},
-    {file = "ruff-0.8.3-py3-none-musllinux_1_2_i686.whl", hash = "sha256:db503486e1cf074b9808403991663e4277f5c664d3fe237ee0d994d1305bb060"},
-    {file = "ruff-0.8.3-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:6567be9fb62fbd7a099209257fef4ad2c3153b60579818b31a23c886ed4147ea"},
-    {file = "ruff-0.8.3-py3-none-win32.whl", hash = "sha256:19048f2f878f3ee4583fc6cb23fb636e48c2635e30fb2022b3a1cd293402f964"},
-    {file = "ruff-0.8.3-py3-none-win_amd64.whl", hash = "sha256:f7df94f57d7418fa7c3ffb650757e0c2b96cf2501a0b192c18e4fb5571dfada9"},
-    {file = "ruff-0.8.3-py3-none-win_arm64.whl", hash = "sha256:fe2756edf68ea79707c8d68b78ca9a58ed9af22e430430491ee03e718b5e4936"},
-    {file = "ruff-0.8.3.tar.gz", hash = "sha256:5e7558304353b84279042fc584a4f4cb8a07ae79b2bf3da1a7551d960b5626d3"},
+    {file = "ruff-0.8.4-py3-none-linux_armv6l.whl", hash = "sha256:58072f0c06080276804c6a4e21a9045a706584a958e644353603d36ca1eb8a60"},
+    {file = "ruff-0.8.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:ffb60904651c00a1e0b8df594591770018a0f04587f7deeb3838344fe3adabac"},
+    {file = "ruff-0.8.4-py3-none-macosx_11_0_arm64.whl", hash = "sha256:6ddf5d654ac0d44389f6bf05cee4caeefc3132a64b58ea46738111d687352296"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e248b1f0fa2749edd3350a2a342b67b43a2627434c059a063418e3d375cfe643"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:bf197b98ed86e417412ee3b6c893f44c8864f816451441483253d5ff22c0e81e"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c41319b85faa3aadd4d30cb1cffdd9ac6b89704ff79f7664b853785b48eccdf3"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:9f8402b7c4f96463f135e936d9ab77b65711fcd5d72e5d67597b543bbb43cf3f"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e4e56b3baa9c23d324ead112a4fdf20db9a3f8f29eeabff1355114dd96014604"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:736272574e97157f7edbbb43b1d046125fce9e7d8d583d5d65d0c9bf2c15addf"},
+    {file = "ruff-0.8.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e5fe710ab6061592521f902fca7ebcb9fabd27bc7c57c764298b1c1f15fff720"},
+    {file = "ruff-0.8.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:13e9ec6d6b55f6da412d59953d65d66e760d583dd3c1c72bf1f26435b5bfdbae"},
+    {file = "ruff-0.8.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:97d9aefef725348ad77d6db98b726cfdb075a40b936c7984088804dfd38268a7"},
+    {file = "ruff-0.8.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:ab78e33325a6f5374e04c2ab924a3367d69a0da36f8c9cb6b894a62017506111"},
+    {file = "ruff-0.8.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:8ef06f66f4a05c3ddbc9121a8b0cecccd92c5bf3dd43b5472ffe40b8ca10f0f8"},
+    {file = "ruff-0.8.4-py3-none-win32.whl", hash = "sha256:552fb6d861320958ca5e15f28b20a3d071aa83b93caee33a87b471f99a6c0835"},
+    {file = "ruff-0.8.4-py3-none-win_amd64.whl", hash = "sha256:f21a1143776f8656d7f364bd264a9d60f01b7f52243fbe90e7670c0dfe0cf65d"},
+    {file = "ruff-0.8.4-py3-none-win_arm64.whl", hash = "sha256:9183dd615d8df50defa8b1d9a074053891ba39025cf5ae88e8bcb52edcc4bf08"},
+    {file = "ruff-0.8.4.tar.gz", hash = "sha256:0d5f89f254836799af1615798caa5f80b7f935d7a670fad66c5007928e57ace8"},
 ]
 
 [[package]]
@@ -2414,4 +2414,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "6396dc4ab6d72485a70114af26bcae24c090e264f555cf809ea1c51ac0194212"
+content-hash = "fe1fb1e0400f6d064e1a42699afb2d06cff6f48f13efff68769ba75595bcd7c1"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index 97c2c0db3..1521f0e9c 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -28,7 +28,7 @@ aiohttp = "^3.8.1"
 Authlib = "^1.2.0"
 
 [tool.poetry.dev-dependencies]
-mypy = "^1.13"
+mypy = "^1.14"
 pytest = "^8.3.4"
 types-toml = "^0.10.8"
 pylint-pydantic = "^0.3.4"
@@ -39,13 +39,13 @@ pytest-mock = "^3.14.0"
 pytest-aiohttp = "^1.0.5"
 black = "^24.10.0"
 mkdocs = "^1.5.3"
-mkdocs-material = "^9.5.48"
+mkdocs-material = "^9.5.49"
 mkdocstrings = "^0.27.0"
 mkdocstrings-python = "^1.12.2"
-pook = "^2.1.2"
+pook = "^2.1.3"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.8.4"
+ruff = ">=0.5.1,<0.8.5"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From 009200375f8a2d564164afb0b266819e32b5945a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Dec 2024 00:29:06 +0000
Subject: [PATCH 34/87] Bump the all group with 3 updates (#3317)

Bumps the all group with 3 updates: [anyhow](https://github.com/dtolnay/anyhow), [serde_json](https://github.com/serde-rs/json) and [syn](https://github.com/dtolnay/syn).


Updates `anyhow` from 1.0.94 to 1.0.95
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.94...1.0.95)

Updates `serde_json` from 1.0.133 to 1.0.134
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.133...v1.0.134)

Updates `syn` from 2.0.90 to 2.0.91
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.90...2.0.91)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock | 94 +++++++++++++++++++++++++++---------------------------
 Cargo.toml |  6 ++--
 2 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index be6b1b7af..808305d05 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -112,9 +112,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.94"
+version = "1.0.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1fd03a028ef38ba2276dce7e33fcd6369c158a1bca17946c4b1b701891c1ff7"
+checksum = "34ac096ce696dc2fcabef30516bb13c0a68a11d30131d3df6f04711467681b04"
 
 [[package]]
 name = "arc-swap"
@@ -172,7 +172,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "serde",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -214,7 +214,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
  "synstructure",
 ]
 
@@ -226,7 +226,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -277,7 +277,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -288,7 +288,7 @@ checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -480,7 +480,7 @@ checksum = "57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -586,7 +586,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.90",
+ "syn 2.0.91",
  "which",
 ]
 
@@ -607,7 +607,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -825,7 +825,7 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1160,7 +1160,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "strsim 0.11.1",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1182,7 +1182,7 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core 0.20.10",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1226,7 +1226,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1353,7 +1353,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1430,7 +1430,7 @@ checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1450,7 +1450,7 @@ checksum = "de0d48a183585823424a4ce1aa132d174a6a81bd540895822eb4c8373a8e49e8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -1739,7 +1739,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -2053,7 +2053,7 @@ checksum = "999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -2743,7 +2743,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -3308,7 +3308,7 @@ version = "1.5.0-dev"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -4019,7 +4019,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -4353,7 +4353,7 @@ checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -4433,7 +4433,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
 dependencies = [
  "proc-macro2",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -4668,7 +4668,7 @@ checksum = "bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -4899,7 +4899,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rust-embed-utils",
- "syn 2.0.90",
+ "syn 2.0.91",
  "walkdir",
 ]
 
@@ -5222,14 +5222,14 @@ checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.133"
+version = "1.0.134"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377"
+checksum = "d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d"
 dependencies = [
  "itoa",
  "memchr",
@@ -5286,7 +5286,7 @@ dependencies = [
  "darling 0.20.10",
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -5523,9 +5523,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.90"
+version = "2.0.91"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "919d3b74a5dd0ccd15aeb8f93e7006bd9e14c295087c9896a110f490752bcf31"
+checksum = "d53cbcb5a243bd33b7858b1d7f4aca2153490815872d86d955d6ea29f743c035"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5555,7 +5555,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -5610,7 +5610,7 @@ version = "0.1.0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -5639,7 +5639,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -5650,7 +5650,7 @@ checksum = "f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -5745,7 +5745,7 @@ checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -5784,7 +5784,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -6004,7 +6004,7 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -6238,7 +6238,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex",
- "syn 2.0.90",
+ "syn 2.0.91",
  "url",
  "uuid",
 ]
@@ -6365,7 +6365,7 @@ dependencies = [
  "log",
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
  "wasm-bindgen-shared",
 ]
 
@@ -6400,7 +6400,7 @@ checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -6960,7 +6960,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
  "synstructure",
 ]
 
@@ -6982,7 +6982,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -7002,7 +7002,7 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
  "synstructure",
 ]
 
@@ -7023,7 +7023,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
@@ -7045,7 +7045,7 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.90",
+ "syn 2.0.91",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index d35acac92..fdb93c679 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -136,7 +136,7 @@ kanidm_utils_users = { path = "./libs/users", version = "=1.5.0-dev" }
 scim_proto = { path = "./libs/scim_proto", version = "=1.5.0-dev" }
 sketching = { path = "./libs/sketching", version = "=1.5.0-dev" }
 
-anyhow = { version = "1.0.94" }
+anyhow = { version = "1.0.95" }
 argon2 = { version = "0.5.3", features = ["alloc"] }
 askama = { version = "0.12.1", features = ["serde", "with-axum"] }
 askama_axum = { version = "0.4.0" }
@@ -247,7 +247,7 @@ sd-notify = "^0.4.3"
 selinux = "^0.4.6"
 serde = "^1.0.216"
 serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
-serde_json = "^1.0.133"
+serde_json = "^1.0.134"
 serde_urlencoded = "^0.7.1"
 serde_with = "3.11.0"
 sha-crypt = "0.5.0"
@@ -258,7 +258,7 @@ smolset = "^1.3.1"
 sshkey-attest = "^0.5.0"
 sshkeys = "0.3.3"
 svg = "0.13.1"
-syn = { version = "2.0.90", features = ["full"] }
+syn = { version = "2.0.91", features = ["full"] }
 tempfile = "3.14.0"
 testkit-macros = { path = "./server/testkit-macros" }
 time = { version = "^0.3.36", features = ["formatting", "local-offset"] }

From c0e733629fe60c5c7cd7ada6261bbc87664ea584 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Dec 2024 08:18:58 +1000
Subject: [PATCH 35/87] Bump the all group in /pykanidm with 2 updates (#3323)

Bumps the all group in /pykanidm with 2 updates: [coverage](https://github.com/nedbat/coveragepy) and [mkdocstrings-python](https://github.com/mkdocstrings/python).


Updates `coverage` from 7.6.9 to 7.6.10
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.9...7.6.10)

Updates `mkdocstrings-python` from 1.12.2 to 1.13.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.12.2...1.13.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 134 ++++++++++++++++++++--------------------
 pykanidm/pyproject.toml |   4 +-
 2 files changed, 69 insertions(+), 69 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 2842fc808..258986adb 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -468,73 +468,73 @@ files = [
 
 [[package]]
 name = "coverage"
-version = "7.6.9"
+version = "7.6.10"
 description = "Code coverage measurement for Python"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "coverage-7.6.9-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:85d9636f72e8991a1706b2b55b06c27545448baf9f6dbf51c4004609aacd7dcb"},
-    {file = "coverage-7.6.9-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:608a7fd78c67bee8936378299a6cb9f5149bb80238c7a566fc3e6717a4e68710"},
-    {file = "coverage-7.6.9-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:96d636c77af18b5cb664ddf12dab9b15a0cfe9c0bde715da38698c8cea748bfa"},
-    {file = "coverage-7.6.9-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d75cded8a3cff93da9edc31446872d2997e327921d8eed86641efafd350e1df1"},
-    {file = "coverage-7.6.9-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f7b15f589593110ae767ce997775d645b47e5cbbf54fd322f8ebea6277466cec"},
-    {file = "coverage-7.6.9-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:44349150f6811b44b25574839b39ae35291f6496eb795b7366fef3bd3cf112d3"},
-    {file = "coverage-7.6.9-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:d891c136b5b310d0e702e186d70cd16d1119ea8927347045124cb286b29297e5"},
-    {file = "coverage-7.6.9-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:db1dab894cc139f67822a92910466531de5ea6034ddfd2b11c0d4c6257168073"},
-    {file = "coverage-7.6.9-cp310-cp310-win32.whl", hash = "sha256:41ff7b0da5af71a51b53f501a3bac65fb0ec311ebed1632e58fc6107f03b9198"},
-    {file = "coverage-7.6.9-cp310-cp310-win_amd64.whl", hash = "sha256:35371f8438028fdccfaf3570b31d98e8d9eda8bb1d6ab9473f5a390969e98717"},
-    {file = "coverage-7.6.9-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:932fc826442132dde42ee52cf66d941f581c685a6313feebed358411238f60f9"},
-    {file = "coverage-7.6.9-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:085161be5f3b30fd9b3e7b9a8c301f935c8313dcf928a07b116324abea2c1c2c"},
-    {file = "coverage-7.6.9-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ccc660a77e1c2bf24ddbce969af9447a9474790160cfb23de6be4fa88e3951c7"},
-    {file = "coverage-7.6.9-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c69e42c892c018cd3c8d90da61d845f50a8243062b19d228189b0224150018a9"},
-    {file = "coverage-7.6.9-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0824a28ec542a0be22f60c6ac36d679e0e262e5353203bea81d44ee81fe9c6d4"},
-    {file = "coverage-7.6.9-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:4401ae5fc52ad8d26d2a5d8a7428b0f0c72431683f8e63e42e70606374c311a1"},
-    {file = "coverage-7.6.9-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:98caba4476a6c8d59ec1eb00c7dd862ba9beca34085642d46ed503cc2d440d4b"},
-    {file = "coverage-7.6.9-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:ee5defd1733fd6ec08b168bd4f5387d5b322f45ca9e0e6c817ea6c4cd36313e3"},
-    {file = "coverage-7.6.9-cp311-cp311-win32.whl", hash = "sha256:f2d1ec60d6d256bdf298cb86b78dd715980828f50c46701abc3b0a2b3f8a0dc0"},
-    {file = "coverage-7.6.9-cp311-cp311-win_amd64.whl", hash = "sha256:0d59fd927b1f04de57a2ba0137166d31c1a6dd9e764ad4af552912d70428c92b"},
-    {file = "coverage-7.6.9-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:99e266ae0b5d15f1ca8d278a668df6f51cc4b854513daab5cae695ed7b721cf8"},
-    {file = "coverage-7.6.9-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:9901d36492009a0a9b94b20e52ebfc8453bf49bb2b27bca2c9706f8b4f5a554a"},
-    {file = "coverage-7.6.9-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:abd3e72dd5b97e3af4246cdada7738ef0e608168de952b837b8dd7e90341f015"},
-    {file = "coverage-7.6.9-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ff74026a461eb0660366fb01c650c1d00f833a086b336bdad7ab00cc952072b3"},
-    {file = "coverage-7.6.9-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:65dad5a248823a4996724a88eb51d4b31587aa7aa428562dbe459c684e5787ae"},
-    {file = "coverage-7.6.9-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:22be16571504c9ccea919fcedb459d5ab20d41172056206eb2994e2ff06118a4"},
-    {file = "coverage-7.6.9-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:0f957943bc718b87144ecaee70762bc2bc3f1a7a53c7b861103546d3a403f0a6"},
-    {file = "coverage-7.6.9-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0ae1387db4aecb1f485fb70a6c0148c6cdaebb6038f1d40089b1fc84a5db556f"},
-    {file = "coverage-7.6.9-cp312-cp312-win32.whl", hash = "sha256:1a330812d9cc7ac2182586f6d41b4d0fadf9be9049f350e0efb275c8ee8eb692"},
-    {file = "coverage-7.6.9-cp312-cp312-win_amd64.whl", hash = "sha256:b12c6b18269ca471eedd41c1b6a1065b2f7827508edb9a7ed5555e9a56dcfc97"},
-    {file = "coverage-7.6.9-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:899b8cd4781c400454f2f64f7776a5d87bbd7b3e7f7bda0cb18f857bb1334664"},
-    {file = "coverage-7.6.9-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:61f70dc68bd36810972e55bbbe83674ea073dd1dcc121040a08cdf3416c5349c"},
-    {file = "coverage-7.6.9-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8a289d23d4c46f1a82d5db4abeb40b9b5be91731ee19a379d15790e53031c014"},
-    {file = "coverage-7.6.9-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7e216d8044a356fc0337c7a2a0536d6de07888d7bcda76febcb8adc50bdbbd00"},
-    {file = "coverage-7.6.9-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3c026eb44f744acaa2bda7493dad903aa5bf5fc4f2554293a798d5606710055d"},
-    {file = "coverage-7.6.9-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e77363e8425325384f9d49272c54045bbed2f478e9dd698dbc65dbc37860eb0a"},
-    {file = "coverage-7.6.9-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:777abfab476cf83b5177b84d7486497e034eb9eaea0d746ce0c1268c71652077"},
-    {file = "coverage-7.6.9-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:447af20e25fdbe16f26e84eb714ba21d98868705cb138252d28bc400381f6ffb"},
-    {file = "coverage-7.6.9-cp313-cp313-win32.whl", hash = "sha256:d872ec5aeb086cbea771c573600d47944eea2dcba8be5f3ee649bfe3cb8dc9ba"},
-    {file = "coverage-7.6.9-cp313-cp313-win_amd64.whl", hash = "sha256:fd1213c86e48dfdc5a0cc676551db467495a95a662d2396ecd58e719191446e1"},
-    {file = "coverage-7.6.9-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:ba9e7484d286cd5a43744e5f47b0b3fb457865baf07bafc6bee91896364e1419"},
-    {file = "coverage-7.6.9-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:e5ea1cf0872ee455c03e5674b5bca5e3e68e159379c1af0903e89f5eba9ccc3a"},
-    {file = "coverage-7.6.9-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2d10e07aa2b91835d6abec555ec8b2733347956991901eea6ffac295f83a30e4"},
-    {file = "coverage-7.6.9-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:13a9e2d3ee855db3dd6ea1ba5203316a1b1fd8eaeffc37c5b54987e61e4194ae"},
-    {file = "coverage-7.6.9-cp313-cp313t-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9c38bf15a40ccf5619fa2fe8f26106c7e8e080d7760aeccb3722664c8656b030"},
-    {file = "coverage-7.6.9-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:d5275455b3e4627c8e7154feaf7ee0743c2e7af82f6e3b561967b1cca755a0be"},
-    {file = "coverage-7.6.9-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:8f8770dfc6e2c6a2d4569f411015c8d751c980d17a14b0530da2d7f27ffdd88e"},
-    {file = "coverage-7.6.9-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:8d2dfa71665a29b153a9681edb1c8d9c1ea50dfc2375fb4dac99ea7e21a0bcd9"},
-    {file = "coverage-7.6.9-cp313-cp313t-win32.whl", hash = "sha256:5e6b86b5847a016d0fbd31ffe1001b63355ed309651851295315031ea7eb5a9b"},
-    {file = "coverage-7.6.9-cp313-cp313t-win_amd64.whl", hash = "sha256:97ddc94d46088304772d21b060041c97fc16bdda13c6c7f9d8fcd8d5ae0d8611"},
-    {file = "coverage-7.6.9-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:adb697c0bd35100dc690de83154627fbab1f4f3c0386df266dded865fc50a902"},
-    {file = "coverage-7.6.9-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:be57b6d56e49c2739cdf776839a92330e933dd5e5d929966fbbd380c77f060be"},
-    {file = "coverage-7.6.9-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f1592791f8204ae9166de22ba7e6705fa4ebd02936c09436a1bb85aabca3e599"},
-    {file = "coverage-7.6.9-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4e12ae8cc979cf83d258acb5e1f1cf2f3f83524d1564a49d20b8bec14b637f08"},
-    {file = "coverage-7.6.9-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bb5555cff66c4d3d6213a296b360f9e1a8e323e74e0426b6c10ed7f4d021e464"},
-    {file = "coverage-7.6.9-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:b9389a429e0e5142e69d5bf4a435dd688c14478a19bb901735cdf75e57b13845"},
-    {file = "coverage-7.6.9-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:592ac539812e9b46046620341498caf09ca21023c41c893e1eb9dbda00a70cbf"},
-    {file = "coverage-7.6.9-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:a27801adef24cc30871da98a105f77995e13a25a505a0161911f6aafbd66e678"},
-    {file = "coverage-7.6.9-cp39-cp39-win32.whl", hash = "sha256:8e3c3e38930cfb729cb8137d7f055e5a473ddaf1217966aa6238c88bd9fd50e6"},
-    {file = "coverage-7.6.9-cp39-cp39-win_amd64.whl", hash = "sha256:e28bf44afa2b187cc9f41749138a64435bf340adfcacb5b2290c070ce99839d4"},
-    {file = "coverage-7.6.9-pp39.pp310-none-any.whl", hash = "sha256:f3ca78518bc6bc92828cd11867b121891d75cae4ea9e908d72030609b996db1b"},
-    {file = "coverage-7.6.9.tar.gz", hash = "sha256:4a8d8977b0c6ef5aeadcb644da9e69ae0dcfe66ec7f368c89c72e058bd71164d"},
+    {file = "coverage-7.6.10-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5c912978f7fbf47ef99cec50c4401340436d200d41d714c7a4766f377c5b7b78"},
+    {file = "coverage-7.6.10-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a01ec4af7dfeb96ff0078ad9a48810bb0cc8abcb0115180c6013a6b26237626c"},
+    {file = "coverage-7.6.10-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a3b204c11e2b2d883946fe1d97f89403aa1811df28ce0447439178cc7463448a"},
+    {file = "coverage-7.6.10-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:32ee6d8491fcfc82652a37109f69dee9a830e9379166cb73c16d8dc5c2915165"},
+    {file = "coverage-7.6.10-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:675cefc4c06e3b4c876b85bfb7c59c5e2218167bbd4da5075cbe3b5790a28988"},
+    {file = "coverage-7.6.10-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:f4f620668dbc6f5e909a0946a877310fb3d57aea8198bde792aae369ee1c23b5"},
+    {file = "coverage-7.6.10-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:4eea95ef275de7abaef630c9b2c002ffbc01918b726a39f5a4353916ec72d2f3"},
+    {file = "coverage-7.6.10-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:e2f0280519e42b0a17550072861e0bc8a80a0870de260f9796157d3fca2733c5"},
+    {file = "coverage-7.6.10-cp310-cp310-win32.whl", hash = "sha256:bc67deb76bc3717f22e765ab3e07ee9c7a5e26b9019ca19a3b063d9f4b874244"},
+    {file = "coverage-7.6.10-cp310-cp310-win_amd64.whl", hash = "sha256:0f460286cb94036455e703c66988851d970fdfd8acc2a1122ab7f4f904e4029e"},
+    {file = "coverage-7.6.10-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:ea3c8f04b3e4af80e17bab607c386a830ffc2fb88a5484e1df756478cf70d1d3"},
+    {file = "coverage-7.6.10-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:507a20fc863cae1d5720797761b42d2d87a04b3e5aeb682ef3b7332e90598f43"},
+    {file = "coverage-7.6.10-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d37a84878285b903c0fe21ac8794c6dab58150e9359f1aaebbeddd6412d53132"},
+    {file = "coverage-7.6.10-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a534738b47b0de1995f85f582d983d94031dffb48ab86c95bdf88dc62212142f"},
+    {file = "coverage-7.6.10-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0d7a2bf79378d8fb8afaa994f91bfd8215134f8631d27eba3e0e2c13546ce994"},
+    {file = "coverage-7.6.10-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:6713ba4b4ebc330f3def51df1d5d38fad60b66720948112f114968feb52d3f99"},
+    {file = "coverage-7.6.10-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:ab32947f481f7e8c763fa2c92fd9f44eeb143e7610c4ca9ecd6a36adab4081bd"},
+    {file = "coverage-7.6.10-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:7bbd8c8f1b115b892e34ba66a097b915d3871db7ce0e6b9901f462ff3a975377"},
+    {file = "coverage-7.6.10-cp311-cp311-win32.whl", hash = "sha256:299e91b274c5c9cdb64cbdf1b3e4a8fe538a7a86acdd08fae52301b28ba297f8"},
+    {file = "coverage-7.6.10-cp311-cp311-win_amd64.whl", hash = "sha256:489a01f94aa581dbd961f306e37d75d4ba16104bbfa2b0edb21d29b73be83609"},
+    {file = "coverage-7.6.10-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:27c6e64726b307782fa5cbe531e7647aee385a29b2107cd87ba7c0105a5d3853"},
+    {file = "coverage-7.6.10-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:c56e097019e72c373bae32d946ecf9858fda841e48d82df7e81c63ac25554078"},
+    {file = "coverage-7.6.10-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c7827a5bc7bdb197b9e066cdf650b2887597ad124dd99777332776f7b7c7d0d0"},
+    {file = "coverage-7.6.10-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:204a8238afe787323a8b47d8be4df89772d5c1e4651b9ffa808552bdf20e1d50"},
+    {file = "coverage-7.6.10-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e67926f51821b8e9deb6426ff3164870976fe414d033ad90ea75e7ed0c2e5022"},
+    {file = "coverage-7.6.10-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:e78b270eadb5702938c3dbe9367f878249b5ef9a2fcc5360ac7bff694310d17b"},
+    {file = "coverage-7.6.10-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:714f942b9c15c3a7a5fe6876ce30af831c2ad4ce902410b7466b662358c852c0"},
+    {file = "coverage-7.6.10-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:abb02e2f5a3187b2ac4cd46b8ced85a0858230b577ccb2c62c81482ca7d18852"},
+    {file = "coverage-7.6.10-cp312-cp312-win32.whl", hash = "sha256:55b201b97286cf61f5e76063f9e2a1d8d2972fc2fcfd2c1272530172fd28c359"},
+    {file = "coverage-7.6.10-cp312-cp312-win_amd64.whl", hash = "sha256:e4ae5ac5e0d1e4edfc9b4b57b4cbecd5bc266a6915c500f358817a8496739247"},
+    {file = "coverage-7.6.10-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:05fca8ba6a87aabdd2d30d0b6c838b50510b56cdcfc604d40760dae7153b73d9"},
+    {file = "coverage-7.6.10-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:9e80eba8801c386f72e0712a0453431259c45c3249f0009aff537a517b52942b"},
+    {file = "coverage-7.6.10-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a372c89c939d57abe09e08c0578c1d212e7a678135d53aa16eec4430adc5e690"},
+    {file = "coverage-7.6.10-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ec22b5e7fe7a0fa8509181c4aac1db48f3dd4d3a566131b313d1efc102892c18"},
+    {file = "coverage-7.6.10-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:26bcf5c4df41cad1b19c84af71c22cbc9ea9a547fc973f1f2cc9a290002c8b3c"},
+    {file = "coverage-7.6.10-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:4e4630c26b6084c9b3cb53b15bd488f30ceb50b73c35c5ad7871b869cb7365fd"},
+    {file = "coverage-7.6.10-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:2396e8116db77789f819d2bc8a7e200232b7a282c66e0ae2d2cd84581a89757e"},
+    {file = "coverage-7.6.10-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:79109c70cc0882e4d2d002fe69a24aa504dec0cc17169b3c7f41a1d341a73694"},
+    {file = "coverage-7.6.10-cp313-cp313-win32.whl", hash = "sha256:9e1747bab246d6ff2c4f28b4d186b205adced9f7bd9dc362051cc37c4a0c7bd6"},
+    {file = "coverage-7.6.10-cp313-cp313-win_amd64.whl", hash = "sha256:254f1a3b1eef5f7ed23ef265eaa89c65c8c5b6b257327c149db1ca9d4a35f25e"},
+    {file = "coverage-7.6.10-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:2ccf240eb719789cedbb9fd1338055de2761088202a9a0b73032857e53f612fe"},
+    {file = "coverage-7.6.10-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:0c807ca74d5a5e64427c8805de15b9ca140bba13572d6d74e262f46f50b13273"},
+    {file = "coverage-7.6.10-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2bcfa46d7709b5a7ffe089075799b902020b62e7ee56ebaed2f4bdac04c508d8"},
+    {file = "coverage-7.6.10-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4e0de1e902669dccbf80b0415fb6b43d27edca2fbd48c74da378923b05316098"},
+    {file = "coverage-7.6.10-cp313-cp313t-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3f7b444c42bbc533aaae6b5a2166fd1a797cdb5eb58ee51a92bee1eb94a1e1cb"},
+    {file = "coverage-7.6.10-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:b330368cb99ef72fcd2dc3ed260adf67b31499584dc8a20225e85bfe6f6cfed0"},
+    {file = "coverage-7.6.10-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:9a7cfb50515f87f7ed30bc882f68812fd98bc2852957df69f3003d22a2aa0abf"},
+    {file = "coverage-7.6.10-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:6f93531882a5f68c28090f901b1d135de61b56331bba82028489bc51bdd818d2"},
+    {file = "coverage-7.6.10-cp313-cp313t-win32.whl", hash = "sha256:89d76815a26197c858f53c7f6a656686ec392b25991f9e409bcef020cd532312"},
+    {file = "coverage-7.6.10-cp313-cp313t-win_amd64.whl", hash = "sha256:54a5f0f43950a36312155dae55c505a76cd7f2b12d26abeebbe7a0b36dbc868d"},
+    {file = "coverage-7.6.10-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:656c82b8a0ead8bba147de9a89bda95064874c91a3ed43a00e687f23cc19d53a"},
+    {file = "coverage-7.6.10-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:ccc2b70a7ed475c68ceb548bf69cec1e27305c1c2606a5eb7c3afff56a1b3b27"},
+    {file = "coverage-7.6.10-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a5e37dc41d57ceba70956fa2fc5b63c26dba863c946ace9705f8eca99daecdc4"},
+    {file = "coverage-7.6.10-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0aa9692b4fdd83a4647eeb7db46410ea1322b5ed94cd1715ef09d1d5922ba87f"},
+    {file = "coverage-7.6.10-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:aa744da1820678b475e4ba3dfd994c321c5b13381d1041fe9c608620e6676e25"},
+    {file = "coverage-7.6.10-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:c0b1818063dc9e9d838c09e3a473c1422f517889436dd980f5d721899e66f315"},
+    {file = "coverage-7.6.10-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:59af35558ba08b758aec4d56182b222976330ef8d2feacbb93964f576a7e7a90"},
+    {file = "coverage-7.6.10-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:7ed2f37cfce1ce101e6dffdfd1c99e729dd2ffc291d02d3e2d0af8b53d13840d"},
+    {file = "coverage-7.6.10-cp39-cp39-win32.whl", hash = "sha256:4bcc276261505d82f0ad426870c3b12cb177752834a633e737ec5ee79bbdff18"},
+    {file = "coverage-7.6.10-cp39-cp39-win_amd64.whl", hash = "sha256:457574f4599d2b00f7f637a0700a6422243b3565509457b2dbd3f50703e11f59"},
+    {file = "coverage-7.6.10-pp39.pp310-none-any.whl", hash = "sha256:fd34e7b3405f0cc7ab03d54a334c17a9e802897580d964bd8c2001f4b9fd488f"},
+    {file = "coverage-7.6.10.tar.gz", hash = "sha256:7fb105327c8f8f0682e29843e2ff96af9dcbe5bab8eeb4b398c6a33a16d80a23"},
 ]
 
 [package.extras]
@@ -1100,13 +1100,13 @@ python-legacy = ["mkdocstrings-python-legacy (>=0.2.1)"]
 
 [[package]]
 name = "mkdocstrings-python"
-version = "1.12.2"
+version = "1.13.0"
 description = "A Python handler for mkdocstrings."
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "mkdocstrings_python-1.12.2-py3-none-any.whl", hash = "sha256:7f7d40d6db3cb1f5d19dbcd80e3efe4d0ba32b073272c0c0de9de2e604eda62a"},
-    {file = "mkdocstrings_python-1.12.2.tar.gz", hash = "sha256:7a1760941c0b52a2cd87b960a9e21112ffe52e7df9d0b9583d04d47ed2e186f3"},
+    {file = "mkdocstrings_python-1.13.0-py3-none-any.whl", hash = "sha256:b88bbb207bab4086434743849f8e796788b373bd32e7bfefbf8560ac45d88f97"},
+    {file = "mkdocstrings_python-1.13.0.tar.gz", hash = "sha256:2dbd5757e8375b9720e81db16f52f1856bf59905428fd7ef88005d1370e2f64c"},
 ]
 
 [package.dependencies]
@@ -2414,4 +2414,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "fe1fb1e0400f6d064e1a42699afb2d06cff6f48f13efff68769ba75595bcd7c1"
+content-hash = "d525ac7a72aa56c51f293501602fccf7c93ba97a249cc714eb4e06e72f5b7f58"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index 1521f0e9c..f8fb32495 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -32,7 +32,7 @@ mypy = "^1.14"
 pytest = "^8.3.4"
 types-toml = "^0.10.8"
 pylint-pydantic = "^0.3.4"
-coverage = "^7.6.9"
+coverage = "^7.6.10"
 pylint-pytest = "^1.1.7"
 pytest-asyncio = "^0.25.0"
 pytest-mock = "^3.14.0"
@@ -41,7 +41,7 @@ black = "^24.10.0"
 mkdocs = "^1.5.3"
 mkdocs-material = "^9.5.49"
 mkdocstrings = "^0.27.0"
-mkdocstrings-python = "^1.12.2"
+mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 
 [tool.poetry.group.dev.dependencies]

From 227853f8cd01e184aac8efc82dd027b4d6e772e1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 29 Dec 2024 22:46:26 +0000
Subject: [PATCH 36/87] Bump the all group with 6 updates (#3324)

Bumps the all group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [quote](https://github.com/dtolnay/quote) | `1.0.37` | `1.0.38` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.9` | `0.12.11` |
| [serde](https://github.com/serde-rs/serde) | `1.0.216` | `1.0.217` |
| [serde_with](https://github.com/jonasbb/serde_with) | `3.11.0` | `3.12.0` |
| [syn](https://github.com/dtolnay/syn) | `2.0.91` | `2.0.93` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.26.2` | `0.28.0` |


Updates `quote` from 1.0.37 to 1.0.38
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.37...1.0.38)

Updates `reqwest` from 0.12.9 to 0.12.11
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.9...v0.12.11)

Updates `serde` from 1.0.216 to 1.0.217
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.216...v1.0.217)

Updates `serde_with` from 3.11.0 to 3.12.0
- [Release notes](https://github.com/jonasbb/serde_with/releases)
- [Commits](https://github.com/jonasbb/serde_with/compare/v3.11.0...v3.12.0)

Updates `syn` from 2.0.91 to 2.0.93
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.91...2.0.93)

Updates `jsonschema` from 0.26.2 to 0.28.0
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.26.2...rust-v0.28.0)

---
updated-dependencies:
- dependency-name: quote
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_with
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock                   | 129 ++++++++++++++++++-----------------
 Cargo.toml                   |   8 +--
 server/testkit/Cargo.toml    |   2 +-
 tools/device_flow/Cargo.toml |   2 +-
 4 files changed, 71 insertions(+), 70 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 808305d05..248ba49df 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -172,7 +172,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "serde",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -214,7 +214,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
  "synstructure",
 ]
 
@@ -226,7 +226,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -277,7 +277,7 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -288,7 +288,7 @@ checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -480,7 +480,7 @@ checksum = "57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -586,7 +586,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.91",
+ "syn 2.0.93",
  "which",
 ]
 
@@ -607,7 +607,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -825,7 +825,7 @@ dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1104,7 +1104,7 @@ dependencies = [
  "kanidmd_core",
  "mimalloc",
  "prctl",
- "reqwest 0.12.9",
+ "reqwest 0.12.11",
  "sd-notify",
  "serde",
  "serde_json",
@@ -1160,7 +1160,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "strsim 0.11.1",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1182,7 +1182,7 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core 0.20.10",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1226,7 +1226,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1353,7 +1353,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1430,7 +1430,7 @@ checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1450,7 +1450,7 @@ checksum = "de0d48a183585823424a4ce1aa132d174a6a81bd540895822eb4c8373a8e49e8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -1739,7 +1739,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -2053,7 +2053,7 @@ checksum = "999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -2743,7 +2743,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -2908,9 +2908,9 @@ dependencies = [
 
 [[package]]
 name = "jsonschema"
-version = "0.26.2"
+version = "0.28.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26a960f0c34d5423581d858ce94815cc11f0171b09939409097969ed269ede1b"
+checksum = "74d8eb539cdb4222da29bb658cc9881aa2477b33fb1a74c5c31450395fc1a4b2"
 dependencies = [
  "ahash",
  "base64 0.22.1",
@@ -2925,7 +2925,7 @@ dependencies = [
  "percent-encoding",
  "referencing",
  "regex-syntax 0.8.5",
- "reqwest 0.12.9",
+ "reqwest 0.12.11",
  "serde",
  "serde_json",
  "uuid-simd",
@@ -3016,7 +3016,7 @@ dependencies = [
  "hyper 1.5.2",
  "kanidm_lib_file_permissions",
  "kanidm_proto",
- "reqwest 0.12.9",
+ "reqwest 0.12.11",
  "serde",
  "serde_json",
  "serde_urlencoded",
@@ -3037,7 +3037,7 @@ dependencies = [
  "base64 0.22.1",
  "kanidm_proto",
  "oauth2",
- "reqwest 0.12.9",
+ "reqwest 0.12.11",
  "sketching",
  "tokio",
  "tracing",
@@ -3308,7 +3308,7 @@ version = "1.5.0-dev"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -3331,7 +3331,7 @@ dependencies = [
  "oauth2",
  "openssl",
  "petgraph",
- "reqwest 0.12.9",
+ "reqwest 0.12.11",
  "serde",
  "serde_json",
  "sketching",
@@ -4019,7 +4019,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -4353,7 +4353,7 @@ checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -4433,7 +4433,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
 dependencies = [
  "proc-macro2",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -4594,9 +4594,9 @@ dependencies = [
 
 [[package]]
 name = "quote"
-version = "1.0.37"
+version = "1.0.38"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
+checksum = "0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc"
 dependencies = [
  "proc-macro2",
 ]
@@ -4668,7 +4668,7 @@ checksum = "bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -4679,9 +4679,9 @@ checksum = "5daffa8f5ca827e146485577fa9dba9bd9c6921e06e954ab8f6408c10f753086"
 
 [[package]]
 name = "referencing"
-version = "0.26.2"
+version = "0.28.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb8e15af8558cb157432dd3d88c1d1e982d0a5755cf80ce593b6499260aebc49"
+checksum = "093a875008827c0ae15c746189966e162faa05bf347719d06302c548ac63630f"
 dependencies = [
  "ahash",
  "fluent-uri",
@@ -4777,9 +4777,9 @@ dependencies = [
 
 [[package]]
 name = "reqwest"
-version = "0.12.9"
+version = "0.12.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a77c62af46e79de0a562e1a9849205ffcb7fc1238876e9bd743357570e04046f"
+checksum = "7fe060fe50f524be480214aba758c71f99f90ee8c83c5a36b5e9e1d568eb4eb3"
 dependencies = [
  "async-compression",
  "base64 0.22.1",
@@ -4816,6 +4816,7 @@ dependencies = [
  "tokio",
  "tokio-rustls 0.26.1",
  "tokio-util",
+ "tower 0.5.2",
  "tower-service",
  "url",
  "wasm-bindgen",
@@ -4899,7 +4900,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rust-embed-utils",
- "syn 2.0.91",
+ "syn 2.0.93",
  "walkdir",
 ]
 
@@ -5178,9 +5179,9 @@ checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
 
 [[package]]
 name = "serde"
-version = "1.0.216"
+version = "1.0.217"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e"
+checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70"
 dependencies = [
  "serde_derive",
 ]
@@ -5216,13 +5217,13 @@ dependencies = [
 
 [[package]]
 name = "serde_derive"
-version = "1.0.216"
+version = "1.0.217"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
+checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5261,9 +5262,9 @@ dependencies = [
 
 [[package]]
 name = "serde_with"
-version = "3.11.0"
+version = "3.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e28bdad6db2b8340e449f7108f020b3b092e8583a9e3fb82713e1d4e71fe817"
+checksum = "d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa"
 dependencies = [
  "base64 0.22.1",
  "chrono",
@@ -5279,14 +5280,14 @@ dependencies = [
 
 [[package]]
 name = "serde_with_macros"
-version = "3.11.0"
+version = "3.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d846214a9854ef724f3da161b426242d8de7c1fc7de2f89bb1efcb154dca79d"
+checksum = "8d00caa5193a3c8362ac2b73be6b9e768aa5a4b2f721d8f4b339600c3cb51f8e"
 dependencies = [
  "darling 0.20.10",
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5523,9 +5524,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.91"
+version = "2.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d53cbcb5a243bd33b7858b1d7f4aca2153490815872d86d955d6ea29f743c035"
+checksum = "9c786062daee0d6db1132800e623df74274a0a87322d8e183338e01b3d98d058"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5555,7 +5556,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5610,7 +5611,7 @@ version = "0.1.0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5639,7 +5640,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5650,7 +5651,7 @@ checksum = "f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5745,7 +5746,7 @@ checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -5784,7 +5785,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -6004,7 +6005,7 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -6238,7 +6239,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex",
- "syn 2.0.91",
+ "syn 2.0.93",
  "url",
  "uuid",
 ]
@@ -6365,7 +6366,7 @@ dependencies = [
  "log",
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
  "wasm-bindgen-shared",
 ]
 
@@ -6400,7 +6401,7 @@ checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -6960,7 +6961,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
  "synstructure",
 ]
 
@@ -6982,7 +6983,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -7002,7 +7003,7 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
  "synstructure",
 ]
 
@@ -7023,7 +7024,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
@@ -7045,7 +7046,7 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.91",
+ "syn 2.0.93",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index fdb93c679..1de526897 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -231,7 +231,7 @@ quote = "1"
 rand = "^0.8.5"
 rand_chacha = "0.3.1"
 regex = "1.11.0"
-reqwest = { version = "0.12.9", default-features = false, features = [
+reqwest = { version = "0.12.11", default-features = false, features = [
     "cookies",
     "http2",
     "json",
@@ -245,11 +245,11 @@ rustls = { version = "0.23.20", default-features = false, features = [
 
 sd-notify = "^0.4.3"
 selinux = "^0.4.6"
-serde = "^1.0.216"
+serde = "^1.0.217"
 serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
 serde_json = "^1.0.134"
 serde_urlencoded = "^0.7.1"
-serde_with = "3.11.0"
+serde_with = "3.12.0"
 sha-crypt = "0.5.0"
 sha2 = "0.10.8"
 shellexpand = "^2.1.2"
@@ -258,7 +258,7 @@ smolset = "^1.3.1"
 sshkey-attest = "^0.5.0"
 sshkeys = "0.3.3"
 svg = "0.13.1"
-syn = { version = "2.0.91", features = ["full"] }
+syn = { version = "2.0.93", features = ["full"] }
 tempfile = "3.14.0"
 testkit-macros = { path = "./server/testkit-macros" }
 time = { version = "^0.3.36", features = ["formatting", "local-offset"] }
diff --git a/server/testkit/Cargo.toml b/server/testkit/Cargo.toml
index 7dae25abc..7d4f0f78a 100644
--- a/server/testkit/Cargo.toml
+++ b/server/testkit/Cargo.toml
@@ -66,4 +66,4 @@ tokio-openssl = { workspace = true }
 kanidm_lib_crypto = { workspace = true }
 uuid = { workspace = true }
 webauthn-authenticator-rs = { workspace = true }
-jsonschema = "0.26.1"
+jsonschema = "0.28.0"
diff --git a/tools/device_flow/Cargo.toml b/tools/device_flow/Cargo.toml
index 6f4679488..373c99241 100644
--- a/tools/device_flow/Cargo.toml
+++ b/tools/device_flow/Cargo.toml
@@ -21,7 +21,7 @@ doctest = false
 kanidm_proto = { workspace = true }
 anyhow = { workspace = true }
 oauth2 = "4.4.2"
-reqwest = { version = "0.12.9", default-features = false, features = [
+reqwest = { version = "0.12.11", default-features = false, features = [
     "rustls-tls",
 ] }
 

From 5eb9a4430f4beab41aed7d5d77414ceea6b2eb1c Mon Sep 17 00:00:00 2001
From: Jinna Kiisuo <jinnak@nocturnal.fi>
Date: Wed, 1 Jan 2025 00:40:14 +0200
Subject: [PATCH 37/87] fix: PAM on Debian, enable use_first_pass by default
 (#3326)

Since we use Debian's PAM autoconf, pam_unix isn't disabled and remains active.
This means pam_unix triggers first and pam_kanidm should use the password it already tried to match to a local user.

This change also moves the postinst hook for PAM config correctly to the libpam-kanidm package,
since that's the one that delivers the config that needs a reinstall!
---
 unix_integration/pam_kanidm/Cargo.toml        |  1 +
 unix_integration/pam_kanidm/debian/kanidm.pam |  2 +-
 unix_integration/pam_kanidm/debian/postinst   | 29 +++++++++++++++++++
 unix_integration/resolver/debian/postinst     |  3 +-
 4 files changed, 32 insertions(+), 3 deletions(-)
 create mode 100644 unix_integration/pam_kanidm/debian/postinst

diff --git a/unix_integration/pam_kanidm/Cargo.toml b/unix_integration/pam_kanidm/Cargo.toml
index 984a6b703..56f6ae3c9 100644
--- a/unix_integration/pam_kanidm/Cargo.toml
+++ b/unix_integration/pam_kanidm/Cargo.toml
@@ -35,6 +35,7 @@ maintainer = "James Hodgkinson <james@terminaloutcomes.com>"
 depends = ["libc6", "libpam0g"]
 section = "network"
 priority = "optional"
+maintainer-scripts = "debian/"
 assets = [
 	# Empty on purpose
 ]
diff --git a/unix_integration/pam_kanidm/debian/kanidm.pam b/unix_integration/pam_kanidm/debian/kanidm.pam
index 17da012b3..f2e5f4dc1 100644
--- a/unix_integration/pam_kanidm/debian/kanidm.pam
+++ b/unix_integration/pam_kanidm/debian/kanidm.pam
@@ -4,7 +4,7 @@ Priority: 128
 
 Auth-Type: Primary
 Auth:
-  [success=end new_authtok_reqd=done default=ignore]    pam_kanidm.so ignore_unknown_user
+  [success=end new_authtok_reqd=done default=ignore]    pam_kanidm.so ignore_unknown_user use_first_pass
 
 Account-Type: Primary
 Account:
diff --git a/unix_integration/pam_kanidm/debian/postinst b/unix_integration/pam_kanidm/debian/postinst
new file mode 100644
index 000000000..ecd061d5a
--- /dev/null
+++ b/unix_integration/pam_kanidm/debian/postinst
@@ -0,0 +1,29 @@
+#!/bin/sh
+# postinst script for libpam-kanidm
+#
+# see: dh_installdeb(1)
+
+set -e
+
+
+case "$1" in
+    configure)
+        echo "Updating PAM configuration"
+        pam-auth-update --package
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/unix_integration/resolver/debian/postinst b/unix_integration/resolver/debian/postinst
index cc7c10be6..d5d5b9562 100644
--- a/unix_integration/resolver/debian/postinst
+++ b/unix_integration/resolver/debian/postinst
@@ -8,13 +8,12 @@ set -e
 
 case "$1" in
     configure)
-        pam-auth-update --package
         echo "============================="
         echo "Thanks for installing Kanidm!"
         echo "============================="
         echo "Please ensure you modify the configuration files at /etc/kanidm/unixd and /etc/kanidm/config"
         echo "Full examples are in /usr/share/kanidm-unixd/"
-        echo "To configure nsswitch, please follow instructions in https://kanidm.github.io/kanidm/master/integrations/pam_and_nsswitch.html"
+        echo "PAM has already been autoconfigured by the libpam-kanidm package. To configure nsswitch, please follow instructions in https://kanidm.github.io/kanidm/master/integrations/pam_and_nsswitch.html"
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

From 226274da23b7ddcfa6aaf037a3a570930f967a70 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sat, 4 Jan 2025 09:22:44 +1000
Subject: [PATCH 38/87] 20250102 freebsd client (#3333)

Support freebsd as a unix client
---
 Cargo.lock                                    |    5 +-
 libs/profiles/container_generic.toml          |    9 +-
 libs/profiles/developer.toml                  |    9 +-
 libs/profiles/release_freebsd.toml            |    7 +
 libs/profiles/release_linux.toml              |    9 +-
 libs/profiles/src/lib.rs                      |   29 +-
 platform/freebsd/README.md                    |    4 +
 platform/freebsd/client/Makefile              |   49 +
 platform/freebsd/client/Makefile.crates       |  624 ++++++++
 platform/freebsd/client/distinfo              | 1251 +++++++++++++++++
 platform/freebsd/client/files/kanidm_unixd.in |   27 +
 .../client/files/kanidm_unixd_tasks.in        |   27 +
 platform/freebsd/client/pkg-descr             |    1 +
 platform/freebsd/client/pkg-plist             |   13 +
 server/core/src/config.rs                     |    2 +-
 server/core/src/https/mod.rs                  |    6 +-
 server/daemon/src/main.rs                     |    6 +-
 unix_integration/common/src/constants.rs      |    4 +-
 unix_integration/nss_kanidm/Cargo.toml        |    3 +
 unix_integration/nss_kanidm/build.rs          |   12 +
 unix_integration/nss_kanidm/src/freebsd_nss.c |   94 ++
 unix_integration/nss_kanidm/src/lib.rs        |   26 +
 22 files changed, 2182 insertions(+), 35 deletions(-)
 create mode 100644 libs/profiles/release_freebsd.toml
 create mode 100644 platform/freebsd/README.md
 create mode 100644 platform/freebsd/client/Makefile
 create mode 100644 platform/freebsd/client/Makefile.crates
 create mode 100644 platform/freebsd/client/distinfo
 create mode 100644 platform/freebsd/client/files/kanidm_unixd.in
 create mode 100644 platform/freebsd/client/files/kanidm_unixd_tasks.in
 create mode 100644 platform/freebsd/client/pkg-descr
 create mode 100644 platform/freebsd/client/pkg-plist
 create mode 100644 unix_integration/nss_kanidm/build.rs
 create mode 100644 unix_integration/nss_kanidm/src/freebsd_nss.c

diff --git a/Cargo.lock b/Cargo.lock
index 248ba49df..0f2523002 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -725,9 +725,9 @@ checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
 
 [[package]]
 name = "cc"
-version = "1.2.5"
+version = "1.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e"
+checksum = "8d6dbb628b8f8555f86d0323c2eb39e3ec81901f4b83e091db8a6a76d316a333"
 dependencies = [
  "shlex",
 ]
@@ -3789,6 +3789,7 @@ dependencies = [
 name = "nss_kanidm"
 version = "1.5.0-dev"
 dependencies = [
+ "cc",
  "kanidm_unix_common",
  "lazy_static",
  "libc",
diff --git a/libs/profiles/container_generic.toml b/libs/profiles/container_generic.toml
index b4049d809..614d93bff 100644
--- a/libs/profiles/container_generic.toml
+++ b/libs/profiles/container_generic.toml
@@ -1,6 +1,7 @@
-htmx_ui_pkg_path = "/hpkg"
 # Don't set the cpu_flags to autodetect for this platform
 # cpu_flags = "none"
-admin_bind_path = "/data/kanidmd.sock"
-default_config_path = "/data/server.toml"
-default_unix_shell_path = "/bin/false"
+server_admin_bind_path = "/data/kanidmd.sock"
+server_ui_pkg_path = "/hpkg"
+server_config_path = "/data/server.toml"
+resolver_config_path = "/data/unixd"
+resolver_unix_shell_path = "/bin/false"
diff --git a/libs/profiles/developer.toml b/libs/profiles/developer.toml
index bb0c79d55..42539e20f 100644
--- a/libs/profiles/developer.toml
+++ b/libs/profiles/developer.toml
@@ -1,6 +1,7 @@
-htmx_ui_pkg_path = "../core/static"
 # Set to native for developer machines.
 cpu_flags = "native"
-admin_bind_path = "/tmp/kanidmd.sock"
-default_config_path = "../../examples/insecure_server.toml"
-default_unix_shell_path = "/bin/bash"
+server_admin_bind_path = "/tmp/kanidmd.sock"
+server_ui_pkg_path = "../core/static"
+server_config_path = "../../examples/insecure_server.toml"
+resolver_config_path = "/tmp/unixd"
+resolver_unix_shell_path = "/bin/bash"
diff --git a/libs/profiles/release_freebsd.toml b/libs/profiles/release_freebsd.toml
new file mode 100644
index 000000000..305da3d1c
--- /dev/null
+++ b/libs/profiles/release_freebsd.toml
@@ -0,0 +1,7 @@
+# Don't set the value for autodetect
+# cpu_flags = "none"
+server_admin_bind_path = "/var/run/kanidmd/sock"
+server_ui_pkg_path = "/usr/local/share/kanidm/ui/hpkg"
+server_config_path = "/usr/local/etc/kanidm/server.toml"
+resolver_config_path = "/usr/local/etc/kanidm/unixd"
+resolver_unix_shell_path = "/bin/sh"
diff --git a/libs/profiles/release_linux.toml b/libs/profiles/release_linux.toml
index 2b8239181..1b12a2309 100644
--- a/libs/profiles/release_linux.toml
+++ b/libs/profiles/release_linux.toml
@@ -1,6 +1,7 @@
-htmx_ui_pkg_path = "/usr/share/kanidm/ui/hpkg"
 # Don't set the value for autodetect
 # cpu_flags = "none"
-admin_bind_path = "/var/run/kanidmd/sock"
-default_config_path = "/etc/kanidm/server.toml"
-default_unix_shell_path = "/bin/bash"
+server_admin_bind_path = "/var/run/kanidmd/sock"
+server_ui_pkg_path = "/usr/share/kanidm/ui/hpkg"
+server_config_path = "/etc/kanidm/server.toml"
+resolver_config_path = "/etc/kanidm/unixd"
+resolver_unix_shell_path = "/bin/bash"
diff --git a/libs/profiles/src/lib.rs b/libs/profiles/src/lib.rs
index 6af08f586..784987130 100644
--- a/libs/profiles/src/lib.rs
+++ b/libs/profiles/src/lib.rs
@@ -54,12 +54,13 @@ impl std::fmt::Display for CpuOptLevel {
 #[derive(Debug, Deserialize)]
 #[serde(deny_unknown_fields)]
 struct ProfileConfig {
-    htmx_ui_pkg_path: String,
     #[serde(default)]
     cpu_flags: CpuOptLevel,
-    admin_bind_path: String,
-    default_config_path: String,
-    default_unix_shell_path: String,
+    server_admin_bind_path: String,
+    server_config_path: String,
+    server_ui_pkg_path: String,
+    resolver_config_path: String,
+    resolver_unix_shell_path: String,
 }
 
 pub fn apply_profile() {
@@ -127,19 +128,23 @@ pub fn apply_profile() {
     println!("cargo:rustc-env=KANIDM_PROFILE_NAME={}", profile);
     println!("cargo:rustc-env=KANIDM_CPU_FLAGS={}", profile_cfg.cpu_flags);
     println!(
-        "cargo:rustc-env=KANIDM_HTMX_UI_PKG_PATH={}",
-        profile_cfg.htmx_ui_pkg_path
+        "cargo:rustc-env=KANIDM_SERVER_UI_PKG_PATH={}",
+        profile_cfg.server_ui_pkg_path
     );
     println!(
-        "cargo:rustc-env=KANIDM_ADMIN_BIND_PATH={}",
-        profile_cfg.admin_bind_path
+        "cargo:rustc-env=KANIDM_SERVER_ADMIN_BIND_PATH={}",
+        profile_cfg.server_admin_bind_path
     );
     println!(
-        "cargo:rustc-env=KANIDM_DEFAULT_CONFIG_PATH={}",
-        profile_cfg.default_config_path
+        "cargo:rustc-env=KANIDM_SERVER_CONFIG_PATH={}",
+        profile_cfg.server_config_path
     );
     println!(
-        "cargo:rustc-env=KANIDM_DEFAULT_UNIX_SHELL_PATH={}",
-        profile_cfg.default_unix_shell_path
+        "cargo:rustc-env=KANIDM_RESOLVER_CONFIG_PATH={}",
+        profile_cfg.resolver_config_path
+    );
+    println!(
+        "cargo:rustc-env=KANIDM_RESOLVER_UNIX_SHELL_PATH={}",
+        profile_cfg.resolver_unix_shell_path
     );
 }
diff --git a/platform/freebsd/README.md b/platform/freebsd/README.md
new file mode 100644
index 000000000..87de87ed6
--- /dev/null
+++ b/platform/freebsd/README.md
@@ -0,0 +1,4 @@
+These are the FreeBSD port Makefiles and other supporting files. In the future we will submit
+these to FreeBSD ports rather than maintaining them here.
+
+
diff --git a/platform/freebsd/client/Makefile b/platform/freebsd/client/Makefile
new file mode 100644
index 000000000..f54e0e672
--- /dev/null
+++ b/platform/freebsd/client/Makefile
@@ -0,0 +1,49 @@
+
+PORTNAME=	kanidm
+# DISTVERSION=    1.5.0-dev
+# DISTVERSIONPREFIX=	v
+
+DISTVERSION=    g20250102
+GH_TAGNAME=     edb8cccc84e9dacd2ac31ea1162dd24c0c454c55
+GH_ACCOUNT=     Firstyear
+
+CATEGORIES=	security net databases
+
+LICENSE=        MPL20
+LICENSE_FILE=   ${WRKSRC}/LICENSE.md
+MAINTAINER=	william@blackhats.net.au
+COMMENT=	Simple and secure identity management platform
+WWW=		https://github.com/kanidm/kanidm/
+
+USES=		cargo ssl
+USE_GITHUB=	yes
+
+ONLY_FOR_ARCHS=	aarch64 amd64
+
+CARGO_ENV=      KANIDM_BUILD_PROFILE=release_freebsd
+
+CARGO_BUILD_ARGS = -p kanidm_tools -p kanidm_unix_int -p nss_kanidm -p pam_kanidm
+
+CARGO_INSTALL=  no
+
+USE_RC_SUBR=	kanidm_unixd kanidm_unixd_tasks
+
+USERS=  _kanidm_unixd
+GROUPS= _kanidm_unixd
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm-unix ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_ssh_authorizedkeys ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_ssh_authorizedkeys_direct ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_unixd ${STAGEDIR}${PREFIX}/libexec
+	${INSTALL_PROGRAM} ${WRKDIR}/target/release/kanidm_unixd_tasks ${STAGEDIR}${PREFIX}/libexec
+	${INSTALL_LIB} ${WRKDIR}/target/release/libnss_kanidm.so ${STAGEDIR}${PREFIX}/lib/nss_kanidm.so.1
+	${INSTALL_LIB} ${WRKDIR}/target/release/libpam_kanidm.so ${STAGEDIR}${PREFIX}/lib
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/kanidm
+	${MKDIR} ${STAGEDIR}/var/run/kanidm-unixd
+	${MKDIR} ${STAGEDIR}/var/lib/kanidm-unixd
+	${MKDIR} ${STAGEDIR}/var/cache/kanidm-unixd
+
+.include <bsd.port.mk>
diff --git a/platform/freebsd/client/Makefile.crates b/platform/freebsd/client/Makefile.crates
new file mode 100644
index 000000000..461710e09
--- /dev/null
+++ b/platform/freebsd/client/Makefile.crates
@@ -0,0 +1,624 @@
+CARGO_CRATES=	addr2line-0.24.2 \
+		adler2-2.0.0 \
+		ahash-0.8.11 \
+		aho-corasick-1.1.3 \
+		allocator-api2-0.2.21 \
+		android-tzdata-0.1.1 \
+		android_system_properties-0.1.5 \
+		anstream-0.6.18 \
+		anstyle-1.0.10 \
+		anstyle-parse-0.2.6 \
+		anstyle-query-1.1.2 \
+		anstyle-wincon-3.0.6 \
+		anyhow-1.0.95 \
+		arc-swap-1.7.1 \
+		argon2-0.5.3 \
+		askama-0.12.1 \
+		askama_axum-0.4.0 \
+		askama_derive-0.12.5 \
+		askama_escape-0.10.3 \
+		askama_parser-0.2.1 \
+		asn1-rs-0.6.2 \
+		asn1-rs-derive-0.5.1 \
+		asn1-rs-impl-0.2.0 \
+		assert_cmd-2.0.16 \
+		async-compression-0.4.18 \
+		async-stream-0.3.6 \
+		async-stream-impl-0.3.6 \
+		async-trait-0.1.83 \
+		atomic-waker-1.1.2 \
+		authenticator-0.4.1 \
+		autocfg-1.4.0 \
+		axum-0.6.20 \
+		axum-0.7.9 \
+		axum-core-0.3.4 \
+		axum-core-0.4.5 \
+		axum-extra-0.9.6 \
+		axum-htmx-0.5.0 \
+		axum-macros-0.4.2 \
+		axum-server-0.7.1 \
+		backtrace-0.3.74 \
+		base32-0.5.1 \
+		base64-0.13.1 \
+		base64-0.21.7 \
+		base64-0.22.1 \
+		base64ct-1.6.0 \
+		base64urlsafedata-0.5.1 \
+		basic-toml-0.1.9 \
+		bindgen-0.66.1 \
+		bindgen-0.70.1 \
+		bit-set-0.5.3 \
+		bit-set-0.8.0 \
+		bit-vec-0.6.3 \
+		bit-vec-0.8.0 \
+		bitfield-0.13.2 \
+		bitflags-1.3.2 \
+		bitflags-2.6.0 \
+		blake2-0.10.6 \
+		block-buffer-0.10.4 \
+		borrow-or-share-0.2.2 \
+		bstr-1.11.1 \
+		bumpalo-3.16.0 \
+		bytecount-0.6.8 \
+		bytemuck-1.21.0 \
+		byteorder-1.5.0 \
+		bytes-1.9.0 \
+		cc-1.2.5 \
+		cexpr-0.6.0 \
+		cfg-if-1.0.0 \
+		cfg_aliases-0.2.1 \
+		checked_int_cast-1.0.0 \
+		chrono-0.4.39 \
+		clang-sys-1.8.1 \
+		clap-4.5.23 \
+		clap_builder-4.5.23 \
+		clap_complete-4.5.40 \
+		clap_derive-4.5.18 \
+		clap_lex-0.7.4 \
+		clru-0.6.2 \
+		color_quant-1.1.0 \
+		colorchoice-1.0.3 \
+		compact_jwt-0.4.3 \
+		concread-0.5.3 \
+		console-0.15.10 \
+		const-oid-0.9.6 \
+		cookie-0.16.2 \
+		cookie-0.18.1 \
+		cookie_store-0.21.1 \
+		core-foundation-0.9.4 \
+		core-foundation-0.10.0 \
+		core-foundation-sys-0.8.7 \
+		cpufeatures-0.2.16 \
+		crc32fast-1.4.2 \
+		cron-0.12.1 \
+		crossbeam-0.8.4 \
+		crossbeam-channel-0.5.14 \
+		crossbeam-deque-0.8.6 \
+		crossbeam-epoch-0.9.18 \
+		crossbeam-queue-0.3.12 \
+		crossbeam-utils-0.8.21 \
+		crypto-common-0.1.6 \
+		csv-1.3.1 \
+		csv-core-0.1.11 \
+		darling-0.14.4 \
+		darling-0.20.10 \
+		darling_core-0.14.4 \
+		darling_core-0.20.10 \
+		darling_macro-0.14.4 \
+		darling_macro-0.20.10 \
+		data-encoding-2.6.0 \
+		der-0.7.9 \
+		der-parser-9.0.0 \
+		der_derive-0.7.3 \
+		deranged-0.3.11 \
+		derive_builder-0.12.0 \
+		derive_builder_core-0.12.0 \
+		derive_builder_macro-0.12.0 \
+		devd-rs-0.3.6 \
+		dhat-0.3.3 \
+		dialoguer-0.10.4 \
+		difflib-0.4.0 \
+		digest-0.10.7 \
+		dirs-4.0.0 \
+		dirs-sys-0.3.7 \
+		displaydoc-0.2.5 \
+		doc-comment-0.3.3 \
+		document-features-0.2.10 \
+		dunce-1.0.5 \
+		dyn-clone-1.0.17 \
+		either-1.13.0 \
+		email_address-0.2.9 \
+		encode_unicode-1.0.0 \
+		encoding_rs-0.8.35 \
+		enum-iterator-2.1.0 \
+		enum-iterator-derive-1.4.0 \
+		enumflags2-0.7.10 \
+		enumflags2_derive-0.7.10 \
+		equivalent-1.0.1 \
+		errno-0.3.10 \
+		escargot-0.5.13 \
+		fallible-iterator-0.2.0 \
+		fallible-streaming-iterator-0.1.9 \
+		fancy-regex-0.11.0 \
+		fancy-regex-0.14.0 \
+		fantoccini-0.21.3 \
+		faster-hex-0.9.0 \
+		fastrand-2.3.0 \
+		fernet-0.2.2 \
+		file-id-0.1.0 \
+		filetime-0.2.25 \
+		fixedbitset-0.4.2 \
+		flagset-0.4.6 \
+		flate2-1.0.35 \
+		fluent-uri-0.3.2 \
+		fnv-1.0.7 \
+		foldhash-0.1.4 \
+		foreign-types-0.3.2 \
+		foreign-types-shared-0.1.1 \
+		form_urlencoded-1.2.1 \
+		fraction-0.15.3 \
+		fs4-0.8.4 \
+		fsevent-sys-4.1.0 \
+		futures-0.3.31 \
+		futures-channel-0.3.31 \
+		futures-core-0.3.31 \
+		futures-executor-0.3.31 \
+		futures-io-0.3.31 \
+		futures-macro-0.3.31 \
+		futures-sink-0.3.31 \
+		futures-task-0.3.31 \
+		futures-util-0.3.31 \
+		generic-array-0.14.7 \
+		gethostname-0.5.0 \
+		getrandom-0.2.15 \
+		gif-0.13.1 \
+		gimli-0.31.1 \
+		gix-0.64.0 \
+		gix-actor-0.31.5 \
+		gix-chunk-0.4.10 \
+		gix-commitgraph-0.24.3 \
+		gix-config-0.38.0 \
+		gix-config-value-0.14.10 \
+		gix-date-0.8.7 \
+		gix-diff-0.44.1 \
+		gix-discover-0.33.0 \
+		gix-features-0.38.2 \
+		gix-fs-0.11.3 \
+		gix-glob-0.16.5 \
+		gix-hash-0.14.2 \
+		gix-hashtable-0.5.2 \
+		gix-lock-14.0.0 \
+		gix-macros-0.1.5 \
+		gix-object-0.42.3 \
+		gix-odb-0.61.1 \
+		gix-pack-0.51.1 \
+		gix-path-0.10.13 \
+		gix-quote-0.4.14 \
+		gix-ref-0.45.0 \
+		gix-refspec-0.23.1 \
+		gix-revision-0.27.2 \
+		gix-revwalk-0.13.2 \
+		gix-sec-0.10.10 \
+		gix-tempfile-14.0.2 \
+		gix-trace-0.1.11 \
+		gix-traverse-0.39.2 \
+		gix-url-0.27.5 \
+		gix-utils-0.1.13 \
+		gix-validate-0.8.5 \
+		glob-0.3.1 \
+		h2-0.3.26 \
+		h2-0.4.7 \
+		half-1.8.3 \
+		hashbrown-0.12.3 \
+		hashbrown-0.14.5 \
+		hashbrown-0.15.2 \
+		hashlink-0.8.4 \
+		heck-0.5.0 \
+		hex-0.4.3 \
+		home-0.5.11 \
+		hostname-validator-1.1.1 \
+		http-0.2.12 \
+		http-1.2.0 \
+		http-body-0.4.6 \
+		http-body-1.0.1 \
+		http-body-util-0.1.2 \
+		http-range-header-0.4.2 \
+		httparse-1.9.5 \
+		httpdate-1.0.3 \
+		humansize-2.1.3 \
+		hyper-0.14.32 \
+		hyper-1.5.2 \
+		hyper-rustls-0.24.2 \
+		hyper-rustls-0.27.5 \
+		hyper-timeout-0.4.1 \
+		hyper-tls-0.6.0 \
+		hyper-util-0.1.10 \
+		iana-time-zone-0.1.61 \
+		iana-time-zone-haiku-0.1.2 \
+		icu_collections-1.5.0 \
+		icu_locid-1.5.0 \
+		icu_locid_transform-1.5.0 \
+		icu_locid_transform_data-1.5.0 \
+		icu_normalizer-1.5.0 \
+		icu_normalizer_data-1.5.0 \
+		icu_properties-1.5.1 \
+		icu_properties_data-1.5.0 \
+		icu_provider-1.5.0 \
+		icu_provider_macros-1.5.0 \
+		ident_case-1.0.1 \
+		idlset-0.2.5 \
+		idna-1.0.3 \
+		idna_adapter-1.2.0 \
+		image-0.23.14 \
+		image-0.24.9 \
+		indexmap-1.9.3 \
+		indexmap-2.7.0 \
+		inotify-0.9.6 \
+		inotify-sys-0.1.5 \
+		ipnet-2.10.1 \
+		is_terminal_polyfill-1.70.1 \
+		itertools-0.10.5 \
+		itertools-0.13.0 \
+		itoa-1.0.14 \
+		jpeg-decoder-0.3.1 \
+		js-sys-0.3.76 \
+		jsonschema-0.28.0 \
+		kanidm-hsm-crypto-0.2.0 \
+		kqueue-1.0.8 \
+		kqueue-sys-1.0.4 \
+		lazy_static-1.5.0 \
+		lazycell-1.3.0 \
+		lber-0.4.2 \
+		ldap3_client-0.5.2 \
+		ldap3_proto-0.5.2 \
+		libc-0.2.169 \
+		libloading-0.8.6 \
+		libm-0.2.11 \
+		libmimalloc-sys-0.1.39 \
+		libnss-0.8.0 \
+		libredox-0.1.3 \
+		libsqlite3-sys-0.25.2 \
+		libudev-0.2.0 \
+		libudev-sys-0.1.4 \
+		linux-raw-sys-0.4.14 \
+		litemap-0.7.4 \
+		litrs-0.4.1 \
+		lock_api-0.4.12 \
+		lodepng-3.10.7 \
+		log-0.4.22 \
+		lru-0.12.5 \
+		malloced-1.3.1 \
+		matchers-0.1.0 \
+		matchit-0.7.3 \
+		mathru-0.13.0 \
+		memchr-2.7.4 \
+		memmap2-0.9.5 \
+		memoffset-0.8.0 \
+		mimalloc-0.1.43 \
+		mime-0.3.17 \
+		mime_guess-2.0.5 \
+		minimal-lexical-0.2.1 \
+		miniz_oxide-0.8.2 \
+		mintex-0.1.3 \
+		mio-0.8.11 \
+		mio-1.0.3 \
+		multer-3.1.0 \
+		native-tls-0.2.12 \
+		nix-0.29.0 \
+		nom-7.1.3 \
+		nonempty-0.8.1 \
+		notify-6.1.1 \
+		notify-debouncer-full-0.1.0 \
+		nu-ansi-term-0.46.0 \
+		num-0.4.3 \
+		num-bigint-0.4.6 \
+		num-cmp-0.1.0 \
+		num-complex-0.4.6 \
+		num-conv-0.1.0 \
+		num-derive-0.3.3 \
+		num-integer-0.1.46 \
+		num-iter-0.1.45 \
+		num-rational-0.3.2 \
+		num-rational-0.4.2 \
+		num-traits-0.2.19 \
+		num_enum-0.5.11 \
+		num_enum_derive-0.5.11 \
+		num_threads-0.1.7 \
+		oauth2-4.4.2 \
+		object-0.36.5 \
+		oid-0.2.1 \
+		oid-registry-0.7.1 \
+		once_cell-1.20.2 \
+		openssl-0.10.68 \
+		openssl-macros-0.1.1 \
+		openssl-probe-0.1.5 \
+		openssl-sys-0.9.104 \
+		opentelemetry-0.20.0 \
+		opentelemetry-http-0.9.0 \
+		opentelemetry-otlp-0.13.0 \
+		opentelemetry-proto-0.3.0 \
+		opentelemetry-semantic-conventions-0.12.0 \
+		opentelemetry_api-0.20.0 \
+		opentelemetry_sdk-0.20.0 \
+		ordered-float-3.9.2 \
+		outref-0.5.1 \
+		overload-0.1.1 \
+		parking_lot-0.12.3 \
+		parking_lot_core-0.9.10 \
+		password-hash-0.5.0 \
+		paste-1.0.15 \
+		peeking_take_while-0.1.2 \
+		peg-0.8.4 \
+		peg-macros-0.8.4 \
+		peg-runtime-0.8.3 \
+		pem-rfc7468-0.7.0 \
+		percent-encoding-2.3.1 \
+		petgraph-0.6.5 \
+		picky-asn1-0.8.0 \
+		picky-asn1-der-0.4.1 \
+		picky-asn1-x509-0.12.0 \
+		pin-project-1.1.7 \
+		pin-project-internal-1.1.7 \
+		pin-project-lite-0.2.15 \
+		pin-utils-0.1.0 \
+		pkg-config-0.3.31 \
+		powerfmt-0.2.0 \
+		ppv-lite86-0.2.20 \
+		prctl-1.0.0 \
+		predicates-3.1.3 \
+		predicates-core-1.0.9 \
+		predicates-tree-1.0.12 \
+		prettyplease-0.2.25 \
+		proc-macro-crate-1.3.1 \
+		proc-macro-error-1.0.4 \
+		proc-macro-error-attr-1.0.4 \
+		proc-macro2-1.0.92 \
+		prodash-28.0.0 \
+		prost-0.11.9 \
+		prost-derive-0.11.9 \
+		psl-types-2.0.11 \
+		publicsuffix-2.3.0 \
+		qrcode-0.12.0 \
+		quick-error-2.0.1 \
+		quinn-0.11.6 \
+		quinn-proto-0.11.9 \
+		quinn-udp-0.5.9 \
+		quote-1.0.38 \
+		rand-0.8.5 \
+		rand_chacha-0.3.1 \
+		rand_core-0.6.4 \
+		redox_syscall-0.5.8 \
+		redox_users-0.4.6 \
+		ref-cast-1.0.23 \
+		ref-cast-impl-1.0.23 \
+		reference-counted-singleton-0.1.5 \
+		referencing-0.28.0 \
+		regex-1.11.1 \
+		regex-automata-0.1.10 \
+		regex-automata-0.4.9 \
+		regex-syntax-0.6.29 \
+		regex-syntax-0.8.5 \
+		reqwest-0.11.27 \
+		reqwest-0.12.11 \
+		rgb-0.8.50 \
+		ring-0.17.8 \
+		rpassword-5.0.1 \
+		runloop-0.1.0 \
+		rusqlite-0.28.0 \
+		rust-embed-8.5.0 \
+		rust-embed-impl-8.5.0 \
+		rust-embed-utils-8.5.0 \
+		rustc-demangle-0.1.24 \
+		rustc-hash-1.1.0 \
+		rustc-hash-2.1.0 \
+		rusticata-macros-4.1.0 \
+		rustix-0.38.42 \
+		rustls-0.21.12 \
+		rustls-0.23.20 \
+		rustls-native-certs-0.8.1 \
+		rustls-pemfile-1.0.4 \
+		rustls-pemfile-2.2.0 \
+		rustls-pki-types-1.10.1 \
+		rustls-webpki-0.101.7 \
+		rustls-webpki-0.102.8 \
+		rustversion-1.0.18 \
+		ryu-1.0.18 \
+		same-file-1.0.6 \
+		schannel-0.1.27 \
+		scopeguard-1.2.0 \
+		sct-0.7.1 \
+		sd-notify-0.4.3 \
+		security-framework-2.11.1 \
+		security-framework-3.1.0 \
+		security-framework-sys-2.13.0 \
+		selinux-0.4.6 \
+		selinux-sys-0.6.13 \
+		semver-1.0.24 \
+		serde-1.0.217 \
+		serde_bytes-0.11.15 \
+		serde_cbor-0.11.2 \
+		serde_cbor_2-0.12.0-dev \
+		serde_derive-1.0.217 \
+		serde_json-1.0.134 \
+		serde_path_to_error-0.1.16 \
+		serde_urlencoded-0.7.1 \
+		serde_with-3.12.0 \
+		serde_with_macros-3.12.0 \
+		sha-crypt-0.5.0 \
+		sha1_smol-1.0.1 \
+		sha2-0.10.8 \
+		sharded-slab-0.1.7 \
+		shell-words-1.1.0 \
+		shellexpand-2.1.2 \
+		shlex-1.3.0 \
+		signal-hook-registry-1.4.2 \
+		slab-0.4.9 \
+		smallvec-1.13.2 \
+		smartstring-1.0.1 \
+		smolset-1.3.1 \
+		socket2-0.5.8 \
+		spin-0.9.8 \
+		spki-0.7.3 \
+		sptr-0.3.2 \
+		sshkey-attest-0.5.0 \
+		sshkeys-0.3.3 \
+		stable_deref_trait-1.2.0 \
+		static_assertions-1.1.0 \
+		strsim-0.10.0 \
+		strsim-0.11.1 \
+		subtle-2.6.1 \
+		svg-0.13.1 \
+		syn-1.0.109 \
+		syn-2.0.93 \
+		sync_wrapper-0.1.2 \
+		sync_wrapper-1.0.2 \
+		synstructure-0.13.1 \
+		system-configuration-0.5.1 \
+		system-configuration-sys-0.5.0 \
+		target-lexicon-0.12.16 \
+		tempfile-3.14.0 \
+		termtree-0.5.1 \
+		thiserror-1.0.69 \
+		thiserror-2.0.8 \
+		thiserror-impl-1.0.69 \
+		thiserror-impl-2.0.8 \
+		thousands-0.2.0 \
+		thread_local-1.1.8 \
+		time-0.3.37 \
+		time-core-0.1.2 \
+		time-macros-0.2.19 \
+		tinystr-0.7.6 \
+		tinyvec-1.8.1 \
+		tinyvec_macros-0.1.1 \
+		tls_codec-0.4.1 \
+		tls_codec_derive-0.4.1 \
+		tokio-1.42.0 \
+		tokio-io-timeout-1.2.0 \
+		tokio-macros-2.4.0 \
+		tokio-native-tls-0.3.1 \
+		tokio-openssl-0.6.5 \
+		tokio-rustls-0.24.1 \
+		tokio-rustls-0.26.1 \
+		tokio-stream-0.1.17 \
+		tokio-util-0.7.13 \
+		toml-0.5.11 \
+		toml_datetime-0.6.8 \
+		toml_edit-0.19.15 \
+		tonic-0.9.2 \
+		tower-0.4.13 \
+		tower-0.5.2 \
+		tower-http-0.6.2 \
+		tower-layer-0.3.3 \
+		tower-service-0.3.3 \
+		tracing-0.1.41 \
+		tracing-attributes-0.1.28 \
+		tracing-core-0.1.33 \
+		tracing-forest-0.1.6 \
+		tracing-log-0.1.4 \
+		tracing-log-0.2.0 \
+		tracing-opentelemetry-0.21.0 \
+		tracing-subscriber-0.3.19 \
+		try-lock-0.2.5 \
+		tss-esapi-8.0.0-alpha \
+		tss-esapi-sys-0.5.0 \
+		typenum-1.17.0 \
+		unicase-2.8.0 \
+		unicode-bom-2.0.3 \
+		unicode-ident-1.0.14 \
+		unicode-normalization-0.1.24 \
+		unicode-segmentation-1.12.0 \
+		unicode-width-0.2.0 \
+		untrusted-0.9.0 \
+		url-2.5.4 \
+		urlencoding-2.1.3 \
+		utf16_iter-1.0.5 \
+		utf8_iter-1.0.4 \
+		utf8parse-0.2.2 \
+		utoipa-4.2.3 \
+		utoipa-gen-4.3.1 \
+		utoipa-swagger-ui-6.0.0 \
+		uuid-1.11.0 \
+		uuid-simd-0.8.0 \
+		valuable-0.1.0 \
+		vcpkg-0.2.15 \
+		version_check-0.9.5 \
+		vsimd-0.8.0 \
+		wait-timeout-0.2.0 \
+		walkdir-2.5.0 \
+		want-0.3.1 \
+		wasi-0.11.0+wasi-snapshot-preview1 \
+		wasite-0.1.0 \
+		wasm-bindgen-0.2.99 \
+		wasm-bindgen-backend-0.2.99 \
+		wasm-bindgen-futures-0.4.49 \
+		wasm-bindgen-macro-0.2.99 \
+		wasm-bindgen-macro-support-0.2.99 \
+		wasm-bindgen-shared-0.2.99 \
+		web-sys-0.3.76 \
+		web-time-1.1.0 \
+		webauthn-attestation-ca-0.5.1 \
+		webauthn-authenticator-rs-0.5.1 \
+		webauthn-rs-0.5.1 \
+		webauthn-rs-core-0.5.1 \
+		webauthn-rs-proto-0.5.1 \
+		webdriver-0.50.0 \
+		webpki-roots-0.25.4 \
+		webpki-roots-0.26.7 \
+		weezl-0.1.8 \
+		which-4.4.2 \
+		whoami-1.5.2 \
+		winapi-0.3.9 \
+		winapi-i686-pc-windows-gnu-0.4.0 \
+		winapi-util-0.1.9 \
+		winapi-x86_64-pc-windows-gnu-0.4.0 \
+		windows-0.41.0 \
+		windows-core-0.52.0 \
+		windows-registry-0.2.0 \
+		windows-result-0.2.0 \
+		windows-strings-0.1.0 \
+		windows-sys-0.48.0 \
+		windows-sys-0.52.0 \
+		windows-sys-0.59.0 \
+		windows-targets-0.48.5 \
+		windows-targets-0.52.6 \
+		windows_aarch64_gnullvm-0.41.0 \
+		windows_aarch64_gnullvm-0.48.5 \
+		windows_aarch64_gnullvm-0.52.6 \
+		windows_aarch64_msvc-0.41.0 \
+		windows_aarch64_msvc-0.48.5 \
+		windows_aarch64_msvc-0.52.6 \
+		windows_i686_gnu-0.41.0 \
+		windows_i686_gnu-0.48.5 \
+		windows_i686_gnu-0.52.6 \
+		windows_i686_gnullvm-0.52.6 \
+		windows_i686_msvc-0.41.0 \
+		windows_i686_msvc-0.48.5 \
+		windows_i686_msvc-0.52.6 \
+		windows_x86_64_gnu-0.41.0 \
+		windows_x86_64_gnu-0.48.5 \
+		windows_x86_64_gnu-0.52.6 \
+		windows_x86_64_gnullvm-0.41.0 \
+		windows_x86_64_gnullvm-0.48.5 \
+		windows_x86_64_gnullvm-0.52.6 \
+		windows_x86_64_msvc-0.41.0 \
+		windows_x86_64_msvc-0.48.5 \
+		windows_x86_64_msvc-0.52.6 \
+		winnow-0.5.40 \
+		winnow-0.6.20 \
+		winreg-0.50.0 \
+		write16-1.0.0 \
+		writeable-0.5.5 \
+		x509-cert-0.2.5 \
+		x509-parser-0.16.0 \
+		yoke-0.7.5 \
+		yoke-derive-0.7.5 \
+		zerocopy-0.7.35 \
+		zerocopy-derive-0.7.35 \
+		zerofrom-0.1.5 \
+		zerofrom-derive-0.1.5 \
+		zeroize-1.8.1 \
+		zeroize_derive-1.4.2 \
+		zerovec-0.10.4 \
+		zerovec-derive-0.10.3 \
+		zip-0.6.6 \
+		zxcvbn-2.2.2
diff --git a/platform/freebsd/client/distinfo b/platform/freebsd/client/distinfo
new file mode 100644
index 000000000..504decd07
--- /dev/null
+++ b/platform/freebsd/client/distinfo
@@ -0,0 +1,1251 @@
+TIMESTAMP = 1735779262
+SHA256 (rust/crates/addr2line-0.24.2.crate) = dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1
+SIZE (rust/crates/addr2line-0.24.2.crate) = 39015
+SHA256 (rust/crates/adler2-2.0.0.crate) = 512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627
+SIZE (rust/crates/adler2-2.0.0.crate) = 13529
+SHA256 (rust/crates/ahash-0.8.11.crate) = e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011
+SIZE (rust/crates/ahash-0.8.11.crate) = 43607
+SHA256 (rust/crates/aho-corasick-1.1.3.crate) = 8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916
+SIZE (rust/crates/aho-corasick-1.1.3.crate) = 183311
+SHA256 (rust/crates/allocator-api2-0.2.21.crate) = 683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923
+SIZE (rust/crates/allocator-api2-0.2.21.crate) = 63622
+SHA256 (rust/crates/android-tzdata-0.1.1.crate) = e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0
+SIZE (rust/crates/android-tzdata-0.1.1.crate) = 7674
+SHA256 (rust/crates/android_system_properties-0.1.5.crate) = 819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311
+SIZE (rust/crates/android_system_properties-0.1.5.crate) = 5243
+SHA256 (rust/crates/anstream-0.6.18.crate) = 8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b
+SIZE (rust/crates/anstream-0.6.18.crate) = 29681
+SHA256 (rust/crates/anstyle-1.0.10.crate) = 55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9
+SIZE (rust/crates/anstyle-1.0.10.crate) = 15725
+SHA256 (rust/crates/anstyle-parse-0.2.6.crate) = 3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9
+SIZE (rust/crates/anstyle-parse-0.2.6.crate) = 22343
+SHA256 (rust/crates/anstyle-query-1.1.2.crate) = 79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c
+SIZE (rust/crates/anstyle-query-1.1.2.crate) = 9969
+SHA256 (rust/crates/anstyle-wincon-3.0.6.crate) = 2109dbce0e72be3ec00bed26e6a7479ca384ad226efdd66db8fa2e3a38c83125
+SIZE (rust/crates/anstyle-wincon-3.0.6.crate) = 12271
+SHA256 (rust/crates/anyhow-1.0.95.crate) = 34ac096ce696dc2fcabef30516bb13c0a68a11d30131d3df6f04711467681b04
+SIZE (rust/crates/anyhow-1.0.95.crate) = 52155
+SHA256 (rust/crates/arc-swap-1.7.1.crate) = 69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457
+SIZE (rust/crates/arc-swap-1.7.1.crate) = 68512
+SHA256 (rust/crates/argon2-0.5.3.crate) = 3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072
+SIZE (rust/crates/argon2-0.5.3.crate) = 28795
+SHA256 (rust/crates/askama-0.12.1.crate) = b79091df18a97caea757e28cd2d5fda49c6cd4bd01ddffd7ff01ace0c0ad2c28
+SIZE (rust/crates/askama-0.12.1.crate) = 16976
+SHA256 (rust/crates/askama_axum-0.4.0.crate) = a41603f7cdbf5ac4af60760f17253eb6adf6ec5b6f14a7ed830cf687d375f163
+SIZE (rust/crates/askama_axum-0.4.0.crate) = 6649
+SHA256 (rust/crates/askama_derive-0.12.5.crate) = 19fe8d6cb13c4714962c072ea496f3392015f0989b1a2847bb4b2d9effd71d83
+SIZE (rust/crates/askama_derive-0.12.5.crate) = 31218
+SHA256 (rust/crates/askama_escape-0.10.3.crate) = 619743e34b5ba4e9703bba34deac3427c72507c7159f5fd030aea8cac0cfe341
+SIZE (rust/crates/askama_escape-0.10.3.crate) = 8875
+SHA256 (rust/crates/askama_parser-0.2.1.crate) = acb1161c6b64d1c3d83108213c2a2533a342ac225aabd0bda218278c2ddb00c0
+SIZE (rust/crates/askama_parser-0.2.1.crate) = 20707
+SHA256 (rust/crates/asn1-rs-0.6.2.crate) = 5493c3bedbacf7fd7382c6346bbd66687d12bbaad3a89a2d2c303ee6cf20b048
+SIZE (rust/crates/asn1-rs-0.6.2.crate) = 90647
+SHA256 (rust/crates/asn1-rs-derive-0.5.1.crate) = 965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490
+SIZE (rust/crates/asn1-rs-derive-0.5.1.crate) = 9692
+SHA256 (rust/crates/asn1-rs-impl-0.2.0.crate) = 7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7
+SIZE (rust/crates/asn1-rs-impl-0.2.0.crate) = 2261
+SHA256 (rust/crates/assert_cmd-2.0.16.crate) = dc1835b7f27878de8525dc71410b5a31cdcc5f230aed5ba5df968e09c201b23d
+SIZE (rust/crates/assert_cmd-2.0.16.crate) = 26554
+SHA256 (rust/crates/async-compression-0.4.18.crate) = df895a515f70646414f4b45c0b79082783b80552b373a68283012928df56f522
+SIZE (rust/crates/async-compression-0.4.18.crate) = 111919
+SHA256 (rust/crates/async-stream-0.3.6.crate) = 0b5a71a6f37880a80d1d7f19efd781e4b5de42c88f0722cc13bcb6cc2cfe8476
+SIZE (rust/crates/async-stream-0.3.6.crate) = 13823
+SHA256 (rust/crates/async-stream-impl-0.3.6.crate) = c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d
+SIZE (rust/crates/async-stream-impl-0.3.6.crate) = 4312
+SHA256 (rust/crates/async-trait-0.1.83.crate) = 721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd
+SIZE (rust/crates/async-trait-0.1.83.crate) = 29054
+SHA256 (rust/crates/atomic-waker-1.1.2.crate) = 1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0
+SIZE (rust/crates/atomic-waker-1.1.2.crate) = 12422
+SHA256 (rust/crates/authenticator-0.4.1.crate) = 82d71e457dc518a15eecc90d3b0660dee4b51623b34ac4262c9326e0d7e0f8e2
+SIZE (rust/crates/authenticator-0.4.1.crate) = 198210
+SHA256 (rust/crates/autocfg-1.4.0.crate) = ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26
+SIZE (rust/crates/autocfg-1.4.0.crate) = 17712
+SHA256 (rust/crates/axum-0.6.20.crate) = 3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf
+SIZE (rust/crates/axum-0.6.20.crate) = 146227
+SHA256 (rust/crates/axum-0.7.9.crate) = edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f
+SIZE (rust/crates/axum-0.7.9.crate) = 155272
+SHA256 (rust/crates/axum-core-0.3.4.crate) = 759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c
+SIZE (rust/crates/axum-core-0.3.4.crate) = 21088
+SHA256 (rust/crates/axum-core-0.4.5.crate) = 09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199
+SIZE (rust/crates/axum-core-0.4.5.crate) = 22183
+SHA256 (rust/crates/axum-extra-0.9.6.crate) = c794b30c904f0a1c2fb7740f7df7f7972dfaa14ef6f57cb6178dc63e5dca2f04
+SIZE (rust/crates/axum-extra-0.9.6.crate) = 47663
+SHA256 (rust/crates/axum-htmx-0.5.0.crate) = 40f7051fdc094b6e5ea06cab9bca4b198c54dee4472a9419155f0ff19f19901e
+SIZE (rust/crates/axum-htmx-0.5.0.crate) = 15894
+SHA256 (rust/crates/axum-macros-0.4.2.crate) = 57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce
+SIZE (rust/crates/axum-macros-0.4.2.crate) = 39245
+SHA256 (rust/crates/axum-server-0.7.1.crate) = 56bac90848f6a9393ac03c63c640925c4b7c8ca21654de40d53f55964667c7d8
+SIZE (rust/crates/axum-server-0.7.1.crate) = 41684
+SHA256 (rust/crates/backtrace-0.3.74.crate) = 8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a
+SIZE (rust/crates/backtrace-0.3.74.crate) = 88516
+SHA256 (rust/crates/base32-0.5.1.crate) = 022dfe9eb35f19ebbcb51e0b40a5ab759f46ad60cadf7297e0bd085afb50e076
+SIZE (rust/crates/base32-0.5.1.crate) = 9238
+SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8
+SIZE (rust/crates/base64-0.13.1.crate) = 61002
+SHA256 (rust/crates/base64-0.21.7.crate) = 9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567
+SIZE (rust/crates/base64-0.21.7.crate) = 82576
+SHA256 (rust/crates/base64-0.22.1.crate) = 72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6
+SIZE (rust/crates/base64-0.22.1.crate) = 81597
+SHA256 (rust/crates/base64ct-1.6.0.crate) = 8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b
+SIZE (rust/crates/base64ct-1.6.0.crate) = 28870
+SHA256 (rust/crates/base64urlsafedata-0.5.1.crate) = 72f0ad38ce7fbed55985ad5b2197f05cff8324ee6eb6638304e78f0108fae56c
+SIZE (rust/crates/base64urlsafedata-0.5.1.crate) = 5683
+SHA256 (rust/crates/basic-toml-0.1.9.crate) = 823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8
+SIZE (rust/crates/basic-toml-0.1.9.crate) = 50234
+SHA256 (rust/crates/bindgen-0.66.1.crate) = f2b84e06fc203107bfbad243f4aba2af864eb7db3b1cf46ea0a023b0b433d2a7
+SIZE (rust/crates/bindgen-0.66.1.crate) = 218860
+SHA256 (rust/crates/bindgen-0.70.1.crate) = f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f
+SIZE (rust/crates/bindgen-0.70.1.crate) = 226363
+SHA256 (rust/crates/bit-set-0.5.3.crate) = 0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1
+SIZE (rust/crates/bit-set-0.5.3.crate) = 14470
+SHA256 (rust/crates/bit-set-0.8.0.crate) = 08807e080ed7f9d5433fa9b275196cfc35414f66a0c79d864dc51a0d825231a3
+SIZE (rust/crates/bit-set-0.8.0.crate) = 16289
+SHA256 (rust/crates/bit-vec-0.6.3.crate) = 349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb
+SIZE (rust/crates/bit-vec-0.6.3.crate) = 19927
+SHA256 (rust/crates/bit-vec-0.8.0.crate) = 5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7
+SIZE (rust/crates/bit-vec-0.8.0.crate) = 24132
+SHA256 (rust/crates/bitfield-0.13.2.crate) = 46afbd2983a5d5a7bd740ccb198caf5b82f45c40c09c0eed36052d91cb92e719
+SIZE (rust/crates/bitfield-0.13.2.crate) = 16479
+SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a
+SIZE (rust/crates/bitflags-1.3.2.crate) = 23021
+SHA256 (rust/crates/bitflags-2.6.0.crate) = b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de
+SIZE (rust/crates/bitflags-2.6.0.crate) = 45357
+SHA256 (rust/crates/blake2-0.10.6.crate) = 46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe
+SIZE (rust/crates/blake2-0.10.6.crate) = 47234
+SHA256 (rust/crates/block-buffer-0.10.4.crate) = 3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71
+SIZE (rust/crates/block-buffer-0.10.4.crate) = 10538
+SHA256 (rust/crates/borrow-or-share-0.2.2.crate) = 3eeab4423108c5d7c744f4d234de88d18d636100093ae04caf4825134b9c3a32
+SIZE (rust/crates/borrow-or-share-0.2.2.crate) = 4871
+SHA256 (rust/crates/bstr-1.11.1.crate) = 786a307d683a5bf92e6fd5fd69a7eb613751668d1d8d67d802846dfe367c62c8
+SIZE (rust/crates/bstr-1.11.1.crate) = 351485
+SHA256 (rust/crates/bumpalo-3.16.0.crate) = 79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c
+SIZE (rust/crates/bumpalo-3.16.0.crate) = 85677
+SHA256 (rust/crates/bytecount-0.6.8.crate) = 5ce89b21cab1437276d2650d57e971f9d548a2d9037cc231abdc0562b97498ce
+SIZE (rust/crates/bytecount-0.6.8.crate) = 14694
+SHA256 (rust/crates/bytemuck-1.21.0.crate) = ef657dfab802224e671f5818e9a4935f9b1957ed18e58292690cc39e7a4092a3
+SIZE (rust/crates/bytemuck-1.21.0.crate) = 51553
+SHA256 (rust/crates/byteorder-1.5.0.crate) = 1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b
+SIZE (rust/crates/byteorder-1.5.0.crate) = 23288
+SHA256 (rust/crates/bytes-1.9.0.crate) = 325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b
+SIZE (rust/crates/bytes-1.9.0.crate) = 67320
+SHA256 (rust/crates/cc-1.2.5.crate) = c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e
+SIZE (rust/crates/cc-1.2.5.crate) = 99839
+SHA256 (rust/crates/cexpr-0.6.0.crate) = 6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766
+SIZE (rust/crates/cexpr-0.6.0.crate) = 17966
+SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd
+SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934
+SHA256 (rust/crates/cfg_aliases-0.2.1.crate) = 613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724
+SIZE (rust/crates/cfg_aliases-0.2.1.crate) = 6355
+SHA256 (rust/crates/checked_int_cast-1.0.0.crate) = 17cc5e6b5ab06331c33589842070416baa137e8b0eb912b008cfd4a78ada7919
+SIZE (rust/crates/checked_int_cast-1.0.0.crate) = 2669
+SHA256 (rust/crates/chrono-0.4.39.crate) = 7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825
+SIZE (rust/crates/chrono-0.4.39.crate) = 222248
+SHA256 (rust/crates/clang-sys-1.8.1.crate) = 0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4
+SIZE (rust/crates/clang-sys-1.8.1.crate) = 44009
+SHA256 (rust/crates/clap-4.5.23.crate) = 3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84
+SIZE (rust/crates/clap-4.5.23.crate) = 56460
+SHA256 (rust/crates/clap_builder-4.5.23.crate) = 30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838
+SIZE (rust/crates/clap_builder-4.5.23.crate) = 164180
+SHA256 (rust/crates/clap_complete-4.5.40.crate) = ac2e663e3e3bed2d32d065a8404024dad306e699a04263ec59919529f803aee9
+SIZE (rust/crates/clap_complete-4.5.40.crate) = 47827
+SHA256 (rust/crates/clap_derive-4.5.18.crate) = 4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab
+SIZE (rust/crates/clap_derive-4.5.18.crate) = 30131
+SHA256 (rust/crates/clap_lex-0.7.4.crate) = f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6
+SIZE (rust/crates/clap_lex-0.7.4.crate) = 12858
+SHA256 (rust/crates/clru-0.6.2.crate) = cbd0f76e066e64fdc5631e3bb46381254deab9ef1158292f27c8c57e3bf3fe59
+SIZE (rust/crates/clru-0.6.2.crate) = 16497
+SHA256 (rust/crates/color_quant-1.1.0.crate) = 3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b
+SIZE (rust/crates/color_quant-1.1.0.crate) = 6649
+SHA256 (rust/crates/colorchoice-1.0.3.crate) = 5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990
+SIZE (rust/crates/colorchoice-1.0.3.crate) = 7923
+SHA256 (rust/crates/compact_jwt-0.4.3.crate) = 12bbab6445446e8d0b07468a01d0bfdae15879de5c440c5e47ae4ae0e18a1fba
+SIZE (rust/crates/compact_jwt-0.4.3.crate) = 61901
+SHA256 (rust/crates/concread-0.5.3.crate) = cba00cef522c2597dfbb0a8d1b0ac8ac2b99714f50cc354cda71da63164da0be
+SIZE (rust/crates/concread-0.5.3.crate) = 877996
+SHA256 (rust/crates/console-0.15.10.crate) = ea3c6ecd8059b57859df5c69830340ed3c41d30e3da0c1cbed90a96ac853041b
+SIZE (rust/crates/console-0.15.10.crate) = 36449
+SHA256 (rust/crates/const-oid-0.9.6.crate) = c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8
+SIZE (rust/crates/const-oid-0.9.6.crate) = 45382
+SHA256 (rust/crates/cookie-0.16.2.crate) = e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb
+SIZE (rust/crates/cookie-0.16.2.crate) = 34632
+SHA256 (rust/crates/cookie-0.18.1.crate) = 4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747
+SIZE (rust/crates/cookie-0.18.1.crate) = 43551
+SHA256 (rust/crates/cookie_store-0.21.1.crate) = 2eac901828f88a5241ee0600950ab981148a18f2f756900ffba1b125ca6a3ef9
+SIZE (rust/crates/cookie_store-0.21.1.crate) = 34692
+SHA256 (rust/crates/core-foundation-0.9.4.crate) = 91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f
+SIZE (rust/crates/core-foundation-0.9.4.crate) = 27743
+SHA256 (rust/crates/core-foundation-0.10.0.crate) = b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63
+SIZE (rust/crates/core-foundation-0.10.0.crate) = 27023
+SHA256 (rust/crates/core-foundation-sys-0.8.7.crate) = 773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b
+SIZE (rust/crates/core-foundation-sys-0.8.7.crate) = 37712
+SHA256 (rust/crates/cpufeatures-0.2.16.crate) = 16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3
+SIZE (rust/crates/cpufeatures-0.2.16.crate) = 13405
+SHA256 (rust/crates/crc32fast-1.4.2.crate) = a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3
+SIZE (rust/crates/crc32fast-1.4.2.crate) = 38491
+SHA256 (rust/crates/cron-0.12.1.crate) = 6f8c3e73077b4b4a6ab1ea5047c37c57aee77657bc8ecd6f29b0af082d0b0c07
+SIZE (rust/crates/cron-0.12.1.crate) = 18702
+SHA256 (rust/crates/crossbeam-0.8.4.crate) = 1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8
+SIZE (rust/crates/crossbeam-0.8.4.crate) = 10500
+SHA256 (rust/crates/crossbeam-channel-0.5.14.crate) = 06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471
+SIZE (rust/crates/crossbeam-channel-0.5.14.crate) = 92728
+SHA256 (rust/crates/crossbeam-deque-0.8.6.crate) = 9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51
+SIZE (rust/crates/crossbeam-deque-0.8.6.crate) = 22471
+SHA256 (rust/crates/crossbeam-epoch-0.9.18.crate) = 5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e
+SIZE (rust/crates/crossbeam-epoch-0.9.18.crate) = 46875
+SHA256 (rust/crates/crossbeam-queue-0.3.12.crate) = 0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115
+SIZE (rust/crates/crossbeam-queue-0.3.12.crate) = 16270
+SHA256 (rust/crates/crossbeam-utils-0.8.21.crate) = d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28
+SIZE (rust/crates/crossbeam-utils-0.8.21.crate) = 42691
+SHA256 (rust/crates/crypto-common-0.1.6.crate) = 1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3
+SIZE (rust/crates/crypto-common-0.1.6.crate) = 8760
+SHA256 (rust/crates/csv-1.3.1.crate) = acdc4883a9c96732e4733212c01447ebd805833b7275a73ca3ee080fd77afdaf
+SIZE (rust/crates/csv-1.3.1.crate) = 888542
+SHA256 (rust/crates/csv-core-0.1.11.crate) = 5efa2b3d7902f4b634a20cae3c9c4e6209dc4779feb6863329607560143efa70
+SIZE (rust/crates/csv-core-0.1.11.crate) = 25852
+SHA256 (rust/crates/darling-0.14.4.crate) = 7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850
+SIZE (rust/crates/darling-0.14.4.crate) = 25168
+SHA256 (rust/crates/darling-0.20.10.crate) = 6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989
+SIZE (rust/crates/darling-0.20.10.crate) = 32031
+SHA256 (rust/crates/darling_core-0.14.4.crate) = 109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0
+SIZE (rust/crates/darling_core-0.14.4.crate) = 57485
+SHA256 (rust/crates/darling_core-0.20.10.crate) = 95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5
+SIZE (rust/crates/darling_core-0.20.10.crate) = 65015
+SHA256 (rust/crates/darling_macro-0.14.4.crate) = a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e
+SIZE (rust/crates/darling_macro-0.14.4.crate) = 1896
+SHA256 (rust/crates/darling_macro-0.20.10.crate) = d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806
+SIZE (rust/crates/darling_macro-0.20.10.crate) = 1874
+SHA256 (rust/crates/data-encoding-2.6.0.crate) = e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2
+SIZE (rust/crates/data-encoding-2.6.0.crate) = 20769
+SHA256 (rust/crates/der-0.7.9.crate) = f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0
+SIZE (rust/crates/der-0.7.9.crate) = 85173
+SHA256 (rust/crates/der-parser-9.0.0.crate) = 5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553
+SIZE (rust/crates/der-parser-9.0.0.crate) = 63191
+SHA256 (rust/crates/der_derive-0.7.3.crate) = 8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18
+SIZE (rust/crates/der_derive-0.7.3.crate) = 24657
+SHA256 (rust/crates/deranged-0.3.11.crate) = b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4
+SIZE (rust/crates/deranged-0.3.11.crate) = 18043
+SHA256 (rust/crates/derive_builder-0.12.0.crate) = 8d67778784b508018359cbc8696edb3db78160bab2c2a28ba7f56ef6932997f8
+SIZE (rust/crates/derive_builder-0.12.0.crate) = 35456
+SHA256 (rust/crates/derive_builder_core-0.12.0.crate) = c11bdc11a0c47bc7d37d582b5285da6849c96681023680b906673c5707af7b0f
+SIZE (rust/crates/derive_builder_core-0.12.0.crate) = 31438
+SHA256 (rust/crates/derive_builder_macro-0.12.0.crate) = ebcda35c7a396850a55ffeac740804b40ffec779b98fffbb1738f4033f0ee79e
+SIZE (rust/crates/derive_builder_macro-0.12.0.crate) = 6288
+SHA256 (rust/crates/devd-rs-0.3.6.crate) = 9313f104b590510b46fc01c0a324fc76505c13871454d3c48490468d04c8d395
+SIZE (rust/crates/devd-rs-0.3.6.crate) = 6987
+SHA256 (rust/crates/dhat-0.3.3.crate) = 98cd11d84628e233de0ce467de10b8633f4ddaecafadefc86e13b84b8739b827
+SIZE (rust/crates/dhat-0.3.3.crate) = 32008
+SHA256 (rust/crates/dialoguer-0.10.4.crate) = 59c6f2989294b9a498d3ad5491a79c6deb604617378e1cdc4bfc1c1361fe2f87
+SIZE (rust/crates/dialoguer-0.10.4.crate) = 29928
+SHA256 (rust/crates/difflib-0.4.0.crate) = 6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8
+SIZE (rust/crates/difflib-0.4.0.crate) = 7638
+SHA256 (rust/crates/digest-0.10.7.crate) = 9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292
+SIZE (rust/crates/digest-0.10.7.crate) = 19557
+SHA256 (rust/crates/dirs-4.0.0.crate) = ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059
+SIZE (rust/crates/dirs-4.0.0.crate) = 12503
+SHA256 (rust/crates/dirs-sys-0.3.7.crate) = 1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6
+SIZE (rust/crates/dirs-sys-0.3.7.crate) = 10597
+SHA256 (rust/crates/displaydoc-0.2.5.crate) = 97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0
+SIZE (rust/crates/displaydoc-0.2.5.crate) = 24219
+SHA256 (rust/crates/doc-comment-0.3.3.crate) = fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10
+SIZE (rust/crates/doc-comment-0.3.3.crate) = 4123
+SHA256 (rust/crates/document-features-0.2.10.crate) = cb6969eaabd2421f8a2775cfd2471a2b634372b4a25d41e3bd647b79912850a0
+SIZE (rust/crates/document-features-0.2.10.crate) = 14005
+SHA256 (rust/crates/dunce-1.0.5.crate) = 92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813
+SIZE (rust/crates/dunce-1.0.5.crate) = 8244
+SHA256 (rust/crates/dyn-clone-1.0.17.crate) = 0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125
+SIZE (rust/crates/dyn-clone-1.0.17.crate) = 11848
+SHA256 (rust/crates/either-1.13.0.crate) = 60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0
+SIZE (rust/crates/either-1.13.0.crate) = 19169
+SHA256 (rust/crates/email_address-0.2.9.crate) = e079f19b08ca6239f47f8ba8509c11cf3ea30095831f7fed61441475edd8c449
+SIZE (rust/crates/email_address-0.2.9.crate) = 21579
+SHA256 (rust/crates/encode_unicode-1.0.0.crate) = 34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0
+SIZE (rust/crates/encode_unicode-1.0.0.crate) = 56986
+SHA256 (rust/crates/encoding_rs-0.8.35.crate) = 75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3
+SIZE (rust/crates/encoding_rs-0.8.35.crate) = 1381050
+SHA256 (rust/crates/enum-iterator-2.1.0.crate) = c280b9e6b3ae19e152d8e31cf47f18389781e119d4013a2a2bb0180e5facc635
+SIZE (rust/crates/enum-iterator-2.1.0.crate) = 7668
+SHA256 (rust/crates/enum-iterator-derive-1.4.0.crate) = a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b
+SIZE (rust/crates/enum-iterator-derive-1.4.0.crate) = 5516
+SHA256 (rust/crates/enumflags2-0.7.10.crate) = d232db7f5956f3f14313dc2f87985c58bd2c695ce124c8cdd984e08e15ac133d
+SIZE (rust/crates/enumflags2-0.7.10.crate) = 16622
+SHA256 (rust/crates/enumflags2_derive-0.7.10.crate) = de0d48a183585823424a4ce1aa132d174a6a81bd540895822eb4c8373a8e49e8
+SIZE (rust/crates/enumflags2_derive-0.7.10.crate) = 8104
+SHA256 (rust/crates/equivalent-1.0.1.crate) = 5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5
+SIZE (rust/crates/equivalent-1.0.1.crate) = 6615
+SHA256 (rust/crates/errno-0.3.10.crate) = 33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d
+SIZE (rust/crates/errno-0.3.10.crate) = 11824
+SHA256 (rust/crates/escargot-0.5.13.crate) = 05a3ac187a16b5382fef8c69fd1bad123c67b7cf3932240a2d43dcdd32cded88
+SIZE (rust/crates/escargot-0.5.13.crate) = 20849
+SHA256 (rust/crates/fallible-iterator-0.2.0.crate) = 4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7
+SIZE (rust/crates/fallible-iterator-0.2.0.crate) = 18509
+SHA256 (rust/crates/fallible-streaming-iterator-0.1.9.crate) = 7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a
+SIZE (rust/crates/fallible-streaming-iterator-0.1.9.crate) = 9249
+SHA256 (rust/crates/fancy-regex-0.11.0.crate) = b95f7c0680e4142284cf8b22c14a476e87d61b004a3a0861872b32ef7ead40a2
+SIZE (rust/crates/fancy-regex-0.11.0.crate) = 82918
+SHA256 (rust/crates/fancy-regex-0.14.0.crate) = 6e24cb5a94bcae1e5408b0effca5cd7172ea3c5755049c5f3af4cd283a165298
+SIZE (rust/crates/fancy-regex-0.14.0.crate) = 86969
+SHA256 (rust/crates/fantoccini-0.21.3.crate) = 8e681009c468d99de858e7757b0cfd5f16311ca999b13ccf543c87da3c04c2c5
+SIZE (rust/crates/fantoccini-0.21.3.crate) = 80146
+SHA256 (rust/crates/faster-hex-0.9.0.crate) = a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183
+SIZE (rust/crates/faster-hex-0.9.0.crate) = 13053
+SHA256 (rust/crates/fastrand-2.3.0.crate) = 37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be
+SIZE (rust/crates/fastrand-2.3.0.crate) = 15076
+SHA256 (rust/crates/fernet-0.2.2.crate) = c66b725fe9483b9ee72ccaec072b15eb8ad95a3ae63a8c798d5748883b72fd33
+SIZE (rust/crates/fernet-0.2.2.crate) = 13494
+SHA256 (rust/crates/file-id-0.1.0.crate) = e13be71e6ca82e91bc0cb862bebaac0b2d1924a5a1d970c822b2f98b63fda8c3
+SIZE (rust/crates/file-id-0.1.0.crate) = 2094
+SHA256 (rust/crates/filetime-0.2.25.crate) = 35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586
+SIZE (rust/crates/filetime-0.2.25.crate) = 14940
+SHA256 (rust/crates/fixedbitset-0.4.2.crate) = 0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80
+SIZE (rust/crates/fixedbitset-0.4.2.crate) = 15954
+SHA256 (rust/crates/flagset-0.4.6.crate) = b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec
+SIZE (rust/crates/flagset-0.4.6.crate) = 13623
+SHA256 (rust/crates/flate2-1.0.35.crate) = c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c
+SIZE (rust/crates/flate2-1.0.35.crate) = 109188
+SHA256 (rust/crates/fluent-uri-0.3.2.crate) = 1918b65d96df47d3591bed19c5cca17e3fa5d0707318e4b5ef2eae01764df7e5
+SIZE (rust/crates/fluent-uri-0.3.2.crate) = 43604
+SHA256 (rust/crates/fnv-1.0.7.crate) = 3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1
+SIZE (rust/crates/fnv-1.0.7.crate) = 11266
+SHA256 (rust/crates/foldhash-0.1.4.crate) = a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f
+SIZE (rust/crates/foldhash-0.1.4.crate) = 13764
+SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1
+SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504
+SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b
+SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672
+SHA256 (rust/crates/form_urlencoded-1.2.1.crate) = e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456
+SIZE (rust/crates/form_urlencoded-1.2.1.crate) = 8969
+SHA256 (rust/crates/fraction-0.15.3.crate) = 0f158e3ff0a1b334408dc9fb811cd99b446986f4d8b741bb08f9df1604085ae7
+SIZE (rust/crates/fraction-0.15.3.crate) = 95223
+SHA256 (rust/crates/fs4-0.8.4.crate) = f7e180ac76c23b45e767bd7ae9579bc0bb458618c4bc71835926e098e61d15f8
+SIZE (rust/crates/fs4-0.8.4.crate) = 18620
+SHA256 (rust/crates/fsevent-sys-4.1.0.crate) = 76ee7a02da4d231650c7cea31349b889be2f45ddb3ef3032d2ec8185f6313fd2
+SIZE (rust/crates/fsevent-sys-4.1.0.crate) = 4620
+SHA256 (rust/crates/futures-0.3.31.crate) = 65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876
+SIZE (rust/crates/futures-0.3.31.crate) = 54953
+SHA256 (rust/crates/futures-channel-0.3.31.crate) = 2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10
+SIZE (rust/crates/futures-channel-0.3.31.crate) = 31971
+SHA256 (rust/crates/futures-core-0.3.31.crate) = 05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e
+SIZE (rust/crates/futures-core-0.3.31.crate) = 14318
+SHA256 (rust/crates/futures-executor-0.3.31.crate) = 1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f
+SIZE (rust/crates/futures-executor-0.3.31.crate) = 17965
+SHA256 (rust/crates/futures-io-0.3.31.crate) = 9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6
+SIZE (rust/crates/futures-io-0.3.31.crate) = 9047
+SHA256 (rust/crates/futures-macro-0.3.31.crate) = 162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650
+SIZE (rust/crates/futures-macro-0.3.31.crate) = 11341
+SHA256 (rust/crates/futures-sink-0.3.31.crate) = e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7
+SIZE (rust/crates/futures-sink-0.3.31.crate) = 7958
+SHA256 (rust/crates/futures-task-0.3.31.crate) = f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988
+SIZE (rust/crates/futures-task-0.3.31.crate) = 11217
+SHA256 (rust/crates/futures-util-0.3.31.crate) = 9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81
+SIZE (rust/crates/futures-util-0.3.31.crate) = 162124
+SHA256 (rust/crates/generic-array-0.14.7.crate) = 85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a
+SIZE (rust/crates/generic-array-0.14.7.crate) = 15950
+SHA256 (rust/crates/gethostname-0.5.0.crate) = dc3655aa6818d65bc620d6911f05aa7b6aeb596291e1e9f79e52df85583d1e30
+SIZE (rust/crates/gethostname-0.5.0.crate) = 8772
+SHA256 (rust/crates/getrandom-0.2.15.crate) = c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7
+SIZE (rust/crates/getrandom-0.2.15.crate) = 37163
+SHA256 (rust/crates/gif-0.13.1.crate) = 3fb2d69b19215e18bb912fa30f7ce15846e301408695e44e0ef719f1da9e19f2
+SIZE (rust/crates/gif-0.13.1.crate) = 36408
+SHA256 (rust/crates/gimli-0.31.1.crate) = 07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f
+SIZE (rust/crates/gimli-0.31.1.crate) = 279515
+SHA256 (rust/crates/gix-0.64.0.crate) = d78414d29fcc82329080166077e0f7689f4016551fdb334d787c3d040fe2634f
+SIZE (rust/crates/gix-0.64.0.crate) = 273610
+SHA256 (rust/crates/gix-actor-0.31.5.crate) = a0e454357e34b833cc3a00b6efbbd3dd4d18b24b9fb0c023876ec2645e8aa3f2
+SIZE (rust/crates/gix-actor-0.31.5.crate) = 9335
+SHA256 (rust/crates/gix-chunk-0.4.10.crate) = c6ffbeb3a5c0b8b84c3fe4133a6f8c82fa962f4caefe8d0762eced025d3eb4f7
+SIZE (rust/crates/gix-chunk-0.4.10.crate) = 10131
+SHA256 (rust/crates/gix-commitgraph-0.24.3.crate) = 133b06f67f565836ec0c473e2116a60fb74f80b6435e21d88013ac0e3c60fc78
+SIZE (rust/crates/gix-commitgraph-0.24.3.crate) = 18242
+SHA256 (rust/crates/gix-config-0.38.0.crate) = 28f53fd03d1bf09ebcc2c8654f08969439c4556e644ca925f27cf033bc43e658
+SIZE (rust/crates/gix-config-0.38.0.crate) = 63374
+SHA256 (rust/crates/gix-config-value-0.14.10.crate) = 49aaeef5d98390a3bcf9dbc6440b520b793d1bf3ed99317dc407b02be995b28e
+SIZE (rust/crates/gix-config-value-0.14.10.crate) = 13604
+SHA256 (rust/crates/gix-date-0.8.7.crate) = 9eed6931f21491ee0aeb922751bd7ec97b4b2fe8fbfedcb678e2a2dce5f3b8c0
+SIZE (rust/crates/gix-date-0.8.7.crate) = 10349
+SHA256 (rust/crates/gix-diff-0.44.1.crate) = 1996d5c8a305b59709467d80617c9fde48d9d75fd1f4179ea970912630886c9d
+SIZE (rust/crates/gix-diff-0.44.1.crate) = 32197
+SHA256 (rust/crates/gix-discover-0.33.0.crate) = 67662731cec3cb31ba3ed2463809493f76d8e5d6c6d245de8b0560438c13450e
+SIZE (rust/crates/gix-discover-0.33.0.crate) = 16632
+SHA256 (rust/crates/gix-features-0.38.2.crate) = ac7045ac9fe5f9c727f38799d002a7ed3583cd777e3322a7c4b43e3cf437dc69
+SIZE (rust/crates/gix-features-0.38.2.crate) = 30604
+SHA256 (rust/crates/gix-fs-0.11.3.crate) = f2bfe6249cfea6d0c0e0990d5226a4cb36f030444ba9e35e0639275db8f98575
+SIZE (rust/crates/gix-fs-0.11.3.crate) = 14867
+SHA256 (rust/crates/gix-glob-0.16.5.crate) = 74908b4bbc0a0a40852737e5d7889f676f081e340d5451a16e5b4c50d592f111
+SIZE (rust/crates/gix-glob-0.16.5.crate) = 13425
+SHA256 (rust/crates/gix-hash-0.14.2.crate) = f93d7df7366121b5018f947a04d37f034717e113dcf9ccd85c34b58e57a74d5e
+SIZE (rust/crates/gix-hash-0.14.2.crate) = 12759
+SHA256 (rust/crates/gix-hashtable-0.5.2.crate) = 7ddf80e16f3c19ac06ce415a38b8591993d3f73aede049cb561becb5b3a8e242
+SIZE (rust/crates/gix-hashtable-0.5.2.crate) = 6421
+SHA256 (rust/crates/gix-lock-14.0.0.crate) = e3bc7fe297f1f4614774989c00ec8b1add59571dc9b024b4c00acb7dedd4e19d
+SIZE (rust/crates/gix-lock-14.0.0.crate) = 9795
+SHA256 (rust/crates/gix-macros-0.1.5.crate) = 999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17
+SIZE (rust/crates/gix-macros-0.1.5.crate) = 8627
+SHA256 (rust/crates/gix-object-0.42.3.crate) = 25da2f46b4e7c2fa7b413ce4dffb87f69eaf89c2057e386491f4c55cadbfe386
+SIZE (rust/crates/gix-object-0.42.3.crate) = 32497
+SHA256 (rust/crates/gix-odb-0.61.1.crate) = 20d384fe541d93d8a3bb7d5d5ef210780d6df4f50c4e684ccba32665a5e3bc9b
+SIZE (rust/crates/gix-odb-0.61.1.crate) = 54308
+SHA256 (rust/crates/gix-pack-0.51.1.crate) = 3e0594491fffe55df94ba1c111a6566b7f56b3f8d2e1efc750e77d572f5f5229
+SIZE (rust/crates/gix-pack-0.51.1.crate) = 96737
+SHA256 (rust/crates/gix-path-0.10.13.crate) = afc292ef1a51e340aeb0e720800338c805975724c1dfbd243185452efd8645b7
+SIZE (rust/crates/gix-path-0.10.13.crate) = 22831
+SHA256 (rust/crates/gix-quote-0.4.14.crate) = 64a1e282216ec2ab2816cd57e6ed88f8009e634aec47562883c05ac8a7009a63
+SIZE (rust/crates/gix-quote-0.4.14.crate) = 7828
+SHA256 (rust/crates/gix-ref-0.45.0.crate) = 636e96a0a5562715153fee098c217110c33a6f8218f08f4687ff99afde159bb5
+SIZE (rust/crates/gix-ref-0.45.0.crate) = 56670
+SHA256 (rust/crates/gix-refspec-0.23.1.crate) = 6868f8cd2e62555d1f7c78b784bece43ace40dd2a462daf3b588d5416e603f37
+SIZE (rust/crates/gix-refspec-0.23.1.crate) = 16175
+SHA256 (rust/crates/gix-revision-0.27.2.crate) = 01b13e43c2118c4b0537ddac7d0821ae0dfa90b7b8dbf20c711e153fb749adce
+SIZE (rust/crates/gix-revision-0.27.2.crate) = 19204
+SHA256 (rust/crates/gix-revwalk-0.13.2.crate) = 1b030ccaab71af141f537e0225f19b9e74f25fefdba0372246b844491cab43e0
+SIZE (rust/crates/gix-revwalk-0.13.2.crate) = 11854
+SHA256 (rust/crates/gix-sec-0.10.10.crate) = a8b876ef997a955397809a2ec398d6a45b7a55b4918f2446344330f778d14fd6
+SIZE (rust/crates/gix-sec-0.10.10.crate) = 10205
+SHA256 (rust/crates/gix-tempfile-14.0.2.crate) = 046b4927969fa816a150a0cda2e62c80016fe11fb3c3184e4dddf4e542f108aa
+SIZE (rust/crates/gix-tempfile-14.0.2.crate) = 17489
+SHA256 (rust/crates/gix-trace-0.1.11.crate) = 04bdde120c29f1fc23a24d3e115aeeea3d60d8e65bab92cc5f9d90d9302eb952
+SIZE (rust/crates/gix-trace-0.1.11.crate) = 10424
+SHA256 (rust/crates/gix-traverse-0.39.2.crate) = e499a18c511e71cf4a20413b743b9f5bcf64b3d9e81e9c3c6cd399eae55a8840
+SIZE (rust/crates/gix-traverse-0.39.2.crate) = 17291
+SHA256 (rust/crates/gix-url-0.27.5.crate) = fd280c5e84fb22e128ed2a053a0daeacb6379469be6a85e3d518a0636e160c89
+SIZE (rust/crates/gix-url-0.27.5.crate) = 14367
+SHA256 (rust/crates/gix-utils-0.1.13.crate) = ba427e3e9599508ed98a6ddf8ed05493db114564e338e41f6a996d2e4790335f
+SIZE (rust/crates/gix-utils-0.1.13.crate) = 10194
+SHA256 (rust/crates/gix-validate-0.8.5.crate) = 82c27dd34a49b1addf193c92070bcbf3beaf6e10f16a78544de6372e146a0acf
+SIZE (rust/crates/gix-validate-0.8.5.crate) = 10408
+SHA256 (rust/crates/glob-0.3.1.crate) = d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b
+SIZE (rust/crates/glob-0.3.1.crate) = 18880
+SHA256 (rust/crates/h2-0.3.26.crate) = 81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8
+SIZE (rust/crates/h2-0.3.26.crate) = 168315
+SHA256 (rust/crates/h2-0.4.7.crate) = ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e
+SIZE (rust/crates/h2-0.4.7.crate) = 174114
+SHA256 (rust/crates/half-1.8.3.crate) = 1b43ede17f21864e81be2fa654110bf1e793774238d86ef8555c37e6519c0403
+SIZE (rust/crates/half-1.8.3.crate) = 41624
+SHA256 (rust/crates/hashbrown-0.12.3.crate) = 8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888
+SIZE (rust/crates/hashbrown-0.12.3.crate) = 102968
+SHA256 (rust/crates/hashbrown-0.14.5.crate) = e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1
+SIZE (rust/crates/hashbrown-0.14.5.crate) = 141498
+SHA256 (rust/crates/hashbrown-0.15.2.crate) = bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289
+SIZE (rust/crates/hashbrown-0.15.2.crate) = 138478
+SHA256 (rust/crates/hashlink-0.8.4.crate) = e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7
+SIZE (rust/crates/hashlink-0.8.4.crate) = 26514
+SHA256 (rust/crates/heck-0.5.0.crate) = 2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea
+SIZE (rust/crates/heck-0.5.0.crate) = 11517
+SHA256 (rust/crates/hex-0.4.3.crate) = 7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70
+SIZE (rust/crates/hex-0.4.3.crate) = 13299
+SHA256 (rust/crates/home-0.5.11.crate) = 589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf
+SIZE (rust/crates/home-0.5.11.crate) = 9926
+SHA256 (rust/crates/hostname-validator-1.1.1.crate) = f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2
+SIZE (rust/crates/hostname-validator-1.1.1.crate) = 2377
+SHA256 (rust/crates/http-0.2.12.crate) = 601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1
+SIZE (rust/crates/http-0.2.12.crate) = 101964
+SHA256 (rust/crates/http-1.2.0.crate) = f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea
+SIZE (rust/crates/http-1.2.0.crate) = 105932
+SHA256 (rust/crates/http-body-0.4.6.crate) = 7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2
+SIZE (rust/crates/http-body-0.4.6.crate) = 10773
+SHA256 (rust/crates/http-body-1.0.1.crate) = 1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184
+SIZE (rust/crates/http-body-1.0.1.crate) = 6125
+SHA256 (rust/crates/http-body-util-0.1.2.crate) = 793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f
+SIZE (rust/crates/http-body-util-0.1.2.crate) = 12821
+SHA256 (rust/crates/http-range-header-0.4.2.crate) = 9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c
+SIZE (rust/crates/http-range-header-0.4.2.crate) = 8545
+SHA256 (rust/crates/httparse-1.9.5.crate) = 7d71d3574edd2771538b901e6549113b4006ece66150fb69c0fb6d9a2adae946
+SIZE (rust/crates/httparse-1.9.5.crate) = 39029
+SHA256 (rust/crates/httpdate-1.0.3.crate) = df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9
+SIZE (rust/crates/httpdate-1.0.3.crate) = 10639
+SHA256 (rust/crates/humansize-2.1.3.crate) = 6cb51c9a029ddc91b07a787f1d86b53ccfa49b0e86688c946ebe8d3555685dd7
+SIZE (rust/crates/humansize-2.1.3.crate) = 11953
+SHA256 (rust/crates/hyper-0.14.32.crate) = 41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7
+SIZE (rust/crates/hyper-0.14.32.crate) = 199622
+SHA256 (rust/crates/hyper-1.5.2.crate) = 256fb8d4bd6413123cc9d91832d78325c48ff41677595be797d90f42969beae0
+SIZE (rust/crates/hyper-1.5.2.crate) = 152817
+SHA256 (rust/crates/hyper-rustls-0.24.2.crate) = ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590
+SIZE (rust/crates/hyper-rustls-0.24.2.crate) = 30195
+SHA256 (rust/crates/hyper-rustls-0.27.5.crate) = 2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2
+SIZE (rust/crates/hyper-rustls-0.27.5.crate) = 34660
+SHA256 (rust/crates/hyper-timeout-0.4.1.crate) = bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1
+SIZE (rust/crates/hyper-timeout-0.4.1.crate) = 13805
+SHA256 (rust/crates/hyper-tls-0.6.0.crate) = 70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0
+SIZE (rust/crates/hyper-tls-0.6.0.crate) = 15052
+SHA256 (rust/crates/hyper-util-0.1.10.crate) = df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4
+SIZE (rust/crates/hyper-util-0.1.10.crate) = 72887
+SHA256 (rust/crates/iana-time-zone-0.1.61.crate) = 235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220
+SIZE (rust/crates/iana-time-zone-0.1.61.crate) = 27685
+SHA256 (rust/crates/iana-time-zone-haiku-0.1.2.crate) = f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f
+SIZE (rust/crates/iana-time-zone-haiku-0.1.2.crate) = 7185
+SHA256 (rust/crates/icu_collections-1.5.0.crate) = db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526
+SIZE (rust/crates/icu_collections-1.5.0.crate) = 82762
+SHA256 (rust/crates/icu_locid-1.5.0.crate) = 13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637
+SIZE (rust/crates/icu_locid-1.5.0.crate) = 55131
+SHA256 (rust/crates/icu_locid_transform-1.5.0.crate) = 01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e
+SIZE (rust/crates/icu_locid_transform-1.5.0.crate) = 29094
+SHA256 (rust/crates/icu_locid_transform_data-1.5.0.crate) = fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e
+SIZE (rust/crates/icu_locid_transform_data-1.5.0.crate) = 44727
+SHA256 (rust/crates/icu_normalizer-1.5.0.crate) = 19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f
+SIZE (rust/crates/icu_normalizer-1.5.0.crate) = 53113
+SHA256 (rust/crates/icu_normalizer_data-1.5.0.crate) = f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516
+SIZE (rust/crates/icu_normalizer_data-1.5.0.crate) = 50561
+SHA256 (rust/crates/icu_properties-1.5.1.crate) = 93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5
+SIZE (rust/crates/icu_properties-1.5.1.crate) = 64479
+SHA256 (rust/crates/icu_properties_data-1.5.0.crate) = 67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569
+SIZE (rust/crates/icu_properties_data-1.5.0.crate) = 227993
+SHA256 (rust/crates/icu_provider-1.5.0.crate) = 6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9
+SIZE (rust/crates/icu_provider-1.5.0.crate) = 52722
+SHA256 (rust/crates/icu_provider_macros-1.5.0.crate) = 1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6
+SIZE (rust/crates/icu_provider_macros-1.5.0.crate) = 6436
+SHA256 (rust/crates/ident_case-1.0.1.crate) = b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39
+SIZE (rust/crates/ident_case-1.0.1.crate) = 3492
+SHA256 (rust/crates/idlset-0.2.5.crate) = ef858150272c6cce9db3710a171edf5d3e8844d38680d7657e9b1698efe8d97b
+SIZE (rust/crates/idlset-0.2.5.crate) = 106725
+SHA256 (rust/crates/idna-1.0.3.crate) = 686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e
+SIZE (rust/crates/idna-1.0.3.crate) = 142515
+SHA256 (rust/crates/idna_adapter-1.2.0.crate) = daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71
+SIZE (rust/crates/idna_adapter-1.2.0.crate) = 8206
+SHA256 (rust/crates/image-0.23.14.crate) = 24ffcb7e7244a9bf19d35bf2883b9c080c4ced3c07a9895572178cdb8f13f6a1
+SIZE (rust/crates/image-0.23.14.crate) = 226804
+SHA256 (rust/crates/image-0.24.9.crate) = 5690139d2f55868e080017335e4b94cb7414274c74f1669c84fb5feba2c9f69d
+SIZE (rust/crates/image-0.24.9.crate) = 9261055
+SHA256 (rust/crates/indexmap-1.9.3.crate) = bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99
+SIZE (rust/crates/indexmap-1.9.3.crate) = 54653
+SHA256 (rust/crates/indexmap-2.7.0.crate) = 62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f
+SIZE (rust/crates/indexmap-2.7.0.crate) = 85335
+SHA256 (rust/crates/inotify-0.9.6.crate) = f8069d3ec154eb856955c1c0fbffefbf5f3c40a104ec912d4797314c1801abff
+SIZE (rust/crates/inotify-0.9.6.crate) = 22971
+SHA256 (rust/crates/inotify-sys-0.1.5.crate) = e05c02b5e89bff3b946cedeca278abc628fe811e604f027c45a8aa3cf793d0eb
+SIZE (rust/crates/inotify-sys-0.1.5.crate) = 6965
+SHA256 (rust/crates/ipnet-2.10.1.crate) = ddc24109865250148c2e0f3d25d4f0f479571723792d3802153c60922a4fb708
+SIZE (rust/crates/ipnet-2.10.1.crate) = 28407
+SHA256 (rust/crates/is_terminal_polyfill-1.70.1.crate) = 7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf
+SIZE (rust/crates/is_terminal_polyfill-1.70.1.crate) = 7492
+SHA256 (rust/crates/itertools-0.10.5.crate) = b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473
+SIZE (rust/crates/itertools-0.10.5.crate) = 115354
+SHA256 (rust/crates/itertools-0.13.0.crate) = 413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186
+SIZE (rust/crates/itertools-0.13.0.crate) = 146261
+SHA256 (rust/crates/itoa-1.0.14.crate) = d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674
+SIZE (rust/crates/itoa-1.0.14.crate) = 11210
+SHA256 (rust/crates/jpeg-decoder-0.3.1.crate) = f5d4a7da358eff58addd2877a45865158f0d78c911d43a5784ceb7bbf52833b0
+SIZE (rust/crates/jpeg-decoder-0.3.1.crate) = 744364
+SHA256 (rust/crates/js-sys-0.3.76.crate) = 6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7
+SIZE (rust/crates/js-sys-0.3.76.crate) = 54420
+SHA256 (rust/crates/jsonschema-0.28.0.crate) = 74d8eb539cdb4222da29bb658cc9881aa2477b33fb1a74c5c31450395fc1a4b2
+SIZE (rust/crates/jsonschema-0.28.0.crate) = 99139
+SHA256 (rust/crates/kanidm-hsm-crypto-0.2.0.crate) = 10b3ed8e86cda3da4f274c677a3057d567bd7b715a0feb06a656e55cc75faf5e
+SIZE (rust/crates/kanidm-hsm-crypto-0.2.0.crate) = 29700
+SHA256 (rust/crates/kqueue-1.0.8.crate) = 7447f1ca1b7b563588a205fe93dea8df60fd981423a768bc1c0ded35ed147d0c
+SIZE (rust/crates/kqueue-1.0.8.crate) = 12642
+SHA256 (rust/crates/kqueue-sys-1.0.4.crate) = ed9625ffda8729b85e45cf04090035ac368927b8cebc34898e7c120f52e4838b
+SIZE (rust/crates/kqueue-sys-1.0.4.crate) = 7160
+SHA256 (rust/crates/lazy_static-1.5.0.crate) = bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe
+SIZE (rust/crates/lazy_static-1.5.0.crate) = 14025
+SHA256 (rust/crates/lazycell-1.3.0.crate) = 830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55
+SIZE (rust/crates/lazycell-1.3.0.crate) = 12502
+SHA256 (rust/crates/lber-0.4.2.crate) = 2df7f9fd9f64cf8f59e1a4a0753fe7d575a5b38d3d7ac5758dcee9357d83ef0a
+SIZE (rust/crates/lber-0.4.2.crate) = 8107
+SHA256 (rust/crates/ldap3_client-0.5.2.crate) = c6027fc899bda353fe645cdcab9de93b0d2fa4731c105ad449fed22c455b61ff
+SIZE (rust/crates/ldap3_client-0.5.2.crate) = 7678
+SHA256 (rust/crates/ldap3_proto-0.5.2.crate) = e9a047c1b49d3b4da70f52ac54310dcd879c9b7fef658615ff17f6212ae7411e
+SIZE (rust/crates/ldap3_proto-0.5.2.crate) = 43605
+SHA256 (rust/crates/libc-0.2.169.crate) = b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a
+SIZE (rust/crates/libc-0.2.169.crate) = 757901
+SHA256 (rust/crates/libloading-0.8.6.crate) = fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34
+SIZE (rust/crates/libloading-0.8.6.crate) = 28922
+SHA256 (rust/crates/libm-0.2.11.crate) = 8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa
+SIZE (rust/crates/libm-0.2.11.crate) = 111477
+SHA256 (rust/crates/libmimalloc-sys-0.1.39.crate) = 23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44
+SIZE (rust/crates/libmimalloc-sys-0.1.39.crate) = 198523
+SHA256 (rust/crates/libnss-0.8.0.crate) = 3c4bc0291fc787d67c56e9ed79b80780e53bfb9be173177f301ee666cec1021b
+SIZE (rust/crates/libnss-0.8.0.crate) = 7015
+SHA256 (rust/crates/libredox-0.1.3.crate) = c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d
+SIZE (rust/crates/libredox-0.1.3.crate) = 6068
+SHA256 (rust/crates/libsqlite3-sys-0.25.2.crate) = 29f835d03d717946d28b1d1ed632eb6f0e24a299388ee623d0c23118d3e8a7fa
+SIZE (rust/crates/libsqlite3-sys-0.25.2.crate) = 4841525
+SHA256 (rust/crates/libudev-0.2.0.crate) = ea626d3bdf40a1c5aee3bcd4f40826970cae8d80a8fec934c82a63840094dcfe
+SIZE (rust/crates/libudev-0.2.0.crate) = 8833
+SHA256 (rust/crates/libudev-sys-0.1.4.crate) = 3c8469b4a23b962c1396b9b451dda50ef5b283e8dd309d69033475fa9b334324
+SIZE (rust/crates/libudev-sys-0.1.4.crate) = 6177
+SHA256 (rust/crates/linux-raw-sys-0.4.14.crate) = 78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89
+SIZE (rust/crates/linux-raw-sys-0.4.14.crate) = 1826665
+SHA256 (rust/crates/litemap-0.7.4.crate) = 4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104
+SIZE (rust/crates/litemap-0.7.4.crate) = 28257
+SHA256 (rust/crates/litrs-0.4.1.crate) = b4ce301924b7887e9d637144fdade93f9dfff9b60981d4ac161db09720d39aa5
+SIZE (rust/crates/litrs-0.4.1.crate) = 42603
+SHA256 (rust/crates/lock_api-0.4.12.crate) = 07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17
+SIZE (rust/crates/lock_api-0.4.12.crate) = 27591
+SHA256 (rust/crates/lodepng-3.10.7.crate) = 7b2dea7cda68e381418c985fd8f32a9c279a21ae8c715f2376adb20c27a0fad3
+SIZE (rust/crates/lodepng-3.10.7.crate) = 52706
+SHA256 (rust/crates/log-0.4.22.crate) = a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24
+SIZE (rust/crates/log-0.4.22.crate) = 44027
+SHA256 (rust/crates/lru-0.12.5.crate) = 234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38
+SIZE (rust/crates/lru-0.12.5.crate) = 16047
+SHA256 (rust/crates/malloced-1.3.1.crate) = 6dfebb2f9e0b39509c62eead6ec7ae0c0ed45bb61d12bbcf4e976c566c5400ec
+SIZE (rust/crates/malloced-1.3.1.crate) = 12129
+SHA256 (rust/crates/matchers-0.1.0.crate) = 8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558
+SIZE (rust/crates/matchers-0.1.0.crate) = 6948
+SHA256 (rust/crates/matchit-0.7.3.crate) = 0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94
+SIZE (rust/crates/matchit-0.7.3.crate) = 30372
+SHA256 (rust/crates/mathru-0.13.0.crate) = 9a42bf938e4c9a6ad581cf528d5606eb50c5458ac759ca23719291e2f6499bec
+SIZE (rust/crates/mathru-0.13.0.crate) = 494915
+SHA256 (rust/crates/memchr-2.7.4.crate) = 78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3
+SIZE (rust/crates/memchr-2.7.4.crate) = 96670
+SHA256 (rust/crates/memmap2-0.9.5.crate) = fd3f7eed9d3848f8b98834af67102b720745c4ec028fcd0aa0239277e7de374f
+SIZE (rust/crates/memmap2-0.9.5.crate) = 33280
+SHA256 (rust/crates/memoffset-0.8.0.crate) = d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1
+SIZE (rust/crates/memoffset-0.8.0.crate) = 8912
+SHA256 (rust/crates/mimalloc-0.1.43.crate) = 68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633
+SIZE (rust/crates/mimalloc-0.1.43.crate) = 4075
+SHA256 (rust/crates/mime-0.3.17.crate) = 6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a
+SIZE (rust/crates/mime-0.3.17.crate) = 15712
+SHA256 (rust/crates/mime_guess-2.0.5.crate) = f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e
+SIZE (rust/crates/mime_guess-2.0.5.crate) = 27166
+SHA256 (rust/crates/minimal-lexical-0.2.1.crate) = 68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a
+SIZE (rust/crates/minimal-lexical-0.2.1.crate) = 94841
+SHA256 (rust/crates/miniz_oxide-0.8.2.crate) = 4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394
+SIZE (rust/crates/miniz_oxide-0.8.2.crate) = 59068
+SHA256 (rust/crates/mintex-0.1.3.crate) = 9bec4598fddb13cc7b528819e697852653252b760f1228b7642679bf2ff2cd07
+SIZE (rust/crates/mintex-0.1.3.crate) = 6769
+SHA256 (rust/crates/mio-0.8.11.crate) = a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c
+SIZE (rust/crates/mio-0.8.11.crate) = 102983
+SHA256 (rust/crates/mio-1.0.3.crate) = 2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd
+SIZE (rust/crates/mio-1.0.3.crate) = 103703
+SHA256 (rust/crates/multer-3.1.0.crate) = 83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b
+SIZE (rust/crates/multer-3.1.0.crate) = 25980
+SHA256 (rust/crates/native-tls-0.2.12.crate) = a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466
+SIZE (rust/crates/native-tls-0.2.12.crate) = 29517
+SHA256 (rust/crates/nix-0.29.0.crate) = 71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46
+SIZE (rust/crates/nix-0.29.0.crate) = 318248
+SHA256 (rust/crates/nom-7.1.3.crate) = d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a
+SIZE (rust/crates/nom-7.1.3.crate) = 117570
+SHA256 (rust/crates/nonempty-0.8.1.crate) = aeaf4ad7403de93e699c191202f017118df734d3850b01e13a3a8b2e6953d3c9
+SIZE (rust/crates/nonempty-0.8.1.crate) = 9782
+SHA256 (rust/crates/notify-6.1.1.crate) = 6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d
+SIZE (rust/crates/notify-6.1.1.crate) = 40117
+SHA256 (rust/crates/notify-debouncer-full-0.1.0.crate) = f4812c1eb49be776fb8df4961623bdc01ec9dfdc1abe8211ceb09150a2e64219
+SIZE (rust/crates/notify-debouncer-full-0.1.0.crate) = 13595
+SHA256 (rust/crates/nu-ansi-term-0.46.0.crate) = 77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84
+SIZE (rust/crates/nu-ansi-term-0.46.0.crate) = 24311
+SHA256 (rust/crates/num-0.4.3.crate) = 35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23
+SIZE (rust/crates/num-0.4.3.crate) = 9575
+SHA256 (rust/crates/num-bigint-0.4.6.crate) = a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9
+SIZE (rust/crates/num-bigint-0.4.6.crate) = 102801
+SHA256 (rust/crates/num-cmp-0.1.0.crate) = 63335b2e2c34fae2fb0aa2cecfd9f0832a1e24b3b32ecec612c3426d46dc8aaa
+SIZE (rust/crates/num-cmp-0.1.0.crate) = 15375
+SHA256 (rust/crates/num-complex-0.4.6.crate) = 73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495
+SIZE (rust/crates/num-complex-0.4.6.crate) = 30352
+SHA256 (rust/crates/num-conv-0.1.0.crate) = 51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9
+SIZE (rust/crates/num-conv-0.1.0.crate) = 7444
+SHA256 (rust/crates/num-derive-0.3.3.crate) = 876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d
+SIZE (rust/crates/num-derive-0.3.3.crate) = 14545
+SHA256 (rust/crates/num-integer-0.1.46.crate) = 7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f
+SIZE (rust/crates/num-integer-0.1.46.crate) = 22331
+SHA256 (rust/crates/num-iter-0.1.45.crate) = 1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf
+SIZE (rust/crates/num-iter-0.1.45.crate) = 10320
+SHA256 (rust/crates/num-rational-0.3.2.crate) = 12ac428b1cb17fce6f731001d307d351ec70a6d202fc2e60f7d4c5e42d8f4f07
+SIZE (rust/crates/num-rational-0.3.2.crate) = 26359
+SHA256 (rust/crates/num-rational-0.4.2.crate) = f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824
+SIZE (rust/crates/num-rational-0.4.2.crate) = 28159
+SHA256 (rust/crates/num-traits-0.2.19.crate) = 071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841
+SIZE (rust/crates/num-traits-0.2.19.crate) = 51631
+SHA256 (rust/crates/num_enum-0.5.11.crate) = 1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9
+SIZE (rust/crates/num_enum-0.5.11.crate) = 16772
+SHA256 (rust/crates/num_enum_derive-0.5.11.crate) = dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799
+SIZE (rust/crates/num_enum_derive-0.5.11.crate) = 15552
+SHA256 (rust/crates/num_threads-0.1.7.crate) = 5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9
+SIZE (rust/crates/num_threads-0.1.7.crate) = 7455
+SHA256 (rust/crates/oauth2-4.4.2.crate) = c38841cdd844847e3e7c8d29cef9dcfed8877f8f56f9071f77843ecf3baf937f
+SIZE (rust/crates/oauth2-4.4.2.crate) = 74489
+SHA256 (rust/crates/object-0.36.5.crate) = aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e
+SIZE (rust/crates/object-0.36.5.crate) = 327435
+SHA256 (rust/crates/oid-0.2.1.crate) = 9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2
+SIZE (rust/crates/oid-0.2.1.crate) = 12533
+SHA256 (rust/crates/oid-registry-0.7.1.crate) = a8d8034d9489cdaf79228eb9f6a3b8d7bb32ba00d6645ebd48eef4077ceb5bd9
+SIZE (rust/crates/oid-registry-0.7.1.crate) = 15220
+SHA256 (rust/crates/once_cell-1.20.2.crate) = 1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775
+SIZE (rust/crates/once_cell-1.20.2.crate) = 33394
+SHA256 (rust/crates/openssl-0.10.68.crate) = 6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5
+SIZE (rust/crates/openssl-0.10.68.crate) = 276578
+SHA256 (rust/crates/openssl-macros-0.1.1.crate) = a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c
+SIZE (rust/crates/openssl-macros-0.1.1.crate) = 5601
+SHA256 (rust/crates/openssl-probe-0.1.5.crate) = ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf
+SIZE (rust/crates/openssl-probe-0.1.5.crate) = 7227
+SHA256 (rust/crates/openssl-sys-0.9.104.crate) = 45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741
+SIZE (rust/crates/openssl-sys-0.9.104.crate) = 72287
+SHA256 (rust/crates/opentelemetry-0.20.0.crate) = 9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54
+SIZE (rust/crates/opentelemetry-0.20.0.crate) = 15313
+SHA256 (rust/crates/opentelemetry-http-0.9.0.crate) = c7594ec0e11d8e33faf03530a4c49af7064ebba81c1480e01be67d90b356508b
+SIZE (rust/crates/opentelemetry-http-0.9.0.crate) = 8772
+SHA256 (rust/crates/opentelemetry-otlp-0.13.0.crate) = 7e5e5a5c4135864099f3faafbe939eb4d7f9b80ebf68a8448da961b32a7c1275
+SIZE (rust/crates/opentelemetry-otlp-0.13.0.crate) = 30421
+SHA256 (rust/crates/opentelemetry-proto-0.3.0.crate) = b1e3f814aa9f8c905d0ee4bde026afd3b2577a97c10e1699912e3e44f0c4cbeb
+SIZE (rust/crates/opentelemetry-proto-0.3.0.crate) = 182707
+SHA256 (rust/crates/opentelemetry-semantic-conventions-0.12.0.crate) = 73c9f9340ad135068800e7f1b24e9e09ed9e7143f5bf8518ded3d3ec69789269
+SIZE (rust/crates/opentelemetry-semantic-conventions-0.12.0.crate) = 32096
+SHA256 (rust/crates/opentelemetry_api-0.20.0.crate) = 8a81f725323db1b1206ca3da8bb19874bbd3f57c3bcd59471bfb04525b265b9b
+SIZE (rust/crates/opentelemetry_api-0.20.0.crate) = 60100
+SHA256 (rust/crates/opentelemetry_sdk-0.20.0.crate) = fa8e705a0612d48139799fcbaba0d4a90f06277153e43dd2bdc16c6f0edd8026
+SIZE (rust/crates/opentelemetry_sdk-0.20.0.crate) = 103022
+SHA256 (rust/crates/ordered-float-3.9.2.crate) = f1e1c390732d15f1d48471625cd92d154e66db2c56645e29a9cd26f4699f72dc
+SIZE (rust/crates/ordered-float-3.9.2.crate) = 19788
+SHA256 (rust/crates/outref-0.5.1.crate) = 4030760ffd992bef45b0ae3f10ce1aba99e33464c90d14dd7c039884963ddc7a
+SIZE (rust/crates/outref-0.5.1.crate) = 3957
+SHA256 (rust/crates/overload-0.1.1.crate) = b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39
+SIZE (rust/crates/overload-0.1.1.crate) = 24439
+SHA256 (rust/crates/parking_lot-0.12.3.crate) = f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27
+SIZE (rust/crates/parking_lot-0.12.3.crate) = 41860
+SHA256 (rust/crates/parking_lot_core-0.9.10.crate) = 1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8
+SIZE (rust/crates/parking_lot_core-0.9.10.crate) = 32406
+SHA256 (rust/crates/password-hash-0.5.0.crate) = 346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166
+SIZE (rust/crates/password-hash-0.5.0.crate) = 26884
+SHA256 (rust/crates/paste-1.0.15.crate) = 57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a
+SIZE (rust/crates/paste-1.0.15.crate) = 18374
+SHA256 (rust/crates/peeking_take_while-0.1.2.crate) = 19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099
+SIZE (rust/crates/peeking_take_while-0.1.2.crate) = 6697
+SHA256 (rust/crates/peg-0.8.4.crate) = 295283b02df346d1ef66052a757869b2876ac29a6bb0ac3f5f7cd44aebe40e8f
+SIZE (rust/crates/peg-0.8.4.crate) = 19291
+SHA256 (rust/crates/peg-macros-0.8.4.crate) = bdad6a1d9cf116a059582ce415d5f5566aabcd4008646779dab7fdc2a9a9d426
+SIZE (rust/crates/peg-macros-0.8.4.crate) = 29722
+SHA256 (rust/crates/peg-runtime-0.8.3.crate) = e3aeb8f54c078314c2065ee649a7241f46b9d8e418e1a9581ba0546657d7aa3a
+SIZE (rust/crates/peg-runtime-0.8.3.crate) = 4159
+SHA256 (rust/crates/pem-rfc7468-0.7.0.crate) = 88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412
+SIZE (rust/crates/pem-rfc7468-0.7.0.crate) = 24159
+SHA256 (rust/crates/percent-encoding-2.3.1.crate) = e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e
+SIZE (rust/crates/percent-encoding-2.3.1.crate) = 10235
+SHA256 (rust/crates/petgraph-0.6.5.crate) = b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db
+SIZE (rust/crates/petgraph-0.6.5.crate) = 710970
+SHA256 (rust/crates/picky-asn1-0.8.0.crate) = 295eea0f33c16be21e2a98b908fdd4d73c04dd48c8480991b76dbcf0cb58b212
+SIZE (rust/crates/picky-asn1-0.8.0.crate) = 19901
+SHA256 (rust/crates/picky-asn1-der-0.4.1.crate) = 5df7873a9e36d42dadb393bea5e211fe83d793c172afad5fb4ec846ec582793f
+SIZE (rust/crates/picky-asn1-der-0.4.1.crate) = 20924
+SHA256 (rust/crates/picky-asn1-x509-0.12.0.crate) = 2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208
+SIZE (rust/crates/picky-asn1-x509-0.12.0.crate) = 98267
+SHA256 (rust/crates/pin-project-1.1.7.crate) = be57f64e946e500c8ee36ef6331845d40a93055567ec57e8fae13efd33759b95
+SIZE (rust/crates/pin-project-1.1.7.crate) = 55438
+SHA256 (rust/crates/pin-project-internal-1.1.7.crate) = 3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c
+SIZE (rust/crates/pin-project-internal-1.1.7.crate) = 28549
+SHA256 (rust/crates/pin-project-lite-0.2.15.crate) = 915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff
+SIZE (rust/crates/pin-project-lite-0.2.15.crate) = 29683
+SHA256 (rust/crates/pin-utils-0.1.0.crate) = 8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184
+SIZE (rust/crates/pin-utils-0.1.0.crate) = 7580
+SHA256 (rust/crates/pkg-config-0.3.31.crate) = 953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2
+SIZE (rust/crates/pkg-config-0.3.31.crate) = 20880
+SHA256 (rust/crates/powerfmt-0.2.0.crate) = 439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391
+SIZE (rust/crates/powerfmt-0.2.0.crate) = 15165
+SHA256 (rust/crates/ppv-lite86-0.2.20.crate) = 77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04
+SIZE (rust/crates/ppv-lite86-0.2.20.crate) = 22478
+SHA256 (rust/crates/prctl-1.0.0.crate) = 059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52
+SIZE (rust/crates/prctl-1.0.0.crate) = 5084
+SHA256 (rust/crates/predicates-3.1.3.crate) = a5d19ee57562043d37e82899fade9a22ebab7be9cef5026b07fda9cdd4293573
+SIZE (rust/crates/predicates-3.1.3.crate) = 24063
+SHA256 (rust/crates/predicates-core-1.0.9.crate) = 727e462b119fe9c93fd0eb1429a5f7647394014cf3c04ab2c0350eeb09095ffa
+SIZE (rust/crates/predicates-core-1.0.9.crate) = 8618
+SHA256 (rust/crates/predicates-tree-1.0.12.crate) = 72dd2d6d381dfb73a193c7fca536518d7caee39fc8503f74e7dc0be0531b425c
+SIZE (rust/crates/predicates-tree-1.0.12.crate) = 8392
+SHA256 (rust/crates/prettyplease-0.2.25.crate) = 64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033
+SIZE (rust/crates/prettyplease-0.2.25.crate) = 58681
+SHA256 (rust/crates/proc-macro-crate-1.3.1.crate) = 7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919
+SIZE (rust/crates/proc-macro-crate-1.3.1.crate) = 9678
+SHA256 (rust/crates/proc-macro-error-1.0.4.crate) = da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c
+SIZE (rust/crates/proc-macro-error-1.0.4.crate) = 25293
+SHA256 (rust/crates/proc-macro-error-attr-1.0.4.crate) = a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869
+SIZE (rust/crates/proc-macro-error-attr-1.0.4.crate) = 7971
+SHA256 (rust/crates/proc-macro2-1.0.92.crate) = 37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0
+SIZE (rust/crates/proc-macro2-1.0.92.crate) = 52353
+SHA256 (rust/crates/prodash-28.0.0.crate) = 744a264d26b88a6a7e37cbad97953fa233b94d585236310bcbc88474b4092d79
+SIZE (rust/crates/prodash-28.0.0.crate) = 90695
+SHA256 (rust/crates/prost-0.11.9.crate) = 0b82eaa1d779e9a4bc1c3217db8ffbeabaae1dca241bf70183242128d48681cd
+SIZE (rust/crates/prost-0.11.9.crate) = 28958
+SHA256 (rust/crates/prost-derive-0.11.9.crate) = e5d2d8d10f3c6ded6da8b05b5fb3b8a5082514344d56c9f871412d29b4e075b4
+SIZE (rust/crates/prost-derive-0.11.9.crate) = 19513
+SHA256 (rust/crates/psl-types-2.0.11.crate) = 33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac
+SIZE (rust/crates/psl-types-2.0.11.crate) = 7959
+SHA256 (rust/crates/publicsuffix-2.3.0.crate) = 6f42ea446cab60335f76979ec15e12619a2165b5ae2c12166bef27d283a9fadf
+SIZE (rust/crates/publicsuffix-2.3.0.crate) = 87890
+SHA256 (rust/crates/qrcode-0.12.0.crate) = 16d2f1455f3630c6e5107b4f2b94e74d76dea80736de0981fd27644216cff57f
+SIZE (rust/crates/qrcode-0.12.0.crate) = 58072
+SHA256 (rust/crates/quick-error-2.0.1.crate) = a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3
+SIZE (rust/crates/quick-error-2.0.1.crate) = 14265
+SHA256 (rust/crates/quinn-0.11.6.crate) = 62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef
+SIZE (rust/crates/quinn-0.11.6.crate) = 78222
+SHA256 (rust/crates/quinn-proto-0.11.9.crate) = a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d
+SIZE (rust/crates/quinn-proto-0.11.9.crate) = 209286
+SHA256 (rust/crates/quinn-udp-0.5.9.crate) = 1c40286217b4ba3a71d644d752e6a0b71f13f1b6a2c5311acfcbe0c2418ed904
+SIZE (rust/crates/quinn-udp-0.5.9.crate) = 25342
+SHA256 (rust/crates/quote-1.0.38.crate) = 0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc
+SIZE (rust/crates/quote-1.0.38.crate) = 31252
+SHA256 (rust/crates/rand-0.8.5.crate) = 34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404
+SIZE (rust/crates/rand-0.8.5.crate) = 87113
+SHA256 (rust/crates/rand_chacha-0.3.1.crate) = e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88
+SIZE (rust/crates/rand_chacha-0.3.1.crate) = 15251
+SHA256 (rust/crates/rand_core-0.6.4.crate) = ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c
+SIZE (rust/crates/rand_core-0.6.4.crate) = 22666
+SHA256 (rust/crates/redox_syscall-0.5.8.crate) = 03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834
+SIZE (rust/crates/redox_syscall-0.5.8.crate) = 26319
+SHA256 (rust/crates/redox_users-0.4.6.crate) = ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43
+SIZE (rust/crates/redox_users-0.4.6.crate) = 15585
+SHA256 (rust/crates/ref-cast-1.0.23.crate) = ccf0a6f84d5f1d581da8b41b47ec8600871962f2a528115b542b362d4b744931
+SIZE (rust/crates/ref-cast-1.0.23.crate) = 12795
+SHA256 (rust/crates/ref-cast-impl-1.0.23.crate) = bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6
+SIZE (rust/crates/ref-cast-impl-1.0.23.crate) = 9360
+SHA256 (rust/crates/reference-counted-singleton-0.1.5.crate) = 5daffa8f5ca827e146485577fa9dba9bd9c6921e06e954ab8f6408c10f753086
+SIZE (rust/crates/reference-counted-singleton-0.1.5.crate) = 6309
+SHA256 (rust/crates/referencing-0.28.0.crate) = 093a875008827c0ae15c746189966e162faa05bf347719d06302c548ac63630f
+SIZE (rust/crates/referencing-0.28.0.crate) = 28820
+SHA256 (rust/crates/regex-1.11.1.crate) = b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191
+SIZE (rust/crates/regex-1.11.1.crate) = 254170
+SHA256 (rust/crates/regex-automata-0.1.10.crate) = 6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132
+SIZE (rust/crates/regex-automata-0.1.10.crate) = 114533
+SHA256 (rust/crates/regex-automata-0.4.9.crate) = 809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908
+SIZE (rust/crates/regex-automata-0.4.9.crate) = 618525
+SHA256 (rust/crates/regex-syntax-0.6.29.crate) = f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1
+SIZE (rust/crates/regex-syntax-0.6.29.crate) = 299752
+SHA256 (rust/crates/regex-syntax-0.8.5.crate) = 2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c
+SIZE (rust/crates/regex-syntax-0.8.5.crate) = 357541
+SHA256 (rust/crates/reqwest-0.11.27.crate) = dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62
+SIZE (rust/crates/reqwest-0.11.27.crate) = 163155
+SHA256 (rust/crates/reqwest-0.12.11.crate) = 7fe060fe50f524be480214aba758c71f99f90ee8c83c5a36b5e9e1d568eb4eb3
+SIZE (rust/crates/reqwest-0.12.11.crate) = 193279
+SHA256 (rust/crates/rgb-0.8.50.crate) = 57397d16646700483b67d2dd6511d79318f9d057fdbd21a4066aeac8b41d310a
+SIZE (rust/crates/rgb-0.8.50.crate) = 21980
+SHA256 (rust/crates/ring-0.17.8.crate) = c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d
+SIZE (rust/crates/ring-0.17.8.crate) = 4188554
+SHA256 (rust/crates/rpassword-5.0.1.crate) = ffc936cf8a7ea60c58f030fd36a612a48f440610214dc54bc36431f9ea0c3efb
+SIZE (rust/crates/rpassword-5.0.1.crate) = 11109
+SHA256 (rust/crates/runloop-0.1.0.crate) = 5d79b4b604167921892e84afbbaad9d5ad74e091bf6c511d9dbfb0593f09fabd
+SIZE (rust/crates/runloop-0.1.0.crate) = 8610
+SHA256 (rust/crates/rusqlite-0.28.0.crate) = 01e213bc3ecb39ac32e81e51ebe31fd888a940515173e3a18a35f8c6e896422a
+SIZE (rust/crates/rusqlite-0.28.0.crate) = 137504
+SHA256 (rust/crates/rust-embed-8.5.0.crate) = fa66af4a4fdd5e7ebc276f115e895611a34739a9c1c01028383d612d550953c0
+SIZE (rust/crates/rust-embed-8.5.0.crate) = 904054
+SHA256 (rust/crates/rust-embed-impl-8.5.0.crate) = 6125dbc8867951125eec87294137f4e9c2c96566e61bf72c45095a7c77761478
+SIZE (rust/crates/rust-embed-impl-8.5.0.crate) = 6004
+SHA256 (rust/crates/rust-embed-utils-8.5.0.crate) = 2e5347777e9aacb56039b0e1f28785929a8a3b709e87482e7442c72e7c12529d
+SIZE (rust/crates/rust-embed-utils-8.5.0.crate) = 3445
+SHA256 (rust/crates/rustc-demangle-0.1.24.crate) = 719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f
+SIZE (rust/crates/rustc-demangle-0.1.24.crate) = 29047
+SHA256 (rust/crates/rustc-hash-1.1.0.crate) = 08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2
+SIZE (rust/crates/rustc-hash-1.1.0.crate) = 9331
+SHA256 (rust/crates/rustc-hash-2.1.0.crate) = c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497
+SIZE (rust/crates/rustc-hash-2.1.0.crate) = 13316
+SHA256 (rust/crates/rusticata-macros-4.1.0.crate) = faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632
+SIZE (rust/crates/rusticata-macros-4.1.0.crate) = 11746
+SHA256 (rust/crates/rustix-0.38.42.crate) = f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85
+SIZE (rust/crates/rustix-0.38.42.crate) = 378683
+SHA256 (rust/crates/rustls-0.21.12.crate) = 3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e
+SIZE (rust/crates/rustls-0.21.12.crate) = 285674
+SHA256 (rust/crates/rustls-0.23.20.crate) = 5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b
+SIZE (rust/crates/rustls-0.23.20.crate) = 335933
+SHA256 (rust/crates/rustls-native-certs-0.8.1.crate) = 7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3
+SIZE (rust/crates/rustls-native-certs-0.8.1.crate) = 31129
+SHA256 (rust/crates/rustls-pemfile-1.0.4.crate) = 1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c
+SIZE (rust/crates/rustls-pemfile-1.0.4.crate) = 22092
+SHA256 (rust/crates/rustls-pemfile-2.2.0.crate) = dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50
+SIZE (rust/crates/rustls-pemfile-2.2.0.crate) = 25849
+SHA256 (rust/crates/rustls-pki-types-1.10.1.crate) = d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37
+SIZE (rust/crates/rustls-pki-types-1.10.1.crate) = 58944
+SHA256 (rust/crates/rustls-webpki-0.101.7.crate) = 8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765
+SIZE (rust/crates/rustls-webpki-0.101.7.crate) = 168808
+SHA256 (rust/crates/rustls-webpki-0.102.8.crate) = 64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9
+SIZE (rust/crates/rustls-webpki-0.102.8.crate) = 204327
+SHA256 (rust/crates/rustversion-1.0.18.crate) = 0e819f2bc632f285be6d7cd36e25940d45b2391dd6d9b939e79de557f7014248
+SIZE (rust/crates/rustversion-1.0.18.crate) = 17794
+SHA256 (rust/crates/ryu-1.0.18.crate) = f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f
+SIZE (rust/crates/ryu-1.0.18.crate) = 47713
+SHA256 (rust/crates/same-file-1.0.6.crate) = 93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502
+SIZE (rust/crates/same-file-1.0.6.crate) = 10183
+SHA256 (rust/crates/schannel-0.1.27.crate) = 1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d
+SIZE (rust/crates/schannel-0.1.27.crate) = 42772
+SHA256 (rust/crates/scopeguard-1.2.0.crate) = 94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49
+SIZE (rust/crates/scopeguard-1.2.0.crate) = 11619
+SHA256 (rust/crates/sct-0.7.1.crate) = da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414
+SIZE (rust/crates/sct-0.7.1.crate) = 27501
+SHA256 (rust/crates/sd-notify-0.4.3.crate) = 1be20c5f7f393ee700f8b2f28ea35812e4e212f40774b550cd2a93ea91684451
+SIZE (rust/crates/sd-notify-0.4.3.crate) = 11900
+SHA256 (rust/crates/security-framework-2.11.1.crate) = 897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02
+SIZE (rust/crates/security-framework-2.11.1.crate) = 80188
+SHA256 (rust/crates/security-framework-3.1.0.crate) = 81d3f8c9bfcc3cbb6b0179eb57042d75b1582bdc65c3cb95f3fa999509c03cbc
+SIZE (rust/crates/security-framework-3.1.0.crate) = 85399
+SHA256 (rust/crates/security-framework-sys-2.13.0.crate) = 1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5
+SIZE (rust/crates/security-framework-sys-2.13.0.crate) = 20496
+SHA256 (rust/crates/selinux-0.4.6.crate) = 0139b2436c81305eb6bda33af151851f75bd62783817b25f44daa371119c30b5
+SIZE (rust/crates/selinux-0.4.6.crate) = 37249
+SHA256 (rust/crates/selinux-sys-0.6.13.crate) = e5e6e2b8e07a8ff45c90f8e3611bf10c4da7a28d73a26f9ede04f927da234f52
+SIZE (rust/crates/selinux-sys-0.6.13.crate) = 9067
+SHA256 (rust/crates/semver-1.0.24.crate) = 3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba
+SIZE (rust/crates/semver-1.0.24.crate) = 31267
+SHA256 (rust/crates/serde-1.0.217.crate) = 02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70
+SIZE (rust/crates/serde-1.0.217.crate) = 79019
+SHA256 (rust/crates/serde_bytes-0.11.15.crate) = 387cc504cb06bb40a96c8e04e951fe01854cf6bc921053c954e4a606d9675c6a
+SIZE (rust/crates/serde_bytes-0.11.15.crate) = 12191
+SHA256 (rust/crates/serde_cbor-0.11.2.crate) = 2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5
+SIZE (rust/crates/serde_cbor-0.11.2.crate) = 44570
+SHA256 (rust/crates/serde_cbor_2-0.12.0-dev.crate) = b46d75f449e01f1eddbe9b00f432d616fbbd899b809c837d0fbc380496a0dd55
+SIZE (rust/crates/serde_cbor_2-0.12.0-dev.crate) = 44766
+SHA256 (rust/crates/serde_derive-1.0.217.crate) = 5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0
+SIZE (rust/crates/serde_derive-1.0.217.crate) = 57749
+SHA256 (rust/crates/serde_json-1.0.134.crate) = d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d
+SIZE (rust/crates/serde_json-1.0.134.crate) = 154351
+SHA256 (rust/crates/serde_path_to_error-0.1.16.crate) = af99884400da37c88f5e9146b7f1fd0fbcae8f6eec4e9da38b67d05486f814a6
+SIZE (rust/crates/serde_path_to_error-0.1.16.crate) = 16657
+SHA256 (rust/crates/serde_urlencoded-0.7.1.crate) = d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd
+SIZE (rust/crates/serde_urlencoded-0.7.1.crate) = 12822
+SHA256 (rust/crates/serde_with-3.12.0.crate) = d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa
+SIZE (rust/crates/serde_with-3.12.0.crate) = 148666
+SHA256 (rust/crates/serde_with_macros-3.12.0.crate) = 8d00caa5193a3c8362ac2b73be6b9e768aa5a4b2f721d8f4b339600c3cb51f8e
+SIZE (rust/crates/serde_with_macros-3.12.0.crate) = 32089
+SHA256 (rust/crates/sha-crypt-0.5.0.crate) = 88e79009728d8311d42d754f2f319a975f9e38f156fd5e422d2451486c78b286
+SIZE (rust/crates/sha-crypt-0.5.0.crate) = 14603
+SHA256 (rust/crates/sha1_smol-1.0.1.crate) = bbfa15b3dddfee50a0fff136974b3e1bde555604ba463834a7eb7deb6417705d
+SIZE (rust/crates/sha1_smol-1.0.1.crate) = 9809
+SHA256 (rust/crates/sha2-0.10.8.crate) = 793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8
+SIZE (rust/crates/sha2-0.10.8.crate) = 26357
+SHA256 (rust/crates/sharded-slab-0.1.7.crate) = f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6
+SIZE (rust/crates/sharded-slab-0.1.7.crate) = 58227
+SHA256 (rust/crates/shell-words-1.1.0.crate) = 24188a676b6ae68c3b2cb3a01be17fbf7240ce009799bb56d5b1409051e78fde
+SIZE (rust/crates/shell-words-1.1.0.crate) = 9871
+SHA256 (rust/crates/shellexpand-2.1.2.crate) = 7ccc8076840c4da029af4f87e4e8daeb0fca6b87bbb02e10cb60b791450e11e4
+SIZE (rust/crates/shellexpand-2.1.2.crate) = 16884
+SHA256 (rust/crates/shlex-1.3.0.crate) = 0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64
+SIZE (rust/crates/shlex-1.3.0.crate) = 18713
+SHA256 (rust/crates/signal-hook-registry-1.4.2.crate) = a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1
+SIZE (rust/crates/signal-hook-registry-1.4.2.crate) = 18064
+SHA256 (rust/crates/slab-0.4.9.crate) = 8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67
+SIZE (rust/crates/slab-0.4.9.crate) = 17108
+SHA256 (rust/crates/smallvec-1.13.2.crate) = 3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67
+SIZE (rust/crates/smallvec-1.13.2.crate) = 35216
+SHA256 (rust/crates/smartstring-1.0.1.crate) = 3fb72c633efbaa2dd666986505016c32c3044395ceaf881518399d2f4127ee29
+SIZE (rust/crates/smartstring-1.0.1.crate) = 29555
+SHA256 (rust/crates/smolset-1.3.1.crate) = a8d372e8fe15dc5229e7d6c65f5810849385e79e24f9d9d64263e132879c7be0
+SIZE (rust/crates/smolset-1.3.1.crate) = 7321
+SHA256 (rust/crates/socket2-0.5.8.crate) = c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8
+SIZE (rust/crates/socket2-0.5.8.crate) = 56309
+SHA256 (rust/crates/spin-0.9.8.crate) = 6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67
+SIZE (rust/crates/spin-0.9.8.crate) = 38958
+SHA256 (rust/crates/spki-0.7.3.crate) = d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d
+SIZE (rust/crates/spki-0.7.3.crate) = 16409
+SHA256 (rust/crates/sptr-0.3.2.crate) = 3b9b39299b249ad65f3b7e96443bad61c02ca5cd3589f46cb6d610a0fd6c0d6a
+SIZE (rust/crates/sptr-0.3.2.crate) = 14598
+SHA256 (rust/crates/sshkey-attest-0.5.0.crate) = 34285eaade87ba166c4f17c0ae1e35d52659507db81888beae277e962b9e5a02
+SIZE (rust/crates/sshkey-attest-0.5.0.crate) = 10028
+SHA256 (rust/crates/sshkeys-0.3.3.crate) = 45287473d24bf7ad9ebad1aff097ad0424c16cd9430549170c3a67c5b05705bd
+SIZE (rust/crates/sshkeys-0.3.3.crate) = 32125
+SHA256 (rust/crates/stable_deref_trait-1.2.0.crate) = a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3
+SIZE (rust/crates/stable_deref_trait-1.2.0.crate) = 8054
+SHA256 (rust/crates/static_assertions-1.1.0.crate) = a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f
+SIZE (rust/crates/static_assertions-1.1.0.crate) = 18480
+SHA256 (rust/crates/strsim-0.10.0.crate) = 73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623
+SIZE (rust/crates/strsim-0.10.0.crate) = 11355
+SHA256 (rust/crates/strsim-0.11.1.crate) = 7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f
+SIZE (rust/crates/strsim-0.11.1.crate) = 14266
+SHA256 (rust/crates/subtle-2.6.1.crate) = 13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292
+SIZE (rust/crates/subtle-2.6.1.crate) = 14562
+SHA256 (rust/crates/svg-0.13.1.crate) = 02d815ad337e8449d2374d4248448645edfe74e699343dd5719139d93fa87112
+SIZE (rust/crates/svg-0.13.1.crate) = 17320
+SHA256 (rust/crates/syn-1.0.109.crate) = 72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237
+SIZE (rust/crates/syn-1.0.109.crate) = 237611
+SHA256 (rust/crates/syn-2.0.93.crate) = 9c786062daee0d6db1132800e623df74274a0a87322d8e183338e01b3d98d058
+SIZE (rust/crates/syn-2.0.93.crate) = 293925
+SHA256 (rust/crates/sync_wrapper-0.1.2.crate) = 2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160
+SIZE (rust/crates/sync_wrapper-0.1.2.crate) = 6933
+SHA256 (rust/crates/sync_wrapper-1.0.2.crate) = 0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263
+SIZE (rust/crates/sync_wrapper-1.0.2.crate) = 6958
+SHA256 (rust/crates/synstructure-0.13.1.crate) = c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971
+SIZE (rust/crates/synstructure-0.13.1.crate) = 18327
+SHA256 (rust/crates/system-configuration-0.5.1.crate) = ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7
+SIZE (rust/crates/system-configuration-0.5.1.crate) = 12618
+SHA256 (rust/crates/system-configuration-sys-0.5.0.crate) = a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9
+SIZE (rust/crates/system-configuration-sys-0.5.0.crate) = 6730
+SHA256 (rust/crates/target-lexicon-0.12.16.crate) = 61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1
+SIZE (rust/crates/target-lexicon-0.12.16.crate) = 26488
+SHA256 (rust/crates/tempfile-3.14.0.crate) = 28cce251fcbc87fac86a866eeb0d6c2d536fc16d06f184bb61aeae11aa4cee0c
+SIZE (rust/crates/tempfile-3.14.0.crate) = 35065
+SHA256 (rust/crates/termtree-0.5.1.crate) = 8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683
+SIZE (rust/crates/termtree-0.5.1.crate) = 8498
+SHA256 (rust/crates/thiserror-1.0.69.crate) = b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52
+SIZE (rust/crates/thiserror-1.0.69.crate) = 22198
+SHA256 (rust/crates/thiserror-2.0.8.crate) = 08f5383f3e0071702bf93ab5ee99b52d26936be9dedd9413067cbdcddcb6141a
+SIZE (rust/crates/thiserror-2.0.8.crate) = 28536
+SHA256 (rust/crates/thiserror-impl-1.0.69.crate) = 4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1
+SIZE (rust/crates/thiserror-impl-1.0.69.crate) = 18365
+SHA256 (rust/crates/thiserror-impl-2.0.8.crate) = f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943
+SIZE (rust/crates/thiserror-impl-2.0.8.crate) = 21014
+SHA256 (rust/crates/thousands-0.2.0.crate) = 3bf63baf9f5039dadc247375c29eb13706706cfde997d0330d05aa63a77d8820
+SIZE (rust/crates/thousands-0.2.0.crate) = 11060
+SHA256 (rust/crates/thread_local-1.1.8.crate) = 8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c
+SIZE (rust/crates/thread_local-1.1.8.crate) = 13962
+SHA256 (rust/crates/time-0.3.37.crate) = 35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21
+SIZE (rust/crates/time-0.3.37.crate) = 123257
+SHA256 (rust/crates/time-core-0.1.2.crate) = ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3
+SIZE (rust/crates/time-core-0.1.2.crate) = 7191
+SHA256 (rust/crates/time-macros-0.2.19.crate) = 2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de
+SIZE (rust/crates/time-macros-0.2.19.crate) = 24268
+SHA256 (rust/crates/tinystr-0.7.6.crate) = 9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f
+SIZE (rust/crates/tinystr-0.7.6.crate) = 16971
+SHA256 (rust/crates/tinyvec-1.8.1.crate) = 022db8904dfa342efe721985167e9fcd16c29b226db4397ed752a761cfce81e8
+SIZE (rust/crates/tinyvec-1.8.1.crate) = 47269
+SHA256 (rust/crates/tinyvec_macros-0.1.1.crate) = 1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20
+SIZE (rust/crates/tinyvec_macros-0.1.1.crate) = 5865
+SHA256 (rust/crates/tls_codec-0.4.1.crate) = b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a
+SIZE (rust/crates/tls_codec-0.4.1.crate) = 23077
+SHA256 (rust/crates/tls_codec_derive-0.4.1.crate) = 8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c
+SIZE (rust/crates/tls_codec_derive-0.4.1.crate) = 18463
+SHA256 (rust/crates/tokio-1.42.0.crate) = 5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551
+SIZE (rust/crates/tokio-1.42.0.crate) = 806998
+SHA256 (rust/crates/tokio-io-timeout-1.2.0.crate) = 30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf
+SIZE (rust/crates/tokio-io-timeout-1.2.0.crate) = 8993
+SHA256 (rust/crates/tokio-macros-2.4.0.crate) = 693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752
+SIZE (rust/crates/tokio-macros-2.4.0.crate) = 12501
+SHA256 (rust/crates/tokio-native-tls-0.3.1.crate) = bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2
+SIZE (rust/crates/tokio-native-tls-0.3.1.crate) = 20676
+SHA256 (rust/crates/tokio-openssl-0.6.5.crate) = 59df6849caa43bb7567f9a36f863c447d95a11d5903c9cc334ba32576a27eadd
+SIZE (rust/crates/tokio-openssl-0.6.5.crate) = 11977
+SHA256 (rust/crates/tokio-rustls-0.24.1.crate) = c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081
+SIZE (rust/crates/tokio-rustls-0.24.1.crate) = 33049
+SHA256 (rust/crates/tokio-rustls-0.26.1.crate) = 5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37
+SIZE (rust/crates/tokio-rustls-0.26.1.crate) = 31214
+SHA256 (rust/crates/tokio-stream-0.1.17.crate) = eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047
+SIZE (rust/crates/tokio-stream-0.1.17.crate) = 38477
+SHA256 (rust/crates/tokio-util-0.7.13.crate) = d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078
+SIZE (rust/crates/tokio-util-0.7.13.crate) = 115191
+SHA256 (rust/crates/toml-0.5.11.crate) = f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234
+SIZE (rust/crates/toml-0.5.11.crate) = 54910
+SHA256 (rust/crates/toml_datetime-0.6.8.crate) = 0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41
+SIZE (rust/crates/toml_datetime-0.6.8.crate) = 12028
+SHA256 (rust/crates/toml_edit-0.19.15.crate) = 1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421
+SIZE (rust/crates/toml_edit-0.19.15.crate) = 95324
+SHA256 (rust/crates/tonic-0.9.2.crate) = 3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a
+SIZE (rust/crates/tonic-0.9.2.crate) = 92598
+SHA256 (rust/crates/tower-0.4.13.crate) = b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c
+SIZE (rust/crates/tower-0.4.13.crate) = 106906
+SHA256 (rust/crates/tower-0.5.2.crate) = d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9
+SIZE (rust/crates/tower-0.5.2.crate) = 109417
+SHA256 (rust/crates/tower-http-0.6.2.crate) = 403fa3b783d4b626a8ad51d766ab03cb6d2dbfc46b1c5d4448395e6628dc9697
+SIZE (rust/crates/tower-http-0.6.2.crate) = 129672
+SHA256 (rust/crates/tower-layer-0.3.3.crate) = 121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e
+SIZE (rust/crates/tower-layer-0.3.3.crate) = 6180
+SHA256 (rust/crates/tower-service-0.3.3.crate) = 8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3
+SIZE (rust/crates/tower-service-0.3.3.crate) = 6950
+SHA256 (rust/crates/tracing-0.1.41.crate) = 784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0
+SIZE (rust/crates/tracing-0.1.41.crate) = 82448
+SHA256 (rust/crates/tracing-attributes-0.1.28.crate) = 395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d
+SIZE (rust/crates/tracing-attributes-0.1.28.crate) = 33280
+SHA256 (rust/crates/tracing-core-0.1.33.crate) = e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c
+SIZE (rust/crates/tracing-core-0.1.33.crate) = 63434
+SHA256 (rust/crates/tracing-forest-0.1.6.crate) = ee40835db14ddd1e3ba414292272eddde9dad04d3d4b65509656414d1c42592f
+SIZE (rust/crates/tracing-forest-0.1.6.crate) = 28565
+SHA256 (rust/crates/tracing-log-0.1.4.crate) = f751112709b4e791d8ce53e32c4ed2d353565a795ce84da2285393f41557bdf2
+SIZE (rust/crates/tracing-log-0.1.4.crate) = 20640
+SHA256 (rust/crates/tracing-log-0.2.0.crate) = ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3
+SIZE (rust/crates/tracing-log-0.2.0.crate) = 17561
+SHA256 (rust/crates/tracing-opentelemetry-0.21.0.crate) = 75327c6b667828ddc28f5e3f169036cb793c3f588d83bf0f262a7f062ffed3c8
+SIZE (rust/crates/tracing-opentelemetry-0.21.0.crate) = 131576
+SHA256 (rust/crates/tracing-subscriber-0.3.19.crate) = e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008
+SIZE (rust/crates/tracing-subscriber-0.3.19.crate) = 198345
+SHA256 (rust/crates/try-lock-0.2.5.crate) = e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b
+SIZE (rust/crates/try-lock-0.2.5.crate) = 4314
+SHA256 (rust/crates/tss-esapi-8.0.0-alpha.crate) = 3c1617a46161846de3a3d3e407cd30cb345599bc5e440c3907a59b34b75a2731
+SIZE (rust/crates/tss-esapi-8.0.0-alpha.crate) = 290448
+SHA256 (rust/crates/tss-esapi-sys-0.5.0.crate) = 535cd192581c2ec4d5f82e670b1d3fbba6a23ccce8c85de387642051d7cad5b5
+SIZE (rust/crates/tss-esapi-sys-0.5.0.crate) = 167811
+SHA256 (rust/crates/typenum-1.17.0.crate) = 42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825
+SIZE (rust/crates/typenum-1.17.0.crate) = 42849
+SHA256 (rust/crates/unicase-2.8.0.crate) = 7e51b68083f157f853b6379db119d1c1be0e6e4dec98101079dec41f6f5cf6df
+SIZE (rust/crates/unicase-2.8.0.crate) = 23843
+SHA256 (rust/crates/unicode-bom-2.0.3.crate) = 7eec5d1121208364f6793f7d2e222bf75a915c19557537745b195b253dd64217
+SIZE (rust/crates/unicode-bom-2.0.3.crate) = 10773
+SHA256 (rust/crates/unicode-ident-1.0.14.crate) = adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83
+SIZE (rust/crates/unicode-ident-1.0.14.crate) = 47547
+SHA256 (rust/crates/unicode-normalization-0.1.24.crate) = 5033c97c4262335cded6d6fc3e5c18ab755e1a3dc96376350f3d8e9f009ad956
+SIZE (rust/crates/unicode-normalization-0.1.24.crate) = 126536
+SHA256 (rust/crates/unicode-segmentation-1.12.0.crate) = f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493
+SIZE (rust/crates/unicode-segmentation-1.12.0.crate) = 106323
+SHA256 (rust/crates/unicode-width-0.2.0.crate) = 1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd
+SIZE (rust/crates/unicode-width-0.2.0.crate) = 271509
+SHA256 (rust/crates/untrusted-0.9.0.crate) = 8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1
+SIZE (rust/crates/untrusted-0.9.0.crate) = 14447
+SHA256 (rust/crates/url-2.5.4.crate) = 32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60
+SIZE (rust/crates/url-2.5.4.crate) = 81097
+SHA256 (rust/crates/urlencoding-2.1.3.crate) = daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da
+SIZE (rust/crates/urlencoding-2.1.3.crate) = 6538
+SHA256 (rust/crates/utf16_iter-1.0.5.crate) = c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246
+SIZE (rust/crates/utf16_iter-1.0.5.crate) = 9736
+SHA256 (rust/crates/utf8_iter-1.0.4.crate) = b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be
+SIZE (rust/crates/utf8_iter-1.0.4.crate) = 10437
+SHA256 (rust/crates/utf8parse-0.2.2.crate) = 06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821
+SIZE (rust/crates/utf8parse-0.2.2.crate) = 13499
+SHA256 (rust/crates/utoipa-4.2.3.crate) = c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23
+SIZE (rust/crates/utoipa-4.2.3.crate) = 54759
+SHA256 (rust/crates/utoipa-gen-4.3.1.crate) = 20c24e8ab68ff9ee746aad22d39b5535601e6416d1b0feeabf78be986a5c4392
+SIZE (rust/crates/utoipa-gen-4.3.1.crate) = 142985
+SHA256 (rust/crates/utoipa-swagger-ui-6.0.0.crate) = 0b39868d43c011961e04b41623e050aedf2cc93652562ff7935ce0f819aaf2da
+SIZE (rust/crates/utoipa-swagger-ui-6.0.0.crate) = 4372387
+SHA256 (rust/crates/uuid-1.11.0.crate) = f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a
+SIZE (rust/crates/uuid-1.11.0.crate) = 47683
+SHA256 (rust/crates/uuid-simd-0.8.0.crate) = 23b082222b4f6619906941c17eb2297fff4c2fb96cb60164170522942a200bd8
+SIZE (rust/crates/uuid-simd-0.8.0.crate) = 6959
+SHA256 (rust/crates/valuable-0.1.0.crate) = 830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d
+SIZE (rust/crates/valuable-0.1.0.crate) = 27718
+SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426
+SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735
+SHA256 (rust/crates/version_check-0.9.5.crate) = 0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a
+SIZE (rust/crates/version_check-0.9.5.crate) = 15554
+SHA256 (rust/crates/vsimd-0.8.0.crate) = 5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64
+SIZE (rust/crates/vsimd-0.8.0.crate) = 21377
+SHA256 (rust/crates/wait-timeout-0.2.0.crate) = 9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6
+SIZE (rust/crates/wait-timeout-0.2.0.crate) = 12441
+SHA256 (rust/crates/walkdir-2.5.0.crate) = 29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b
+SIZE (rust/crates/walkdir-2.5.0.crate) = 23951
+SHA256 (rust/crates/want-0.3.1.crate) = bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e
+SIZE (rust/crates/want-0.3.1.crate) = 6398
+SHA256 (rust/crates/wasi-0.11.0+wasi-snapshot-preview1.crate) = 9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423
+SIZE (rust/crates/wasi-0.11.0+wasi-snapshot-preview1.crate) = 28131
+SHA256 (rust/crates/wasite-0.1.0.crate) = b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b
+SIZE (rust/crates/wasite-0.1.0.crate) = 2346
+SHA256 (rust/crates/wasm-bindgen-0.2.99.crate) = a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396
+SIZE (rust/crates/wasm-bindgen-0.2.99.crate) = 46136
+SHA256 (rust/crates/wasm-bindgen-backend-0.2.99.crate) = 5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79
+SIZE (rust/crates/wasm-bindgen-backend-0.2.99.crate) = 30928
+SHA256 (rust/crates/wasm-bindgen-futures-0.4.49.crate) = 38176d9b44ea84e9184eff0bc34cc167ed044f816accfe5922e54d84cf48eca2
+SIZE (rust/crates/wasm-bindgen-futures-0.4.49.crate) = 14838
+SHA256 (rust/crates/wasm-bindgen-macro-0.2.99.crate) = 2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe
+SIZE (rust/crates/wasm-bindgen-macro-0.2.99.crate) = 7011
+SHA256 (rust/crates/wasm-bindgen-macro-support-0.2.99.crate) = 30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2
+SIZE (rust/crates/wasm-bindgen-macro-support-0.2.99.crate) = 22800
+SHA256 (rust/crates/wasm-bindgen-shared-0.2.99.crate) = 943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6
+SIZE (rust/crates/wasm-bindgen-shared-0.2.99.crate) = 7773
+SHA256 (rust/crates/web-sys-0.3.76.crate) = 04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc
+SIZE (rust/crates/web-sys-0.3.76.crate) = 635842
+SHA256 (rust/crates/web-time-1.1.0.crate) = 5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb
+SIZE (rust/crates/web-time-1.1.0.crate) = 18026
+SHA256 (rust/crates/webauthn-attestation-ca-0.5.1.crate) = 29e77e8859ecb93b00e4a8e56ae45f8a8dd69b1539e3d32cf4cce1db9a3a0b99
+SIZE (rust/crates/webauthn-attestation-ca-0.5.1.crate) = 3903
+SHA256 (rust/crates/webauthn-authenticator-rs-0.5.1.crate) = 1bc2f8b61965979d9dd561dc8288a89e01ecf224179b40d5d496141225b540b4
+SIZE (rust/crates/webauthn-authenticator-rs-0.5.1.crate) = 207382
+SHA256 (rust/crates/webauthn-rs-0.5.1.crate) = 8b44347ee0d66f222043663a6aaf5ec78022b9b11c3a9ed488c21f2bd5680856
+SIZE (rust/crates/webauthn-rs-0.5.1.crate) = 20150
+SHA256 (rust/crates/webauthn-rs-core-0.5.1.crate) = 2ef48f07ed8f3dfe304d6c48e85317feba0439675f31a13063b2936c9b4eaf0d
+SIZE (rust/crates/webauthn-rs-core-0.5.1.crate) = 123169
+SHA256 (rust/crates/webauthn-rs-proto-0.5.1.crate) = 14e1367f70e7dc7b83afc971ce8a54d578f4fdf488ea093021180e073744a69f
+SIZE (rust/crates/webauthn-rs-proto-0.5.1.crate) = 13873
+SHA256 (rust/crates/webdriver-0.50.0.crate) = 144ab979b12d36d65065635e646549925de229954de2eb3b47459b432a42db71
+SIZE (rust/crates/webdriver-0.50.0.crate) = 32046
+SHA256 (rust/crates/webpki-roots-0.25.4.crate) = 5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1
+SIZE (rust/crates/webpki-roots-0.25.4.crate) = 253559
+SHA256 (rust/crates/webpki-roots-0.26.7.crate) = 5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e
+SIZE (rust/crates/webpki-roots-0.26.7.crate) = 249392
+SHA256 (rust/crates/weezl-0.1.8.crate) = 53a85b86a771b1c87058196170769dd264f66c0782acf1ae6cc51bfd64b39082
+SIZE (rust/crates/weezl-0.1.8.crate) = 42175
+SHA256 (rust/crates/which-4.4.2.crate) = 87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7
+SIZE (rust/crates/which-4.4.2.crate) = 15953
+SHA256 (rust/crates/whoami-1.5.2.crate) = 372d5b87f58ec45c384ba03563b03544dc5fadc3983e434b286913f5b4a9bb6d
+SIZE (rust/crates/whoami-1.5.2.crate) = 24204
+SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419
+SIZE (rust/crates/winapi-0.3.9.crate) = 1200382
+SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6
+SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815
+SHA256 (rust/crates/winapi-util-0.1.9.crate) = cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb
+SIZE (rust/crates/winapi-util-0.1.9.crate) = 12464
+SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f
+SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998
+SHA256 (rust/crates/windows-0.41.0.crate) = 5a3ed69de2c1f8d0524a8a3417a80a85dd316a071745fbfdf5eb028b310058ab
+SIZE (rust/crates/windows-0.41.0.crate) = 11980400
+SHA256 (rust/crates/windows-core-0.52.0.crate) = 33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9
+SIZE (rust/crates/windows-core-0.52.0.crate) = 42154
+SHA256 (rust/crates/windows-registry-0.2.0.crate) = e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0
+SIZE (rust/crates/windows-registry-0.2.0.crate) = 10470
+SHA256 (rust/crates/windows-result-0.2.0.crate) = 1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e
+SIZE (rust/crates/windows-result-0.2.0.crate) = 12756
+SHA256 (rust/crates/windows-strings-0.1.0.crate) = 4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10
+SIZE (rust/crates/windows-strings-0.1.0.crate) = 13832
+SHA256 (rust/crates/windows-sys-0.48.0.crate) = 677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9
+SIZE (rust/crates/windows-sys-0.48.0.crate) = 2628884
+SHA256 (rust/crates/windows-sys-0.52.0.crate) = 282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d
+SIZE (rust/crates/windows-sys-0.52.0.crate) = 2576877
+SHA256 (rust/crates/windows-sys-0.59.0.crate) = 1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b
+SIZE (rust/crates/windows-sys-0.59.0.crate) = 2387323
+SHA256 (rust/crates/windows-targets-0.48.5.crate) = 9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c
+SIZE (rust/crates/windows-targets-0.48.5.crate) = 6904
+SHA256 (rust/crates/windows-targets-0.52.6.crate) = 9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973
+SIZE (rust/crates/windows-targets-0.52.6.crate) = 6403
+SHA256 (rust/crates/windows_aarch64_gnullvm-0.41.0.crate) = 163d2761774f2278ecb4e6719e80b2b5e92e5a2be73a7bcd3ef624dd5e3091fd
+SIZE (rust/crates/windows_aarch64_gnullvm-0.41.0.crate) = 357917
+SHA256 (rust/crates/windows_aarch64_gnullvm-0.48.5.crate) = 2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8
+SIZE (rust/crates/windows_aarch64_gnullvm-0.48.5.crate) = 418492
+SHA256 (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3
+SIZE (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 435718
+SHA256 (rust/crates/windows_aarch64_msvc-0.41.0.crate) = ef005ff2bceb00d3b84166a359cc19084f9459754fd3fe5a504dee3dddcd0a0c
+SIZE (rust/crates/windows_aarch64_msvc-0.41.0.crate) = 659427
+SHA256 (rust/crates/windows_aarch64_msvc-0.48.5.crate) = dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc
+SIZE (rust/crates/windows_aarch64_msvc-0.48.5.crate) = 798483
+SHA256 (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469
+SIZE (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 832615
+SHA256 (rust/crates/windows_i686_gnu-0.41.0.crate) = 02b4df2d51e32f03f8b4b228e487828c03bcb36d97b216fc5463bcea5bb1440b
+SIZE (rust/crates/windows_i686_gnu-0.41.0.crate) = 728572
+SHA256 (rust/crates/windows_i686_gnu-0.48.5.crate) = a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e
+SIZE (rust/crates/windows_i686_gnu-0.48.5.crate) = 844891
+SHA256 (rust/crates/windows_i686_gnu-0.52.6.crate) = 8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b
+SIZE (rust/crates/windows_i686_gnu-0.52.6.crate) = 880402
+SHA256 (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66
+SIZE (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 475940
+SHA256 (rust/crates/windows_i686_msvc-0.41.0.crate) = 568a966834571f2f3267f07dd72b4d8507381f25e53d056808483b2637385ef7
+SIZE (rust/crates/windows_i686_msvc-0.41.0.crate) = 717481
+SHA256 (rust/crates/windows_i686_msvc-0.48.5.crate) = 8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406
+SIZE (rust/crates/windows_i686_msvc-0.48.5.crate) = 864300
+SHA256 (rust/crates/windows_i686_msvc-0.52.6.crate) = 240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66
+SIZE (rust/crates/windows_i686_msvc-0.52.6.crate) = 901163
+SHA256 (rust/crates/windows_x86_64_gnu-0.41.0.crate) = fc395dac1adf444e276d096d933ae7961361c8cda3245cffef7a9b3a70a8f994
+SIZE (rust/crates/windows_x86_64_gnu-0.41.0.crate) = 692491
+SHA256 (rust/crates/windows_x86_64_gnu-0.48.5.crate) = 53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e
+SIZE (rust/crates/windows_x86_64_gnu-0.48.5.crate) = 801619
+SHA256 (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78
+SIZE (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 836363
+SHA256 (rust/crates/windows_x86_64_gnullvm-0.41.0.crate) = 90e8ec22b715d5b436e1d59c8adad6c744dc20cd984710121d5836b4e8dbb5e0
+SIZE (rust/crates/windows_x86_64_gnullvm-0.41.0.crate) = 357903
+SHA256 (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc
+SIZE (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 418486
+SHA256 (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d
+SIZE (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 435707
+SHA256 (rust/crates/windows_x86_64_msvc-0.41.0.crate) = 8b9761f0216b669019df1512f6e25e5ee779bf61c5cdc43c7293858e7efd7926
+SIZE (rust/crates/windows_x86_64_msvc-0.41.0.crate) = 659379
+SHA256 (rust/crates/windows_x86_64_msvc-0.48.5.crate) = ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538
+SIZE (rust/crates/windows_x86_64_msvc-0.48.5.crate) = 798412
+SHA256 (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec
+SIZE (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 832564
+SHA256 (rust/crates/winnow-0.5.40.crate) = f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876
+SIZE (rust/crates/winnow-0.5.40.crate) = 159316
+SHA256 (rust/crates/winnow-0.6.20.crate) = 36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b
+SIZE (rust/crates/winnow-0.6.20.crate) = 163617
+SHA256 (rust/crates/winreg-0.50.0.crate) = 524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1
+SIZE (rust/crates/winreg-0.50.0.crate) = 29703
+SHA256 (rust/crates/write16-1.0.0.crate) = d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936
+SIZE (rust/crates/write16-1.0.0.crate) = 7218
+SHA256 (rust/crates/writeable-0.5.5.crate) = 1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51
+SIZE (rust/crates/writeable-0.5.5.crate) = 22354
+SHA256 (rust/crates/x509-cert-0.2.5.crate) = 1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94
+SIZE (rust/crates/x509-cert-0.2.5.crate) = 99819
+SHA256 (rust/crates/x509-parser-0.16.0.crate) = fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69
+SIZE (rust/crates/x509-parser-0.16.0.crate) = 92925
+SHA256 (rust/crates/yoke-0.7.5.crate) = 120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40
+SIZE (rust/crates/yoke-0.7.5.crate) = 29673
+SHA256 (rust/crates/yoke-derive-0.7.5.crate) = 2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154
+SIZE (rust/crates/yoke-derive-0.7.5.crate) = 7525
+SHA256 (rust/crates/zerocopy-0.7.35.crate) = 1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0
+SIZE (rust/crates/zerocopy-0.7.35.crate) = 152645
+SHA256 (rust/crates/zerocopy-derive-0.7.35.crate) = fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e
+SIZE (rust/crates/zerocopy-derive-0.7.35.crate) = 37829
+SHA256 (rust/crates/zerofrom-0.1.5.crate) = cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e
+SIZE (rust/crates/zerofrom-0.1.5.crate) = 5091
+SHA256 (rust/crates/zerofrom-derive-0.1.5.crate) = 595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808
+SIZE (rust/crates/zerofrom-derive-0.1.5.crate) = 8285
+SHA256 (rust/crates/zeroize-1.8.1.crate) = ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde
+SIZE (rust/crates/zeroize-1.8.1.crate) = 20029
+SHA256 (rust/crates/zeroize_derive-1.4.2.crate) = ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69
+SIZE (rust/crates/zeroize_derive-1.4.2.crate) = 11141
+SHA256 (rust/crates/zerovec-0.10.4.crate) = aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079
+SIZE (rust/crates/zerovec-0.10.4.crate) = 126398
+SHA256 (rust/crates/zerovec-derive-0.10.3.crate) = 6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6
+SIZE (rust/crates/zerovec-derive-0.10.3.crate) = 19438
+SHA256 (rust/crates/zip-0.6.6.crate) = 760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261
+SIZE (rust/crates/zip-0.6.6.crate) = 65789
+SHA256 (rust/crates/zxcvbn-2.2.2.crate) = 103fa851fff70ea29af380e87c25c48ff7faac5c530c70bd0e65366d4e0c94e4
+SIZE (rust/crates/zxcvbn-2.2.2.crate) = 423636
+SHA256 (kanidm-kanidm-g20250201-5eb9a4430f4beab41aed7d5d77414ceea6b2eb1c_GH0.tar.gz) = 4fe80989fe900ad05cb73c076a298e70804231c16f3b02df2b71f2dcbc9f0ead
+SIZE (kanidm-kanidm-g20250201-5eb9a4430f4beab41aed7d5d77414ceea6b2eb1c_GH0.tar.gz) = 8594529
diff --git a/platform/freebsd/client/files/kanidm_unixd.in b/platform/freebsd/client/files/kanidm_unixd.in
new file mode 100644
index 000000000..77e87f6b6
--- /dev/null
+++ b/platform/freebsd/client/files/kanidm_unixd.in
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# PROVIDE: kanidm_unixd
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# kanidm_unixd_enable (bool):	Set to NO by default.
+#				Set it to YES to enable kanidm_unixd.
+
+. /etc/rc.subr
+
+name=kanidm_unixd
+rcvar=kanidm_unixd_enable
+
+load_rc_config $name
+
+: ${kanidm_unixd_enable:="NO"}
+
+pidfile="/var/run/kanidm-unixd.pid"
+command=/usr/sbin/daemon
+command_args="-u _kanidm_unixd -p /var/run/kanidm-unixd.pid -T kanidm_unixd /usr/local/libexec/${name}"
+procname=/usr/local/libexec/${name}
+
+run_rc_command "$1"
diff --git a/platform/freebsd/client/files/kanidm_unixd_tasks.in b/platform/freebsd/client/files/kanidm_unixd_tasks.in
new file mode 100644
index 000000000..1ed3000e7
--- /dev/null
+++ b/platform/freebsd/client/files/kanidm_unixd_tasks.in
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# PROVIDE: kanidm_unixd_tasks
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# kanidm_unixd_tasks_enable (bool):	Set to NO by default.
+#				Set it to YES to enable kanidm_unixd_tasks.
+
+. /etc/rc.subr
+
+name=kanidm_unixd_tasks
+rcvar=kanidm_unixd_tasks_enable
+
+load_rc_config $name
+
+: ${kanidm_unixd_tasks_enable:="NO"}
+
+pidfile="/var/run/kanidm-unixd-tasks.pid"
+command=/usr/sbin/daemon
+command_args="-u _kanidm_unixd -p /var/run/kanidm-unixd-tasks.pid -T kanidm_unixd_tasks /usr/local/libexec/${name}"
+procname=/usr/local/libexec/${name}
+
+run_rc_command "$1"
diff --git a/platform/freebsd/client/pkg-descr b/platform/freebsd/client/pkg-descr
new file mode 100644
index 000000000..9d0b9947d
--- /dev/null
+++ b/platform/freebsd/client/pkg-descr
@@ -0,0 +1 @@
+Kanidm is a simple and secure identity provider and client for UNIX systems
diff --git a/platform/freebsd/client/pkg-plist b/platform/freebsd/client/pkg-plist
new file mode 100644
index 000000000..a4cc43986
--- /dev/null
+++ b/platform/freebsd/client/pkg-plist
@@ -0,0 +1,13 @@
+bin/kanidm
+bin/kanidm-unix
+bin/kanidm_ssh_authorizedkeys
+bin/kanidm_ssh_authorizedkeys_direct
+lib/nss_kanidm.so.1
+lib/libpam_kanidm.so
+libexec/kanidm_unixd
+libexec/kanidm_unixd_tasks
+@dir %%ETCDIR%%
+@dir /var/lib
+@dir(_kanidm_unixd,_kanidm_unixd,750) /var/cache/kanidm-unixd
+@dir(_kanidm_unixd,_kanidm_unixd,750) /var/lib/kanidm-unixd
+@dir(_kanidm_unixd,_kanidm_unixd,750) /var/run/kanidm-unixd
diff --git a/server/core/src/config.rs b/server/core/src/config.rs
index 1f089a6ca..62b0e1888 100644
--- a/server/core/src/config.rs
+++ b/server/core/src/config.rs
@@ -574,7 +574,7 @@ impl Configuration {
         Configuration {
             address: DEFAULT_SERVER_ADDRESS.to_string(),
             ldapaddress: None,
-            adminbindpath: env!("KANIDM_ADMIN_BIND_PATH").to_string(),
+            adminbindpath: env!("KANIDM_SERVER_ADMIN_BIND_PATH").to_string(),
             threads: std::thread::available_parallelism()
                 .map(|t| t.get())
                 .unwrap_or_else(|_e| {
diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index ae48307fa..6b8e34cdd 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -131,7 +131,7 @@ pub(crate) fn get_js_files(role: ServerRole) -> Result<Vec<JavaScriptFile>, ()>
 
     if !matches!(role, ServerRole::WriteReplicaNoUI) {
         // let's set up the list of js module hashes
-        let pkg_path = env!("KANIDM_HTMX_UI_PKG_PATH").to_owned();
+        let pkg_path = env!("KANIDM_SERVER_UI_PKG_PATH").to_owned();
 
         let filelist = [
             "external/bootstrap.bundle.min.js",
@@ -254,11 +254,11 @@ pub async fn create_https_server(
     let app = match config.role {
         ServerRole::WriteReplicaNoUI => app,
         ServerRole::WriteReplica | ServerRole::ReadOnlyReplica => {
-            let pkg_path = PathBuf::from(env!("KANIDM_HTMX_UI_PKG_PATH"));
+            let pkg_path = PathBuf::from(env!("KANIDM_SERVER_UI_PKG_PATH"));
             if !pkg_path.exists() {
                 eprintln!(
                     "Couldn't find htmx UI package path: ({}), quitting.",
-                    env!("KANIDM_HTMX_UI_PKG_PATH")
+                    env!("KANIDM_SERVER_UI_PKG_PATH")
                 );
                 std::process::exit(1);
             }
diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs
index 6501c5fe6..4f44f3dba 100644
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@@ -560,12 +560,12 @@ fn main() -> ExitCode {
     let mut config_error: Vec<String> = Vec::new();
     let mut config = Configuration::new();
 
-    if env!("KANIDM_DEFAULT_CONFIG_PATH").is_empty() {
-        println!("CRITICAL: Kanidmd was not built correctly and is missing a valid KANIDM_DEFAULT_CONFIG_PATH value");
+    if env!("KANIDM_SERVER_CONFIG_PATH").is_empty() {
+        println!("CRITICAL: Kanidmd was not built correctly and is missing a valid KANIDM_SERVER_CONFIG_PATH value");
         return ExitCode::FAILURE;
     }
 
-    let default_config_path = PathBuf::from(env!("KANIDM_DEFAULT_CONFIG_PATH"));
+    let default_config_path = PathBuf::from(env!("KANIDM_SERVER_CONFIG_PATH"));
 
     let maybe_config_path = if let Some(p) = opt.config_path() {
         Some(p)
diff --git a/unix_integration/common/src/constants.rs b/unix_integration/common/src/constants.rs
index 9ddf23e78..7f5ec9f3f 100644
--- a/unix_integration/common/src/constants.rs
+++ b/unix_integration/common/src/constants.rs
@@ -1,13 +1,13 @@
 use crate::unix_config::{HomeAttr, UidAttr};
 
-pub const DEFAULT_CONFIG_PATH: &str = "/etc/kanidm/unixd";
+pub const DEFAULT_CONFIG_PATH: &str = env!("KANIDM_RESOLVER_CONFIG_PATH");
 pub const DEFAULT_SOCK_PATH: &str = "/var/run/kanidm-unixd/sock";
 pub const DEFAULT_TASK_SOCK_PATH: &str = "/var/run/kanidm-unixd/task_sock";
 pub const DEFAULT_PERSISTENT_DB_PATH: &str = "/var/lib/kanidm-unixd/kanidm.db";
 pub const DEFAULT_CACHE_DB_PATH: &str = "/var/cache/kanidm-unixd/kanidm.cache.db";
 pub const DEFAULT_CONN_TIMEOUT: u64 = 2;
 pub const DEFAULT_CACHE_TIMEOUT: u64 = 15;
-pub const DEFAULT_SHELL: &str = env!("KANIDM_DEFAULT_UNIX_SHELL_PATH");
+pub const DEFAULT_SHELL: &str = env!("KANIDM_RESOLVER_UNIX_SHELL_PATH");
 pub const DEFAULT_HOME_PREFIX: &str = "/home/";
 pub const DEFAULT_HOME_ATTR: HomeAttr = HomeAttr::Uuid;
 pub const DEFAULT_HOME_ALIAS: Option<HomeAttr> = Some(HomeAttr::Spn);
diff --git a/unix_integration/nss_kanidm/Cargo.toml b/unix_integration/nss_kanidm/Cargo.toml
index 0f145d3fb..76ba3bf07 100644
--- a/unix_integration/nss_kanidm/Cargo.toml
+++ b/unix_integration/nss_kanidm/Cargo.toml
@@ -24,6 +24,9 @@ libc = { workspace = true }
 paste = { workspace = true }
 lazy_static = { workspace = true }
 
+[target."cfg(target_os = \"freebsd\")".build-dependencies]
+cc = "^1.2.6"
+
 ## Debian packaging
 # The base metadata does **not** work to build a functioning package!
 # A target specific variant must be used to get the right multiarch path.
diff --git a/unix_integration/nss_kanidm/build.rs b/unix_integration/nss_kanidm/build.rs
new file mode 100644
index 000000000..e270996e8
--- /dev/null
+++ b/unix_integration/nss_kanidm/build.rs
@@ -0,0 +1,12 @@
+fn main() {
+    #[cfg(target_os = "freebsd")]
+    {
+        println!("cargo::rerun-if-changed=src/freebsd_nss.c");
+
+        cc::Build::new()
+            .file("src/freebsd_nss.c")
+            .static_flag(true)
+            .link_lib_modifier("+whole-archive")
+            .compile("freebsd_nss");
+    }
+}
diff --git a/unix_integration/nss_kanidm/src/freebsd_nss.c b/unix_integration/nss_kanidm/src/freebsd_nss.c
new file mode 100644
index 000000000..58da969d1
--- /dev/null
+++ b/unix_integration/nss_kanidm/src/freebsd_nss.c
@@ -0,0 +1,94 @@
+#include <errno.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <pwd.h>
+#include <grp.h>
+#include <nss.h>
+#include <netdb.h>
+
+extern enum nss_status _nss_kanidm_getgrent_r(struct group *, char *, size_t,
+                                           int *);
+extern enum nss_status _nss_kanidm_getgrnam_r(const char *, struct group *,
+                                           char *, size_t, int *);
+extern enum nss_status _nss_kanidm_getgrgid_r(gid_t gid, struct group *, char *,
+                                           size_t, int *);
+extern enum nss_status _nss_kanidm_setgrent(void);
+extern enum nss_status _nss_kanidm_endgrent(void);
+
+extern enum nss_status _nss_kanidm_getpwent_r(struct passwd *, char *, size_t,
+                                           int *);
+extern enum nss_status _nss_kanidm_getpwnam_r(const char *, struct passwd *,
+                                           char *, size_t, int *);
+extern enum nss_status _nss_kanidm_getpwuid_r(gid_t gid, struct passwd *, char *,
+                                           size_t, int *);
+extern enum nss_status _nss_kanidm_setpwent(void);
+extern enum nss_status _nss_kanidm_endpwent(void);
+
+extern enum nss_status _nss_kanidm_gethostbyname_r(const char *name,
+                                                struct hostent * result,
+                                                char *buffer, size_t buflen,
+                                                int *errnop,
+                                                int *h_errnop);
+
+extern enum nss_status _nss_kanidm_gethostbyname2_r(const char *name, int af,
+                                                 struct hostent * result,
+                                                 char *buffer, size_t buflen,
+                                                 int *errnop,
+                                                 int *h_errnop);
+extern enum nss_status _nss_kanidm_gethostbyaddr_r(struct in_addr * addr, int len,
+                                                int type,
+                                                struct hostent * result,
+                                                char *buffer, size_t buflen,
+                                                int *errnop, int *h_errnop);
+
+extern enum nss_status _nss_kanidm_getgroupmembership(const char *uname,
+                                                   gid_t agroup, gid_t *groups,
+                                                   int maxgrp, int *grpcnt);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
+
+static ns_mtab methods[] = {
+    { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_kanidm_getgrnam_r },
+    { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_kanidm_getgrgid_r },
+    { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_kanidm_getgrent_r },
+    { NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_kanidm_setgrent },
+    { NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_kanidm_endgrent },
+
+    { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_kanidm_getpwnam_r },
+    { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_kanidm_getpwuid_r },
+    { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_kanidm_getpwent_r },
+    { NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   _nss_kanidm_setpwent },
+    { NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   _nss_kanidm_endpwent },
+
+    { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_kanidm_getgrnam_r },
+    { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_kanidm_getgrgid_r },
+    { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_kanidm_getgrent_r },
+    { NSDB_GROUP_COMPAT, "setgrent",   __nss_compat_setgrent,   _nss_kanidm_setgrent },
+    { NSDB_GROUP_COMPAT, "endgrent",   __nss_compat_endgrent,   _nss_kanidm_endgrent },
+
+    { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_kanidm_getpwnam_r },
+    { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_kanidm_getpwuid_r },
+    { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_kanidm_getpwent_r },
+    { NSDB_PASSWD_COMPAT, "setpwent",   __nss_compat_setpwent,   _nss_kanidm_setpwent },
+    { NSDB_PASSWD_COMPAT, "endpwent",   __nss_compat_endpwent,   _nss_kanidm_endpwent },
+};
+
+ns_mtab *
+_nss_module_register(__attribute__((unused)) const char *source, unsigned int *mtabsize,
+                    nss_module_unregister_fn *unreg)
+{
+    *mtabsize = sizeof(methods)/sizeof(methods[0]);
+    *unreg = NULL;
+    return (methods);
+}
+
diff --git a/unix_integration/nss_kanidm/src/lib.rs b/unix_integration/nss_kanidm/src/lib.rs
index 0ac5c7cbc..afefb4d80 100644
--- a/unix_integration/nss_kanidm/src/lib.rs
+++ b/unix_integration/nss_kanidm/src/lib.rs
@@ -10,6 +10,32 @@
 #![deny(clippy::needless_pass_by_value)]
 #![deny(clippy::trivially_copy_pass_by_ref)]
 
+#[cfg(target_os = "freebsd")]
+/// BSD nss is quite different to that of linux (rather, glibc). As a result of this
+/// FreeBSD kindly offers us wrappers to allow compatability of the two. But to
+/// do this we need a .c file to include the macros and export tables, as well as
+/// handling the variadic args (which rust doesn't).
+///
+/// The issue is that even though we link our static archive, rust won't export any
+/// of the symbols from it *unless* a rust source file actually consumes at least
+/// one of them. This means we can't just link to our .a and have it do the work,
+/// we need to wrap and expose this shim function to convince rust to actually
+/// link to the archive
+///
+/// https://github.com/rust-lang/rust/issues/78827
+mod bsd_nss_compat {
+    use std::ffi::c_void;
+
+    extern "C" {
+        pub fn _nss_module_register(a: *mut c_void, b: *mut c_void, c: *mut c_void);
+    }
+
+    #[no_mangle]
+    pub extern "C" fn nss_module_register(a: *mut c_void, b: *mut c_void, c: *mut c_void) {
+        unsafe { _nss_module_register(a, b, c) }
+    }
+}
+
 #[cfg(target_family = "unix")]
 #[macro_use]
 extern crate libnss;

From 5562625d75a48e743c84e10fad70818b25a2f78c Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sat, 4 Jan 2025 10:33:01 +1000
Subject: [PATCH 39/87] cookies don't clear unless you set domain (#3332)

* make everything cookie consistent
* Stricter on expiry
* Relearn a painful lesson about needing domains in removal cookies
* fix: DRY cookie creation code and reduce the sins
---
 server/core/src/https/views/cookies.rs | 50 +++++++-------
 server/core/src/https/views/login.rs   | 42 +++++-------
 server/core/src/https/views/oauth2.rs  | 90 ++++++++++++++------------
 server/core/src/https/views/reset.rs   |  8 +--
 4 files changed, 93 insertions(+), 97 deletions(-)

diff --git a/server/core/src/https/views/cookies.rs b/server/core/src/https/views/cookies.rs
index 966d0ee65..2f0d0d899 100644
--- a/server/core/src/https/views/cookies.rs
+++ b/server/core/src/https/views/cookies.rs
@@ -6,11 +6,29 @@ use compact_jwt::{Jws, JwsSigner};
 use serde::de::DeserializeOwned;
 use serde::Serialize;
 
-#[instrument(name = "views::cookies::destroy", level = "debug", skip(jar))]
-pub fn destroy(jar: CookieJar, ck_id: &str) -> CookieJar {
+fn new_cookie<'a>(state: &'_ ServerState, ck_id: &'a str, value: String) -> Cookie<'a> {
+    let mut token_cookie = Cookie::new(ck_id, value);
+    token_cookie.set_secure(state.secure_cookies);
+    token_cookie.set_same_site(SameSite::Lax);
+    // Prevent Document.cookie accessing this. Still works with fetch.
+    token_cookie.set_http_only(true);
+    // We set a domain here because it allows subdomains
+    // of the idm to share the cookie. If domain was incorrect
+    // then webauthn won't work anyway!
+    token_cookie.set_domain(state.domain.clone());
+    token_cookie.set_path("/");
+    token_cookie
+}
+
+#[instrument(name = "views::cookies::destroy", level = "debug", skip(jar, state))]
+pub fn destroy(jar: CookieJar, ck_id: &str, state: &ServerState) -> CookieJar {
     if let Some(ck) = jar.get(ck_id) {
         let mut removal_cookie = ck.clone();
         removal_cookie.make_removal();
+
+        // Need to be set to domain else the cookie isn't removed!
+        removal_cookie.set_domain(state.domain.clone());
+
         // Need to be set to / to remove on all parent paths.
         // If you don't set a path, NOTHING IS REMOVED!!!
         removal_cookie.set_path("/");
@@ -21,30 +39,14 @@ pub fn destroy(jar: CookieJar, ck_id: &str) -> CookieJar {
     }
 }
 
-pub fn make_unsigned<'a>(
-    state: &'_ ServerState,
-    ck_id: &'a str,
-    value: String,
-    path: &'a str,
-) -> Cookie<'a> {
-    let mut token_cookie = Cookie::new(ck_id, value);
-    token_cookie.set_secure(state.secure_cookies);
-    token_cookie.set_same_site(SameSite::Lax);
-    // Prevent Document.cookie accessing this. Still works with fetch.
-    token_cookie.set_http_only(true);
-    // We set a domain here because it allows subdomains
-    // of the idm to share the cookie. If domain was incorrect
-    // then webauthn won't work anyway!
-    token_cookie.set_domain(state.domain.clone());
-    token_cookie.set_path(path);
-    token_cookie
+pub fn make_unsigned<'a>(state: &'_ ServerState, ck_id: &'a str, value: String) -> Cookie<'a> {
+    new_cookie(state, ck_id, value)
 }
 
 pub fn make_signed<'a, T: Serialize>(
     state: &'_ ServerState,
     ck_id: &'a str,
     value: &'_ T,
-    path: &'a str,
 ) -> Option<Cookie<'a>> {
     let kref = &state.jws_signer;
 
@@ -63,13 +65,7 @@ pub fn make_signed<'a, T: Serialize>(
         })
         .ok()?;
 
-    let mut token_cookie = Cookie::new(ck_id, token);
-    token_cookie.set_secure(state.secure_cookies);
-    token_cookie.set_same_site(SameSite::Lax);
-    token_cookie.set_http_only(true);
-    token_cookie.set_path(path);
-    token_cookie.set_domain(state.domain.clone());
-    Some(token_cookie)
+    Some(new_cookie(state, ck_id, token))
 }
 
 pub fn get_signed<T: DeserializeOwned>(
diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index ec6b7e38b..e9066e2a6 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -177,10 +177,10 @@ pub async fn view_logout_get(
     };
 
     // Always clear cookies even on an error.
-    jar = cookies::destroy(jar, COOKIE_BEARER_TOKEN);
-    jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
-    jar = cookies::destroy(jar, COOKIE_AUTH_SESSION_ID);
-    jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
+    jar = cookies::destroy(jar, COOKIE_BEARER_TOKEN, &state);
+    jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ, &state);
+    jar = cookies::destroy(jar, COOKIE_AUTH_SESSION_ID, &state);
+    jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state);
 
     (jar, response).into_response()
 }
@@ -195,7 +195,7 @@ pub async fn view_reauth_get(
 ) -> Response {
     // No matter what, we always clear the stored oauth2 cookie to prevent
     // ui loops
-    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
+    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ, &state);
 
     let session_valid_result = state
         .qe_r_ref
@@ -322,7 +322,7 @@ pub async fn view_index_get(
 
     // No matter what, we always clear the stored oauth2 cookie to prevent
     // ui loops
-    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
+    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ, &state);
 
     match session_valid_result {
         Ok(()) => {
@@ -915,14 +915,10 @@ async fn view_login_step(
                         // Update jar
                         let token_str = token.to_string();
 
-                        // Important - this can be make unsigned as token_str has it's own
+                        // Important - this can be make unsigned as token_str has its own
                         // signatures.
-                        let mut bearer_cookie = cookies::make_unsigned(
-                            &state,
-                            COOKIE_BEARER_TOKEN,
-                            token_str.clone(),
-                            "/",
-                        );
+                        let mut bearer_cookie =
+                            cookies::make_unsigned(&state, COOKIE_BEARER_TOKEN, token_str.clone());
                         // Important - can be permanent as the token has its own expiration time internally
                         bearer_cookie.make_permanent();
 
@@ -933,7 +929,6 @@ async fn view_login_step(
                                 &state,
                                 COOKIE_USERNAME,
                                 session_context.username.clone(),
-                                Urls::Login.as_ref(),
                             );
                             username_cookie.make_permanent();
                             jar.add(username_cookie)
@@ -980,16 +975,11 @@ fn add_session_cookie(
     jar: CookieJar,
     session_context: &SessionContext,
 ) -> Result<CookieJar, OperationError> {
-    cookies::make_signed(
-        state,
-        COOKIE_AUTH_SESSION_ID,
-        session_context,
-        Urls::Login.as_ref(),
-    )
-    .map(|mut cookie| {
-        // Not needed when redirecting into this site
-        cookie.set_same_site(SameSite::Strict);
-        jar.add(cookie)
-    })
-    .ok_or(OperationError::InvalidSessionState)
+    cookies::make_signed(state, COOKIE_AUTH_SESSION_ID, session_context)
+        .map(|mut cookie| {
+            // Not needed when redirecting into this site
+            cookie.set_same_site(SameSite::Strict);
+            jar.add(cookie)
+        })
+        .ok_or(OperationError::InvalidSessionState)
 }
diff --git a/server/core/src/https/views/oauth2.rs b/server/core/src/https/views/oauth2.rs
index ce0a7de7c..373d47208 100644
--- a/server/core/src/https/views/oauth2.rs
+++ b/server/core/src/https/views/oauth2.rs
@@ -26,7 +26,6 @@ use axum_extra::extract::cookie::{CookieJar, SameSite};
 use axum_htmx::HX_REDIRECT;
 use serde::Deserialize;
 
-use super::constants::Urls;
 use super::login::{LoginDisplayCtx, Oauth2Ctx};
 use super::{cookies, UnrecoverableErrorView};
 
@@ -96,7 +95,7 @@ async fn oauth2_auth_req(
 ) -> Response {
     // No matter what, we always clear the stored oauth2 cookie to prevent
     // ui loops
-    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
+    let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ, &state);
 
     // If the auth_req was cross-signed, old, or just bad, error. But we have *cleared* it
     // from the cookie which means we won't see it again.
@@ -149,14 +148,17 @@ async fn oauth2_auth_req(
             consent_token,
         }) => {
             // We can just render the form now, the consent token has everything we need.
-            ConsentRequestView {
-                client_name,
-                // scopes,
-                pii_scopes,
-                consent_token,
-                redirect: None,
-            }
-            .into_response()
+            (
+                jar,
+                ConsentRequestView {
+                    client_name,
+                    // scopes,
+                    pii_scopes,
+                    consent_token,
+                    redirect: None,
+                },
+            )
+                .into_response()
         }
 
         Ok(AuthoriseResponse::AuthenticationRequired {
@@ -165,20 +167,19 @@ async fn oauth2_auth_req(
         }) => {
             // Sign the auth req and hide it in our cookie - we'll come back for
             // you later.
-            let maybe_jar =
-                cookies::make_signed(&state, COOKIE_OAUTH2_REQ, &auth_req, Urls::Ui.as_ref())
-                    .map(|mut cookie| {
-                        cookie.set_same_site(SameSite::Strict);
-                        // Expire at the end of the session.
-                        cookie.set_expires(None);
-                        // Could experiment with this to a shorter value, but session should be enough.
-                        cookie.set_max_age(None);
-                        jar.add(cookie)
-                    })
-                    .ok_or(OperationError::InvalidSessionState);
+            let maybe_jar = cookies::make_signed(&state, COOKIE_OAUTH2_REQ, &auth_req)
+                .map(|mut cookie| {
+                    cookie.set_same_site(SameSite::Strict);
+                    // Expire at the end of the session.
+                    cookie.set_expires(None);
+                    // Could experiment with this to a shorter value, but session should be enough.
+                    cookie.set_max_age(time::Duration::minutes(15));
+                    jar.clone().add(cookie)
+                })
+                .ok_or(OperationError::InvalidSessionState);
 
             match maybe_jar {
-                Ok(jar) => {
+                Ok(new_jar) => {
                     let display_ctx = LoginDisplayCtx {
                         domain_info,
                         oauth2: Some(Oauth2Ctx { client_name }),
@@ -186,21 +187,27 @@ async fn oauth2_auth_req(
                         error: None,
                     };
 
-                    super::login::view_oauth2_get(jar, display_ctx, login_hint)
+                    super::login::view_oauth2_get(new_jar, display_ctx, login_hint)
                 }
-                Err(err_code) => UnrecoverableErrorView {
-                    err_code,
-                    operation_id: kopid.eventid,
-                }
-                .into_response(),
+                Err(err_code) => (
+                    jar,
+                    UnrecoverableErrorView {
+                        err_code,
+                        operation_id: kopid.eventid,
+                    },
+                )
+                    .into_response(),
             }
         }
         Err(Oauth2Error::AccessDenied) => {
             // If scopes are not available for this account.
-            AccessDeniedView {
-                operation_id: kopid.eventid,
-            }
-            .into_response()
+            (
+                jar,
+                AccessDeniedView {
+                    operation_id: kopid.eventid,
+                },
+            )
+                .into_response()
         }
         /*
         RFC - If the request fails due to a missing, invalid, or mismatching
@@ -219,11 +226,14 @@ async fn oauth2_auth_req(
                 &err_code.to_string()
             );
 
-            UnrecoverableErrorView {
-                err_code: OperationError::InvalidState,
-                operation_id: kopid.eventid,
-            }
-            .into_response()
+            (
+                jar,
+                UnrecoverableErrorView {
+                    err_code: OperationError::InvalidState,
+                    operation_id: kopid.eventid,
+                },
+            )
+                .into_response()
         }
     }
 }
@@ -237,13 +247,13 @@ pub struct ConsentForm {
 }
 
 pub async fn view_consent_post(
-    State(state): State<ServerState>,
+    State(server_state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
     jar: CookieJar,
     Form(consent_form): Form<ConsentForm>,
 ) -> Result<Response, UnrecoverableErrorView> {
-    let res = state
+    let res = server_state
         .qe_w_ref
         .handle_oauth2_authorise_permit(client_auth_info, consent_form.consent_token, kopid.eventid)
         .await;
@@ -254,7 +264,7 @@ pub async fn view_consent_post(
             state,
             code,
         }) => {
-            let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ);
+            let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ, &server_state);
 
             if let Some(redirect) = consent_form.redirect {
                 Ok((
diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs
index d64b6cdf4..7e6dd55d6 100644
--- a/server/core/src/https/views/reset.rs
+++ b/server/core/src/https/views/reset.rs
@@ -220,7 +220,7 @@ pub(crate) async fn commit(
         .await?;
 
     // No longer need the cookie jar.
-    let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
+    let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state);
 
     Ok((jar, HxLocation::from(Uri::from_static("/ui")), "").into_response())
 }
@@ -241,7 +241,7 @@ pub(crate) async fn cancel_cred_update(
         .await?;
 
     // No longer need the cookie jar.
-    let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
+    let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state);
 
     Ok((
         jar,
@@ -688,7 +688,7 @@ fn add_cu_cookie(
     cu_session_token: CUSessionToken,
 ) -> CookieJar {
     let mut token_cookie =
-        cookies::make_unsigned(state, COOKIE_CU_SESSION_TOKEN, cu_session_token.token, "/");
+        cookies::make_unsigned(state, COOKIE_CU_SESSION_TOKEN, cu_session_token.token);
     token_cookie.set_same_site(SameSite::Strict);
     jar.add(token_cookie)
 }
@@ -788,7 +788,7 @@ pub(crate) async fn view_reset_get(
                 | OperationError::InvalidState,
             ) => {
                 // If our previous credential update session expired we want to see the reset form again.
-                jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN);
+                jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state);
 
                 if let Some(token) = params.token {
                     let token_uri_string = format!("{}?token={}", Urls::CredReset, token);

From 3430a1c31daa451350da6e2073bb3ea1a789406a Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sat, 4 Jan 2025 13:09:48 +1000
Subject: [PATCH 40/87] Ignore anonymous in oauth2 read allow access (#3336)

Administrators will sometimes configure oauth2 clients with `idm_all_accounts`
as an allowed scope group. Despite anonymous being *unable* to interact with
oauth2, this still allowed oauth2 clients to be read by anonymous in this
configuration. For some users, this may be considered a public info
disclosure.
---
 server/lib/src/server/access/mod.rs    | 22 +++++++++++++++++-----
 server/lib/src/server/access/search.rs |  5 +++++
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/server/lib/src/server/access/mod.rs b/server/lib/src/server/access/mod.rs
index 212b18c98..e57222b40 100644
--- a/server/lib/src/server/access/mod.rs
+++ b/server/lib/src/server/access/mod.rs
@@ -2964,6 +2964,7 @@ mod tests {
 
         let r_set = vec![Arc::new(ev1.clone()), Arc::new(ev2)];
 
+        // Check the authorisation search event, and that it reduces correctly.
         let se_a = SearchEvent::new_impersonate_entry(
             E_TEST_ACCOUNT_1.clone(),
             filter_all!(f_pres(Attribute::Name)),
@@ -2971,17 +2972,28 @@ mod tests {
         let ex_a = vec![Arc::new(ev1)];
         let ex_a_reduced = vec![ev1_reduced];
 
+        test_acp_search!(&se_a, vec![], r_set.clone(), ex_a);
+        test_acp_search_reduce!(&se_a, vec![], r_set.clone(), ex_a_reduced);
+
+        // Check that anonymous is denied even though it's a member of the group.
+        let anon: EntryInitNew = BUILTIN_ACCOUNT_ANONYMOUS_DL6.clone().into();
+        let mut anon = anon.into_invalid_new();
+        anon.set_ava_set(&Attribute::MemberOf, ValueSetRefer::new(UUID_TEST_GROUP_1));
+
+        let anon = Arc::new(anon.into_sealed_committed());
+
+        let se_anon =
+            SearchEvent::new_impersonate_entry(anon, filter_all!(f_pres(Attribute::Name)));
+        let ex_anon = vec![];
+        test_acp_search!(&se_anon, vec![], r_set.clone(), ex_anon);
+
+        // Check the deny case.
         let se_b = SearchEvent::new_impersonate_entry(
             E_TEST_ACCOUNT_2.clone(),
             filter_all!(f_pres(Attribute::Name)),
         );
         let ex_b = vec![];
 
-        // Check the authorisation search event, and that it reduces correctly.
-        test_acp_search!(&se_a, vec![], r_set.clone(), ex_a);
-        test_acp_search_reduce!(&se_a, vec![], r_set.clone(), ex_a_reduced);
-
-        // Check the deny case.
         test_acp_search!(&se_b, vec![], r_set, ex_b);
     }
 
diff --git a/server/lib/src/server/access/search.rs b/server/lib/src/server/access/search.rs
index 023cc099c..96e30a86b 100644
--- a/server/lib/src/server/access/search.rs
+++ b/server/lib/src/server/access/search.rs
@@ -168,6 +168,11 @@ fn search_oauth2_filter_entry(ident: &Identity, entry: &Arc<EntrySealedCommitted
     match &ident.origin {
         IdentType::Internal | IdentType::Synch(_) => AccessResult::Ignore,
         IdentType::User(iuser) => {
+            if iuser.entry.get_uuid() == UUID_ANONYMOUS {
+                debug!("Anonymous can't access OAuth2 entries, ignoring");
+                return AccessResult::Ignore;
+            }
+
             let contains_o2_rs = entry
                 .get_ava_as_iutf8(Attribute::Class)
                 .map(|set| {

From b74883ae0d30b86730b377e7d18259e85f9e9fcb Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Sat, 4 Jan 2025 15:25:46 +1000
Subject: [PATCH 41/87] Javascript linting (#3329)

* feat(ci/dev): adding npm/eslint config for javascript linting
* feat(ci/dev): adding js-prettier config for consistency in formatting
* fix(css): linting
* fix(js): linting the js things
---
 .editorconfig                              |   12 +
 .github/workflows/javascript_lint.yml      |   21 +
 .gitignore                                 |    3 +
 Makefile                                   |   31 +-
 server/core/eslint.config.mjs              |   16 +
 server/core/package-lock.json              | 1104 ++++++++++++++++++++
 server/core/package.json                   |   27 +
 server/core/prettier-ignore                |    1 +
 server/core/static/modules/cred_update.mjs |   95 +-
 server/core/static/pkhtml.js               |   70 +-
 server/core/static/style.css               |   16 +-
 11 files changed, 1323 insertions(+), 73 deletions(-)
 create mode 100644 .github/workflows/javascript_lint.yml
 create mode 100644 server/core/eslint.config.mjs
 create mode 100644 server/core/package-lock.json
 create mode 100644 server/core/package.json
 create mode 100644 server/core/prettier-ignore

diff --git a/.editorconfig b/.editorconfig
index 7eb6f3702..c918945cc 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -2,9 +2,21 @@
 
 root = true
 
+
+
 [*.md]
 charset = utf-8
 end_of_line = lf
 indent_size = 2
 max_line_length = 100
 trim_trailing_whitespace = true
+
+[*.js]
+tab_width = 4
+max_line_length = 120
+print_width = 120
+
+[*.mjs]
+tab_width = 4
+max_line_length = 120
+print_width = 120
\ No newline at end of file
diff --git a/.github/workflows/javascript_lint.yml b/.github/workflows/javascript_lint.yml
new file mode 100644
index 000000000..94081c99c
--- /dev/null
+++ b/.github/workflows/javascript_lint.yml
@@ -0,0 +1,21 @@
+---
+name: Javascript Linting
+"on":
+    - push
+    - pull_request
+jobs:
+  javascript_lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run ESLint to check Javascript files
+      run:
+        make eslint
+  javascript_fmt:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Run Prettier to check Javascript files
+      run:
+        make prettier
+
diff --git a/.gitignore b/.gitignore
index e3f702e83..caf09b333 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,6 @@ scripts/oauth_proxy/envfile
 # IDEs
 .idea/
 .vscode/
+
+# javascript test things
+node_modules/
\ No newline at end of file
diff --git a/Makefile b/Makefile
index bff9bbef9..ec11d2bb4 100644
--- a/Makefile
+++ b/Makefile
@@ -325,4 +325,33 @@ coverage: ## Run the coverage tests using cargo-tarpaulin
 coveralls: ## Run cargo tarpaulin and upload to coveralls
 coveralls:
 	cargo tarpaulin --coveralls $(COVERALLS_REPO_TOKEN)
-	@echo "Coveralls repo information is at https://coveralls.io/github/kanidm/kanidm"
\ No newline at end of file
+	@echo "Coveralls repo information is at https://coveralls.io/github/kanidm/kanidm"
+
+
+.PHONY: eslint
+eslint: ## Run eslint on the UI javascript things
+eslint: eslint/setup
+	@echo "################################"
+	@echo "   Running eslint..."
+	@echo "################################"
+	cd server/core && find ./static -name '*js' -not -path '*/external/*' -exec eslint "{}" \;
+	@echo "################################"
+	@echo "Done!"
+
+.PHONY: eslint/setup
+eslint/setup: ## Install eslint for the UI javascript things
+	cd server/core && npm ci
+
+.PHONY: prettier
+prettier: ## Run prettier on the UI javascript things
+prettier: eslint/setup
+	@echo "   Running prettier..."
+	cd server/core && npm run prettier
+	@echo "Done!"
+
+.PHONY: prettier/fix
+prettier/fix: ## Run prettier on the UI javascript things and write back changes
+prettier/fix: eslint/setup
+	@echo "   Running prettier..."
+	cd server/core && npm run prettier:fix
+	@echo "Done!"
\ No newline at end of file
diff --git a/server/core/eslint.config.mjs b/server/core/eslint.config.mjs
new file mode 100644
index 000000000..9b37c4f68
--- /dev/null
+++ b/server/core/eslint.config.mjs
@@ -0,0 +1,16 @@
+import globals from "globals";
+import pluginJs from "@eslint/js";
+
+
+/** @type {import('eslint').Linter.Config[]} */
+export default [
+  {
+    languageOptions: {
+      globals: {
+        ...globals.browser,
+        Base64 : "writeable" // to feed the Base64 class into the global scope
+      }
+    }
+  },
+  pluginJs.configs.recommended,
+];
\ No newline at end of file
diff --git a/server/core/package-lock.json b/server/core/package-lock.json
new file mode 100644
index 000000000..ca6a32c48
--- /dev/null
+++ b/server/core/package-lock.json
@@ -0,0 +1,1104 @@
+{
+  "name": "kanidm",
+  "version": "0.0.1-dev",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "kanidm",
+      "version": "0.0.1-dev",
+      "license": "MPL-2.0",
+      "devDependencies": {
+        "@eslint/js": "^9.17.0",
+        "eslint": "^9.17.0",
+        "globals": "^15.14.0",
+        "prettier": "^3.4.2"
+      }
+    },
+    "node_modules/@eslint-community/eslint-utils": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.1.tgz",
+      "integrity": "sha512-s3O3waFUrMV8P/XaF/+ZTp1X9XBZW1a4B97ZnjQF2KYWaFD2A8KyFBsrsfSjEmjn3RGWAIuvlneuZm3CUK3jbA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eslint-visitor-keys": "^3.4.3"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0"
+      }
+    },
+    "node_modules/@eslint-community/eslint-utils/node_modules/eslint-visitor-keys": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
+      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/@eslint-community/regexpp": {
+      "version": "4.12.1",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz",
+      "integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
+      }
+    },
+    "node_modules/@eslint/config-array": {
+      "version": "0.19.1",
+      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.19.1.tgz",
+      "integrity": "sha512-fo6Mtm5mWyKjA/Chy1BYTdn5mGJoDNjC7C64ug20ADsRDGrA85bN3uK3MaKbeRkRuuIEAR5N33Jr1pbm411/PA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@eslint/object-schema": "^2.1.5",
+        "debug": "^4.3.1",
+        "minimatch": "^3.1.2"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
+    "node_modules/@eslint/core": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.9.1.tgz",
+      "integrity": "sha512-GuUdqkyyzQI5RMIWkHhvTWLCyLo1jNK3vzkSyaExH5kHPDHcuL2VOpHjmMY+y3+NC69qAKToBqldTBgYeLSr9Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@types/json-schema": "^7.0.15"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
+    "node_modules/@eslint/eslintrc": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.2.0.tgz",
+      "integrity": "sha512-grOjVNN8P3hjJn/eIETF1wwd12DdnwFDoyceUJLYYdkpbwq3nLi+4fqrTAONx7XDALqlL220wC/RHSC/QTI/0w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ajv": "^6.12.4",
+        "debug": "^4.3.2",
+        "espree": "^10.0.1",
+        "globals": "^14.0.0",
+        "ignore": "^5.2.0",
+        "import-fresh": "^3.2.1",
+        "js-yaml": "^4.1.0",
+        "minimatch": "^3.1.2",
+        "strip-json-comments": "^3.1.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/@eslint/eslintrc/node_modules/globals": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz",
+      "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@eslint/js": {
+      "version": "9.17.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.17.0.tgz",
+      "integrity": "sha512-Sxc4hqcs1kTu0iID3kcZDW3JHq2a77HO9P8CP6YEA/FpH3Ll8UXE2r/86Rz9YJLKme39S9vU5OWNjC6Xl0Cr3w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
+    "node_modules/@eslint/object-schema": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.5.tgz",
+      "integrity": "sha512-o0bhxnL89h5Bae5T318nFoFzGy+YE5i/gGkoPAgkmTVdRKTiv3p8JHevPiPaMwoloKfEiiaHlawCqaZMqRm+XQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
+    "node_modules/@eslint/plugin-kit": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.2.4.tgz",
+      "integrity": "sha512-zSkKow6H5Kdm0ZUQUB2kV5JIXqoG0+uH5YADhaEHswm664N9Db8dXSi0nMJpacpMf+MyyglF1vnZohpEg5yUtg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "levn": "^0.4.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      }
+    },
+    "node_modules/@humanfs/core": {
+      "version": "0.19.1",
+      "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz",
+      "integrity": "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18.18.0"
+      }
+    },
+    "node_modules/@humanfs/node": {
+      "version": "0.16.6",
+      "resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.6.tgz",
+      "integrity": "sha512-YuI2ZHQL78Q5HbhDiBA1X4LmYdXCKCMQIfw0pw7piHJwyREFebJUvrQN4cMssyES6x+vfUbx1CIpaQUKYdQZOw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@humanfs/core": "^0.19.1",
+        "@humanwhocodes/retry": "^0.3.0"
+      },
+      "engines": {
+        "node": ">=18.18.0"
+      }
+    },
+    "node_modules/@humanfs/node/node_modules/@humanwhocodes/retry": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.3.1.tgz",
+      "integrity": "sha512-JBxkERygn7Bv/GbN5Rv8Ul6LVknS+5Bp6RgDC/O8gEBU/yeH5Ui5C/OlWrTb6qct7LjjfT6Re2NxB0ln0yYybA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18.18"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/nzakas"
+      }
+    },
+    "node_modules/@humanwhocodes/module-importer": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz",
+      "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=12.22"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/nzakas"
+      }
+    },
+    "node_modules/@humanwhocodes/retry": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.1.tgz",
+      "integrity": "sha512-c7hNEllBlenFTHBky65mhq8WD2kbN9Q6gk0bTk8lSBvc554jpXSkST1iePudpt7+A/AQvuHs9EMqjHDXMY1lrA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18.18"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/nzakas"
+      }
+    },
+    "node_modules/@types/estree": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz",
+      "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/json-schema": {
+      "version": "7.0.15",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
+      "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/acorn": {
+      "version": "8.14.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
+      "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-jsx": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz",
+      "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0"
+      }
+    },
+    "node_modules/ajv": {
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+      "dev": true,
+      "license": "Python-2.0"
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/callsites": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
+      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/cross-spawn": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/debug": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz",
+      "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/deep-is": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
+      "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/eslint": {
+      "version": "9.17.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.17.0.tgz",
+      "integrity": "sha512-evtlNcpJg+cZLcnVKwsai8fExnqjGPicK7gnUtlNuzu+Fv9bI0aLpND5T44VLQtoMEnI57LoXO9XAkIXwohKrA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.2.0",
+        "@eslint-community/regexpp": "^4.12.1",
+        "@eslint/config-array": "^0.19.0",
+        "@eslint/core": "^0.9.0",
+        "@eslint/eslintrc": "^3.2.0",
+        "@eslint/js": "9.17.0",
+        "@eslint/plugin-kit": "^0.2.3",
+        "@humanfs/node": "^0.16.6",
+        "@humanwhocodes/module-importer": "^1.0.1",
+        "@humanwhocodes/retry": "^0.4.1",
+        "@types/estree": "^1.0.6",
+        "@types/json-schema": "^7.0.15",
+        "ajv": "^6.12.4",
+        "chalk": "^4.0.0",
+        "cross-spawn": "^7.0.6",
+        "debug": "^4.3.2",
+        "escape-string-regexp": "^4.0.0",
+        "eslint-scope": "^8.2.0",
+        "eslint-visitor-keys": "^4.2.0",
+        "espree": "^10.3.0",
+        "esquery": "^1.5.0",
+        "esutils": "^2.0.2",
+        "fast-deep-equal": "^3.1.3",
+        "file-entry-cache": "^8.0.0",
+        "find-up": "^5.0.0",
+        "glob-parent": "^6.0.2",
+        "ignore": "^5.2.0",
+        "imurmurhash": "^0.1.4",
+        "is-glob": "^4.0.0",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "lodash.merge": "^4.6.2",
+        "minimatch": "^3.1.2",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.9.3"
+      },
+      "bin": {
+        "eslint": "bin/eslint.js"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "url": "https://eslint.org/donate"
+      },
+      "peerDependencies": {
+        "jiti": "*"
+      },
+      "peerDependenciesMeta": {
+        "jiti": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/eslint-scope": {
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.2.0.tgz",
+      "integrity": "sha512-PHlWUfG6lvPc3yvP5A4PNyBL1W8fkDUccmI21JUu/+GKZBoH/W5u6usENXUrWFRsyoW5ACUjFGgAFQp5gUlb/A==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^5.2.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/eslint-visitor-keys": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.0.tgz",
+      "integrity": "sha512-UyLnSehNt62FFhSwjZlHmeokpRK59rcz29j+F1/aDgbkbRTk7wIc9XzdoasMUbRNKDM0qQt/+BJ4BrpFeABemw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/espree": {
+      "version": "10.3.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-10.3.0.tgz",
+      "integrity": "sha512-0QYC8b24HWY8zjRnDTL6RiHfDbAWn63qb4LMj1Z4b076A4une81+z03Kg7l7mn/48PUTqoLptSXez8oknU8Clg==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "acorn": "^8.14.0",
+        "acorn-jsx": "^5.3.2",
+        "eslint-visitor-keys": "^4.2.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
+    "node_modules/esquery": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz",
+      "integrity": "sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "estraverse": "^5.1.0"
+      },
+      "engines": {
+        "node": ">=0.10"
+      }
+    },
+    "node_modules/esrecurse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz",
+      "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "estraverse": "^5.2.0"
+      },
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/estraverse": {
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz",
+      "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/esutils": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/file-entry-cache": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-8.0.0.tgz",
+      "integrity": "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "flat-cache": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/find-up": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz",
+      "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "locate-path": "^6.0.0",
+        "path-exists": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/flat-cache": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-4.0.1.tgz",
+      "integrity": "sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "flatted": "^3.2.9",
+        "keyv": "^4.5.4"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/flatted": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.2.tgz",
+      "integrity": "sha512-AiwGJM8YcNOaobumgtng+6NHuOqC3A7MixFeDafM3X9cIUM+xUXoS5Vfgf+OihAYe20fxqNM9yPBXJzRtZ/4eA==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/glob-parent": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
+      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.3"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
+    "node_modules/globals": {
+      "version": "15.14.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-15.14.0.tgz",
+      "integrity": "sha512-OkToC372DtlQeje9/zHIo5CT8lRP/FUgEOKBEhU4e0abL7J7CD24fD9ohiLN5hagG/kWCYj4K5oaxxtj2Z0Dig==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ignore": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/import-fresh": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz",
+      "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "parent-module": "^1.0.0",
+        "resolve-from": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.8.19"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
+      "dev": true,
+      "license": "ISC"
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/json-buffer": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz",
+      "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/json-stable-stringify-without-jsonify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
+      "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/keyv": {
+      "version": "4.5.4",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz",
+      "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "json-buffer": "3.0.1"
+      }
+    },
+    "node_modules/levn": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
+      "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "prelude-ls": "^1.2.1",
+        "type-check": "~0.4.0"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/locate-path": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz",
+      "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-locate": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/lodash.merge": {
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz",
+      "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/minimatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/natural-compare": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
+      "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/optionator": {
+      "version": "0.9.4",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz",
+      "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "deep-is": "^0.1.3",
+        "fast-levenshtein": "^2.0.6",
+        "levn": "^0.4.1",
+        "prelude-ls": "^1.2.1",
+        "type-check": "^0.4.0",
+        "word-wrap": "^1.2.5"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/p-limit": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+      "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "yocto-queue": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/p-locate": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
+      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "p-limit": "^3.0.2"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/parent-module": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
+      "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "callsites": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/prelude-ls": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
+      "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/prettier": {
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz",
+      "integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==",
+      "dev": true,
+      "license": "MIT",
+      "bin": {
+        "prettier": "bin/prettier.cjs"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/prettier/prettier?sponsor=1"
+      }
+    },
+    "node_modules/punycode": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
+      "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/resolve-from": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
+      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/type-check": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
+      "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "prelude-ls": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "dependencies": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "node_modules/which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/word-wrap": {
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
+      "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/yocto-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    }
+  }
+}
diff --git a/server/core/package.json b/server/core/package.json
new file mode 100644
index 000000000..7d07819de
--- /dev/null
+++ b/server/core/package.json
@@ -0,0 +1,27 @@
+{
+  "name": "kanidm",
+  "version": "0.0.1-dev",
+  "description": "Kanidm UI Javascript - not a publishable package, just for development",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/kanidm/kanidm.git"
+  },
+  "author": "",
+  "license": "MPL-2.0",
+  "bugs": {
+    "url": "https://github.com/kanidm/kanidm/issues"
+  },
+  "homepage": "https://kanidm.com",
+  "devDependencies": {
+    "@eslint/js": "^9.17.0",
+    "eslint": "^9.17.0",
+    "globals": "^15.14.0",
+    "prettier": "^3.4.2"
+  },
+  "scripts" : {
+    "prettier": "npx prettier  --ignore-path 'prettier-ignore' ./static --check",
+    "prettier:fix": "npx prettier --ignore-path 'prettier-ignore' ./static --write"
+  }
+
+}
diff --git a/server/core/prettier-ignore b/server/core/prettier-ignore
new file mode 100644
index 000000000..4c6d04fa5
--- /dev/null
+++ b/server/core/prettier-ignore
@@ -0,0 +1 @@
+static/external/
\ No newline at end of file
diff --git a/server/core/static/modules/cred_update.mjs b/server/core/static/modules/cred_update.mjs
index 701cc8ec0..e794fb3ad 100644
--- a/server/core/static/modules/cred_update.mjs
+++ b/server/core/static/modules/cred_update.mjs
@@ -1,4 +1,4 @@
-console.debug('credupdate: loaded');
+console.debug("credupdate: loaded");
 
 // Makes the password form interactive (e.g. shows when passwords don't match)
 function setupInteractivePwdFormListeners() {
@@ -18,10 +18,10 @@ function setupInteractivePwdFormListeners() {
         pwd_submit.disabled = true;
     }
 
-    new_pwd.addEventListener("input", (_) => {
+    new_pwd.addEventListener("input", () => {
         // Don't mark invalid if user didn't fill in the confirmation box yet
-        // Also my password manager (keepassxc with autocomplete)
-        //   likes to fire off input events when both inputs were empty.
+        // Also KeepassXC with autocomplete likes to fire off input events when
+        // both inputs are empty.
         if (new_pwd_check.value !== "") {
             if (new_pwd.value === new_pwd_check.value) {
                 markPwdCheckValid();
@@ -32,7 +32,7 @@ function setupInteractivePwdFormListeners() {
         new_pwd.classList.remove("is-invalid");
     });
 
-    new_pwd_check.addEventListener("input", (_) => {
+    new_pwd_check.addEventListener("input", () => {
         // No point in updating the status if confirmation box is empty
         if (new_pwd_check.value === "") return;
         if (new_pwd_check.value === new_pwd.value) {
@@ -43,38 +43,44 @@ function setupInteractivePwdFormListeners() {
     });
 }
 
-window.stillSwapFailureResponse = function(event) {
+window.stillSwapFailureResponse = function (event) {
     if (event.detail.xhr.status === 422 || event.detail.xhr.status === 500) {
-        console.log("Still swapping failure response")
+        console.debug(`Got HTTP/${event.detail.xhr.status}, still swapping failure response`);
         event.detail.shouldSwap = true;
         event.detail.isError = false;
     }
-}
+};
 
 function onPasskeyCreated(assertion) {
     try {
-        console.log(assertion)
+        console.log(assertion);
         let creationData = {};
 
         creationData.id = assertion.id;
-        creationData.rawId = Base64.fromUint8Array(new Uint8Array(assertion.rawId))
+        creationData.rawId = Base64.fromUint8Array(new Uint8Array(assertion.rawId));
         creationData.response = {};
-        creationData.response.attestationObject = Base64.fromUint8Array(new Uint8Array(assertion.response.attestationObject))
-        creationData.response.clientDataJSON = Base64.fromUint8Array(new Uint8Array(assertion.response.clientDataJSON))
-        creationData.type = assertion.type
-        creationData.extensions = assertion.getClientExtensionResults()
-        creationData.extensions.uvm = undefined
+        creationData.response.attestationObject = Base64.fromUint8Array(
+            new Uint8Array(assertion.response.attestationObject),
+        );
+        creationData.response.clientDataJSON = Base64.fromUint8Array(new Uint8Array(assertion.response.clientDataJSON));
+        creationData.type = assertion.type;
+        creationData.extensions = assertion.getClientExtensionResults();
+        creationData.extensions.uvm = undefined;
 
         // Put the passkey creation data into the form for submission
-        document.getElementById("passkey-create-data").value = JSON.stringify(creationData)
+        document.getElementById("passkey-create-data").value = JSON.stringify(creationData);
 
         // Make the name input visible and hide the "Begin Passkey Enrollment" button
-        document.getElementById("passkeyNamingSafariPre").classList.add("d-none")
-        document.getElementById("passkeyNamingForm").classList.remove("d-none")
-        document.getElementById("passkeyNamingSubmitBtn").classList.remove("d-none")
+        document.getElementById("passkeyNamingSafariPre").classList.add("d-none");
+        document.getElementById("passkeyNamingForm").classList.remove("d-none");
+        document.getElementById("passkeyNamingSubmitBtn").classList.remove("d-none");
     } catch (e) {
-        console.log(e)
-        if (confirm("Failed to encode your new passkey's data for transmission, confirm to reload this page.\nReport this issue if it keeps occurring.")) {
+        console.log(e);
+        if (
+            confirm(
+                "Failed to encode your new passkey's data for transmission, confirm to reload this page.\nReport this issue if it keeps occurring.",
+            )
+        ) {
             window.location.reload();
         }
     }
@@ -82,36 +88,41 @@ function onPasskeyCreated(assertion) {
 
 function startPasskeyEnrollment() {
     try {
-        const data_elem = document.getElementById('data');
+        const data_elem = document.getElementById("data");
         const credentialRequestOptions = JSON.parse(data_elem.textContent);
-        credentialRequestOptions.publicKey.challenge = Base64.toUint8Array(credentialRequestOptions.publicKey.challenge);
+        credentialRequestOptions.publicKey.challenge = Base64.toUint8Array(
+            credentialRequestOptions.publicKey.challenge,
+        );
         credentialRequestOptions.publicKey.user.id = Base64.toUint8Array(credentialRequestOptions.publicKey.user.id);
 
-        console.log(credentialRequestOptions)
-        navigator.credentials
-            .create({publicKey: credentialRequestOptions.publicKey})
-            .then((assertion) => {
+        console.log(credentialRequestOptions);
+        navigator.credentials.create({ publicKey: credentialRequestOptions.publicKey }).then(
+            (assertion) => {
                 onPasskeyCreated(assertion);
-            }, (reason) => {
-                alert("Passkey creation failed " +  reason.toString())
-                console.log("Passkey creation failed: " + reason.toString())
-            });
+            },
+            (reason) => {
+                alert(`Passkey creation failed ${reason.toString()}`);
+                console.log(`Passkey creation failed: ${reason.toString()}`);
+            },
+        );
     } catch (e) {
-        console.log(e)
-        if (confirm("Failed to initialize passkey creation, confirm to reload this page.\nReport this issue if it keeps occurring.")) {
+        console.log(`Failed to initialize passkey creation: ${e}`);
+        if (
+            confirm(
+                "Failed to initialize passkey creation, confirm to reload this page.\nReport this issue if it keeps occurring.",
+            )
+        ) {
             window.location.reload();
         }
     }
 }
 
 function setupPasskeyNamingSafariButton() {
-    document.getElementById("passkeyNamingSafariBtn")
-        .addEventListener("click", startPasskeyEnrollment)
+    document.getElementById("passkeyNamingSafariBtn").addEventListener("click", startPasskeyEnrollment);
 }
 
 function setupSubmitBtnVisibility() {
-    document.getElementById("passkey-label")
-        ?.addEventListener("input", updateSubmitButtonVisibility)
+    document.getElementById("passkey-label")?.addEventListener("input", updateSubmitButtonVisibility);
 }
 
 function updateSubmitButtonVisibility(event) {
@@ -119,12 +130,14 @@ function updateSubmitButtonVisibility(event) {
     submitButton.disabled = event.value === "";
 }
 
-(function() {
-    console.debug('credupdate: init');
-    document.body.addEventListener("addPasswordSwapped", () => { setupInteractivePwdFormListeners() });
+(function () {
+    console.debug("credupdate: init");
+    document.body.addEventListener("addPasswordSwapped", () => {
+        setupInteractivePwdFormListeners();
+    });
     document.body.addEventListener("addPasskeySwapped", () => {
         setupPasskeyNamingSafariButton();
         startPasskeyEnrollment();
         setupSubmitBtnVisibility();
     });
-})()
+})();
diff --git a/server/core/static/pkhtml.js b/server/core/static/pkhtml.js
index 3cff9f8fc..14ec25ac3 100644
--- a/server/core/static/pkhtml.js
+++ b/server/core/static/pkhtml.js
@@ -1,29 +1,45 @@
+/**
+ * Initiates the passkey login process by requesting credentials from the user.
+ *
+ * This function retrieves the credential request options from the DOM, converts
+ * necessary fields from Base64 to Uint8Array, and then uses the Web Authentication API
+ * to get the user's credentials. Upon successful retrieval, it encodes the assertion
+ * response back to Base64 and submits the form with the credential data.
+ *
+ * @function asskey_login
+ * @throws {Error} If the passkey authentication process fails.
+ */
 
 function asskey_login() {
-    let credentialRequestOptions = JSON.parse(document.getElementById('data').textContent);
+    let credentialRequestOptions = JSON.parse(document.getElementById("data").textContent);
     credentialRequestOptions.publicKey.challenge = Base64.toUint8Array(credentialRequestOptions.publicKey.challenge);
     credentialRequestOptions.publicKey.allowCredentials?.forEach(function (listItem) {
-        listItem.id = Base64.toUint8Array(listItem.id)
+        listItem.id = Base64.toUint8Array(listItem.id);
     });
 
-    navigator.credentials.get({ publicKey: credentialRequestOptions.publicKey })
-    .then((assertion) => {
-        document.getElementById("cred").value = JSON.stringify({
-            id: assertion.id,
-            rawId: Base64.fromUint8Array(new Uint8Array(assertion.rawId), true),
-            type: assertion.type,
-            response: {
-                authenticatorData: Base64.fromUint8Array(new Uint8Array(assertion.response.authenticatorData), true),
-                clientDataJSON: Base64.fromUint8Array(new Uint8Array(assertion.response.clientDataJSON), true),
-                signature: Base64.fromUint8Array(new Uint8Array(assertion.response.signature), true),
-                userHandle: Base64.fromUint8Array(new Uint8Array(assertion.response.userHandle), true)
-            },
+    navigator.credentials
+        .get({ publicKey: credentialRequestOptions.publicKey })
+        .then((assertion) => {
+            document.getElementById("cred").value = JSON.stringify({
+                id: assertion.id,
+                rawId: Base64.fromUint8Array(new Uint8Array(assertion.rawId), true),
+                type: assertion.type,
+                response: {
+                    authenticatorData: Base64.fromUint8Array(
+                        new Uint8Array(assertion.response.authenticatorData),
+                        true,
+                    ),
+                    clientDataJSON: Base64.fromUint8Array(new Uint8Array(assertion.response.clientDataJSON), true),
+                    signature: Base64.fromUint8Array(new Uint8Array(assertion.response.signature), true),
+                    userHandle: Base64.fromUint8Array(new Uint8Array(assertion.response.userHandle), true),
+                },
+            });
+            document.getElementById("cred-form").submit();
+        })
+        .catch((error) => {
+            console.error(`Failed to complete passkey authentication: ${error}`);
+            throw error;
         });
-        document.getElementById("cred-form").submit();
-    }).catch((error) => {
-        console.error(`Failed to complete passkey authentication: ${error}`);
-        throw error;
-    });
 }
 
 try {
@@ -31,17 +47,23 @@ try {
     myButton.addEventListener("click", () => {
         asskey_login();
     });
-} catch (_error) {};
+} catch (error) {
+    console.error(`Failed to add button event listener for passkey authentication: ${error}`);
+}
 
 try {
     const myButton = document.getElementById("start-seckey-button");
     myButton.addEventListener("click", () => {
         asskey_login();
     });
-} catch (_error) {};
+} catch (error) {
+    console.error(`Failed to add button event listener for security key authentication: ${error}`);
+}
 
 try {
-    window.addEventListener("load", (event) => {
-        asskey_login()
+    addEventListener("load", () => {
+        asskey_login();
     });
-} catch (_error) {};
+} catch (error) {
+    console.error(`Failed to add load-time event listener for passkey authentication: ${error}`);
+}
diff --git a/server/core/static/style.css b/server/core/static/style.css
index dde40bb11..577a79909 100644
--- a/server/core/static/style.css
+++ b/server/core/static/style.css
@@ -30,14 +30,15 @@ body {
 
 .side-menu-item {
   --icon-size: 24px;
-  padding: .4rem .7rem;
+  padding: 0.4rem 0.7rem;
   text-decoration: none;
 
   &.active {
     font-weight: 600;
   }
 
-  &:hover, &.active {
+  &:hover,
+  &.active {
     background-color: var(--bs-gray-300);
   }
 
@@ -53,7 +54,6 @@ body {
  * Personal Settings sidemenu
  */
 
-
 /*
  * Navbar
  */
@@ -80,7 +80,9 @@ body {
   margin: auto;
   border-radius: 15px;
   background: #21252915;
-  box-shadow: -5px -5px 11px #ededed, 5px 5px 11px #ffffff;
+  box-shadow:
+    -5px -5px 11px #ededed,
+    5px 5px 11px #ffffff;
   margin: 15px;
 }
 
@@ -150,9 +152,9 @@ body {
 }
 
 .btn-tiny {
-  --bs-btn-padding-y: .05rem;
-  --bs-btn-padding-x: .4rem;
-  --bs-btn-font-size: .75rem;
+  --bs-btn-padding-y: 0.05rem;
+  --bs-btn-padding-x: 0.4rem;
+  --bs-btn-font-size: 0.75rem;
 }
 
 #cred-update-commit-bar {

From 761dda688e9ae1b9a4edc7cdc5b602e7ef07bb36 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Mon, 6 Jan 2025 15:58:40 +1000
Subject: [PATCH 42/87] Fix /var/run/kanidm-unixd permission (#3342)

This folder was set to 750 which prevented non-root users from reading the
localhost unixd socket which is required for nss/pam to operate.
---
 platform/freebsd/client/pkg-plist | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/platform/freebsd/client/pkg-plist b/platform/freebsd/client/pkg-plist
index a4cc43986..dae0fd306 100644
--- a/platform/freebsd/client/pkg-plist
+++ b/platform/freebsd/client/pkg-plist
@@ -10,4 +10,4 @@ libexec/kanidm_unixd_tasks
 @dir /var/lib
 @dir(_kanidm_unixd,_kanidm_unixd,750) /var/cache/kanidm-unixd
 @dir(_kanidm_unixd,_kanidm_unixd,750) /var/lib/kanidm-unixd
-@dir(_kanidm_unixd,_kanidm_unixd,750) /var/run/kanidm-unixd
+@dir(_kanidm_unixd,_kanidm_unixd,755) /var/run/kanidm-unixd

From a3358828a8b28db93473b6067d37ec2422f08b15 Mon Sep 17 00:00:00 2001
From: George Wu <gbw@users.noreply.github.com>
Date: Mon, 6 Jan 2025 02:58:42 -0800
Subject: [PATCH 43/87] Add support for prefers-color-scheme using Bootstrap
 classes. (#3327)

* Add support for prefers-color-scheme using Bootstrap classes.
* Move stylesheet changes to separate javascript file.
* fix(html): don't specify the integrity hash in the tag for style.js
* fix(log): debug-log integrity hashes for troubleshooting
* fix(css): move to using bootstrap standard variables for colours and theming
* fix(js): rewrite to simplify and use standard bootstrap functionality
* fix(makefile): codespell thingie was complaining
* run prettier on css/js.

---------

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 Makefile                                      |  5 ++--
 server/core/src/https/mod.rs                  |  2 ++
 server/core/static/style.css                  | 27 +++++++++++++++----
 server/core/static/style.js                   | 19 +++++++++++++
 server/core/templates/apps_partial.html       |  2 +-
 server/core/templates/base.html               |  5 +++-
 server/core/templates/base_htmx.html          |  5 +++-
 .../templates/credentials_update_partial.html |  2 +-
 server/core/templates/login.html              |  2 +-
 server/core/templates/login_backupcode.html   |  2 +-
 server/core/templates/login_mech_choose.html  |  2 +-
 server/core/templates/login_password.html     |  2 +-
 server/core/templates/login_totp.html         |  2 +-
 server/core/templates/login_webauthn.html     |  4 +--
 server/core/templates/navbar.html             |  2 +-
 .../core/templates/oauth2_device_login.html   |  2 +-
 .../templates/user_settings_partial_base.html |  2 +-
 17 files changed, 65 insertions(+), 22 deletions(-)
 create mode 100644 server/core/static/style.js

diff --git a/Makefile b/Makefile
index ec11d2bb4..cd3f8e896 100644
--- a/Makefile
+++ b/Makefile
@@ -178,9 +178,8 @@ codespell:
 	--skip='*.svg' \
 	--skip='*.br' \
 	--skip='./rlm_python/mods-available/eap' \
-	--skip='./server/lib/src/constants/system_config.rs'
-	--skip='./pykanidm/site' \
-	--skip='./server/lib/src/constants/*.json'
+	--skip='./server/lib/src/constants/system_config.rs' \
+	--skip='./pykanidm/site'
 
 .PHONY: test/pykanidm/pytest
 test/pykanidm/pytest: ## python library testing
diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index 6b8e34cdd..049c62e00 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -140,11 +140,13 @@ pub(crate) fn get_js_files(role: ServerRole) -> Result<Vec<JavaScriptFile>, ()>
             "external/base64.js",
             "modules/cred_update.mjs",
             "pkhtml.js",
+            "style.js",
         ];
 
         for filepath in filelist {
             match generate_integrity_hash(format!("{}/{}", pkg_path, filepath,)) {
                 Ok(hash) => {
+                    debug!("Integrity hash for {}: {}", filepath, hash);
                     let js = JavaScriptFile { hash };
                     all_pages.push(js)
                 }
diff --git a/server/core/static/style.css b/server/core/static/style.css
index 577a79909..fe4c1c0b4 100644
--- a/server/core/static/style.css
+++ b/server/core/static/style.css
@@ -39,7 +39,7 @@ body {
 
   &:hover,
   &.active {
-    background-color: var(--bs-gray-300);
+    background-color: var(--bs-tertiary-bg);
   }
 
   .icon-container img {
@@ -57,6 +57,23 @@ body {
 /*
  * Navbar
  */
+nav.kanidm_navbar {
+  background-color: var(--bs-navbar-brand-color);
+}
+
+nav a.navbar-brand,
+nav a.nav-link {
+  color: var(--bs-body-bg);
+}
+
+nav a.navbar-brand:hover,
+nav a.nav-link:hover {
+  color: var(--bs-secondary-bg);
+}
+
+footer {
+  background-color: var(--bs-tertiary-bg);
+}
 
 .kanidm_logo {
   width: 12em;
@@ -79,7 +96,7 @@ body {
   align-items: center;
   margin: auto;
   border-radius: 15px;
-  background: #21252915;
+  background-color: #21252915;
   box-shadow:
     -5px -5px 11px #ededed,
     5px 5px 11px #ffffff;
@@ -122,15 +139,15 @@ body {
 }
 
 .totp-timer__path-remaining.green {
-  color: rgb(65, 184, 131);
+  color: var(--bs-success);
 }
 
 .totp-timer__path-remaining.orange {
-  color: orange;
+  color: var(--bs-warning);
 }
 
 .totp-timer__path-remaining.red {
-  color: red;
+  color: var(--bs-danger);
 }
 
 .totp-timer__path-remaining.no-transition {
diff --git a/server/core/static/style.js b/server/core/static/style.js
new file mode 100644
index 000000000..bb11c201a
--- /dev/null
+++ b/server/core/static/style.js
@@ -0,0 +1,19 @@
+/**  Queries the user's preferred colour scheme and returns the appropriate value.
+ From https://getbootstrap.com/docs/5.3/customize/color-modes/#javascript
+*/
+function getPreferredTheme() {
+    return window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light";
+}
+
+/**  Sets the theme.
+ */
+function updateColourScheme() {
+    const theme = getPreferredTheme();
+    console.debug(`updateColourScheme theme->${theme}`);
+    document.documentElement.setAttribute("data-bs-theme", theme);
+}
+
+updateColourScheme();
+window.matchMedia("(prefers-color-scheme: light)").addEventListener("change", updateColourScheme);
+window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", updateColourScheme);
+document.body.addEventListener("htmx:afterOnLoad", updateColourScheme);
diff --git a/server/core/templates/apps_partial.html b/server/core/templates/apps_partial.html
index 4bad4f153..1e63e5682 100644
--- a/server/core/templates/apps_partial.html
+++ b/server/core/templates/apps_partial.html
@@ -13,7 +13,7 @@
 				(% match app %)
 				(% when AppLink::Oauth2 with { name, display_name, redirect_url, has_image }
 				%)
-				<a href="(( redirect_url ))" class="link-dark stretched-link mt-2">
+				<a href="(( redirect_url ))" class="link-emphasis stretched-link mt-2">
 					(% if has_image %)
 					<img src="/ui/images/oauth2/(( name ))" class="oauth2-img"
 						alt="((display_name)) icon" id="(( name ))">
diff --git a/server/core/templates/base.html b/server/core/templates/base.html
index cef017ee4..30a4b19d4 100644
--- a/server/core/templates/base.html
+++ b/server/core/templates/base.html
@@ -15,6 +15,9 @@
 		<script
 			src="/pkg/external/bootstrap.bundle.min.js?v=((crate::https::cache_buster::get_cache_buster_key()))"
 			integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz"></script>
+		<script
+			src="/pkg/style.js?v=((crate::https::cache_buster::get_cache_buster_key()))"
+			defer></script>
 		<link rel="stylesheet"
 			href="/pkg/style.css?v=((crate::https::cache_buster::get_cache_buster_key()))" />
 
@@ -22,7 +25,7 @@
 	</head>
 	<body class="flex-column d-flex h-100">
 		(% block body %)(% endblock %)
-		<footer class="footer mt-auto py-3 bg-light text-end">
+		<footer class="footer mt-auto py-3 bs-secondary-bg text-end">
 			<div class="container">
 				<span class="text-muted">Powered by <a
 						href="https://kanidm.com">Kanidm</a></span>
diff --git a/server/core/templates/base_htmx.html b/server/core/templates/base_htmx.html
index 6cd2a6bba..7ecf89e1c 100644
--- a/server/core/templates/base_htmx.html
+++ b/server/core/templates/base_htmx.html
@@ -19,6 +19,9 @@
 		<script
 			src="/pkg/external/htmx.min.1.9.12.js?v=((crate::https::cache_buster::get_cache_buster_key()))"
 			integrity="sha384-ujb1lZYygJmzgSwoxRggbCHcjc0rB2XoQrxeTUQyRjrOnlCoYta87iKBWq3EsdM2"></script>
+		<script
+			src="/pkg/style.js?v=((crate::https::cache_buster::get_cache_buster_key()))"
+			defer></script>
 		<link rel="stylesheet"
 			href="/pkg/style.css?v=((crate::https::cache_buster::get_cache_buster_key()))" />
 
@@ -27,7 +30,7 @@
 	<body hx-boost="true" class="flex-column d-flex h-100">
 		(% block nav %)(% endblock %)
 		(% block body %)(% endblock %)
-		<footer class="footer mt-auto py-3 bg-light text-end">
+		<footer class="footer mt-auto py-3 bs-secondary-bg text-end">
 			<div class="container">
 				<span class="text-muted">Powered by <a
 						href="https://kanidm.com">Kanidm</a></span>
diff --git a/server/core/templates/credentials_update_partial.html b/server/core/templates/credentials_update_partial.html
index 7dfdea067..6b70cee27 100644
--- a/server/core/templates/credentials_update_partial.html
+++ b/server/core/templates/credentials_update_partial.html
@@ -131,7 +131,7 @@
             (% endmatch %)
 
             <hr class="my-4" />
-            <div id="cred-update-commit-bar" class="toast">
+            <div id="cred-update-commit-bar" class="toast bs-emphasis-color bs-secondary-bg">
                 <div class="toast-body">
                     <span class="d-flex align-items-center">
                         <div>
diff --git a/server/core/templates/login.html b/server/core/templates/login.html
index 74b8e21c4..1860b0f5d 100644
--- a/server/core/templates/login.html
+++ b/server/core/templates/login.html
@@ -58,7 +58,7 @@
 	<div class="input-group mb-3 justify-content-md-center">
 		<button
 			type="submit"
-			class="btn btn-dark"
+			class="btn btn-primary"
 		>Begin</button>
 	</div>
 </form>
diff --git a/server/core/templates/login_backupcode.html b/server/core/templates/login_backupcode.html
index b4e966634..0ecdaf369 100644
--- a/server/core/templates/login_backupcode.html
+++ b/server/core/templates/login_backupcode.html
@@ -17,7 +17,7 @@
 	<div class="input-group mb-3 justify-content-md-center">
 		<button
 			type="submit"
-			class="btn btn-dark"
+			class="btn btn-primary"
 		>Submit</button>
 	</div>
 </form>
diff --git a/server/core/templates/login_mech_choose.html b/server/core/templates/login_mech_choose.html
index c9cdbe0b2..7891a21e9 100644
--- a/server/core/templates/login_mech_choose.html
+++ b/server/core/templates/login_mech_choose.html
@@ -13,7 +13,7 @@
 				<button
 					(% if mech.autofocus %)autofocus(% endif %)
 					type="submit"
-					class="btn btn-dark"
+					class="btn btn-primary"
 				>(( mech.name ))</button>
 			</form>
 		</li>
diff --git a/server/core/templates/login_password.html b/server/core/templates/login_password.html
index ca394d8ba..6ddefa6ac 100644
--- a/server/core/templates/login_password.html
+++ b/server/core/templates/login_password.html
@@ -18,7 +18,7 @@
 	<div class="input-group mb-3 justify-content-md-center">
 		<button
 			type="submit"
-			class="btn btn-dark"
+			class="btn btn-primary"
 		>Submit</button>
 	</div>
 </form>
diff --git a/server/core/templates/login_totp.html b/server/core/templates/login_totp.html
index 4ebcd46fc..5b6eeb4fd 100644
--- a/server/core/templates/login_totp.html
+++ b/server/core/templates/login_totp.html
@@ -36,7 +36,7 @@
 	<div class="input-group mb-3 justify-content-md-center">
 		<button
 			type="submit"
-			class="btn btn-dark"
+			class="btn btn-primary"
 		>Submit</button>
 	</div>
 </form>
diff --git a/server/core/templates/login_webauthn.html b/server/core/templates/login_webauthn.html
index d5917206c..94f74c0ef 100644
--- a/server/core/templates/login_webauthn.html
+++ b/server/core/templates/login_webauthn.html
@@ -16,13 +16,13 @@
     (% if passkey %)
     <form id="cred-form" action="/ui/login/passkey" method="POST">
         <input hidden="hidden" name="cred" id="cred">
-        <button hx-disable type="button" autofocus class="btn btn-dark"
+        <button hx-disable type="button" autofocus class="btn btn-primary"
             id="start-passkey-button">Use Passkey</button>
     </form>
     (% else %)
     <form id="cred-form" action="/ui/login/seckey" method="POST">
         <input hidden="hidden" name="cred" id="cred">
-        <button hx-disable type="button" autofocus class="btn btn-dark"
+        <button hx-disable type="button" autofocus class="btn btn-primary"
              id="start-seckey-button">Use Security Key</button>
     </form>
     (% endif %)
diff --git a/server/core/templates/navbar.html b/server/core/templates/navbar.html
index bdc3602a6..cb7efa814 100644
--- a/server/core/templates/navbar.html
+++ b/server/core/templates/navbar.html
@@ -1,4 +1,4 @@
-<nav class="navbar navbar-expand-md navbar-dark bg-dark mb-4">
+<nav class="navbar navbar-expand-md kanidm_navbar mb-4">
     <div class="container-lg">
         <a class="navbar-brand d-flex align-items-center" href="/ui/apps">
             (% if navbar_ctx.domain_info.image().is_some() %)
diff --git a/server/core/templates/oauth2_device_login.html b/server/core/templates/oauth2_device_login.html
index d6830e10d..cf778d603 100644
--- a/server/core/templates/oauth2_device_login.html
+++ b/server/core/templates/oauth2_device_login.html
@@ -27,7 +27,7 @@
             <div class="input-group mb-3 justify-content-md-center">
                 <button
                     type="submit"
-                    class="btn btn-dark">Continue</button>
+                    class="btn btn-primary">Continue</button>
             </div>
         </form>
     </center>
diff --git a/server/core/templates/user_settings_partial_base.html b/server/core/templates/user_settings_partial_base.html
index b0490d456..302a07255 100644
--- a/server/core/templates/user_settings_partial_base.html
+++ b/server/core/templates/user_settings_partial_base.html
@@ -2,7 +2,7 @@
 <li>
     <a hx-select="main" hx-target="main" hx-swap="outerHTML show:false"
         href="(( href ))"
-        class="side-menu-item d-flex rounded link-dark(% if menu_active_item == menu_item %) active(% endif %)">
+        class="side-menu-item d-flex rounded link-emphasis(% if menu_active_item == menu_item %) active(% endif %)">
         <div class="icon-container align-items-center justify-content-center d-flex me-2">
             <img class="text-body-secondary"
                 src="/pkg/img/icons/(( icon_name )).svg?v=((crate::https::cache_buster::get_cache_buster_key()))"

From 8ef7d6cb4a702ecf65e0d690b1baac3ecaecc4cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Jan 2025 13:35:25 +0000
Subject: [PATCH 44/87] Bump actions/checkout from 2 to 4 in the all group
 (#3341)

Bumps the all group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 2 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/javascript_lint.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/javascript_lint.yml b/.github/workflows/javascript_lint.yml
index 94081c99c..0820adc5d 100644
--- a/.github/workflows/javascript_lint.yml
+++ b/.github/workflows/javascript_lint.yml
@@ -7,14 +7,14 @@ jobs:
   javascript_lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run ESLint to check Javascript files
       run:
         make eslint
   javascript_fmt:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Run Prettier to check Javascript files
       run:
         make prettier

From 028bd9305910804f95566a571a1157ae5b9b210d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Jan 2025 14:26:00 +0000
Subject: [PATCH 45/87] Bump the all group in /pykanidm with 3 updates (#3339)

Bumps the all group in /pykanidm with 3 updates: [mypy](https://github.com/python/mypy), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `mypy` from 1.14.0 to 1.14.1
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.14.0...v1.14.1)

Updates `pytest-asyncio` from 0.25.0 to 0.25.1
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.25.0...v0.25.1)

Updates `ruff` from 0.8.4 to 0.8.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.4...0.8.6)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 118 +++++++++++++++++++++-------------------
 pykanidm/pyproject.toml |   4 +-
 2 files changed, 64 insertions(+), 58 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 258986adb..191b90d55 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -1215,43 +1215,49 @@ files = [
 
 [[package]]
 name = "mypy"
-version = "1.14.0"
+version = "1.14.1"
 description = "Optional static typing for Python"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "mypy-1.14.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e971c1c667007f9f2b397ffa80fa8e1e0adccff336e5e77e74cb5f22868bee87"},
-    {file = "mypy-1.14.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:e86aaeaa3221a278c66d3d673b297232947d873773d61ca3ee0e28b2ff027179"},
-    {file = "mypy-1.14.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1628c5c3ce823d296e41e2984ff88c5861499041cb416a8809615d0c1f41740e"},
-    {file = "mypy-1.14.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:7fadb29b77fc14a0dd81304ed73c828c3e5cde0016c7e668a86a3e0dfc9f3af3"},
-    {file = "mypy-1.14.0-cp310-cp310-win_amd64.whl", hash = "sha256:3fa76988dc760da377c1e5069200a50d9eaaccf34f4ea18428a3337034ab5a44"},
-    {file = "mypy-1.14.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6e73c8a154eed31db3445fe28f63ad2d97b674b911c00191416cf7f6459fd49a"},
-    {file = "mypy-1.14.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:273e70fcb2e38c5405a188425aa60b984ffdcef65d6c746ea5813024b68c73dc"},
-    {file = "mypy-1.14.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1daca283d732943731a6a9f20fdbcaa927f160bc51602b1d4ef880a6fb252015"},
-    {file = "mypy-1.14.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:7e68047bedb04c1c25bba9901ea46ff60d5eaac2d71b1f2161f33107e2b368eb"},
-    {file = "mypy-1.14.0-cp311-cp311-win_amd64.whl", hash = "sha256:7a52f26b9c9b1664a60d87675f3bae00b5c7f2806e0c2800545a32c325920bcc"},
-    {file = "mypy-1.14.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:d5326ab70a6db8e856d59ad4cb72741124950cbbf32e7b70e30166ba7bbf61dd"},
-    {file = "mypy-1.14.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:bf4ec4980bec1e0e24e5075f449d014011527ae0055884c7e3abc6a99cd2c7f1"},
-    {file = "mypy-1.14.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:390dfb898239c25289495500f12fa73aa7f24a4c6d90ccdc165762462b998d63"},
-    {file = "mypy-1.14.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:7e026d55ddcd76e29e87865c08cbe2d0104e2b3153a523c529de584759379d3d"},
-    {file = "mypy-1.14.0-cp312-cp312-win_amd64.whl", hash = "sha256:585ed36031d0b3ee362e5107ef449a8b5dfd4e9c90ccbe36414ee405ee6b32ba"},
-    {file = "mypy-1.14.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:e9f6f4c0b27401d14c483c622bc5105eff3911634d576bbdf6695b9a7c1ba741"},
-    {file = "mypy-1.14.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:56b2280cedcb312c7a79f5001ae5325582d0d339bce684e4a529069d0e7ca1e7"},
-    {file = "mypy-1.14.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:342de51c48bab326bfc77ce056ba08c076d82ce4f5a86621f972ed39970f94d8"},
-    {file = "mypy-1.14.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:00df23b42e533e02a6f0055e54de9a6ed491cd8b7ea738647364fd3a39ea7efc"},
-    {file = "mypy-1.14.0-cp313-cp313-win_amd64.whl", hash = "sha256:e8c8387e5d9dff80e7daf961df357c80e694e942d9755f3ad77d69b0957b8e3f"},
-    {file = "mypy-1.14.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:0b16738b1d80ec4334654e89e798eb705ac0c36c8a5c4798496cd3623aa02286"},
-    {file = "mypy-1.14.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:10065fcebb7c66df04b05fc799a854b1ae24d9963c8bb27e9064a9bdb43aa8ad"},
-    {file = "mypy-1.14.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:fbb7d683fa6bdecaa106e8368aa973ecc0ddb79a9eaeb4b821591ecd07e9e03c"},
-    {file = "mypy-1.14.0-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:3498cb55448dc5533e438cd13d6ddd28654559c8c4d1fd4b5ca57a31b81bac01"},
-    {file = "mypy-1.14.0-cp38-cp38-win_amd64.whl", hash = "sha256:c7b243408ea43755f3a21a0a08e5c5ae30eddb4c58a80f415ca6b118816e60aa"},
-    {file = "mypy-1.14.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:14117b9da3305b39860d0aa34b8f1ff74d209a368829a584eb77524389a9c13e"},
-    {file = "mypy-1.14.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:af98c5a958f9c37404bd4eef2f920b94874507e146ed6ee559f185b8809c44cc"},
-    {file = "mypy-1.14.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:f0b343a1d3989547024377c2ba0dca9c74a2428ad6ed24283c213af8dbb0710b"},
-    {file = "mypy-1.14.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:cdb5563c1726c85fb201be383168f8c866032db95e1095600806625b3a648cb7"},
-    {file = "mypy-1.14.0-cp39-cp39-win_amd64.whl", hash = "sha256:74e925649c1ee0a79aa7448baf2668d81cc287dc5782cff6a04ee93f40fb8d3f"},
-    {file = "mypy-1.14.0-py3-none-any.whl", hash = "sha256:2238d7f93fc4027ed1efc944507683df3ba406445a2b6c96e79666a045aadfab"},
-    {file = "mypy-1.14.0.tar.gz", hash = "sha256:822dbd184d4a9804df5a7d5335a68cf7662930e70b8c1bc976645d1509f9a9d6"},
+    {file = "mypy-1.14.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:52686e37cf13d559f668aa398dd7ddf1f92c5d613e4f8cb262be2fb4fedb0fcb"},
+    {file = "mypy-1.14.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:1fb545ca340537d4b45d3eecdb3def05e913299ca72c290326be19b3804b39c0"},
+    {file = "mypy-1.14.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:90716d8b2d1f4cd503309788e51366f07c56635a3309b0f6a32547eaaa36a64d"},
+    {file = "mypy-1.14.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:2ae753f5c9fef278bcf12e1a564351764f2a6da579d4a81347e1d5a15819997b"},
+    {file = "mypy-1.14.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:e0fe0f5feaafcb04505bcf439e991c6d8f1bf8b15f12b05feeed96e9e7bf1427"},
+    {file = "mypy-1.14.1-cp310-cp310-win_amd64.whl", hash = "sha256:7d54bd85b925e501c555a3227f3ec0cfc54ee8b6930bd6141ec872d1c572f81f"},
+    {file = "mypy-1.14.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:f995e511de847791c3b11ed90084a7a0aafdc074ab88c5a9711622fe4751138c"},
+    {file = "mypy-1.14.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:d64169ec3b8461311f8ce2fd2eb5d33e2d0f2c7b49116259c51d0d96edee48d1"},
+    {file = "mypy-1.14.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ba24549de7b89b6381b91fbc068d798192b1b5201987070319889e93038967a8"},
+    {file = "mypy-1.14.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:183cf0a45457d28ff9d758730cd0210419ac27d4d3f285beda038c9083363b1f"},
+    {file = "mypy-1.14.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f2a0ecc86378f45347f586e4163d1769dd81c5a223d577fe351f26b179e148b1"},
+    {file = "mypy-1.14.1-cp311-cp311-win_amd64.whl", hash = "sha256:ad3301ebebec9e8ee7135d8e3109ca76c23752bac1e717bc84cd3836b4bf3eae"},
+    {file = "mypy-1.14.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:30ff5ef8519bbc2e18b3b54521ec319513a26f1bba19a7582e7b1f58a6e69f14"},
+    {file = "mypy-1.14.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:cb9f255c18052343c70234907e2e532bc7e55a62565d64536dbc7706a20b78b9"},
+    {file = "mypy-1.14.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8b4e3413e0bddea671012b063e27591b953d653209e7a4fa5e48759cda77ca11"},
+    {file = "mypy-1.14.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:553c293b1fbdebb6c3c4030589dab9fafb6dfa768995a453d8a5d3b23784af2e"},
+    {file = "mypy-1.14.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:fad79bfe3b65fe6a1efaed97b445c3d37f7be9fdc348bdb2d7cac75579607c89"},
+    {file = "mypy-1.14.1-cp312-cp312-win_amd64.whl", hash = "sha256:8fa2220e54d2946e94ab6dbb3ba0a992795bd68b16dc852db33028df2b00191b"},
+    {file = "mypy-1.14.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:92c3ed5afb06c3a8e188cb5da4984cab9ec9a77ba956ee419c68a388b4595255"},
+    {file = "mypy-1.14.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:dbec574648b3e25f43d23577309b16534431db4ddc09fda50841f1e34e64ed34"},
+    {file = "mypy-1.14.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8c6d94b16d62eb3e947281aa7347d78236688e21081f11de976376cf010eb31a"},
+    {file = "mypy-1.14.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d4b19b03fdf54f3c5b2fa474c56b4c13c9dbfb9a2db4370ede7ec11a2c5927d9"},
+    {file = "mypy-1.14.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:0c911fde686394753fff899c409fd4e16e9b294c24bfd5e1ea4675deae1ac6fd"},
+    {file = "mypy-1.14.1-cp313-cp313-win_amd64.whl", hash = "sha256:8b21525cb51671219f5307be85f7e646a153e5acc656e5cebf64bfa076c50107"},
+    {file = "mypy-1.14.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:7084fb8f1128c76cd9cf68fe5971b37072598e7c31b2f9f95586b65c741a9d31"},
+    {file = "mypy-1.14.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:8f845a00b4f420f693f870eaee5f3e2692fa84cc8514496114649cfa8fd5e2c6"},
+    {file = "mypy-1.14.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:44bf464499f0e3a2d14d58b54674dee25c031703b2ffc35064bd0df2e0fac319"},
+    {file = "mypy-1.14.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c99f27732c0b7dc847adb21c9d47ce57eb48fa33a17bc6d7d5c5e9f9e7ae5bac"},
+    {file = "mypy-1.14.1-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:bce23c7377b43602baa0bd22ea3265c49b9ff0b76eb315d6c34721af4cdf1d9b"},
+    {file = "mypy-1.14.1-cp38-cp38-win_amd64.whl", hash = "sha256:8edc07eeade7ebc771ff9cf6b211b9a7d93687ff892150cb5692e4f4272b0837"},
+    {file = "mypy-1.14.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3888a1816d69f7ab92092f785a462944b3ca16d7c470d564165fe703b0970c35"},
+    {file = "mypy-1.14.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:46c756a444117c43ee984bd055db99e498bc613a70bbbc120272bd13ca579fbc"},
+    {file = "mypy-1.14.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:27fc248022907e72abfd8e22ab1f10e903915ff69961174784a3900a8cba9ad9"},
+    {file = "mypy-1.14.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:499d6a72fb7e5de92218db961f1a66d5f11783f9ae549d214617edab5d4dbdbb"},
+    {file = "mypy-1.14.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:57961db9795eb566dc1d1b4e9139ebc4c6b0cb6e7254ecde69d1552bf7613f60"},
+    {file = "mypy-1.14.1-cp39-cp39-win_amd64.whl", hash = "sha256:07ba89fdcc9451f2ebb02853deb6aaaa3d2239a236669a63ab3801bbf923ef5c"},
+    {file = "mypy-1.14.1-py3-none-any.whl", hash = "sha256:b66a60cc4073aeb8ae00057f9c1f64d49e90f918fbcef9a977eb121da8b8f1d1"},
+    {file = "mypy-1.14.1.tar.gz", hash = "sha256:7ec88144fe9b510e8475ec2f5f251992690fcf89ccb4500b214b4226abcd32d6"},
 ]
 
 [package.dependencies]
@@ -1774,13 +1780,13 @@ testing = ["coverage (==6.2)", "mypy (==0.931)"]
 
 [[package]]
 name = "pytest-asyncio"
-version = "0.25.0"
+version = "0.25.1"
 description = "Pytest support for asyncio"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "pytest_asyncio-0.25.0-py3-none-any.whl", hash = "sha256:db5432d18eac6b7e28b46dcd9b69921b55c3b1086e85febfe04e70b18d9e81b3"},
-    {file = "pytest_asyncio-0.25.0.tar.gz", hash = "sha256:8c0610303c9e0442a5db8604505fc0f545456ba1528824842b37b4a626cbf609"},
+    {file = "pytest_asyncio-0.25.1-py3-none-any.whl", hash = "sha256:c84878849ec63ff2ca509423616e071ef9cd8cc93c053aa33b5b8fb70a990671"},
+    {file = "pytest_asyncio-0.25.1.tar.gz", hash = "sha256:79be8a72384b0c917677e00daa711e07db15259f4d23203c59012bcd989d4aee"},
 ]
 
 [package.dependencies]
@@ -2135,29 +2141,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.8.4"
+version = "0.8.6"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.8.4-py3-none-linux_armv6l.whl", hash = "sha256:58072f0c06080276804c6a4e21a9045a706584a958e644353603d36ca1eb8a60"},
-    {file = "ruff-0.8.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:ffb60904651c00a1e0b8df594591770018a0f04587f7deeb3838344fe3adabac"},
-    {file = "ruff-0.8.4-py3-none-macosx_11_0_arm64.whl", hash = "sha256:6ddf5d654ac0d44389f6bf05cee4caeefc3132a64b58ea46738111d687352296"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e248b1f0fa2749edd3350a2a342b67b43a2627434c059a063418e3d375cfe643"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:bf197b98ed86e417412ee3b6c893f44c8864f816451441483253d5ff22c0e81e"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c41319b85faa3aadd4d30cb1cffdd9ac6b89704ff79f7664b853785b48eccdf3"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:9f8402b7c4f96463f135e936d9ab77b65711fcd5d72e5d67597b543bbb43cf3f"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e4e56b3baa9c23d324ead112a4fdf20db9a3f8f29eeabff1355114dd96014604"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:736272574e97157f7edbbb43b1d046125fce9e7d8d583d5d65d0c9bf2c15addf"},
-    {file = "ruff-0.8.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e5fe710ab6061592521f902fca7ebcb9fabd27bc7c57c764298b1c1f15fff720"},
-    {file = "ruff-0.8.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:13e9ec6d6b55f6da412d59953d65d66e760d583dd3c1c72bf1f26435b5bfdbae"},
-    {file = "ruff-0.8.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:97d9aefef725348ad77d6db98b726cfdb075a40b936c7984088804dfd38268a7"},
-    {file = "ruff-0.8.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:ab78e33325a6f5374e04c2ab924a3367d69a0da36f8c9cb6b894a62017506111"},
-    {file = "ruff-0.8.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:8ef06f66f4a05c3ddbc9121a8b0cecccd92c5bf3dd43b5472ffe40b8ca10f0f8"},
-    {file = "ruff-0.8.4-py3-none-win32.whl", hash = "sha256:552fb6d861320958ca5e15f28b20a3d071aa83b93caee33a87b471f99a6c0835"},
-    {file = "ruff-0.8.4-py3-none-win_amd64.whl", hash = "sha256:f21a1143776f8656d7f364bd264a9d60f01b7f52243fbe90e7670c0dfe0cf65d"},
-    {file = "ruff-0.8.4-py3-none-win_arm64.whl", hash = "sha256:9183dd615d8df50defa8b1d9a074053891ba39025cf5ae88e8bcb52edcc4bf08"},
-    {file = "ruff-0.8.4.tar.gz", hash = "sha256:0d5f89f254836799af1615798caa5f80b7f935d7a670fad66c5007928e57ace8"},
+    {file = "ruff-0.8.6-py3-none-linux_armv6l.whl", hash = "sha256:defed167955d42c68b407e8f2e6f56ba52520e790aba4ca707a9c88619e580e3"},
+    {file = "ruff-0.8.6-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:54799ca3d67ae5e0b7a7ac234baa657a9c1784b48ec954a094da7c206e0365b1"},
+    {file = "ruff-0.8.6-py3-none-macosx_11_0_arm64.whl", hash = "sha256:e88b8f6d901477c41559ba540beeb5a671e14cd29ebd5683903572f4b40a9807"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0509e8da430228236a18a677fcdb0c1f102dd26d5520f71f79b094963322ed25"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:91a7ddb221779871cf226100e677b5ea38c2d54e9e2c8ed847450ebbdf99b32d"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:248b1fb3f739d01d528cc50b35ee9c4812aa58cc5935998e776bf8ed5b251e75"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:bc3c083c50390cf69e7e1b5a5a7303898966be973664ec0c4a4acea82c1d4315"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:52d587092ab8df308635762386f45f4638badb0866355b2b86760f6d3c076188"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:61323159cf21bc3897674e5adb27cd9e7700bab6b84de40d7be28c3d46dc67cf"},
+    {file = "ruff-0.8.6-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7ae4478b1471fc0c44ed52a6fb787e641a2ac58b1c1f91763bafbc2faddc5117"},
+    {file = "ruff-0.8.6-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:0c000a471d519b3e6cfc9c6680025d923b4ca140ce3e4612d1a2ef58e11f11fe"},
+    {file = "ruff-0.8.6-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:9257aa841e9e8d9b727423086f0fa9a86b6b420fbf4bf9e1465d1250ce8e4d8d"},
+    {file = "ruff-0.8.6-py3-none-musllinux_1_2_i686.whl", hash = "sha256:45a56f61b24682f6f6709636949ae8cc82ae229d8d773b4c76c09ec83964a95a"},
+    {file = "ruff-0.8.6-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:496dd38a53aa173481a7d8866bcd6451bd934d06976a2505028a50583e001b76"},
+    {file = "ruff-0.8.6-py3-none-win32.whl", hash = "sha256:e169ea1b9eae61c99b257dc83b9ee6c76f89042752cb2d83486a7d6e48e8f764"},
+    {file = "ruff-0.8.6-py3-none-win_amd64.whl", hash = "sha256:f1d70bef3d16fdc897ee290d7d20da3cbe4e26349f62e8a0274e7a3f4ce7a905"},
+    {file = "ruff-0.8.6-py3-none-win_arm64.whl", hash = "sha256:7d7fc2377a04b6e04ffe588caad613d0c460eb2ecba4c0ccbbfe2bc973cbc162"},
+    {file = "ruff-0.8.6.tar.gz", hash = "sha256:dcad24b81b62650b0eb8814f576fc65cfee8674772a6e24c9b747911801eeaa5"},
 ]
 
 [[package]]
@@ -2414,4 +2420,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "d525ac7a72aa56c51f293501602fccf7c93ba97a249cc714eb4e06e72f5b7f58"
+content-hash = "526ed5cc825fb8805675e7a8655fb6c1fc191ac0940d9cf31649b8fee4e0e0ed"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index f8fb32495..facecfef9 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -34,7 +34,7 @@ types-toml = "^0.10.8"
 pylint-pydantic = "^0.3.4"
 coverage = "^7.6.10"
 pylint-pytest = "^1.1.7"
-pytest-asyncio = "^0.25.0"
+pytest-asyncio = "^0.25.1"
 pytest-mock = "^3.14.0"
 pytest-aiohttp = "^1.0.5"
 black = "^24.10.0"
@@ -45,7 +45,7 @@ mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.8.5"
+ruff = ">=0.5.1,<0.8.7"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From ccf679210430d220482e4cf55399c15bdb732883 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Tue, 7 Jan 2025 10:05:07 +1000
Subject: [PATCH 46/87] Renaming "TOTP" in the login flow (#3338)

---
 server/core/templates/login_totp.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/server/core/templates/login_totp.html b/server/core/templates/login_totp.html
index 5b6eeb4fd..b98270c88 100644
--- a/server/core/templates/login_totp.html
+++ b/server/core/templates/login_totp.html
@@ -1,11 +1,13 @@
 (% extends "login_base.html" %)
 
 (% block logincontainer %)
-<label for="totp" class="form-label">TOTP</label>
+<label for="totp" class="form-label">Two-factor authentication code</label>
 (% match errors %)
 	(% when LoginTotpError::Syntax %)
-		<span class="error">Invalid Value</span>
-		<span class="error">TOTP must only consist of numbers</span>
+	<div class="alert alert-danger" role="alert">
+		<p>Invalid Value</p>
+		<p>Code must only consist of numbers, please try again.</p>
+	</div>
 	(% when LoginTotpError::None %)
 (% endmatch %)
 <form id="login" action="/ui/login/totp" method="post">

From 1983ce19e9438dd0c1e40b4360c1a515d98104d8 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 7 Jan 2025 16:05:14 +1000
Subject: [PATCH 47/87] Resolve passkey regression (#3343)

During other testing I noticed that passkeys no longer worked
on a reauthentication. This was due to a regression in you
guessed it, cookies, where the auth session id wasn't being
removed properly.
---
 proto/src/internal/error.rs          | 16 ++++++++++++++++
 server/core/src/https/views/login.rs | 16 +++++++---------
 server/lib/src/idm/authsession.rs    | 24 +++++++++++++++++-------
 3 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/proto/src/internal/error.rs b/proto/src/internal/error.rs
index 2fe30a42a..0c3076876 100644
--- a/proto/src/internal/error.rs
+++ b/proto/src/internal/error.rs
@@ -142,6 +142,13 @@ pub enum OperationError {
     DatabaseLockAcquisitionTimeout,
 
     // Specific internal errors.
+    AU0001InvalidState,
+    AU0002JwsSerialisation,
+    AU0003JwsSignature,
+    AU0004UserAuthTokenInvalid,
+    AU0005DelayedProcessFailure,
+    AU0006CredentialMayNotReauthenticate,
+    AU0007UserAuthTokenInvalid,
 
     // Kanidm Generic Errors
     KG001TaskTimeout,
@@ -371,6 +378,15 @@ impl OperationError {
             Self::TransactionAlreadyCommitted => None,
             Self::ValueDenyName => None,
             Self::DatabaseLockAcquisitionTimeout => Some("Unable to acquire a database lock - the current server may be too busy. Try again later.".into()),
+
+    Self::AU0001InvalidState => Some("Invalid authentication session state for request".into()),
+    Self::AU0002JwsSerialisation => Some("JWS serialisation failed".into()),
+    Self::AU0003JwsSignature => Some("JWS signature failed".into()),
+    Self::AU0004UserAuthTokenInvalid => Some("User auth token was unable to be generated".into()),
+    Self::AU0005DelayedProcessFailure => Some("Delaying processing failure, unable to proceed".into()),
+    Self::AU0006CredentialMayNotReauthenticate => Some("Credential may not reauthenticate".into()),
+    Self::AU0007UserAuthTokenInvalid => Some("User auth token was unable to be generated".into()),
+
             Self::CU0001WebauthnAttestationNotTrusted => None,
             Self::CU0002WebauthnRegistrationError => None,
             Self::CU0003WebauthnUserNotVerified => Some("User Verification bit not set while registering credential, you may need to configure a PIN on this device.".into()),
diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index e9066e2a6..300a14798 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -12,7 +12,7 @@ use axum::{
     response::{IntoResponse, Redirect, Response},
     Extension, Form, Json,
 };
-use axum_extra::extract::cookie::{Cookie, CookieJar, SameSite};
+use axum_extra::extract::cookie::{CookieJar, SameSite};
 use kanidm_proto::internal::{
     COOKIE_AUTH_SESSION_ID, COOKIE_BEARER_TOKEN, COOKIE_CU_SESSION_TOKEN, COOKIE_OAUTH2_REQ,
     COOKIE_USERNAME,
@@ -835,10 +835,8 @@ async fn view_login_step(
                 break res;
             }
             AuthState::Continue(allowed) => {
-                // Reauth inits its session here so we need to be able to add cookie here ig.
-                if jar.get(COOKIE_AUTH_SESSION_ID).is_none() {
-                    jar = add_session_cookie(&state, jar, &session_context)?;
-                }
+                // Reauth inits its session here so we need to be able to add it's cookie here.
+                jar = add_session_cookie(&state, jar, &session_context)?;
 
                 let res = match allowed.len() {
                     // Shouldn't be possible.
@@ -936,9 +934,9 @@ async fn view_login_step(
                             jar
                         };
 
-                        jar = jar
-                            .add(bearer_cookie)
-                            .remove(Cookie::from(COOKIE_AUTH_SESSION_ID));
+                        jar = jar.add(bearer_cookie);
+
+                        jar = cookies::destroy(jar, COOKIE_AUTH_SESSION_ID, &state);
 
                         // Now, we need to decided where to go.
                         let res = if jar.get(COOKIE_OAUTH2_REQ).is_some() {
@@ -955,7 +953,7 @@ async fn view_login_step(
             }
             AuthState::Denied(reason) => {
                 debug!("🧩 -> AuthState::Denied");
-                jar = jar.remove(Cookie::from(COOKIE_AUTH_SESSION_ID));
+                jar = cookies::destroy(jar, COOKIE_AUTH_SESSION_ID, &state);
 
                 break LoginDeniedView {
                     display_ctx,
diff --git a/server/lib/src/idm/authsession.rs b/server/lib/src/idm/authsession.rs
index a3a225417..0d544019e 100644
--- a/server/lib/src/idm/authsession.rs
+++ b/server/lib/src/idm/authsession.rs
@@ -1383,7 +1383,17 @@ impl AuthSession {
             | AuthSessionState::InProgress(CredHandler::PasswordSecurityKey { .. })
             | AuthSessionState::InProgress(CredHandler::Passkey { .. })
             | AuthSessionState::InProgress(CredHandler::AttestedPasskey { .. }) => Ok(None),
-            _ => Err(OperationError::InvalidState),
+
+            AuthSessionState::Init(_) => {
+                debug!(
+                    "Request for credential uuid invalid as auth session state not yet initialised"
+                );
+                Err(OperationError::AU0001InvalidState)
+            }
+            AuthSessionState::Success | AuthSessionState::Denied(_) => {
+                debug!("Request for credential uuid invalid as auth session state has progressed");
+                Err(OperationError::AU0001InvalidState)
+            }
         }
     }
 
@@ -1485,13 +1495,13 @@ impl AuthSession {
 
                         let jwt = Jws::into_json(&uat).map_err(|e| {
                             admin_error!(?e, "Failed to serialise into Jws");
-                            OperationError::InvalidState
+                            OperationError::AU0002JwsSerialisation
                         })?;
 
                         // Now encrypt and prepare the token for return to the client.
                         let token = self.key_object.jws_es256_sign(&jwt, time).map_err(|e| {
                             admin_error!(?e, "Failed to sign UserAuthToken to Jwt");
-                            OperationError::InvalidState
+                            OperationError::AU0003JwsSignature
                         })?;
 
                         (
@@ -1586,7 +1596,7 @@ impl AuthSession {
                 let uat = self
                     .account
                     .to_userauthtoken(session_id, scope, time, &self.account_policy)
-                    .ok_or(OperationError::InvalidState)?;
+                    .ok_or(OperationError::AU0004UserAuthTokenInvalid)?;
 
                 // Queue the session info write.
                 // This is dependent on the type of authentication factors
@@ -1619,7 +1629,7 @@ impl AuthSession {
                         .map_err(|e| {
                             debug!(?e, "queue failure");
                             admin_error!("unable to queue failing authentication as the session will not validate ... ");
-                            OperationError::InvalidState
+                            OperationError::AU0005DelayedProcessFailure
                         })?;
                     }
                 };
@@ -1635,7 +1645,7 @@ impl AuthSession {
                 let scope = match auth_type {
                     AuthType::Anonymous | AuthType::GeneratedPassword => {
                         error!("AuthType used in Reauth is not valid for session re-issuance. Rejecting");
-                        return Err(OperationError::InvalidState);
+                        return Err(OperationError::AU0006CredentialMayNotReauthenticate);
                     }
                     AuthType::Password
                     | AuthType::PasswordTotp
@@ -1654,7 +1664,7 @@ impl AuthSession {
                         time,
                         &self.account_policy,
                     )
-                    .ok_or(OperationError::InvalidState)?;
+                    .ok_or(OperationError::AU0007UserAuthTokenInvalid)?;
 
                 Ok(uat)
             }

From 16591007dd2a5fe9e5e9b5dea5e2e1c3fa96e58b Mon Sep 17 00:00:00 2001
From: micolous <micolous+gh@gmail.com>
Date: Wed, 8 Jan 2025 15:41:01 +1000
Subject: [PATCH 48/87] Add OAuth2 `response_mode=fragment` (#3335)

* Add response_mode=fragment to discovery documents
* Add test for `response_mode=query`
* refactor OAuth 2.0 tests back into regular functions, because macros are messy
* Disallow some `response_type` x `response_mode` combinations per spec
---
 proto/src/oauth2.rs                   |  53 +++++++-
 server/core/src/actors/v1_read.rs     |   4 +-
 server/core/src/https/oauth2.rs       |  38 ++----
 server/core/src/https/views/oauth2.rs |  32 ++---
 server/lib/src/idm/oauth2.rs          | 153 ++++++++++++++++++-----
 server/testkit/tests/oauth2_test.rs   | 169 +++++++++++++++++++++-----
 6 files changed, 331 insertions(+), 118 deletions(-)

diff --git a/proto/src/oauth2.rs b/proto/src/oauth2.rs
index db5ed9ac5..a276e0386 100644
--- a/proto/src/oauth2.rs
+++ b/proto/src/oauth2.rs
@@ -38,7 +38,16 @@ pub struct PkceRequest {
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct AuthorisationRequest {
     // Must be "code". (or token, see 4.2.1)
-    pub response_type: String,
+    pub response_type: ResponseType,
+    /// Response mode.
+    ///
+    /// Optional; defaults to `query` for `response_type=code` (Auth Code), and
+    /// `fragment` for `response_type=token` (Implicit Grant, which we probably
+    /// won't support).
+    ///
+    /// Reference:
+    /// [OAuth 2.0 Multiple Response Type Encoding Practices: Response Modes](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes)
+    pub response_mode: Option<ResponseMode>,
     pub client_id: String,
     pub state: String,
     #[serde(flatten)]
@@ -57,6 +66,39 @@ pub struct AuthorisationRequest {
     pub unknown_keys: BTreeMap<String, serde_json::value::Value>,
 }
 
+impl AuthorisationRequest {
+    /// Get the `response_mode` appropriate for this request, taking into
+    /// account defaults from the `response_type` parameter.
+    ///
+    /// Returns `None` if the selection is invalid.
+    ///
+    /// Reference:
+    /// [OAuth 2.0 Multiple Response Type Encoding Practices: Response Modes](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes)
+    pub const fn get_response_mode(&self) -> Option<ResponseMode> {
+        match (self.response_mode, self.response_type) {
+            // https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#id_token
+            // The default Response Mode for this Response Type is the fragment
+            // encoding and the query encoding MUST NOT be used.
+            (None, ResponseType::IdToken) => Some(ResponseMode::Fragment),
+            (Some(ResponseMode::Query), ResponseType::IdToken) => None,
+
+            // https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2
+            (None, ResponseType::Code) => Some(ResponseMode::Query),
+            // https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.2
+            (None, ResponseType::Token) => Some(ResponseMode::Fragment),
+
+            // https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#Security
+            // In no case should a set of Authorization Response parameters
+            // whose default Response Mode is the fragment encoding be encoded
+            // using the query encoding.
+            (Some(ResponseMode::Query), ResponseType::Token) => None,
+
+            // Allow others.
+            (Some(m), _) => Some(m),
+        }
+    }
+}
+
 /// An OIDC client redirects to the authorisation server with Authorisation Request
 /// parameters.
 #[skip_serializing_none]
@@ -290,15 +332,20 @@ impl AccessTokenIntrospectResponse {
     }
 }
 
-#[derive(Serialize, Deserialize, Debug, PartialEq, Eq)]
+#[derive(Clone, Copy, Serialize, Deserialize, Debug, PartialEq, Eq)]
 #[serde(rename_all = "snake_case")]
 pub enum ResponseType {
+    // Auth Code flow
+    // https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
     Code,
+    // Implicit Grant flow
+    // https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.1
     Token,
+    // https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#id_token
     IdToken,
 }
 
-#[derive(Serialize, Deserialize, Debug, PartialEq, Eq)]
+#[derive(Clone, Copy, Serialize, Deserialize, Debug, PartialEq, Eq)]
 #[serde(rename_all = "snake_case")]
 pub enum ResponseMode {
     Query,
diff --git a/server/core/src/actors/v1_read.rs b/server/core/src/actors/v1_read.rs
index c145c26ae..8bfa7853b 100644
--- a/server/core/src/actors/v1_read.rs
+++ b/server/core/src/actors/v1_read.rs
@@ -37,7 +37,7 @@ use kanidmd_lib::{
     idm::ldap::{LdapBoundToken, LdapResponseState},
     idm::oauth2::{
         AccessTokenIntrospectRequest, AccessTokenIntrospectResponse, AuthorisationRequest,
-        AuthoriseResponse, JwkKeySet, Oauth2Error, Oauth2Rfc8414MetadataResponse,
+        AuthoriseReject, AuthoriseResponse, JwkKeySet, Oauth2Error, Oauth2Rfc8414MetadataResponse,
         OidcDiscoveryResponse, OidcToken,
     },
     idm::server::{DomainInfoRead, IdmServerTransaction},
@@ -1441,7 +1441,7 @@ impl QueryServerReadV1 {
         client_auth_info: ClientAuthInfo,
         consent_req: String,
         eventid: Uuid,
-    ) -> Result<Url, OperationError> {
+    ) -> Result<AuthoriseReject, OperationError> {
         let ct = duration_from_epoch_now();
         let mut idms_prox_read = self.idms.proxy_read().await?;
         let ident = idms_prox_read
diff --git a/server/core/src/https/oauth2.rs b/server/core/src/https/oauth2.rs
index aedeb3ba7..ae986119a 100644
--- a/server/core/src/https/oauth2.rs
+++ b/server/core/src/https/oauth2.rs
@@ -29,8 +29,8 @@ use kanidm_proto::oauth2::AuthorisationResponse;
 #[cfg(feature = "dev-oauth2-device-flow")]
 use kanidm_proto::oauth2::DeviceAuthorizationResponse;
 use kanidmd_lib::idm::oauth2::{
-    AccessTokenIntrospectRequest, AccessTokenRequest, AuthorisationRequest, AuthorisePermitSuccess,
-    AuthoriseResponse, ErrorResponse, Oauth2Error, TokenRevokeRequest,
+    AccessTokenIntrospectRequest, AccessTokenRequest, AuthorisationRequest, AuthoriseResponse,
+    ErrorResponse, Oauth2Error, TokenRevokeRequest,
 };
 use kanidmd_lib::prelude::f_eq;
 use kanidmd_lib::prelude::*;
@@ -257,22 +257,14 @@ async fn oauth2_authorise(
                 .body(body.into())
                 .unwrap()
         }
-        Ok(AuthoriseResponse::Permitted(AuthorisePermitSuccess {
-            mut redirect_uri,
-            state,
-            code,
-        })) => {
+        Ok(AuthoriseResponse::Permitted(success)) => {
             // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.11
             // We could consider changing this to 303?
             #[allow(clippy::unwrap_used)]
             let body =
                 Body::from(serde_json::to_string(&AuthorisationResponse::Permitted).unwrap());
+            let redirect_uri = success.build_redirect_uri();
 
-            redirect_uri
-                .query_pairs_mut()
-                .clear()
-                .append_pair("state", &state)
-                .append_pair("code", &code);
             #[allow(clippy::unwrap_used)]
             Response::builder()
                 .status(StatusCode::FOUND)
@@ -377,18 +369,11 @@ async fn oauth2_authorise_permit(
         .await;
 
     match res {
-        Ok(AuthorisePermitSuccess {
-            mut redirect_uri,
-            state,
-            code,
-        }) => {
+        Ok(success) => {
             // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.11
             // We could consider changing this to 303?
-            redirect_uri
-                .query_pairs_mut()
-                .clear()
-                .append_pair("state", &state)
-                .append_pair("code", &code);
+            let redirect_uri = success.build_redirect_uri();
+
             #[allow(clippy::expect_used)]
             Response::builder()
                 .status(StatusCode::FOUND)
@@ -463,12 +448,9 @@ async fn oauth2_authorise_reject(
         .await;
 
     match res {
-        Ok(mut redirect_uri) => {
-            redirect_uri
-                .query_pairs_mut()
-                .clear()
-                .append_pair("error", "access_denied")
-                .append_pair("error_description", "authorisation rejected");
+        Ok(reject) => {
+            let redirect_uri = reject.build_redirect_uri();
+
             #[allow(clippy::unwrap_used)]
             Response::builder()
                 .header(LOCATION, redirect_uri.as_str())
diff --git a/server/core/src/https/views/oauth2.rs b/server/core/src/https/views/oauth2.rs
index 373d47208..b3d7ab37f 100644
--- a/server/core/src/https/views/oauth2.rs
+++ b/server/core/src/https/views/oauth2.rs
@@ -3,9 +3,7 @@ use crate::https::{
     middleware::KOpId,
     ServerState,
 };
-use kanidmd_lib::idm::oauth2::{
-    AuthorisationRequest, AuthorisePermitSuccess, AuthoriseResponse, Oauth2Error,
-};
+use kanidmd_lib::idm::oauth2::{AuthorisationRequest, AuthoriseResponse, Oauth2Error};
 use kanidmd_lib::prelude::*;
 
 use kanidm_proto::internal::COOKIE_OAUTH2_REQ;
@@ -117,16 +115,8 @@ async fn oauth2_auth_req(
         .await;
 
     match res {
-        Ok(AuthoriseResponse::Permitted(AuthorisePermitSuccess {
-            mut redirect_uri,
-            state,
-            code,
-        })) => {
-            redirect_uri
-                .query_pairs_mut()
-                .clear()
-                .append_pair("state", &state)
-                .append_pair("code", &code);
+        Ok(AuthoriseResponse::Permitted(success)) => {
+            let redirect_uri = success.build_redirect_uri();
 
             (
                 jar,
@@ -259,32 +249,24 @@ pub async fn view_consent_post(
         .await;
 
     match res {
-        Ok(AuthorisePermitSuccess {
-            mut redirect_uri,
-            state,
-            code,
-        }) => {
+        Ok(success) => {
             let jar = cookies::destroy(jar, COOKIE_OAUTH2_REQ, &server_state);
 
             if let Some(redirect) = consent_form.redirect {
                 Ok((
                     jar,
                     [
-                        (HX_REDIRECT, redirect_uri.as_str().to_string()),
+                        (HX_REDIRECT, success.redirect_uri.as_str().to_string()),
                         (
                             ACCESS_CONTROL_ALLOW_ORIGIN.as_str(),
-                            redirect_uri.origin().ascii_serialization(),
+                            success.redirect_uri.origin().ascii_serialization(),
                         ),
                     ],
                     Redirect::to(&redirect),
                 )
                     .into_response())
             } else {
-                redirect_uri
-                    .query_pairs_mut()
-                    .clear()
-                    .append_pair("state", &state)
-                    .append_pair("code", &code);
+                let redirect_uri = success.build_redirect_uri();
                 Ok((
                     jar,
                     [
diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs
index e3613729c..b791d59c2 100644
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@@ -138,12 +138,14 @@ struct ConsentToken {
         as = "Option<serde_with::base64::Base64<serde_with::base64::UrlSafe, formats::Unpadded>>"
     )]
     pub code_challenge: Option<Vec<u8>>,
-    // Where the RS wants us to go back to.
+    // Where the client wants us to go back to.
     pub redirect_uri: Url,
     // The scopes being granted
     pub scopes: BTreeSet<String>,
     // We stash some details here for oidc.
     pub nonce: Option<String>,
+    /// The format the response should be returned to the application in.
+    pub response_mode: ResponseMode,
 }
 
 #[serde_as]
@@ -230,12 +232,72 @@ pub enum AuthoriseResponse {
 
 #[derive(Debug)]
 pub struct AuthorisePermitSuccess {
-    // Where the RS wants us to go back to.
+    // Where the client wants us to go back to.
     pub redirect_uri: Url,
     // The CSRF as a string
     pub state: String,
     // The exchange code as a String
     pub code: String,
+    /// The format the response should be returned to the application in.
+    pub response_mode: ResponseMode,
+}
+
+impl AuthorisePermitSuccess {
+    /// Builds a redirect URI to go back to the application when permission was
+    /// granted.
+    pub fn build_redirect_uri(&self) -> Url {
+        let mut redirect_uri = self.redirect_uri.clone();
+
+        // Always clear query and fragment, regardless of the response mode
+        redirect_uri.set_query(None);
+        redirect_uri.set_fragment(None);
+
+        // We can't set query pairs on fragments, only query.
+        let encoded = url::form_urlencoded::Serializer::new(String::new())
+            .append_pair("state", &self.state)
+            .append_pair("code", &self.code)
+            .finish();
+
+        match self.response_mode {
+            ResponseMode::Query => redirect_uri.set_query(Some(&encoded)),
+            ResponseMode::Fragment => redirect_uri.set_fragment(Some(&encoded)),
+        }
+
+        redirect_uri
+    }
+}
+
+#[derive(Debug)]
+pub struct AuthoriseReject {
+    // Where the client wants us to go back to.
+    pub redirect_uri: Url,
+    /// The format the response should be returned to the application in.
+    pub response_mode: ResponseMode,
+}
+
+impl AuthoriseReject {
+    /// Builds a redirect URI to go back to the application when permission was
+    /// rejected.
+    pub fn build_redirect_uri(&self) -> Url {
+        let mut redirect_uri = self.redirect_uri.clone();
+
+        // Always clear query and fragment, regardless of the response mode
+        redirect_uri.set_query(None);
+        redirect_uri.set_fragment(None);
+
+        // We can't set query pairs on fragments, only query.
+        let encoded = url::form_urlencoded::Serializer::new(String::new())
+            .append_pair("error", "access_denied")
+            .append_pair("error_description", "authorisation rejected")
+            .finish();
+
+        match self.response_mode {
+            ResponseMode::Query => redirect_uri.set_query(Some(&encoded)),
+            ResponseMode::Fragment => redirect_uri.set_fragment(Some(&encoded)),
+        }
+
+        redirect_uri
+    }
 }
 
 #[derive(Clone)]
@@ -1188,6 +1250,7 @@ impl IdmServerProxyWriteTransaction<'_> {
             redirect_uri: consent_req.redirect_uri,
             state: consent_req.state,
             code,
+            response_mode: consent_req.response_mode,
         })
     }
 
@@ -1793,10 +1856,18 @@ impl IdmServerProxyReadTransaction<'_> {
         // * is within it's valid time window.
         trace!(?auth_req);
 
-        if auth_req.response_type != "code" {
-            admin_warn!("Invalid OAuth2 response_type (should be 'code')");
+        if auth_req.response_type != ResponseType::Code {
+            admin_warn!("Unsupported OAuth2 response_type (should be 'code')");
             return Err(Oauth2Error::UnsupportedResponseType);
         }
+        let Some(response_mode) = auth_req.get_response_mode() else {
+            admin_warn!(
+                "Invalid response_mode {:?} for response_type {:?}",
+                auth_req.response_mode,
+                auth_req.response_type
+            );
+            return Err(Oauth2Error::InvalidRequest);
+        };
 
         /*
          * 4.1.2.1.  Error Response
@@ -2046,6 +2117,7 @@ impl IdmServerProxyReadTransaction<'_> {
                 redirect_uri: auth_req.redirect_uri.clone(),
                 state: auth_req.state.clone(),
                 code,
+                response_mode,
             }))
         } else {
             //  Check that the scopes are the same as a previous consent (if any)
@@ -2084,6 +2156,7 @@ impl IdmServerProxyReadTransaction<'_> {
                 redirect_uri: auth_req.redirect_uri.clone(),
                 scopes: granted_scopes.iter().cloned().collect(),
                 nonce: auth_req.nonce.clone(),
+                response_mode,
             };
 
             let consent_data = serde_json::to_vec(&consent_req).map_err(|e| {
@@ -2112,7 +2185,7 @@ impl IdmServerProxyReadTransaction<'_> {
         ident: &Identity,
         consent_token: &str,
         ct: Duration,
-    ) -> Result<Url, OperationError> {
+    ) -> Result<AuthoriseReject, OperationError> {
         // Decode the consent req with our system fernet key. Use a ttl of 5 minutes.
         let consent_req: ConsentToken = self
             .oauth2rs
@@ -2154,7 +2227,10 @@ impl IdmServerProxyReadTransaction<'_> {
             })?;
 
         // All good, now confirm the rejection to the client application.
-        Ok(consent_req.redirect_uri)
+        Ok(AuthoriseReject {
+            redirect_uri: consent_req.redirect_uri,
+            response_mode: consent_req.response_mode,
+        })
     }
 
     #[instrument(level = "debug", skip_all)]
@@ -2492,7 +2568,7 @@ impl IdmServerProxyReadTransaction<'_> {
         let jwks_uri = Some(o2rs.jwks_uri.clone());
         let scopes_supported = Some(o2rs.scopes_supported.iter().cloned().collect());
         let response_types_supported = vec![ResponseType::Code];
-        let response_modes_supported = vec![ResponseMode::Query];
+        let response_modes_supported = vec![ResponseMode::Query, ResponseMode::Fragment];
         let grant_types_supported = vec![GrantType::AuthorisationCode];
 
         let token_endpoint_auth_methods_supported = vec![
@@ -2563,7 +2639,7 @@ impl IdmServerProxyReadTransaction<'_> {
         let jwks_uri = o2rs.jwks_uri.clone();
         let scopes_supported = Some(o2rs.scopes_supported.iter().cloned().collect());
         let response_types_supported = vec![ResponseType::Code];
-        let response_modes_supported = vec![ResponseMode::Query];
+        let response_modes_supported = vec![ResponseMode::Query, ResponseMode::Fragment];
 
         // TODO: add device code if the rs supports it per <https://www.rfc-editor.org/rfc/rfc8628#section-4>
         // `urn:ietf:params:oauth:grant-type:device_code`
@@ -2936,7 +3012,8 @@ mod tests {
             let scope: BTreeSet<String> = $scope.split(" ").map(|s| s.to_string()).collect();
 
             let auth_req = AuthorisationRequest {
-                response_type: "code".to_string(),
+                response_type: ResponseType::Code,
+                response_mode: None,
                 client_id: "test_resource_server".to_string(),
                 state: "123".to_string(),
                 pkce_request: Some(PkceRequest {
@@ -3431,7 +3508,9 @@ mod tests {
 
         //  * response type != code.
         let auth_req = AuthorisationRequest {
-            response_type: "NOTCODE".to_string(),
+            // We're unlikely to support Implicit Grant
+            response_type: ResponseType::Token,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3452,7 +3531,8 @@ mod tests {
 
         // * No pkce in pkce enforced mode.
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: None,
@@ -3473,7 +3553,8 @@ mod tests {
 
         //  * invalid rs name
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "NOT A REAL RESOURCE SERVER".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3494,7 +3575,8 @@ mod tests {
 
         //  * mismatched origin in the redirect.
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3515,7 +3597,8 @@ mod tests {
 
         // * invalid uri in the redirect
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3536,7 +3619,8 @@ mod tests {
 
         // Not Authenticated
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3559,7 +3643,8 @@ mod tests {
 
         // Requested scope is not available
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3580,7 +3665,8 @@ mod tests {
 
         // Not a member of the group.
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: pkce_request.clone(),
@@ -3601,7 +3687,8 @@ mod tests {
 
         // Deny Anonymous auth methods
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request,
@@ -3892,7 +3979,8 @@ mod tests {
         let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
 
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: Some(PkceRequest {
@@ -3962,7 +4050,8 @@ mod tests {
             .expect("Unable to process uat");
 
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: Some(PkceRequest {
@@ -4428,7 +4517,7 @@ mod tests {
             .check_oauth2_authorise_reject(&ident, &consent_token, ct)
             .expect("Failed to perform OAuth2 reject");
 
-        assert_eq!(reject_success, redirect_uri);
+        assert_eq!(reject_success.redirect_uri, redirect_uri);
 
         // Too much time past to reject
         let past_ct = Duration::from_secs(TEST_CURRENT_TIME + 301);
@@ -4523,7 +4612,7 @@ mod tests {
         assert_eq!(discovery.response_types_supported, vec![ResponseType::Code]);
         assert_eq!(
             discovery.response_modes_supported,
-            vec![ResponseMode::Query]
+            vec![ResponseMode::Query, ResponseMode::Fragment]
         );
         assert_eq!(
             discovery.grant_types_supported,
@@ -4683,7 +4772,7 @@ mod tests {
         assert_eq!(discovery.response_types_supported, vec![ResponseType::Code]);
         assert_eq!(
             discovery.response_modes_supported,
-            vec![ResponseMode::Query]
+            vec![ResponseMode::Query, ResponseMode::Fragment]
         );
         assert_eq!(
             discovery.grant_types_supported,
@@ -5171,7 +5260,8 @@ mod tests {
 
         // Check we allow none.
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: None,
@@ -5382,7 +5472,8 @@ mod tests {
         let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
 
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: Some(PkceRequest {
@@ -5440,7 +5531,8 @@ mod tests {
         let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
 
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: Some(PkceRequest {
@@ -5582,7 +5674,8 @@ mod tests {
 
         // First, the user does not request pkce in their exchange.
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: None,
@@ -5657,7 +5750,8 @@ mod tests {
 
         // First, NOTE the lack of https on the redir uri.
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: Some(PkceRequest {
@@ -6621,7 +6715,8 @@ mod tests {
         let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
 
         let auth_req = AuthorisationRequest {
-            response_type: "code".to_string(),
+            response_type: ResponseType::Code,
+            response_mode: None,
             client_id: "test_resource_server".to_string(),
             state: "123".to_string(),
             pkce_request: Some(PkceRequest {
diff --git a/server/testkit/tests/oauth2_test.rs b/server/testkit/tests/oauth2_test.rs
index aa085f4e3..21f3096f3 100644
--- a/server/testkit/tests/oauth2_test.rs
+++ b/server/testkit/tests/oauth2_test.rs
@@ -17,7 +17,7 @@ use oauth2_ext::PkceCodeChallenge;
 use reqwest::header::{HeaderValue, CONTENT_TYPE};
 use reqwest::StatusCode;
 use uri::{OAUTH2_TOKEN_ENDPOINT, OAUTH2_TOKEN_INTROSPECT_ENDPOINT, OAUTH2_TOKEN_REVOKE_ENDPOINT};
-use url::Url;
+use url::{form_urlencoded::parse as query_parse, Url};
 
 use kanidm_client::KanidmClient;
 use kanidmd_testkit::{
@@ -27,8 +27,23 @@ use kanidmd_testkit::{
     TEST_INTEGRATION_RS_URL,
 };
 
-#[kanidmd_testkit::test]
-async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
+/// Tests an OAuth 2.0 / OpenID confidential client Authorisation Client flow.
+///
+/// ## Arguments
+///
+/// * `response_mode`: If `Some`, the `response_mode` parameter to pass in the
+///   `/oauth2/authorise` request.
+///
+/// * `response_in_fragment`: If `false`, use the `code` passed in the
+///   callback URI's query parameter, and require the fragment to be empty.
+///
+///   If `true`, use the `code` passed in the callback URI's fragment, and
+///   require the query parameter to be empty.
+async fn test_oauth2_openid_basic_flow_impl(
+    rsclient: KanidmClient,
+    response_mode: Option<&str>,
+    response_in_fragment: bool,
+) {
     let res = rsclient
         .auth_simple_password(ADMIN_TEST_USER, ADMIN_TEST_PASSWORD)
         .await;
@@ -225,19 +240,25 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     let (pkce_code_challenge, pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
 
+    let mut query = vec![
+        ("response_type", "code"),
+        ("client_id", TEST_INTEGRATION_RS_ID),
+        ("state", "YWJjZGVm"),
+        ("code_challenge", pkce_code_challenge.as_str()),
+        ("code_challenge_method", "S256"),
+        ("redirect_uri", TEST_INTEGRATION_RS_REDIRECT_URL),
+        ("scope", "email read openid"),
+        ("max_age", "1"),
+    ];
+
+    if let Some(response_mode) = response_mode {
+        query.push(("response_mode", response_mode));
+    }
+
     let response = client
         .get(rsclient.make_url(OAUTH2_AUTHORISE))
         .bearer_auth(oauth_test_uat.clone())
-        .query(&[
-            ("response_type", "code"),
-            ("client_id", TEST_INTEGRATION_RS_ID),
-            ("state", "YWJjZGVm"),
-            ("code_challenge", pkce_code_challenge.as_str()),
-            ("code_challenge_method", "S256"),
-            ("redirect_uri", TEST_INTEGRATION_RS_REDIRECT_URL),
-            ("scope", "email read openid"),
-            ("max_age", "1"),
-        ])
+        .query(&query)
         .send()
         .await
         .expect("Failed to send request.");
@@ -288,14 +309,19 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     // Now check it's content
     let redir_url = Url::parse(&redir_str).expect("Url parse failure");
+    let pairs: BTreeMap<_, _> = if response_in_fragment {
+        assert!(redir_url.query().is_none());
+        let fragment = redir_url.fragment().expect("missing URL fragment");
+        query_parse(fragment.as_bytes()).collect()
+    } else {
+        // response_mode = query is default for response_type = code
+        assert!(redir_url.fragment().is_none());
+        redir_url.query_pairs().collect()
+    };
 
     // We should have state and code.
-    let pairs: BTreeMap<_, _> = redir_url.query_pairs().collect();
-
     let code = pairs.get("code").expect("code not found!");
-
     let state = pairs.get("state").expect("state not found!");
-
     assert_eq!(state, "YWJjZGVm");
 
     // Step 3 - the "resource server" then uses this state and code to directly contact
@@ -485,8 +511,50 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .expect("Failed to update oauth2 scopes");
 }
 
+/// Test an OAuth 2.0/OpenID confidential client Authorisation Code flow, with
+/// `response_mode` unset.
+///
+/// The response should be returned as a query parameter.
 #[kanidmd_testkit::test]
-async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
+async fn test_oauth2_openid_basic_flow_mode_unset(rsclient: KanidmClient) {
+    test_oauth2_openid_basic_flow_impl(rsclient, None, false).await;
+}
+
+/// Test an OAuth 2.0/OpenID confidential client Authorisation Code flow, with
+/// `response_mode=query`.
+///
+/// The response should be returned as a query parameter.
+#[kanidmd_testkit::test]
+async fn test_oauth2_openid_basic_flow_mode_query(rsclient: KanidmClient) {
+    test_oauth2_openid_basic_flow_impl(rsclient, Some("query"), false).await;
+}
+
+/// Test an OAuth 2.0/OpenID confidential client Authorisation Code flow, with
+/// `response_mode=fragment`.
+///
+/// The response should be returned in the URI's fragment.
+#[kanidmd_testkit::test]
+async fn test_oauth2_openid_basic_flow_mode_fragment(rsclient: KanidmClient) {
+    test_oauth2_openid_basic_flow_impl(rsclient, Some("fragment"), true).await;
+}
+
+/// Tests an OAuth 2.0 / OpenID public client Authorisation Client flow.
+///
+/// ## Arguments
+///
+/// * `response_mode`: If `Some`, the `response_mode` parameter to pass in the
+///   `/oauth2/authorise` request.
+///
+/// * `response_in_fragment`: If `false`, use the `code` passed in the
+///   callback URI's query parameter, and require the fragment to be empty.
+///
+///   If `true`, use the `code` passed in the callback URI's fragment, and
+///   require the query parameter to be empty.
+async fn test_oauth2_openid_public_flow_impl(
+    rsclient: KanidmClient,
+    response_mode: Option<&str>,
+    response_in_fragment: bool,
+) {
     let res = rsclient
         .auth_simple_password(ADMIN_TEST_USER, ADMIN_TEST_PASSWORD)
         .await;
@@ -624,18 +692,24 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
     // get call directly. This should be a 200. (?)
     let (pkce_code_challenge, pkce_code_verifier) = PkceCodeChallenge::new_random_sha256();
 
+    let mut query = vec![
+        ("response_type", "code"),
+        ("client_id", TEST_INTEGRATION_RS_ID),
+        ("state", "YWJjZGVm"),
+        ("code_challenge", pkce_code_challenge.as_str()),
+        ("code_challenge_method", "S256"),
+        ("redirect_uri", TEST_INTEGRATION_RS_REDIRECT_URL),
+        ("scope", "email read openid"),
+    ];
+
+    if let Some(response_mode) = response_mode {
+        query.push(("response_mode", response_mode));
+    }
+
     let response = client
         .get(rsclient.make_url(OAUTH2_AUTHORISE))
         .bearer_auth(oauth_test_uat.clone())
-        .query(&[
-            ("response_type", "code"),
-            ("client_id", TEST_INTEGRATION_RS_ID),
-            ("state", "YWJjZGVm"),
-            ("code_challenge", pkce_code_challenge.as_str()),
-            ("code_challenge_method", "S256"),
-            ("redirect_uri", TEST_INTEGRATION_RS_REDIRECT_URL),
-            ("scope", "email read openid"),
-        ])
+        .query(&query)
         .send()
         .await
         .expect("Failed to send request.");
@@ -685,13 +759,19 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
     // Now check it's content
     let redir_url = Url::parse(&redir_str).expect("Url parse failure");
 
+    let pairs: BTreeMap<_, _> = if response_in_fragment {
+        assert!(redir_url.query().is_none());
+        let fragment = redir_url.fragment().expect("missing URL fragment");
+        query_parse(fragment.as_bytes()).collect()
+    } else {
+        // response_mode = query is default for response_type = code
+        assert!(redir_url.fragment().is_none());
+        redir_url.query_pairs().collect()
+    };
+
     // We should have state and code.
-    let pairs: BTreeMap<_, _> = redir_url.query_pairs().collect();
-
     let code = pairs.get("code").expect("code not found!");
-
     let state = pairs.get("state").expect("state not found!");
-
     assert_eq!(state, "YWJjZGVm");
 
     // Step 3 - the "resource server" then uses this state and code to directly contact
@@ -796,6 +876,33 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
         .expect("Failed to update oauth2 scopes");
 }
 
+/// Test an OAuth 2.0/OpenID public client Authorisation Code flow, with
+/// `response_mode` unset.
+///
+/// The response should be returned as a query parameter.
+#[kanidmd_testkit::test]
+async fn test_oauth2_openid_public_flow_mode_unset(rsclient: KanidmClient) {
+    test_oauth2_openid_public_flow_impl(rsclient, None, false).await;
+}
+
+/// Test an OAuth 2.0/OpenID public client Authorisation Code flow, with
+/// `response_mode=query`.
+///
+/// The response should be returned as a query parameter.
+#[kanidmd_testkit::test]
+async fn test_oauth2_openid_public_flow_mode_query(rsclient: KanidmClient) {
+    test_oauth2_openid_public_flow_impl(rsclient, Some("query"), false).await;
+}
+
+/// Test an OAuth 2.0/OpenID public client Authorisation Code flow, with
+/// `response_mode=fragment`.
+///
+/// The response should be returned in the URI's fragment.
+#[kanidmd_testkit::test]
+async fn test_oauth2_openid_public_flow_mode_fragment(rsclient: KanidmClient) {
+    test_oauth2_openid_public_flow_impl(rsclient, Some("fragment"), true).await;
+}
+
 #[kanidmd_testkit::test]
 async fn test_oauth2_token_post_bad_bodies(rsclient: KanidmClient) {
     let res = rsclient

From 063366cba4bcf51575fc07256c8133dc151ef78c Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 8 Jan 2025 16:51:46 +1000
Subject: [PATCH 49/87] Allow modification of password minimum length (#3345)

Allow all account policy values to be altered on system protected
objects.
---
 server/lib/src/plugins/protected.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/lib/src/plugins/protected.rs b/server/lib/src/plugins/protected.rs
index 3c8dfeec4..0e7fcd587 100644
--- a/server/lib/src/plugins/protected.rs
+++ b/server/lib/src/plugins/protected.rs
@@ -37,9 +37,13 @@ lazy_static! {
         Attribute::Image,
         // modification of account policy values for dyngroup.
         Attribute::AuthSessionExpiry,
-        Attribute::PrivilegeExpiry,
+        Attribute::AuthPasswordMinimumLength,
         Attribute::CredentialTypeMinimum,
+        Attribute::PrivilegeExpiry,
         Attribute::WebauthnAttestationCaList,
+        Attribute::LimitSearchMaxResults,
+        Attribute::LimitSearchMaxFilterTest,
+        Attribute::AllowPrimaryCredFallback,
         ];
 
         let mut m = HashSet::with_capacity(attrs.len());

From 1a29aa730139a223e6f73c53c9ad44333c8525c4 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 8 Jan 2025 18:21:28 +1000
Subject: [PATCH 50/87] Add ssh_publickeys as a claim for oauth2 (#3346)

Allow ssh_publickeys to be exposed as a claim for oauth2 and oidc
applications so that they can consume these keys for various uses.
An example could be something like gitlab which can then associate
the public keys with the users account.
---
 book/src/SUMMARY.md             |   2 +-
 book/src/integrations/oauth2.md |   4 +
 proto/src/constants.rs          |   1 +
 server/lib/src/entry.rs         |  11 +++
 server/lib/src/idm/oauth2.rs    | 157 +++++++++++++++++++++++++++++++-
 server/lib/src/modify.rs        |   4 +
 6 files changed, 175 insertions(+), 4 deletions(-)

diff --git a/book/src/SUMMARY.md b/book/src/SUMMARY.md
index 2a43198b0..c01e5660a 100644
--- a/book/src/SUMMARY.md
+++ b/book/src/SUMMARY.md
@@ -40,9 +40,9 @@
 - [Service Integrations](integrations/readme.md)
   - [LDAP](integrations/ldap.md)
   - [OAuth2](integrations/oauth2.md)
+    - [How does OAuth2 work?](integrations/oauth2/how_does_oauth2_work.md)
     - [Custom Claims](integrations/oauth2/custom_claims.md)
     - [Example Configurations](integrations/oauth2/examples.md)
-    - [How does OAuth2 work?](integrations/oauth2/how_does_oauth2_work.md)
   - [PAM and nsswitch](integrations/pam_and_nsswitch.md)
     - [SUSE / OpenSUSE](integrations/pam_and_nsswitch/suse.md)
     - [Fedora](integrations/pam_and_nsswitch/fedora.md)
diff --git a/book/src/integrations/oauth2.md b/book/src/integrations/oauth2.md
index 7bec976fe..5d7e37c06 100644
--- a/book/src/integrations/oauth2.md
+++ b/book/src/integrations/oauth2.md
@@ -229,6 +229,10 @@ kanidm system oauth2 update-scope-map nextcloud nextcloud_users email profile op
 > * **address** - address
 > * **phone** - phone_number, phone_number_verified
 > * **groups** - groups
+>
+> In addition Kanidm supports some vendor specific scopes that can include additional claims.
+>
+> * **ssh_publickeys** - array of ssh_publickey of the user
 
 <!-- this is just to split the templates up -->
 
diff --git a/proto/src/constants.rs b/proto/src/constants.rs
index c6d8b3b0a..4409c0153 100644
--- a/proto/src/constants.rs
+++ b/proto/src/constants.rs
@@ -219,6 +219,7 @@ pub const ATTR_ALLOW_PRIMARY_CRED_FALLBACK: &str = "allow_primary_cred_fallback"
 
 pub const OAUTH2_SCOPE_EMAIL: &str = ATTR_EMAIL;
 pub const OAUTH2_SCOPE_GROUPS: &str = "groups";
+pub const OAUTH2_SCOPE_SSH_PUBLICKEYS: &str = "ssh_publickeys";
 pub const OAUTH2_SCOPE_OPENID: &str = "openid";
 pub const OAUTH2_SCOPE_READ: &str = "read";
 pub const OAUTH2_SCOPE_SUPPLEMENT: &str = "supplement";
diff --git a/server/lib/src/entry.rs b/server/lib/src/entry.rs
index 452c4f046..a9004da15 100644
--- a/server/lib/src/entry.rs
+++ b/server/lib/src/entry.rs
@@ -1117,6 +1117,17 @@ impl Entry<EntryInvalid, EntryCommitted> {
 // Both invalid states can be reached from "entry -> invalidate"
 
 impl Entry<EntryInvalid, EntryNew> {
+    /// This function steps back from EntryInvalid to EntryInit.
+    /// This is a TEST ONLY method and will never be exposed in production.
+    #[cfg(test)]
+    pub fn into_init_new(self) -> Entry<EntryInit, EntryNew> {
+        Entry {
+            valid: EntryInit,
+            state: EntryNew,
+            attrs: self.attrs,
+        }
+    }
+
     /// ⚠️  This function bypasses the schema validation and can panic if uuid is not found.
     /// The entry it creates can never be committed safely or replicated.
     /// This is a TEST ONLY method and will never be exposed in production.
diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs
index b791d59c2..b555b3609 100644
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@@ -2142,6 +2142,10 @@ impl IdmServerProxyReadTransaction<'_> {
                 }
             };
 
+            if granted_scopes.contains(OAUTH2_SCOPE_SSH_PUBLICKEYS) {
+                pii_scopes.insert(OAUTH2_SCOPE_SSH_PUBLICKEYS.to_string());
+            }
+
             // Subsequent we then return an encrypted session handle which allows
             // the user to indicate their consent to this authorisation.
             //
@@ -2854,9 +2858,23 @@ fn extra_claims_for_account(
         extra_claims.insert(claim_name.to_string(), claim_value.to_json_value());
     }
 
-    if scopes.contains("groups") {
+    // Now perform our custom claim's from scopes. We do these second so that
+    // a user can't stomp our claim names.
+
+    if scopes.contains(OAUTH2_SCOPE_SSH_PUBLICKEYS) {
         extra_claims.insert(
-            "groups".to_string(),
+            OAUTH2_SCOPE_SSH_PUBLICKEYS.to_string(),
+            account
+                .sshkeys()
+                .values()
+                .map(|pub_key| serde_json::Value::String(pub_key.to_string()))
+                .collect(),
+        );
+    }
+
+    if scopes.contains(OAUTH2_SCOPE_GROUPS) {
+        extra_claims.insert(
+            OAUTH2_SCOPE_GROUPS.to_string(),
             account
                 .groups
                 .iter()
@@ -2970,7 +2988,7 @@ mod tests {
         JwaAlg, Jwk, JwsCompact, JwsEs256Verifier, JwsVerifier, OidcSubject, OidcUnverified,
     };
     use kanidm_proto::constants::*;
-    use kanidm_proto::internal::UserAuthToken;
+    use kanidm_proto::internal::{SshPublicKey, UserAuthToken};
     use kanidm_proto::oauth2::*;
     use openssl::sha;
 
@@ -2979,6 +2997,7 @@ mod tests {
     use crate::idm::server::{IdmServer, IdmServerTransaction};
     use crate::prelude::*;
     use crate::value::{AuthType, OauthClaimMapJoin, SessionState};
+    use crate::valueset::{ValueSetOauthScopeMap, ValueSetSshKey};
 
     use crate::credential::Credential;
     use kanidm_lib_crypto::CryptoPolicy;
@@ -3126,6 +3145,7 @@ mod tests {
                 Value::new_bool(prefer_short_username)
             )
         );
+
         let ce = CreateEvent::new_internal(vec![entry_rs, entry_group, E_TESTPERSON_1.clone()]);
         assert!(idms_prox_write.qs_write.create(&ce).is_ok());
 
@@ -5237,6 +5257,137 @@ mod tests {
         assert_eq!(oidc.claims.get("groups"), userinfo.claims.get("groups"));
     }
 
+    #[idm_test]
+    async fn test_idm_oauth2_openid_ssh_publickey_claim(
+        idms: &IdmServer,
+        _idms_delayed: &mut IdmServerDelayed,
+    ) {
+        let ct = Duration::from_secs(TEST_CURRENT_TIME);
+        let (secret, _uat, ident, client_uuid) =
+            setup_oauth2_resource_server_basic(idms, ct, true, false, true).await;
+
+        // Extra setup for our test - add the correct claim and give an ssh publickey
+        // to our testperson
+        const ECDSA_SSH_PUBLIC_KEY: &str = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGyIY7o3BtOzRiJ9vvjj96bRImwmyy5GvFSIUPlK00HitiAWGhiO1jGZKmK7220Oe4rqU3uAwA00a0758UODs+0OQHLMDRtl81lzPrVSdrYEDldxH9+a86dBZhdm0e15+ODDts2LHUknsJCRRldO4o9R9VrohlF7cbyBlnhJQrR4S+Oag== william@amethyst";
+        let ssh_pubkey = SshPublicKey::from_string(ECDSA_SSH_PUBLIC_KEY).unwrap();
+
+        let scope_set = BTreeSet::from([OAUTH2_SCOPE_SSH_PUBLICKEYS.to_string()]);
+
+        let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
+
+        idms_prox_write
+            .qs_write
+            .internal_batch_modify(
+                [
+                    (
+                        UUID_TESTPERSON_1,
+                        ModifyList::new_set(
+                            Attribute::SshPublicKey,
+                            ValueSetSshKey::new("label".to_string(), ssh_pubkey),
+                        ),
+                    ),
+                    (
+                        client_uuid,
+                        ModifyList::new_set(
+                            Attribute::OAuth2RsSupScopeMap,
+                            ValueSetOauthScopeMap::new(UUID_IDM_ALL_ACCOUNTS, scope_set),
+                        ),
+                    ),
+                ]
+                .into_iter(),
+            )
+            .expect("Failed to modify test entries");
+
+        assert!(idms_prox_write.commit().is_ok());
+
+        let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
+
+        let idms_prox_read = idms.proxy_read().await.unwrap();
+
+        let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
+
+        let consent_request = good_authorisation_request!(
+            idms_prox_read,
+            &ident,
+            ct,
+            code_challenge,
+            "openid groups".to_string()
+        );
+
+        let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
+            unreachable!();
+        };
+
+        // == Manually submit the consent token to the permit for the permit_success
+        drop(idms_prox_read);
+        let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
+
+        let permit_success = idms_prox_write
+            .check_oauth2_authorise_permit(&ident, &consent_token, ct)
+            .expect("Failed to perform OAuth2 permit");
+
+        // == Submit the token exchange code.
+        let token_req: AccessTokenRequest = GrantTypeReq::AuthorizationCode {
+            code: permit_success.code,
+            redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
+            // From the first step.
+            code_verifier,
+        }
+        .into();
+
+        let token_response = idms_prox_write
+            .check_oauth2_token_exchange(&client_authz, &token_req, ct)
+            .expect("Failed to perform OAuth2 token exchange");
+
+        let id_token = token_response.id_token.expect("No id_token in response!");
+        let access_token =
+            JwsCompact::from_str(&token_response.access_token).expect("Invalid Access Token");
+
+        assert!(idms_prox_write.commit().is_ok());
+        let mut idms_prox_read = idms.proxy_read().await.unwrap();
+
+        let mut jwkset = idms_prox_read
+            .oauth2_openid_publickey("test_resource_server")
+            .expect("Failed to get public key");
+        let public_jwk = jwkset.keys.pop().expect("no such jwk");
+
+        let jws_validator =
+            JwsEs256Verifier::try_from(&public_jwk).expect("failed to build validator");
+
+        let oidc_unverified =
+            OidcUnverified::from_str(&id_token).expect("Failed to parse id_token");
+
+        let iat = ct.as_secs() as i64;
+
+        let oidc = jws_validator
+            .verify(&oidc_unverified)
+            .unwrap()
+            .verify_exp(iat)
+            .expect("Failed to verify oidc");
+
+        // does our id_token contain the expected groups?
+        assert!(oidc.claims.contains_key(OAUTH2_SCOPE_SSH_PUBLICKEYS));
+
+        assert!(oidc
+            .claims
+            .get(OAUTH2_SCOPE_SSH_PUBLICKEYS)
+            .expect("unable to find key")
+            .as_array()
+            .unwrap()
+            .contains(&serde_json::json!(ECDSA_SSH_PUBLIC_KEY)));
+
+        // Do the id_token details line up to the userinfo?
+        let userinfo = idms_prox_read
+            .oauth2_openid_userinfo("test_resource_server", access_token, ct)
+            .expect("failed to get userinfo");
+
+        // does the userinfo endpoint provide the same groups?
+        assert_eq!(
+            oidc.claims.get(OAUTH2_SCOPE_SSH_PUBLICKEYS),
+            userinfo.claims.get(OAUTH2_SCOPE_SSH_PUBLICKEYS)
+        );
+    }
+
     //  Check insecure pkce behaviour.
     #[idm_test]
     async fn test_idm_oauth2_insecure_pkce(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
diff --git a/server/lib/src/modify.rs b/server/lib/src/modify.rs
index 2c4e96a46..d228dde1f 100644
--- a/server/lib/src/modify.rs
+++ b/server/lib/src/modify.rs
@@ -123,6 +123,10 @@ impl ModifyList<ModifyInvalid> {
         Self::new_list(vec![m_purge(attr)])
     }
 
+    pub fn new_set(attr: Attribute, vs: ValueSet) -> Self {
+        Self::new_list(vec![Modify::Set(attr, vs)])
+    }
+
     pub fn push_mod(&mut self, modify: Modify) {
         self.mods.push(modify)
     }

From c4bc1ff546ce27b26640c5341f0d8b91368ff13c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jalil=20David=20Salam=C3=A9=20Messina?=
 <60845989+jalil-salame@users.noreply.github.com>
Date: Sat, 11 Jan 2025 00:20:15 +0100
Subject: [PATCH 51/87] fix(server/config): reduce string allocations (#3350)

Previously the code would do `key.replace("KANIDM_", "")`, this
allocates a new string, which is unnecessary, as we can simply call
`strip_prefix("KANIDM_")`.

This removes the `KANIDM_` prefix from a bunch of places, and doubles as
a check that the variable is prefixed with `KANIDM_`. Overall I believe
this change makes the code more robust and slightly reduces allocations,
speeding up an admittedly cold function (only called very infrequently).
---
 server/core/src/config.rs | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/server/core/src/config.rs b/server/core/src/config.rs
index 62b0e1888..78a9cdf72 100644
--- a/server/core/src/config.rs
+++ b/server/core/src/config.rs
@@ -250,31 +250,28 @@ impl ServerConfig {
     /// Updates the ServerConfig from environment variables starting with `KANIDM_`
     fn try_from_env(mut self) -> Result<Self, String> {
         for (key, value) in std::env::vars() {
-            if !key.starts_with("KANIDM_") {
+            let Some(key) = key.strip_prefix("KANIDM_") else {
                 continue;
-            }
+            };
 
             let ignorable_build_fields = [
-                "KANIDM_CPU_FLAGS",
-                "KANIDM_CPU_FLAGS",
-                "KANIDM_DEFAULT_CONFIG_PATH",
-                "KANIDM_DEFAULT_CONFIG_PATH",
-                "KANIDM_DEFAULT_UNIX_SHELL_PATH",
-                "KANIDM_DEFAULT_UNIX_SHELL_PATH",
-                "KANIDM_HTMX_UI_PKG_PATH",
-                "KANIDM_PKG_VERSION_HASH",
-                "KANIDM_PKG_VERSION",
-                "KANIDM_PRE_RELEASE",
-                "KANIDM_PROFILE_NAME",
+                "CPU_FLAGS",
+                "DEFAULT_CONFIG_PATH",
+                "DEFAULT_UNIX_SHELL_PATH",
+                "HTMX_UI_PKG_PATH",
+                "PKG_VERSION",
+                "PKG_VERSION_HASH",
+                "PRE_RELEASE",
+                "PROFILE_NAME",
             ];
 
-            if ignorable_build_fields.contains(&key.as_str()) {
+            if ignorable_build_fields.contains(&key) {
                 #[cfg(any(debug_assertions, test))]
-                eprintln!("-- Ignoring build-time env var {}", key);
+                eprintln!("-- Ignoring build-time env var KANIDM_{key}");
                 continue;
             }
 
-            match key.replace("KANIDM_", "").as_str() {
+            match key {
                 "DOMAIN" => {
                     self.domain = Some(value.to_string());
                 }
@@ -414,7 +411,7 @@ impl ServerConfig {
                     self.otel_grpc_url = Some(value.to_string());
                 }
 
-                _ => eprintln!("Ignoring env var {}", key),
+                _ => eprintln!("Ignoring env var KANIDM_{key}"),
             }
         }
 

From e7d91ed55d15ee702ddc2e9ad1e6077262af7078 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sun, 12 Jan 2025 13:53:31 +1000
Subject: [PATCH 52/87] 20250110 eo fixes (#3353)

While preparing for everything open, I found a small number of doc/book issues, some logging issues, and some minor performance wins. This pr is just small bits of various polish around the place.
---
 book/src/sync/freeipa.md            | 22 +++++++++++--
 examples/kanidm-ipa-sync            |  5 +--
 server/core/src/https/v1_scim.rs    | 40 +++++++++++++++++-------
 server/lib/src/be/mod.rs            | 17 ++++++++--
 server/lib/src/filter.rs            | 48 +++++++++++++++++++++++++++++
 server/lib/src/idm/scim.rs          | 27 ++++++++++------
 server/lib/src/server/access/mod.rs |  3 ++
 server/lib/src/server/delete.rs     |  3 +-
 8 files changed, 137 insertions(+), 28 deletions(-)

diff --git a/book/src/sync/freeipa.md b/book/src/sync/freeipa.md
index 4da11cbe9..8de1f0517 100644
--- a/book/src/sync/freeipa.md
+++ b/book/src/sync/freeipa.md
@@ -33,7 +33,8 @@ You can find the name of your 389 Directory Server instance with:
 
 ```bash
 # Run on the FreeIPA server
-dsconf --list
+dsctl --list
+> slapd-DEV-KANIDM-COM
 ```
 
 Using this you can show the current status of the retro changelog plugin to see if you need to
@@ -83,6 +84,20 @@ kanidm-ipa-sync [-c /path/to/kanidm/config] -i /path/to/kanidm-ipa-sync -n
 kanidm-ipa-sync -i /etc/kanidm/ipa-sync -n
 ```
 
+As the sync tool is part of the tools container, you can run this with:
+
+```bash
+docker run --rm -i -t \
+  --user uid:gid \
+  -p 12345:12345 \
+  -v /etc/kanidm/config:/etc/kanidm/config:ro \
+  -v /path/to/kanidm.ca.pem:/path/to/kanidm.ca.pem:ro
+  -v /path/to/ipa-ca.pem:/etc/kanidm/ipa-ca.pem:ro \
+  -v /path/to/ipa-sync:/etc/kanidm/ipa-sync:ro \
+  kanidm/tools:latest \
+  kanidm-ipa-sync -i /etc/kanidm/ipa-sync -
+```
+
 ## Running the Sync Tool Automatically
 
 The sync tool can be run on a schedule if you configure the `schedule` parameter, and provide the
@@ -96,11 +111,14 @@ kanidm-ipa-sync -i /etc/kanidm/ipa-sync --schedule
 As the sync tool is part of the tools container, you can run this with:
 
 ```bash
-docker create --name kanidm-ipa-sync \
+docker run --name kanidm-ipa-sync \
   --user uid:gid \
   -p 12345:12345 \
   -v /etc/kanidm/config:/etc/kanidm/config:ro \
+  -v /path/to/kanidm.ca.pem:/path/to/kanidm.ca.pem:ro
+  -v /path/to/ipa-ca.pem:/etc/kanidm/ipa-ca.pem:ro \
   -v /path/to/ipa-sync:/etc/kanidm/ipa-sync:ro \
+  kanidm/tools:latest \
   kanidm-ipa-sync -i /etc/kanidm/ipa-sync --schedule
 ```
 
diff --git a/examples/kanidm-ipa-sync b/examples/kanidm-ipa-sync
index 8e122648f..4a7052510 100644
--- a/examples/kanidm-ipa-sync
+++ b/examples/kanidm-ipa-sync
@@ -17,8 +17,9 @@ sync_token = "eyJhb..."
 # server in the IPA topology rather than via a load balancer or dns srv records. This
 # is to prevent replication conflicts and issues due to how 389-ds content sync works.
 ipa_uri = "ldaps://specific-server.ipa.dev.kanidm.com"
-# Path to the IPA CA certificate in PEM format.
-ipa_ca = "/path/to/kanidm-ipa-ca.pem"
+# Path to the IPA CA certificate in PEM format. This can be found on an IPA server
+# in the file `/etc/ipa/ca.crt`
+ipa_ca = "/path/to/ipa-ca.pem"
 # The DN of an account with content sync rights. By default cn=Directory Manager has
 # this access.
 ipa_sync_dn = "cn=Directory Manager"
diff --git a/server/core/src/https/v1_scim.rs b/server/core/src/https/v1_scim.rs
index 8b38fa18a..35ba8da92 100644
--- a/server/core/src/https/v1_scim.rs
+++ b/server/core/src/https/v1_scim.rs
@@ -7,8 +7,8 @@ use super::v1::{
 };
 use super::ServerState;
 use crate::https::extractors::VerifiedClientInformation;
-use axum::extract::{Path, Query, State};
-use axum::response::Html;
+use axum::extract::{rejection::JsonRejection, DefaultBodyLimit, Path, Query, State};
+use axum::response::{Html, IntoResponse, Response};
 use axum::routing::{get, post};
 use axum::{Extension, Json, Router};
 use kanidm_proto::scim_v1::{
@@ -17,6 +17,8 @@ use kanidm_proto::scim_v1::{
 use kanidm_proto::v1::Entry as ProtoEntry;
 use kanidmd_lib::prelude::*;
 
+const DEFAULT_SCIM_SYNC_BYTES: usize = 1024 * 1024 * 32;
+
 #[utoipa::path(
     get,
     path = "/v1/sync_account",
@@ -271,14 +273,25 @@ async fn scim_sync_post(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
-    Json(changes): Json<ScimSyncRequest>,
-) -> Result<Json<()>, WebError> {
-    state
-        .qe_w_ref
-        .handle_scim_sync_apply(client_auth_info, changes, kopid.eventid)
-        .await
-        .map(Json::from)
-        .map_err(WebError::from)
+    payload: Result<Json<ScimSyncRequest>, JsonRejection>,
+) -> Response {
+    match payload {
+        Ok(Json(changes)) => {
+            let res = state
+                .qe_w_ref
+                .handle_scim_sync_apply(client_auth_info, changes, kopid.eventid)
+                .await;
+
+            match res {
+                Ok(data) => Json::from(data).into_response(),
+                Err(err) => WebError::from(err).into_response(),
+            }
+        }
+        Err(rejection) => {
+            error!(?rejection, "Unable to process JSON");
+            rejection.into_response()
+        }
+    }
 }
 
 #[utoipa::path(
@@ -473,6 +486,11 @@ pub fn route_setup() -> Router<ServerState> {
         //
         //                            POST                   Send a sync update
         //
-        .route("/scim/v1/Sync", post(scim_sync_post).get(scim_sync_get))
+        .route(
+            "/scim/v1/Sync",
+            post(scim_sync_post)
+                .layer(DefaultBodyLimit::max(DEFAULT_SCIM_SYNC_BYTES))
+                .get(scim_sync_get),
+        )
         .route("/scim/v1/Sink", get(scim_sink_get)) // skip_route_check
 }
diff --git a/server/lib/src/be/mod.rs b/server/lib/src/be/mod.rs
index d51a12268..dfc23a2e5 100644
--- a/server/lib/src/be/mod.rs
+++ b/server/lib/src/be/mod.rs
@@ -94,11 +94,22 @@ impl Limits {
     }
 }
 
+/// The result of a key value request containing the list of entry IDs that
+/// match the filter/query condition.
 #[derive(Debug, Clone)]
 pub enum IdList {
+    /// The value is not indexed, and must be assumed that all entries may match.
     AllIds,
-    PartialThreshold(IDLBitRange),
+    /// The index is "fuzzy" like a bloom filter (perhaps superset is a better description) -
+    /// it containes all elements that do match, but may have extra elements that don't.
+    /// This requires the caller to perform a filter test to assert that all
+    /// returned entries match all assertions within the filter.
     Partial(IDLBitRange),
+    /// The set was indexed and is below the filter test threshold. This is because it's
+    /// now faster to test with the filter than to continue to access indexes at this point.
+    /// Like a partial set, this is a super set of the entries that match the query.
+    PartialThreshold(IDLBitRange),
+    /// The value is indexed and accurately represents the set of entries that precisely match.
     Indexed(IDLBitRange),
 }
 
@@ -640,7 +651,7 @@ pub trait BackendTransaction {
         let (idl, fplan) = trace_span!("be::search -> filter2idl")
             .in_scope(|| self.filter2idl(filt.to_inner(), FILTER_SEARCH_TEST_THRESHOLD))?;
 
-        debug!(search_filter_executed_plan = ?fplan);
+        debug!(search_filter_executed_plan = %fplan);
 
         match &idl {
             IdList::AllIds => {
@@ -736,7 +747,7 @@ pub trait BackendTransaction {
         let (idl, fplan) = trace_span!("be::exists -> filter2idl")
             .in_scope(|| self.filter2idl(filt.to_inner(), FILTER_EXISTS_TEST_THRESHOLD))?;
 
-        debug!(exist_filter_executed_plan = ?fplan);
+        debug!(exist_filter_executed_plan = %fplan);
 
         // Apply limits to the IdList.
         match &idl {
diff --git a/server/lib/src/filter.rs b/server/lib/src/filter.rs
index 2894d66dc..cfb09de53 100644
--- a/server/lib/src/filter.rs
+++ b/server/lib/src/filter.rs
@@ -358,6 +358,54 @@ pub enum FilterPlan {
     InclusionIndexed(Vec<FilterPlan>),
 }
 
+// This difference in this is that we want to show unindexed elements more prominently
+// in the execution.
+
+fn fmt_filterplan_set(f: &mut fmt::Formatter<'_>, name: &str, plan: &[FilterPlan]) -> fmt::Result {
+    write!(f, "{name}(")?;
+    for item in plan {
+        write!(f, "{}, ", item)?;
+    }
+    write!(f, ")")
+}
+
+impl fmt::Display for FilterPlan {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::Invalid => write!(f, "Invalid"),
+            Self::EqIndexed(attr, _) => write!(f, "EqIndexed({attr})"),
+            Self::EqCorrupt(attr) => write!(f, "EqCorrupt({attr})"),
+            Self::EqUnindexed(attr) => write!(f, "EqUnindexed({attr})"),
+
+            Self::SubIndexed(attr, _) => write!(f, "SubIndexed({attr})"),
+            Self::SubCorrupt(attr) => write!(f, "SubCorrupt({attr})"),
+            Self::SubUnindexed(attr) => write!(f, "SubUnindexed({attr})"),
+
+            Self::PresIndexed(attr) => write!(f, "PresIndexed({attr})"),
+            Self::PresCorrupt(attr) => write!(f, "PresCorrupt({attr})"),
+            Self::PresUnindexed(attr) => write!(f, "PresUnindexed({attr})"),
+
+            Self::LessThanUnindexed(attr) => write!(f, "LessThanUnindexed({attr})"),
+
+            Self::OrUnindexed(plan) => fmt_filterplan_set(f, "OrUnindexed", plan),
+            Self::OrIndexed(plan) => write!(f, "OrIndexed(len={})", plan.len()),
+            Self::OrPartial(plan) => fmt_filterplan_set(f, "OrPartial", plan),
+            Self::OrPartialThreshold(plan) => fmt_filterplan_set(f, "OrPartialThreshold", plan),
+
+            Self::AndEmptyCand(plan) => write!(f, "AndEmptyCand(len={})", plan.len()),
+            Self::AndUnindexed(plan) => fmt_filterplan_set(f, "AndUnindexed", plan),
+            Self::AndIndexed(plan) => write!(f, "AndIndexed(len={})", plan.len()),
+            Self::AndPartial(plan) => fmt_filterplan_set(f, "AndPartial", plan),
+            Self::AndPartialThreshold(plan) => fmt_filterplan_set(f, "AndPartialThreshold", plan),
+
+            Self::AndNot(plan) => write!(f, "AndNot({plan})"),
+
+            Self::InclusionInvalid(plan) => fmt_filterplan_set(f, "InclusionInvalid", plan),
+            Self::InclusionIndexed(plan) => write!(f, "InclusionIndexed(len={})", plan.len()),
+        }
+    }
+}
+
 /// A `Filter` is a logical set of assertions about the state of an [`Entry`] and
 /// it's avas. `Filter`s are built from a set of possible assertions.
 ///
diff --git a/server/lib/src/idm/scim.rs b/server/lib/src/idm/scim.rs
index 65eb3eeb8..f65f8dd16 100644
--- a/server/lib/src/idm/scim.rs
+++ b/server/lib/src/idm/scim.rs
@@ -1,6 +1,9 @@
 use std::time::Duration;
 
-use base64::{engine::general_purpose::STANDARD, Engine as _};
+use base64::{
+    engine::general_purpose::{STANDARD, URL_SAFE},
+    Engine as _,
+};
 
 use compact_jwt::{Jws, JwsCompact, JwsEs256Signer, JwsSigner};
 use kanidm_proto::internal::{ApiTokenPurpose, ScimSyncToken};
@@ -532,10 +535,14 @@ impl IdmServerProxyWriteTransaction<'_> {
         self.scim_sync_apply_phase_4(&changes.retain, sync_uuid)?;
 
         // Final house keeping. Commit the new sync state.
-        self.scim_sync_apply_phase_5(sync_uuid, &changes.to_state)
+        self.scim_sync_apply_phase_5(sync_uuid, &changes.to_state)?;
+
+        info!("success");
+
+        Ok(())
     }
 
-    #[instrument(level = "debug", skip_all)]
+    #[instrument(level = "info", skip_all)]
     fn scim_sync_apply_phase_1<'b>(
         &mut self,
         sse: &'b ScimSyncUpdateEvent,
@@ -630,7 +637,7 @@ impl IdmServerProxyWriteTransaction<'_> {
         Ok((sync_uuid, sync_authority_set, change_entries, sync_refresh))
     }
 
-    #[instrument(level = "debug", skip_all)]
+    #[instrument(level = "info", skip_all)]
     pub(crate) fn scim_sync_apply_phase_2(
         &mut self,
         change_entries: &BTreeMap<Uuid, &ScimEntry>,
@@ -749,7 +756,7 @@ impl IdmServerProxyWriteTransaction<'_> {
         Ok(())
     }
 
-    #[instrument(level = "debug", skip_all)]
+    #[instrument(level = "info", skip_all)]
     pub(crate) fn scim_sync_apply_phase_refresh_cleanup(
         &mut self,
         change_entries: &BTreeMap<Uuid, &ScimEntry>,
@@ -922,7 +929,9 @@ impl IdmServerProxyWriteTransaction<'_> {
                         })
                         .and_then(|secret| match secret {
                             ScimAttr::String(value) => {
-                                STANDARD.decode(value.as_str())
+                                URL_SAFE.decode(value.as_str()).or_else(
+                                    |_| STANDARD.decode(value.as_str())
+                                )
                                     .map_err(|_| {
                                         error!("Invalid secret attribute - must be base64 string");
                                         OperationError::InvalidAttribute(format!(
@@ -1247,7 +1256,7 @@ impl IdmServerProxyWriteTransaction<'_> {
         Ok(ModifyList::new_list(mods))
     }
 
-    #[instrument(level = "debug", skip_all)]
+    #[instrument(level = "info", skip_all)]
     pub(crate) fn scim_sync_apply_phase_3(
         &mut self,
         change_entries: &BTreeMap<Uuid, &ScimEntry>,
@@ -1333,7 +1342,7 @@ impl IdmServerProxyWriteTransaction<'_> {
             })
     }
 
-    #[instrument(level = "debug", skip_all)]
+    #[instrument(level = "info", skip_all)]
     pub(crate) fn scim_sync_apply_phase_4(
         &mut self,
         retain: &ScimSyncRetentionMode,
@@ -1439,7 +1448,7 @@ impl IdmServerProxyWriteTransaction<'_> {
         }
     }
 
-    #[instrument(level = "debug", skip_all)]
+    #[instrument(level = "info", skip_all)]
     pub(crate) fn scim_sync_apply_phase_5(
         &mut self,
         sync_uuid: Uuid,
diff --git a/server/lib/src/server/access/mod.rs b/server/lib/src/server/access/mod.rs
index e57222b40..358992127 100644
--- a/server/lib/src/server/access/mod.rs
+++ b/server/lib/src/server/access/mod.rs
@@ -508,6 +508,8 @@ pub trait AccessControlsTransaction<'a> {
         let sync_agmts = self.get_sync_agreements();
 
         let r = entries.iter().all(|e| {
+            debug!(entry_id = %e.get_display_id());
+
             match apply_modify_access(&me.ident, related_acp.as_slice(), sync_agmts, e) {
                 ModifyResult::Denied => false,
                 ModifyResult::Grant => true,
@@ -634,6 +636,7 @@ pub trait AccessControlsTransaction<'a> {
             debug!(?requested_pres, "Requested present set");
             debug!(?requested_rem, "Requested remove set");
             debug!(?requested_classes, "Requested class set");
+            debug!(entry_id = %e.get_display_id());
 
             let sync_agmts = self.get_sync_agreements();
 
diff --git a/server/lib/src/server/delete.rs b/server/lib/src/server/delete.rs
index 09164a75b..e434ac07b 100644
--- a/server/lib/src/server/delete.rs
+++ b/server/lib/src/server/delete.rs
@@ -39,7 +39,8 @@ impl QueryServerWriteTransaction<'_> {
 
         // Is the candidate set empty?
         if pre_candidates.is_empty() {
-            warn!(filter = ?de.filter, "delete: no candidates match filter");
+            warn!("delete: no candidates match filter");
+            debug!(delete_filter = ?de.filter);
             return Err(OperationError::NoMatchingEntries);
         };
 

From ba24ffb1e07cccde6a359683482ffdea90146a55 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Jan 2025 07:15:39 +1000
Subject: [PATCH 53/87] Bump the all group in /pykanidm with 4 updates (#3356)

Bumps the all group in /pykanidm with 4 updates: [pydantic](https://github.com/pydantic/pydantic), [pylint-pydantic](https://github.com/fcfangcc/pylint-pydantic), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [ruff](https://github.com/astral-sh/ruff).


Updates `pydantic` from 2.10.4 to 2.10.5
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.4...v2.10.5)

Updates `pylint-pydantic` from 0.3.4 to 0.3.5
- [Release notes](https://github.com/fcfangcc/pylint-pydantic/releases)
- [Commits](https://github.com/fcfangcc/pylint-pydantic/compare/v0.3.4...v0.3.5)

Updates `pytest-asyncio` from 0.25.1 to 0.25.2
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.25.1...v0.25.2)

Updates `ruff` from 0.8.6 to 0.9.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.8.6...0.9.1)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pylint-pydantic
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 56 ++++++++++++++++++++---------------------
 pykanidm/pyproject.toml |  6 ++---
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 191b90d55..0b399c0da 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -1501,13 +1501,13 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "2.10.4"
+version = "2.10.5"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic-2.10.4-py3-none-any.whl", hash = "sha256:597e135ea68be3a37552fb524bc7d0d66dcf93d395acd93a00682f1efcb8ee3d"},
-    {file = "pydantic-2.10.4.tar.gz", hash = "sha256:82f12e9723da6de4fe2ba888b5971157b3be7ad914267dea8f05f82b28254f06"},
+    {file = "pydantic-2.10.5-py3-none-any.whl", hash = "sha256:4dd4e322dbe55472cb7ca7e73f4b63574eecccf2835ffa2af9021ce113c83c53"},
+    {file = "pydantic-2.10.5.tar.gz", hash = "sha256:278b38dbbaec562011d659ee05f63346951b3a248a6f3642e1bc68894ea2b4ff"},
 ]
 
 [package.dependencies]
@@ -1691,12 +1691,12 @@ pylint = ">=1.7"
 
 [[package]]
 name = "pylint-pydantic"
-version = "0.3.4"
+version = "0.3.5"
 description = "A Pylint plugin to help Pylint understand the Pydantic"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pylint_pydantic-0.3.4-py3-none-any.whl", hash = "sha256:f82fdf6b05045102fef2bd8b553a118aadf80155116f374a76eb201c47160a68"},
+    {file = "pylint_pydantic-0.3.5-py3-none-any.whl", hash = "sha256:e7a54f09843b000676633ed02d5985a4a61c8da2560a3b0d46082d2ff171c4a1"},
 ]
 
 [package.dependencies]
@@ -1780,13 +1780,13 @@ testing = ["coverage (==6.2)", "mypy (==0.931)"]
 
 [[package]]
 name = "pytest-asyncio"
-version = "0.25.1"
+version = "0.25.2"
 description = "Pytest support for asyncio"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "pytest_asyncio-0.25.1-py3-none-any.whl", hash = "sha256:c84878849ec63ff2ca509423616e071ef9cd8cc93c053aa33b5b8fb70a990671"},
-    {file = "pytest_asyncio-0.25.1.tar.gz", hash = "sha256:79be8a72384b0c917677e00daa711e07db15259f4d23203c59012bcd989d4aee"},
+    {file = "pytest_asyncio-0.25.2-py3-none-any.whl", hash = "sha256:0d0bb693f7b99da304a0634afc0a4b19e49d5e0de2d670f38dc4bfa5727c5075"},
+    {file = "pytest_asyncio-0.25.2.tar.gz", hash = "sha256:3f8ef9a98f45948ea91a0ed3dc4268b5326c0e7bce73892acc654df4262ad45f"},
 ]
 
 [package.dependencies]
@@ -2141,29 +2141,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.8.6"
+version = "0.9.1"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.8.6-py3-none-linux_armv6l.whl", hash = "sha256:defed167955d42c68b407e8f2e6f56ba52520e790aba4ca707a9c88619e580e3"},
-    {file = "ruff-0.8.6-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:54799ca3d67ae5e0b7a7ac234baa657a9c1784b48ec954a094da7c206e0365b1"},
-    {file = "ruff-0.8.6-py3-none-macosx_11_0_arm64.whl", hash = "sha256:e88b8f6d901477c41559ba540beeb5a671e14cd29ebd5683903572f4b40a9807"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0509e8da430228236a18a677fcdb0c1f102dd26d5520f71f79b094963322ed25"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:91a7ddb221779871cf226100e677b5ea38c2d54e9e2c8ed847450ebbdf99b32d"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:248b1fb3f739d01d528cc50b35ee9c4812aa58cc5935998e776bf8ed5b251e75"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:bc3c083c50390cf69e7e1b5a5a7303898966be973664ec0c4a4acea82c1d4315"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:52d587092ab8df308635762386f45f4638badb0866355b2b86760f6d3c076188"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:61323159cf21bc3897674e5adb27cd9e7700bab6b84de40d7be28c3d46dc67cf"},
-    {file = "ruff-0.8.6-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7ae4478b1471fc0c44ed52a6fb787e641a2ac58b1c1f91763bafbc2faddc5117"},
-    {file = "ruff-0.8.6-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:0c000a471d519b3e6cfc9c6680025d923b4ca140ce3e4612d1a2ef58e11f11fe"},
-    {file = "ruff-0.8.6-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:9257aa841e9e8d9b727423086f0fa9a86b6b420fbf4bf9e1465d1250ce8e4d8d"},
-    {file = "ruff-0.8.6-py3-none-musllinux_1_2_i686.whl", hash = "sha256:45a56f61b24682f6f6709636949ae8cc82ae229d8d773b4c76c09ec83964a95a"},
-    {file = "ruff-0.8.6-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:496dd38a53aa173481a7d8866bcd6451bd934d06976a2505028a50583e001b76"},
-    {file = "ruff-0.8.6-py3-none-win32.whl", hash = "sha256:e169ea1b9eae61c99b257dc83b9ee6c76f89042752cb2d83486a7d6e48e8f764"},
-    {file = "ruff-0.8.6-py3-none-win_amd64.whl", hash = "sha256:f1d70bef3d16fdc897ee290d7d20da3cbe4e26349f62e8a0274e7a3f4ce7a905"},
-    {file = "ruff-0.8.6-py3-none-win_arm64.whl", hash = "sha256:7d7fc2377a04b6e04ffe588caad613d0c460eb2ecba4c0ccbbfe2bc973cbc162"},
-    {file = "ruff-0.8.6.tar.gz", hash = "sha256:dcad24b81b62650b0eb8814f576fc65cfee8674772a6e24c9b747911801eeaa5"},
+    {file = "ruff-0.9.1-py3-none-linux_armv6l.whl", hash = "sha256:84330dda7abcc270e6055551aca93fdde1b0685fc4fd358f26410f9349cf1743"},
+    {file = "ruff-0.9.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:3cae39ba5d137054b0e5b472aee3b78a7c884e61591b100aeb544bcd1fc38d4f"},
+    {file = "ruff-0.9.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:50c647ff96f4ba288db0ad87048257753733763b409b2faf2ea78b45c8bb7fcb"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f0c8b149e9c7353cace7d698e1656ffcf1e36e50f8ea3b5d5f7f87ff9986a7ca"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:beb3298604540c884d8b282fe7625651378e1986c25df51dec5b2f60cafc31ce"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:39d0174ccc45c439093971cc06ed3ac4dc545f5e8bdacf9f067adf879544d969"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:69572926c0f0c9912288915214ca9b2809525ea263603370b9e00bed2ba56dbd"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:937267afce0c9170d6d29f01fcd1f4378172dec6760a9f4dface48cdabf9610a"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:186c2313de946f2c22bdf5954b8dd083e124bcfb685732cfb0beae0c47233d9b"},
+    {file = "ruff-0.9.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3f94942a3bb767675d9a051867c036655fe9f6c8a491539156a6f7e6b5f31831"},
+    {file = "ruff-0.9.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:728d791b769cc28c05f12c280f99e8896932e9833fef1dd8756a6af2261fd1ab"},
+    {file = "ruff-0.9.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:2f312c86fb40c5c02b44a29a750ee3b21002bd813b5233facdaf63a51d9a85e1"},
+    {file = "ruff-0.9.1-py3-none-musllinux_1_2_i686.whl", hash = "sha256:ae017c3a29bee341ba584f3823f805abbe5fe9cd97f87ed07ecbf533c4c88366"},
+    {file = "ruff-0.9.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:5dc40a378a0e21b4cfe2b8a0f1812a6572fc7b230ef12cd9fac9161aa91d807f"},
+    {file = "ruff-0.9.1-py3-none-win32.whl", hash = "sha256:46ebf5cc106cf7e7378ca3c28ce4293b61b449cd121b98699be727d40b79ba72"},
+    {file = "ruff-0.9.1-py3-none-win_amd64.whl", hash = "sha256:342a824b46ddbcdddd3abfbb332fa7fcaac5488bf18073e841236aadf4ad5c19"},
+    {file = "ruff-0.9.1-py3-none-win_arm64.whl", hash = "sha256:1cd76c7f9c679e6e8f2af8f778367dca82b95009bc7b1a85a47f1521ae524fa7"},
+    {file = "ruff-0.9.1.tar.gz", hash = "sha256:fd2b25ecaf907d6458fa842675382c8597b3c746a2dde6717fe3415425df0c17"},
 ]
 
 [[package]]
@@ -2420,4 +2420,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "526ed5cc825fb8805675e7a8655fb6c1fc191ac0940d9cf31649b8fee4e0e0ed"
+content-hash = "38d127dee99e25ec0d9716086ff4965da60b015e26dcb7ef67b9dc38dd46ec12"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index facecfef9..a6d9dd896 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -31,10 +31,10 @@ Authlib = "^1.2.0"
 mypy = "^1.14"
 pytest = "^8.3.4"
 types-toml = "^0.10.8"
-pylint-pydantic = "^0.3.4"
+pylint-pydantic = "^0.3.5"
 coverage = "^7.6.10"
 pylint-pytest = "^1.1.7"
-pytest-asyncio = "^0.25.1"
+pytest-asyncio = "^0.25.2"
 pytest-mock = "^3.14.0"
 pytest-aiohttp = "^1.0.5"
 black = "^24.10.0"
@@ -45,7 +45,7 @@ mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.8.7"
+ruff = ">=0.5.1,<0.9.2"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From 2d439c508fc7b3c42c23489b1a79cb7f9be3cbd5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 13 Jan 2025 07:46:33 +1000
Subject: [PATCH 54/87] Bump jinja2 from 3.1.4 to 3.1.5 in /pykanidm in the pip
 group (#3358)

Bumps the pip group in /pykanidm with 1 update: [jinja2](https://github.com/pallets/jinja).


Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 0b399c0da..e123b36f7 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -807,13 +807,13 @@ colors = ["colorama (>=0.4.6)"]
 
 [[package]]
 name = "jinja2"
-version = "3.1.4"
+version = "3.1.5"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
-    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
+    {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
+    {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
 ]
 
 [package.dependencies]

From 419c4a18273bacbd11ddfbd0ba37151a81864069 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Tue, 14 Jan 2025 13:49:20 +1000
Subject: [PATCH 55/87] fix: unrecoverable error page doesn't include logo or
 domain name (#3352)

---
 server/core/Cargo.toml                        |  1 +
 server/core/src/https/views/apps.rs           |  2 +-
 server/core/src/https/views/enrol.rs          |  4 +-
 server/core/src/https/views/errors.rs         | 10 +--
 server/core/src/https/views/login.rs          | 34 ++++++---
 server/core/src/https/views/mod.rs            | 33 ++++++++-
 server/core/src/https/views/oauth2.rs         |  5 ++
 server/core/src/https/views/profile.rs        |  2 +-
 server/core/src/https/views/reset.rs          | 71 +++++++++++++------
 .../core/templates/unrecoverable_error.html   | 16 ++++-
 server/lib/Cargo.toml                         |  1 +
 server/lib/src/server/mod.rs                  | 15 ++++
 12 files changed, 152 insertions(+), 42 deletions(-)

diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml
index bfe846abb..c0bab238d 100644
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@@ -88,6 +88,7 @@ webauthn-rs = { workspace = true, features = [
 [dev-dependencies]
 walkdir = { workspace = true }
 tempfile = { workspace = true }
+kanidmd_lib = { workspace = true, features = ["test"] }
 
 [build-dependencies]
 kanidm_build_profiles = { workspace = true }
diff --git a/server/core/src/https/views/apps.rs b/server/core/src/https/views/apps.rs
index a8eae210c..a68339524 100644
--- a/server/core/src/https/views/apps.rs
+++ b/server/core/src/https/views/apps.rs
@@ -43,7 +43,7 @@ pub(crate) async fn view_apps_get(
         .qe_r_ref
         .handle_list_applinks(client_auth_info, kopid.eventid)
         .await
-        .map_err(|old| HtmxError::new(&kopid, old))?;
+        .map_err(|old| HtmxError::new(&kopid, old, domain_info.clone()))?;
 
     Ok({
         (
diff --git a/server/core/src/https/views/enrol.rs b/server/core/src/https/views/enrol.rs
index abe35acab..ee92704c7 100644
--- a/server/core/src/https/views/enrol.rs
+++ b/server/core/src/https/views/enrol.rs
@@ -50,7 +50,7 @@ pub(crate) async fn view_enrol_get(
         .qe_r_ref
         .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
         .await
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))?;
 
     let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
     let can_rw = uat.purpose_readwrite_active(time);
@@ -87,7 +87,7 @@ pub(crate) async fn view_enrol_get(
             kopid.eventid,
         )
         .await
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))?;
 
     let secret = cu_intent.token;
 
diff --git a/server/core/src/https/views/errors.rs b/server/core/src/https/views/errors.rs
index dd1494623..3686772d8 100644
--- a/server/core/src/https/views/errors.rs
+++ b/server/core/src/https/views/errors.rs
@@ -1,6 +1,7 @@
 use axum::http::StatusCode;
 use axum::response::{IntoResponse, Redirect, Response};
 use axum_htmx::{HxReswap, HxRetarget, SwapOption};
+use kanidmd_lib::idm::server::DomainInfoRead;
 use utoipa::ToSchema;
 use uuid::Uuid;
 
@@ -21,19 +22,19 @@ use crate::https::views::UnrecoverableErrorView;
 #[derive(Debug, ToSchema)]
 pub(crate) enum HtmxError {
     /// Something went wrong when doing things.
-    OperationError(Uuid, OperationError),
+    OperationError(Uuid, OperationError, DomainInfoRead),
 }
 
 impl HtmxError {
-    pub(crate) fn new(kopid: &KOpId, operr: OperationError) -> Self {
-        HtmxError::OperationError(kopid.eventid, operr)
+    pub(crate) fn new(kopid: &KOpId, operr: OperationError, domain_info: DomainInfoRead) -> Self {
+        HtmxError::OperationError(kopid.eventid, operr, domain_info)
     }
 }
 
 impl IntoResponse for HtmxError {
     fn into_response(self) -> Response {
         match self {
-            HtmxError::OperationError(kopid, inner) => {
+            HtmxError::OperationError(kopid, inner, domain_info) => {
                 let body = serde_json::to_string(&inner).unwrap_or(inner.to_string());
                 match &inner {
                     OperationError::NotAuthenticated
@@ -58,6 +59,7 @@ impl IntoResponse for HtmxError {
                         UnrecoverableErrorView {
                             err_code: inner,
                             operation_id: kopid,
+                            domain_info,
                         },
                     )
                         .into_response(),
diff --git a/server/core/src/https/views/login.rs b/server/core/src/https/views/login.rs
index 300a14798..140fa9aae 100644
--- a/server/core/src/https/views/login.rs
+++ b/server/core/src/https/views/login.rs
@@ -48,6 +48,7 @@ struct SessionContext {
     after_auth_loc: Option<String>,
 }
 
+#[derive(Clone)]
 pub enum ReauthPurpose {
     ProfileSettings,
 }
@@ -59,7 +60,7 @@ impl fmt::Display for ReauthPurpose {
         }
     }
 }
-
+#[derive(Clone)]
 pub enum LoginError {
     InvalidUsername,
 }
@@ -71,16 +72,17 @@ impl fmt::Display for LoginError {
         }
     }
 }
-
+#[derive(Clone)]
 pub struct Reauth {
     pub username: String,
     pub purpose: ReauthPurpose,
 }
-
+#[derive(Clone)]
 pub struct Oauth2Ctx {
     pub client_name: String,
 }
 
+#[derive(Clone)]
 pub struct LoginDisplayCtx {
     pub domain_info: DomainInfoRead,
     // We only need this on the first re-auth screen to indicate what we are doing
@@ -160,6 +162,7 @@ pub async fn view_logout_get(
     State(state): State<ServerState>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
     Extension(kopid): Extension<KOpId>,
+    DomainInfo(domain_info): DomainInfo,
     mut jar: CookieJar,
 ) -> Response {
     let response = if let Err(err_code) = state
@@ -170,6 +173,7 @@ pub async fn view_logout_get(
         UnrecoverableErrorView {
             err_code,
             operation_id: kopid.eventid,
+            domain_info,
         }
         .into_response()
     } else {
@@ -232,7 +236,7 @@ pub async fn view_reauth_get(
                         ar,
                         client_auth_info,
                         session_context,
-                        display_ctx,
+                        display_ctx.clone(),
                     )
                     .await
                     {
@@ -241,6 +245,7 @@ pub async fn view_reauth_get(
                         Err(err_code) => UnrecoverableErrorView {
                             err_code,
                             operation_id: kopid.eventid,
+                            domain_info: display_ctx.clone().domain_info,
                         }
                         .into_response(),
                     }
@@ -249,6 +254,7 @@ pub async fn view_reauth_get(
                 Err(err_code) => UnrecoverableErrorView {
                     err_code,
                     operation_id: kopid.eventid,
+                    domain_info: display_ctx.domain_info,
                 }
                 .into_response(),
             }
@@ -275,6 +281,7 @@ pub async fn view_reauth_get(
         Err(err_code) => UnrecoverableErrorView {
             err_code,
             operation_id: kopid.eventid,
+            domain_info: display_ctx.domain_info,
         }
         .into_response(),
     }
@@ -358,6 +365,7 @@ pub async fn view_index_get(
         Err(err_code) => UnrecoverableErrorView {
             err_code,
             operation_id: kopid.eventid,
+            domain_info,
         }
         .into_response(),
     }
@@ -420,7 +428,7 @@ pub async fn view_login_begin_post(
     };
 
     let mut display_ctx = LoginDisplayCtx {
-        domain_info,
+        domain_info: domain_info.clone(),
         oauth2: None,
         reauth: None,
         error: None,
@@ -445,6 +453,7 @@ pub async fn view_login_begin_post(
                 Err(err_code) => UnrecoverableErrorView {
                     err_code,
                     operation_id: kopid.eventid,
+                    domain_info,
                 }
                 .into_response(),
             }
@@ -463,6 +472,7 @@ pub async fn view_login_begin_post(
             _ => UnrecoverableErrorView {
                 err_code,
                 operation_id: kopid.eventid,
+                domain_info,
             }
             .into_response(),
         },
@@ -503,7 +513,7 @@ pub async fn view_login_mech_choose_post(
         .await;
 
     let display_ctx = LoginDisplayCtx {
-        domain_info,
+        domain_info: domain_info.clone(),
         oauth2: None,
         reauth: None,
         error: None,
@@ -528,6 +538,7 @@ pub async fn view_login_mech_choose_post(
                 Err(err_code) => UnrecoverableErrorView {
                     err_code,
                     operation_id: kopid.eventid,
+                    domain_info,
                 }
                 .into_response(),
             }
@@ -536,6 +547,7 @@ pub async fn view_login_mech_choose_post(
         Err(err_code) => UnrecoverableErrorView {
             err_code,
             operation_id: kopid.eventid,
+            domain_info,
         }
         .into_response(),
     }
@@ -662,7 +674,7 @@ pub async fn view_login_passkey_post(
         }
         Err(e) => {
             error!(err = ?e, "Unable to deserialize credential submission");
-            HtmxError::new(&kopid, OperationError::SerdeJsonError).into_response()
+            HtmxError::new(&kopid, OperationError::SerdeJsonError, domain_info).into_response()
         }
     }
 }
@@ -692,7 +704,7 @@ async fn credential_step(
             .unwrap_or_default();
 
     let display_ctx = LoginDisplayCtx {
-        domain_info,
+        domain_info: domain_info.clone(),
         oauth2: None,
         reauth: None,
         error: None,
@@ -720,7 +732,7 @@ async fn credential_step(
                 ar,
                 client_auth_info,
                 session_context,
-                display_ctx,
+                display_ctx.clone(),
             )
             .await
             {
@@ -729,6 +741,7 @@ async fn credential_step(
                 Err(err_code) => UnrecoverableErrorView {
                     err_code,
                     operation_id: kopid.eventid,
+                    domain_info: display_ctx.domain_info,
                 }
                 .into_response(),
             }
@@ -737,6 +750,7 @@ async fn credential_step(
         Err(err_code) => UnrecoverableErrorView {
             err_code,
             operation_id: kopid.eventid,
+            domain_info,
         }
         .into_response(),
     }
@@ -785,6 +799,7 @@ async fn view_login_step(
                         UnrecoverableErrorView {
                             err_code: OperationError::InvalidState,
                             operation_id: kopid.eventid,
+                            domain_info: display_ctx.domain_info,
                         }
                         .into_response()
                     }
@@ -845,6 +860,7 @@ async fn view_login_step(
                         UnrecoverableErrorView {
                             err_code: OperationError::InvalidState,
                             operation_id: kopid.eventid,
+                            domain_info: display_ctx.domain_info,
                         }
                         .into_response()
                     }
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index a2d2da324..e4b5bcfa1 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -9,7 +9,10 @@ use axum::{
 use axum_htmx::HxRequestGuardLayer;
 
 use constants::Urls;
-use kanidmd_lib::prelude::{OperationError, Uuid};
+use kanidmd_lib::{
+    idm::server::DomainInfoRead,
+    prelude::{OperationError, Uuid},
+};
 
 use crate::https::ServerState;
 
@@ -29,6 +32,8 @@ mod reset;
 struct UnrecoverableErrorView {
     err_code: OperationError,
     operation_id: Uuid,
+    // This is an option because it's not always present in an "unrecoverable" situation
+    domain_info: DomainInfoRead,
 }
 
 pub fn view_router() -> Router<ServerState> {
@@ -130,3 +135,29 @@ where
             .map(Some),
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use askama_axum::IntoResponse;
+
+    use super::*;
+    #[tokio::test]
+    async fn test_unrecoverableerrorview() {
+        let domain_info = kanidmd_lib::server::DomainInfo::new_test();
+
+        let view = UnrecoverableErrorView {
+            err_code: OperationError::InvalidState,
+            operation_id: Uuid::new_v4(),
+            domain_info: domain_info.read(),
+        };
+
+        let error_html = view.render().expect("Failed to render");
+
+        assert!(error_html.contains(domain_info.read().display_name()));
+
+        let response = view.into_response();
+
+        // TODO: this really should be an error code :(
+        assert_eq!(response.status(), 200);
+    }
+}
diff --git a/server/core/src/https/views/oauth2.rs b/server/core/src/https/views/oauth2.rs
index b3d7ab37f..b4c15b6d9 100644
--- a/server/core/src/https/views/oauth2.rs
+++ b/server/core/src/https/views/oauth2.rs
@@ -104,6 +104,7 @@ async fn oauth2_auth_req(
             UnrecoverableErrorView {
                 err_code: OperationError::UI0003InvalidOauth2Resume,
                 operation_id: kopid.eventid,
+                domain_info,
             },
         )
             .into_response();
@@ -184,6 +185,7 @@ async fn oauth2_auth_req(
                     UnrecoverableErrorView {
                         err_code,
                         operation_id: kopid.eventid,
+                        domain_info,
                     },
                 )
                     .into_response(),
@@ -221,6 +223,7 @@ async fn oauth2_auth_req(
                 UnrecoverableErrorView {
                     err_code: OperationError::InvalidState,
                     operation_id: kopid.eventid,
+                    domain_info,
                 },
             )
                 .into_response()
@@ -240,6 +243,7 @@ pub async fn view_consent_post(
     State(server_state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     Form(consent_form): Form<ConsentForm>,
 ) -> Result<Response, UnrecoverableErrorView> {
@@ -291,6 +295,7 @@ pub async fn view_consent_post(
             Err(UnrecoverableErrorView {
                 err_code: OperationError::InvalidState,
                 operation_id: kopid.eventid,
+                domain_info,
             })
         }
     }
diff --git a/server/core/src/https/views/profile.rs b/server/core/src/https/views/profile.rs
index 42d635cb8..002abaaba 100644
--- a/server/core/src/https/views/profile.rs
+++ b/server/core/src/https/views/profile.rs
@@ -69,7 +69,7 @@ pub(crate) async fn view_profile_unlock_get(
         .qe_r_ref
         .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
         .await
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))?;
 
     let display_ctx = LoginDisplayCtx {
         domain_info,
diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs
index 7e6dd55d6..73ce55c32 100644
--- a/server/core/src/https/views/reset.rs
+++ b/server/core/src/https/views/reset.rs
@@ -209,6 +209,7 @@ pub(crate) async fn commit(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
     let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
@@ -216,7 +217,7 @@ pub(crate) async fn commit(
     state
         .qe_w_ref
         .handle_idmcredentialupdatecommit(cu_session_token, kopid.eventid)
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info))
         .await?;
 
     // No longer need the cookie jar.
@@ -230,6 +231,7 @@ pub(crate) async fn cancel_cred_update(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
     let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
@@ -237,7 +239,7 @@ pub(crate) async fn cancel_cred_update(
     state
         .qe_w_ref
         .handle_idmcredentialupdatecancel(cu_session_token, kopid.eventid)
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info))
         .await?;
 
     // No longer need the cookie jar.
@@ -256,6 +258,7 @@ pub(crate) async fn cancel_mfareg(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
     let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
@@ -263,7 +266,7 @@ pub(crate) async fn cancel_mfareg(
     let cu_status = state
         .qe_r_ref
         .handle_idmcredentialupdate(cu_session_token, CURequest::CancelMFAReg, kopid.eventid)
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     Ok(get_cu_partial_response(cu_status))
@@ -274,6 +277,7 @@ pub(crate) async fn remove_alt_creds(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
     let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
@@ -281,7 +285,7 @@ pub(crate) async fn remove_alt_creds(
     let cu_status = state
         .qe_r_ref
         .handle_idmcredentialupdate(cu_session_token, CURequest::PrimaryRemove, kopid.eventid)
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     Ok(get_cu_partial_response(cu_status))
@@ -292,6 +296,7 @@ pub(crate) async fn remove_unixcred(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
     let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
@@ -303,7 +308,7 @@ pub(crate) async fn remove_unixcred(
             CURequest::UnixPasswordRemove,
             kopid.eventid,
         )
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     Ok(get_cu_partial_response(cu_status))
@@ -314,6 +319,7 @@ pub(crate) async fn remove_totp(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     Form(totp): Form<TOTPRemoveData>,
 ) -> axum::response::Result<Response> {
@@ -326,7 +332,7 @@ pub(crate) async fn remove_totp(
             CURequest::TotpRemove(totp.name),
             kopid.eventid,
         )
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     Ok(get_cu_partial_response(cu_status))
@@ -337,6 +343,7 @@ pub(crate) async fn remove_passkey(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     Form(passkey): Form<PasskeyRemoveData>,
 ) -> axum::response::Result<Response> {
@@ -349,7 +356,7 @@ pub(crate) async fn remove_passkey(
             CURequest::PasskeyRemove(passkey.uuid),
             kopid.eventid,
         )
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     Ok(get_cu_partial_response(cu_status))
@@ -358,8 +365,7 @@ pub(crate) async fn remove_passkey(
 pub(crate) async fn finish_passkey(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
-    HxRequest(_hx_request): HxRequest,
-    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     Form(passkey_create): Form<PasskeyCreateForm>,
 ) -> axum::response::Result<Response> {
@@ -377,7 +383,7 @@ pub(crate) async fn finish_passkey(
             let cu_status = state
                 .qe_r_ref
                 .handle_idmcredentialupdate(cu_session_token, cu_request, kopid.eventid)
-                .map_err(|op_err| HtmxError::new(&kopid, op_err))
+                .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
                 .await?;
 
             Ok(get_cu_partial_response(cu_status))
@@ -386,7 +392,7 @@ pub(crate) async fn finish_passkey(
             error!("Bad request for passkey creation: {e}");
             Ok((
                 StatusCode::UNPROCESSABLE_ENTITY,
-                HtmxError::new(&kopid, OperationError::Backend).into_response(),
+                HtmxError::new(&kopid, OperationError::Backend, domain_info).into_response(),
             )
                 .into_response())
         }
@@ -398,6 +404,7 @@ pub(crate) async fn view_new_passkey(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     Form(init_form): Form<PasskeyInitForm>,
 ) -> axum::response::Result<Response> {
@@ -410,7 +417,7 @@ pub(crate) async fn view_new_passkey(
     let cu_status: CUStatus = state
         .qe_r_ref
         .handle_idmcredentialupdate(cu_session_token, cu_req, kopid.eventid)
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     let response = match cu_status.mfaregstate {
@@ -425,6 +432,7 @@ pub(crate) async fn view_new_passkey(
                 UnrecoverableErrorView {
                     err_code: OperationError::UI0001ChallengeSerialisation,
                     operation_id: kopid.eventid,
+                    domain_info,
                 }
                 .into_response()
             }
@@ -432,6 +440,7 @@ pub(crate) async fn view_new_passkey(
         _ => UnrecoverableErrorView {
             err_code: OperationError::UI0002InvalidState,
             operation_id: kopid.eventid,
+            domain_info,
         }
         .into_response(),
     };
@@ -449,8 +458,7 @@ pub(crate) async fn view_new_passkey(
 pub(crate) async fn view_new_totp(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
-    HxRequest(_hx_request): HxRequest,
-    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
     let cu_session_token = get_cu_session(&jar).await?;
@@ -462,7 +470,7 @@ pub(crate) async fn view_new_totp(
         .await
         // TODO: better handling for invalid mfaregstate state, can be invalid if certain mfa flows were interrupted
         // TODO: We should maybe automatically cancel the other MFA reg
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))?;
 
     let partial = if let CURegState::TotpCheck(secret) = cu_status.mfaregstate {
         let uri = secret.to_uri();
@@ -491,6 +499,7 @@ pub(crate) async fn view_new_totp(
         return Err(ErrorResponse::from(HtmxError::new(
             &kopid,
             OperationError::CannotStartMFADuringOngoingMFASession,
+            domain_info,
         )));
     };
 
@@ -502,6 +511,7 @@ pub(crate) async fn add_totp(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     new_totp_form: Form<NewTotp>,
 ) -> axum::response::Result<Response> {
@@ -525,7 +535,7 @@ pub(crate) async fn add_totp(
         )
     }
     .await
-    .map_err(|op_err| HtmxError::new(&kopid, op_err))?;
+    .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))?;
 
     let check = match &cu_status.mfaregstate {
         CURegState::None => return Ok(get_cu_partial_response(cu_status)),
@@ -544,6 +554,7 @@ pub(crate) async fn add_totp(
             return Err(ErrorResponse::from(HtmxError::new(
                 &kopid,
                 OperationError::InvalidState,
+                domain_info,
             )))
         }
     };
@@ -574,6 +585,7 @@ pub(crate) async fn view_new_pwd(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     opt_form: Option<Form<NewPassword>>,
 ) -> axum::response::Result<Response> {
@@ -609,7 +621,13 @@ pub(crate) async fn view_new_pwd(
             Err(OperationError::PasswordQuality(password_feedback)) => {
                 (password_feedback, StatusCode::UNPROCESSABLE_ENTITY)
             }
-            Err(operr) => return Err(ErrorResponse::from(HtmxError::new(&kopid, operr))),
+            Err(operr) => {
+                return Err(ErrorResponse::from(HtmxError::new(
+                    &kopid,
+                    operr,
+                    domain_info,
+                )))
+            }
         }
     } else {
         (vec![], StatusCode::UNPROCESSABLE_ENTITY)
@@ -641,7 +659,7 @@ pub(crate) async fn view_self_reset_get(
     let uat: UserAuthToken = state
         .qe_r_ref
         .handle_whoami_uat(client_auth_info.clone(), kopid.eventid)
-        .map_err(|op_err| HtmxError::new(&kopid, op_err))
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
         .await?;
 
     let time = time::OffsetDateTime::now_utc() + time::Duration::new(60, 0);
@@ -651,7 +669,7 @@ pub(crate) async fn view_self_reset_get(
         let (cu_session_token, cu_status) = state
             .qe_w_ref
             .handle_idmcredentialupdate(client_auth_info, uat.uuid.to_string(), kopid.eventid)
-            .map_err(|op_err| HtmxError::new(&kopid, op_err))
+            .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info.clone()))
             .await?;
 
         let cu_resp = get_cu_response(domain_info, cu_status, true);
@@ -698,6 +716,7 @@ pub(crate) async fn view_set_unixcred(
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
     VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
     opt_form: Option<Form<NewPassword>>,
 ) -> axum::response::Result<Response> {
@@ -733,7 +752,13 @@ pub(crate) async fn view_set_unixcred(
             Err(OperationError::PasswordQuality(password_feedback)) => {
                 (password_feedback, StatusCode::UNPROCESSABLE_ENTITY)
             }
-            Err(operr) => return Err(ErrorResponse::from(HtmxError::new(&kopid, operr))),
+            Err(operr) => {
+                return Err(ErrorResponse::from(HtmxError::new(
+                    &kopid,
+                    operr,
+                    domain_info,
+                )))
+            }
         }
     } else {
         (vec![], StatusCode::UNPROCESSABLE_ENTITY)
@@ -796,7 +821,9 @@ pub(crate) async fn view_reset_get(
                 }
                 return Ok((jar, Redirect::to(Urls::CredReset.as_ref())).into_response());
             }
-            Err(op_err) => return Ok(HtmxError::new(&kopid, op_err).into_response()),
+            Err(op_err) => {
+                return Ok(HtmxError::new(&kopid, op_err, domain_info.clone()).into_response())
+            }
         };
 
         // CU Session cookie is okay
@@ -827,7 +854,7 @@ pub(crate) async fn view_reset_get(
                     .into_response())
             }
             Err(op_err) => Err(ErrorResponse::from(
-                HtmxError::new(&kopid, op_err).into_response(),
+                HtmxError::new(&kopid, op_err, domain_info).into_response(),
             )),
         }
     } else {
diff --git a/server/core/templates/unrecoverable_error.html b/server/core/templates/unrecoverable_error.html
index 39d6b9098..7700b893a 100644
--- a/server/core/templates/unrecoverable_error.html
+++ b/server/core/templates/unrecoverable_error.html
@@ -6,12 +6,24 @@
 (% endblock %)
 
 (% block body %)
+<main id="main" class="m-auto align-items-center d-flex flex-column">
+	(% if domain_info.image().is_some() %)
+		<img src="/ui/images/domain"
+			alt="(( domain_info.display_name() ))" class="kanidm_logo" />
+	(% else %)
+			<img
+				src="/pkg/img/logo-square.svg?v=((crate::https::cache_buster::get_cache_buster_key()))"
+				alt="(( domain_info.display_name() ))" class="kanidm_logo" />
+	(% endif %)
+	<h3>(( domain_info.display_name() ))</h3>
+
+
 	<h2>Error</h2>
-	<main id="main">
 		<p>An unrecoverable error occurred. Please contact your administrator with the details below.</p>
 		<p>Operation ID: (( operation_id ))</p>
 		<p>Error Code: (( err_code ))</p>
 		<a href=((Urls::Ui))>Return</a>
 	</main>
-(% endblock %)
+
+	(% endblock %)
 
diff --git a/server/lib/Cargo.toml b/server/lib/Cargo.toml
index f865213b4..7e6a0de55 100644
--- a/server/lib/Cargo.toml
+++ b/server/lib/Cargo.toml
@@ -22,6 +22,7 @@ default = []
 dhat-heap = ["dep:dhat"]
 dhat-ad-hoc = ["dep:dhat"]
 dev-oauth2-device-flow = [] # still-in-development oauth2 device flow support
+test = []                   # Enable this for cross-package test features.
 
 [dependencies]
 base64 = { workspace = true }
diff --git a/server/lib/src/server/mod.rs b/server/lib/src/server/mod.rs
index f8ab0fc81..5230138e0 100644
--- a/server/lib/src/server/mod.rs
+++ b/server/lib/src/server/mod.rs
@@ -108,6 +108,21 @@ impl DomainInfo {
     pub fn allow_easter_eggs(&self) -> bool {
         self.d_allow_easter_eggs
     }
+
+    #[cfg(feature = "test")]
+    pub fn new_test() -> CowCell<Self> {
+        concread::cowcell::CowCell::new(Self {
+            d_uuid: Uuid::new_v4(),
+            d_name: "test domain".to_string(),
+            d_display: "Test Domain".to_string(),
+            d_vers: 1,
+            d_patch_level: 0,
+            d_devel_taint: false,
+            d_ldap_allow_unix_pw_bind: false,
+            d_allow_easter_eggs: false,
+            d_image: None,
+        })
+    }
 }
 
 #[derive(Debug, Clone, PartialEq, Eq, Default)]

From dd1d148543d97a70b107df2c7ee9aa54545e7224 Mon Sep 17 00:00:00 2001
From: Georg <mail@georg-pfuetzenreuter.net>
Date: Fri, 17 Jan 2025 05:17:58 +0000
Subject: [PATCH 56/87] Repair systemd reload notifications (#3355)

In order for the RELOAD and the subsequent READY notifications to be
correctly processed, the RELOAD notification must be accompanied with a
MONOTONIC_USEC one.
---
 .github/workflows/clippy.yml           |   8 +-
 .github/workflows/rust_build.yml       |   7 +-
 Cargo.lock                             |   7 +-
 Cargo.toml                             |   2 +-
 book/src/developers/readme.md          |   4 +-
 scripts/devcontainer_postcreate.sh     |   3 +-
 scripts/install_ubuntu_dependencies.sh |   1 +
 server/Dockerfile                      |   1 +
 server/daemon/src/main.rs              | 148 +++++++++++++++----------
 9 files changed, 113 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml
index a3710d26f..4dffb3bcf 100644
--- a/.github/workflows/clippy.yml
+++ b/.github/workflows/clippy.yml
@@ -27,11 +27,13 @@ jobs:
           sudo apt-get update && \
           sudo apt-get install -y \
             libpam0g-dev \
-            libudev-dev \
+            libselinux1-dev \
             libssl-dev \
+            libsystemd-dev \
+            libtss2-dev \
+            libudev-dev \
             pkg-config \
-            tpm-udev \
-            libtss2-dev
+            tpm-udev
       - name: "Run clippy"
         run: cargo clippy --lib --bins --examples --all-features
   fmt:
diff --git a/.github/workflows/rust_build.yml b/.github/workflows/rust_build.yml
index 3bd4983e9..7959b815a 100644
--- a/.github/workflows/rust_build.yml
+++ b/.github/workflows/rust_build.yml
@@ -37,7 +37,8 @@ jobs:
           sudo apt-get install -y \
             libpam0g-dev \
             libudev-dev \
-            libssl-dev
+            libssl-dev \
+            libsystemd-dev
 
       - name: "Build the workspace"
         run: cargo build --workspace
@@ -84,7 +85,8 @@ jobs:
           sudo apt-get install -y \
             libpam0g-dev \
             libudev-dev \
-            libssl-dev
+            libssl-dev \
+            libsystemd-dev
 
       - name: "Build the workspace"
         run: cargo build --workspace
@@ -127,6 +129,7 @@ jobs:
             libpam0g-dev \
             libudev-dev \
             libssl-dev \
+            libsystemd-dev \
             ripgrep
       - name: "Run the release build test script"
         env:
diff --git a/Cargo.lock b/Cargo.lock
index 0f2523002..34310e226 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5106,9 +5106,12 @@ dependencies = [
 
 [[package]]
 name = "sd-notify"
-version = "0.4.3"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1be20c5f7f393ee700f8b2f28ea35812e4e212f40774b550cd2a93ea91684451"
+checksum = "561e6b346a5e59e0b8a07894004897d7160567e3352d2ebd6c3741d4e086b6f5"
+dependencies = [
+ "libc",
+]
 
 [[package]]
 name = "security-framework"
diff --git a/Cargo.toml b/Cargo.toml
index 1de526897..875cccf72 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -243,7 +243,7 @@ rustls = { version = "0.23.20", default-features = false, features = [
     "aws_lc_rs",
 ] }
 
-sd-notify = "^0.4.3"
+sd-notify = "^0.4.4"
 selinux = "^0.4.6"
 serde = "^1.0.217"
 serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
diff --git a/book/src/developers/readme.md b/book/src/developers/readme.md
index 17813be79..b628fb825 100644
--- a/book/src/developers/readme.md
+++ b/book/src/developers/readme.md
@@ -103,7 +103,7 @@ You will need [rustup](https://rustup.rs/) to install a Rust toolchain.
 You will need to install rustup and our build dependencies with:
 
 ```bash
-zypper in rustup git libudev-devel sqlite3-devel libopenssl-3-devel libselinux-devel pam-devel tpm2-0-tss-devel
+zypper in rustup git libudev-devel sqlite3-devel libopenssl-3-devel libselinux-devel pam-devel systemd-devel tpm2-0-tss-devel
 ```
 
 You can then use rustup to complete the setup of the toolchain.
@@ -157,7 +157,7 @@ You need [rustup](https://rustup.rs/) to install a Rust toolchain.
 You will also need some system libraries to build this, which can be installed by running:
 
 ```bash
-sudo apt-get install libudev-dev libssl-dev pkg-config libpam0g-dev
+sudo apt-get install libudev-dev libssl-dev libsystemd-dev pkg-config libpam0g-dev
 ```
 
 Tested with Ubuntu 20.04 and 22.04.
diff --git a/scripts/devcontainer_postcreate.sh b/scripts/devcontainer_postcreate.sh
index 93ac5d4ec..659a07864 100755
--- a/scripts/devcontainer_postcreate.sh
+++ b/scripts/devcontainer_postcreate.sh
@@ -18,6 +18,7 @@ sudo apt-get install -y \
     jq \
     libpam0g-dev \
     libssl-dev \
+    libsystemd-dev \
     libudev-dev \
     pkg-config \
     ripgrep
@@ -43,4 +44,4 @@ cargo install mdbook-alerts --version 0.6.4
 cargo install deno --locked
 
 
-echo "Done!"
\ No newline at end of file
+echo "Done!"
diff --git a/scripts/install_ubuntu_dependencies.sh b/scripts/install_ubuntu_dependencies.sh
index 3df0f3737..61833e3c2 100755
--- a/scripts/install_ubuntu_dependencies.sh
+++ b/scripts/install_ubuntu_dependencies.sh
@@ -13,6 +13,7 @@ ${SUDOCMD} apt-get update &&
         libpam0g-dev \
         libudev-dev \
         libssl-dev \
+        libsystemd-dev \
         pkg-config \
         curl \
         rsync \
diff --git a/server/Dockerfile b/server/Dockerfile
index 8572b5d0b..a2e916ce2 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -29,6 +29,7 @@ RUN \
         libopenssl-3-devel \
         pam-devel \
         sqlite3-devel \
+        systemd-devel \
         rsync \
         findutils \
         which \
diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs
index 4f44f3dba..8bec36da5 100644
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@@ -751,7 +751,21 @@ async fn kanidm_main(
             if !config_test {
                 // On linux, notify systemd.
                 #[cfg(target_os = "linux")]
-                let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
+                {
+                    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
+                    // Undocumented systemd feature - all messages should have a monotonic usec sent
+                    // with them. In some cases like "reloading" messages, it is undocumented but
+                    // failure to send this message causes the reload to fail.
+                    if let Ok(monotonic_usec) = sd_notify::NotifyState::monotonic_usec_now() {
+                        let _ = sd_notify::notify(true, &[monotonic_usec]);
+                    } else {
+                        error!("CRITICAL!!! Unable to access clock monotonic time. SYSTEMD WILL KILL US.");
+                    };
+                    let _ = sd_notify::notify(
+                        true,
+                        &[sd_notify::NotifyState::Status("Started Kanidm 🦀")],
+                    );
+                };
 
                 match sctx {
                     Ok(mut sctx) => {
@@ -760,66 +774,86 @@ async fn kanidm_main(
                             {
                                 let mut listener = sctx.subscribe();
                                 tokio::select! {
-                                    Ok(()) = tokio::signal::ctrl_c() => {
-                                        break
-                                    }
-                                    Some(()) = async move {
-                                        let sigterm = tokio::signal::unix::SignalKind::terminate();
-                                        #[allow(clippy::unwrap_used)]
-                                        tokio::signal::unix::signal(sigterm).unwrap().recv().await
-                                    } => {
-                                        break
-                                    }
-                                    Some(()) = async move {
-                                        let sigterm = tokio::signal::unix::SignalKind::alarm();
-                                        #[allow(clippy::unwrap_used)]
-                                        tokio::signal::unix::signal(sigterm).unwrap().recv().await
-                                    } => {
-                                        // Ignore
-                                    }
-                                    Some(()) = async move {
-                                        let sigterm = tokio::signal::unix::SignalKind::hangup();
-                                        #[allow(clippy::unwrap_used)]
-                                        tokio::signal::unix::signal(sigterm).unwrap().recv().await
-                                    } => {
-                                        // Reload TLS certificates
-                                        // systemd has a special reload handler for this.
-                                        #[cfg(target_os = "linux")]
-                                        let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Reloading]);
+                                                Ok(()) = tokio::signal::ctrl_c() => {
+                                                    break
+                                                }
+                                                Some(()) = async move {
+                                                    let sigterm = tokio::signal::unix::SignalKind::terminate();
+                                                    #[allow(clippy::unwrap_used)]
+                                                    tokio::signal::unix::signal(sigterm).unwrap().recv().await
+                                                } => {
+                                                    break
+                                                }
+                                                Some(()) = async move {
+                                                    let sigterm = tokio::signal::unix::SignalKind::alarm();
+                                                    #[allow(clippy::unwrap_used)]
+                                                    tokio::signal::unix::signal(sigterm).unwrap().recv().await
+                                                } => {
+                                                    // Ignore
+                                                }
+                                                Some(()) = async move {
+                                                    let sigterm = tokio::signal::unix::SignalKind::hangup();
+                                                    #[allow(clippy::unwrap_used)]
+                                                    tokio::signal::unix::signal(sigterm).unwrap().recv().await
+                                                } => {
+                                                    // Reload TLS certificates
+                                                    // systemd has a special reload handler for this.
+                                                    #[cfg(target_os = "linux")]
+                                                    {
+                                                    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Reloading]);
+                                                    // CRITICAL - if you do not send a monotonic usec message after a reloading
+                                                    // message, your service WILL BE KILLED.
+                                if let Ok(monotonic_usec) = sd_notify::NotifyState::monotonic_usec_now() {
+                                let _ =
+                                    sd_notify::notify(true, &[monotonic_usec]);
+                                } else {
+                                    error!("CRITICAL!!! Unable to access clock monotonic time. SYSTEMD WILL KILL US.");
+                                };
+                                                    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Status("Reloading ...")]);
+                                                    }
 
-                                        sctx.tls_acceptor_reload().await;
+                                                    sctx.tls_acceptor_reload().await;
 
-                                        // Systemd freaks out if you send the ready state too fast after the
-                                        // reload state and can kill Kanidmd as a result.
-                                        tokio::time::sleep(std::time::Duration::from_secs(5)).await;
+                                                    // Systemd freaks out if you send the ready state too fast after the
+                                                    // reload state and can kill Kanidmd as a result.
+                                                    tokio::time::sleep(std::time::Duration::from_secs(5)).await;
 
-                                        #[cfg(target_os = "linux")]
-                                        let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
+                                                    #[cfg(target_os = "linux")]
+                                                    {
+                                                    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
+                                if let Ok(monotonic_usec) = sd_notify::NotifyState::monotonic_usec_now() {
+                                let _ =
+                                    sd_notify::notify(true, &[monotonic_usec]);
+                                } else {
+                                    error!("CRITICAL!!! Unable to access clock monotonic time. SYSTEMD WILL KILL US.");
+                                };
+                                                    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Status("Reload Success")]);
+                                                    }
 
-                                        info!("Reload complete");
-                                    }
-                                    Some(()) = async move {
-                                        let sigterm = tokio::signal::unix::SignalKind::user_defined1();
-                                        #[allow(clippy::unwrap_used)]
-                                        tokio::signal::unix::signal(sigterm).unwrap().recv().await
-                                    } => {
-                                        // Ignore
-                                    }
-                                    Some(()) = async move {
-                                        let sigterm = tokio::signal::unix::SignalKind::user_defined2();
-                                        #[allow(clippy::unwrap_used)]
-                                        tokio::signal::unix::signal(sigterm).unwrap().recv().await
-                                    } => {
-                                        // Ignore
-                                    }
-                                    // we got a message on thr broadcast from somewhere else
-                                    Ok(msg) = async move {
-                                        listener.recv().await
-                                    } => {
-                                        debug!("Main loop received message: {:?}", msg);
-                                        break
-                                    }
-                                }
+                                                    info!("Reload complete");
+                                                }
+                                                Some(()) = async move {
+                                                    let sigterm = tokio::signal::unix::SignalKind::user_defined1();
+                                                    #[allow(clippy::unwrap_used)]
+                                                    tokio::signal::unix::signal(sigterm).unwrap().recv().await
+                                                } => {
+                                                    // Ignore
+                                                }
+                                                Some(()) = async move {
+                                                    let sigterm = tokio::signal::unix::SignalKind::user_defined2();
+                                                    #[allow(clippy::unwrap_used)]
+                                                    tokio::signal::unix::signal(sigterm).unwrap().recv().await
+                                                } => {
+                                                    // Ignore
+                                                }
+                                                // we got a message on thr broadcast from somewhere else
+                                                Ok(msg) = async move {
+                                                    listener.recv().await
+                                                } => {
+                                                    debug!("Main loop received message: {:?}", msg);
+                                                    break
+                                                }
+                                            }
                             }
                             #[cfg(target_family = "windows")]
                             {

From 27cc31daceb717aff67acf0b174e3a8c45959be5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 20 Jan 2025 16:39:34 +1300
Subject: [PATCH 57/87] Bump the all group in /pykanidm with 2 updates (#3366)

Bumps the all group in /pykanidm with 2 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [ruff](https://github.com/astral-sh/ruff).


Updates `mkdocs-material` from 9.5.49 to 9.5.50
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.49...9.5.50)

Updates `ruff` from 0.9.1 to 0.9.2
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.1...0.9.2)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 48 ++++++++++++++++++++---------------------
 pykanidm/pyproject.toml |  4 ++--
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index e123b36f7..39bd36856 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -1032,13 +1032,13 @@ pyyaml = ">=5.1"
 
 [[package]]
 name = "mkdocs-material"
-version = "9.5.49"
+version = "9.5.50"
 description = "Documentation that simply works"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "mkdocs_material-9.5.49-py3-none-any.whl", hash = "sha256:c3c2d8176b18198435d3a3e119011922f3e11424074645c24019c2dcf08a360e"},
-    {file = "mkdocs_material-9.5.49.tar.gz", hash = "sha256:3671bb282b4f53a1c72e08adbe04d2481a98f85fed392530051f80ff94a9621d"},
+    {file = "mkdocs_material-9.5.50-py3-none-any.whl", hash = "sha256:f24100f234741f4d423a9d672a909d859668a4f404796be3cf035f10d6050385"},
+    {file = "mkdocs_material-9.5.50.tar.gz", hash = "sha256:ae5fe16f3d7c9ccd05bb6916a7da7420cf99a9ce5e33debd9d40403a090d5825"},
 ]
 
 [package.dependencies]
@@ -1055,7 +1055,7 @@ regex = ">=2022.4"
 requests = ">=2.26,<3.0"
 
 [package.extras]
-git = ["mkdocs-git-committers-plugin-2 (>=1.1,<2.0)", "mkdocs-git-revision-date-localized-plugin (>=1.2.4,<2.0)"]
+git = ["mkdocs-git-committers-plugin-2 (>=1.1,<3)", "mkdocs-git-revision-date-localized-plugin (>=1.2.4,<2.0)"]
 imaging = ["cairosvg (>=2.6,<3.0)", "pillow (>=10.2,<11.0)"]
 recommended = ["mkdocs-minify-plugin (>=0.7,<1.0)", "mkdocs-redirects (>=1.2,<2.0)", "mkdocs-rss-plugin (>=1.6,<2.0)"]
 
@@ -2141,29 +2141,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.9.1"
+version = "0.9.2"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.9.1-py3-none-linux_armv6l.whl", hash = "sha256:84330dda7abcc270e6055551aca93fdde1b0685fc4fd358f26410f9349cf1743"},
-    {file = "ruff-0.9.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:3cae39ba5d137054b0e5b472aee3b78a7c884e61591b100aeb544bcd1fc38d4f"},
-    {file = "ruff-0.9.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:50c647ff96f4ba288db0ad87048257753733763b409b2faf2ea78b45c8bb7fcb"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f0c8b149e9c7353cace7d698e1656ffcf1e36e50f8ea3b5d5f7f87ff9986a7ca"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:beb3298604540c884d8b282fe7625651378e1986c25df51dec5b2f60cafc31ce"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:39d0174ccc45c439093971cc06ed3ac4dc545f5e8bdacf9f067adf879544d969"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:69572926c0f0c9912288915214ca9b2809525ea263603370b9e00bed2ba56dbd"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:937267afce0c9170d6d29f01fcd1f4378172dec6760a9f4dface48cdabf9610a"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:186c2313de946f2c22bdf5954b8dd083e124bcfb685732cfb0beae0c47233d9b"},
-    {file = "ruff-0.9.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3f94942a3bb767675d9a051867c036655fe9f6c8a491539156a6f7e6b5f31831"},
-    {file = "ruff-0.9.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:728d791b769cc28c05f12c280f99e8896932e9833fef1dd8756a6af2261fd1ab"},
-    {file = "ruff-0.9.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:2f312c86fb40c5c02b44a29a750ee3b21002bd813b5233facdaf63a51d9a85e1"},
-    {file = "ruff-0.9.1-py3-none-musllinux_1_2_i686.whl", hash = "sha256:ae017c3a29bee341ba584f3823f805abbe5fe9cd97f87ed07ecbf533c4c88366"},
-    {file = "ruff-0.9.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:5dc40a378a0e21b4cfe2b8a0f1812a6572fc7b230ef12cd9fac9161aa91d807f"},
-    {file = "ruff-0.9.1-py3-none-win32.whl", hash = "sha256:46ebf5cc106cf7e7378ca3c28ce4293b61b449cd121b98699be727d40b79ba72"},
-    {file = "ruff-0.9.1-py3-none-win_amd64.whl", hash = "sha256:342a824b46ddbcdddd3abfbb332fa7fcaac5488bf18073e841236aadf4ad5c19"},
-    {file = "ruff-0.9.1-py3-none-win_arm64.whl", hash = "sha256:1cd76c7f9c679e6e8f2af8f778367dca82b95009bc7b1a85a47f1521ae524fa7"},
-    {file = "ruff-0.9.1.tar.gz", hash = "sha256:fd2b25ecaf907d6458fa842675382c8597b3c746a2dde6717fe3415425df0c17"},
+    {file = "ruff-0.9.2-py3-none-linux_armv6l.whl", hash = "sha256:80605a039ba1454d002b32139e4970becf84b5fee3a3c3bf1c2af6f61a784347"},
+    {file = "ruff-0.9.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:b9aab82bb20afd5f596527045c01e6ae25a718ff1784cb92947bff1f83068b00"},
+    {file = "ruff-0.9.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:fbd337bac1cfa96be615f6efcd4bc4d077edbc127ef30e2b8ba2a27e18c054d4"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:82b35259b0cbf8daa22a498018e300b9bb0174c2bbb7bcba593935158a78054d"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:8b6a9701d1e371bf41dca22015c3f89769da7576884d2add7317ec1ec8cb9c3c"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9cc53e68b3c5ae41e8faf83a3b89f4a5d7b2cb666dff4b366bb86ed2a85b481f"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:8efd9da7a1ee314b910da155ca7e8953094a7c10d0c0a39bfde3fcfd2a015684"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3292c5a22ea9a5f9a185e2d131dc7f98f8534a32fb6d2ee7b9944569239c648d"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1a605fdcf6e8b2d39f9436d343d1f0ff70c365a1e681546de0104bef81ce88df"},
+    {file = "ruff-0.9.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c547f7f256aa366834829a08375c297fa63386cbe5f1459efaf174086b564247"},
+    {file = "ruff-0.9.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:d18bba3d3353ed916e882521bc3e0af403949dbada344c20c16ea78f47af965e"},
+    {file = "ruff-0.9.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:b338edc4610142355ccf6b87bd356729b62bf1bc152a2fad5b0c7dc04af77bfe"},
+    {file = "ruff-0.9.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:492a5e44ad9b22a0ea98cf72e40305cbdaf27fac0d927f8bc9e1df316dcc96eb"},
+    {file = "ruff-0.9.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:af1e9e9fe7b1f767264d26b1075ac4ad831c7db976911fa362d09b2d0356426a"},
+    {file = "ruff-0.9.2-py3-none-win32.whl", hash = "sha256:71cbe22e178c5da20e1514e1e01029c73dc09288a8028a5d3446e6bba87a5145"},
+    {file = "ruff-0.9.2-py3-none-win_amd64.whl", hash = "sha256:c5e1d6abc798419cf46eed03f54f2e0c3adb1ad4b801119dedf23fcaf69b55b5"},
+    {file = "ruff-0.9.2-py3-none-win_arm64.whl", hash = "sha256:a1b63fa24149918f8b37cef2ee6fff81f24f0d74b6f0bdc37bc3e1f2143e41c6"},
+    {file = "ruff-0.9.2.tar.gz", hash = "sha256:b5eceb334d55fae5f316f783437392642ae18e16dcf4f1858d55d3c2a0f8f5d0"},
 ]
 
 [[package]]
@@ -2420,4 +2420,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "38d127dee99e25ec0d9716086ff4965da60b015e26dcb7ef67b9dc38dd46ec12"
+content-hash = "d0b1a79e65224b8e7311bed6a03d65508b00c8615c1e57ee3e43b024a2b6d4fb"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index a6d9dd896..63b4e8e72 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -39,13 +39,13 @@ pytest-mock = "^3.14.0"
 pytest-aiohttp = "^1.0.5"
 black = "^24.10.0"
 mkdocs = "^1.5.3"
-mkdocs-material = "^9.5.49"
+mkdocs-material = "^9.5.50"
 mkdocstrings = "^0.27.0"
 mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.9.2"
+ruff = ">=0.5.1,<0.9.3"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From b03f842728cac90070e1e550531c9050c712cfaf Mon Sep 17 00:00:00 2001
From: George Wu <gbw@users.noreply.github.com>
Date: Sun, 19 Jan 2025 20:52:53 -0800
Subject: [PATCH 58/87] Small UI updates. (#3361)

* Delete unused htmx javascript files.

* Consistently mention applications instead of apps.

* Small formatting change for enrol device.

* Update phrasing in credentials page.
---
 server/core/static/external/htmx.1.9.12.js    | 3925 -----------------
 server/core/static/external/htmx.min.1.9.2.js |    1 -
 server/core/templates/apps.html               |    4 +-
 server/core/templates/apps_partial.html       |    2 +-
 .../templates/credentials_update_partial.html |   11 +-
 server/core/templates/enrol_device.html       |   10 +-
 server/core/templates/navbar.html             |    2 +-
 7 files changed, 16 insertions(+), 3939 deletions(-)
 delete mode 100644 server/core/static/external/htmx.1.9.12.js
 delete mode 100644 server/core/static/external/htmx.min.1.9.2.js

diff --git a/server/core/static/external/htmx.1.9.12.js b/server/core/static/external/htmx.1.9.12.js
deleted file mode 100644
index 597c9b3b5..000000000
--- a/server/core/static/external/htmx.1.9.12.js
+++ /dev/null
@@ -1,3925 +0,0 @@
-// UMD insanity
-// This code sets up support for (in order) AMD, ES6 modules, and globals.
-(function (root, factory) {
-    //@ts-ignore
-    if (typeof define === 'function' && define.amd) {
-        // AMD. Register as an anonymous module.
-        //@ts-ignore
-        define([], factory);
-    } else if (typeof module === 'object' && module.exports) {
-        // Node. Does not work with strict CommonJS, but
-        // only CommonJS-like environments that support module.exports,
-        // like Node.
-        module.exports = factory();
-    } else {
-        // Browser globals
-        root.htmx = root.htmx || factory();
-    }
-}(typeof self !== 'undefined' ? self : this, function () {
-return (function () {
-        'use strict';
-
-        // Public API
-        //** @type {import("./htmx").HtmxApi} */
-        // TODO: list all methods in public API
-        var htmx = {
-            onLoad: onLoadHelper,
-            process: processNode,
-            on: addEventListenerImpl,
-            off: removeEventListenerImpl,
-            trigger : triggerEvent,
-            ajax : ajaxHelper,
-            find : find,
-            findAll : findAll,
-            closest : closest,
-            values : function(elt, type){
-                var inputValues = getInputValues(elt, type || "post");
-                return inputValues.values;
-            },
-            remove : removeElement,
-            addClass : addClassToElement,
-            removeClass : removeClassFromElement,
-            toggleClass : toggleClassOnElement,
-            takeClass : takeClassForElement,
-            defineExtension : defineExtension,
-            removeExtension : removeExtension,
-            logAll : logAll,
-            logNone : logNone,
-            logger : null,
-            config : {
-                historyEnabled:true,
-                historyCacheSize:10,
-                refreshOnHistoryMiss:false,
-                defaultSwapStyle:'innerHTML',
-                defaultSwapDelay:0,
-                defaultSettleDelay:20,
-                includeIndicatorStyles:true,
-                indicatorClass:'htmx-indicator',
-                requestClass:'htmx-request',
-                addedClass:'htmx-added',
-                settlingClass:'htmx-settling',
-                swappingClass:'htmx-swapping',
-                allowEval:true,
-                allowScriptTags:true,
-                inlineScriptNonce:'',
-                attributesToSettle:["class", "style", "width", "height"],
-                withCredentials:false,
-                timeout:0,
-                wsReconnectDelay: 'full-jitter',
-                wsBinaryType: 'blob',
-                disableSelector: "[hx-disable], [data-hx-disable]",
-                useTemplateFragments: false,
-                scrollBehavior: 'smooth',
-                defaultFocusScroll: false,
-                getCacheBusterParam: false,
-                globalViewTransitions: false,
-                methodsThatUseUrlParams: ["get"],
-                selfRequestsOnly: false,
-                ignoreTitle: false,
-                scrollIntoViewOnBoost: true,
-                triggerSpecsCache: null,
-            },
-            parseInterval:parseInterval,
-            _:internalEval,
-            createEventSource: function(url){
-                return new EventSource(url, {withCredentials:true})
-            },
-            createWebSocket: function(url){
-                var sock = new WebSocket(url, []);
-                sock.binaryType = htmx.config.wsBinaryType;
-                return sock;
-            },
-            version: "1.9.12"
-        };
-
-        /** @type {import("./htmx").HtmxInternalApi} */
-        var internalAPI = {
-            addTriggerHandler: addTriggerHandler,
-            bodyContains: bodyContains,
-            canAccessLocalStorage: canAccessLocalStorage,
-            findThisElement: findThisElement,
-            filterValues: filterValues,
-            hasAttribute: hasAttribute,
-            getAttributeValue: getAttributeValue,
-            getClosestAttributeValue: getClosestAttributeValue,
-            getClosestMatch: getClosestMatch,
-            getExpressionVars: getExpressionVars,
-            getHeaders: getHeaders,
-            getInputValues: getInputValues,
-            getInternalData: getInternalData,
-            getSwapSpecification: getSwapSpecification,
-            getTriggerSpecs: getTriggerSpecs,
-            getTarget: getTarget,
-            makeFragment: makeFragment,
-            mergeObjects: mergeObjects,
-            makeSettleInfo: makeSettleInfo,
-            oobSwap: oobSwap,
-            querySelectorExt: querySelectorExt,
-            selectAndSwap: selectAndSwap,
-            settleImmediately: settleImmediately,
-            shouldCancel: shouldCancel,
-            triggerEvent: triggerEvent,
-            triggerErrorEvent: triggerErrorEvent,
-            withExtensions: withExtensions,
-        }
-
-        var VERBS = ['get', 'post', 'put', 'delete', 'patch'];
-        var VERB_SELECTOR = VERBS.map(function(verb){
-            return "[hx-" + verb + "], [data-hx-" + verb + "]"
-        }).join(", ");
-
-        var HEAD_TAG_REGEX = makeTagRegEx('head'),
-            TITLE_TAG_REGEX = makeTagRegEx('title'),
-            SVG_TAGS_REGEX = makeTagRegEx('svg', true);
-
-        //====================================================================
-        // Utilities
-        //====================================================================
-
-        /**
-         * @param {string} tag
-         * @param {boolean} [global]
-         * @returns {RegExp}
-         */
-        function makeTagRegEx(tag, global) {
-          return new RegExp('<' + tag + '(\\s[^>]*>|>)([\\s\\S]*?)<\\/' + tag + '>',
-            !!global ? 'gim' : 'im')
-        }
-
-        function parseInterval(str) {
-            if (str == undefined)  {
-                return undefined;
-            }
-
-            let interval = NaN;
-            if (str.slice(-2) == "ms") {
-                interval = parseFloat(str.slice(0, -2));
-            } else if (str.slice(-1) == "s") {
-                interval = parseFloat(str.slice(0, -1)) * 1000;
-            } else if (str.slice(-1) == "m") {
-                interval = parseFloat(str.slice(0, -1)) * 1000 * 60;
-            } else {
-                interval = parseFloat(str);
-            }
-            return isNaN(interval) ? undefined : interval;
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {string} name
-         * @returns {(string | null)}
-         */
-        function getRawAttribute(elt, name) {
-            return elt.getAttribute && elt.getAttribute(name);
-        }
-
-        // resolve with both hx and data-hx prefixes
-        function hasAttribute(elt, qualifiedName) {
-            return elt.hasAttribute && (elt.hasAttribute(qualifiedName) ||
-                elt.hasAttribute("data-" + qualifiedName));
-        }
-
-        /**
-         *
-         * @param {HTMLElement} elt
-         * @param {string} qualifiedName
-         * @returns {(string | null)}
-         */
-        function getAttributeValue(elt, qualifiedName) {
-            return getRawAttribute(elt, qualifiedName) || getRawAttribute(elt, "data-" + qualifiedName);
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @returns {HTMLElement | null}
-         */
-        function parentElt(elt) {
-            return elt.parentElement;
-        }
-
-        /**
-         * @returns {Document}
-         */
-        function getDocument() {
-            return document;
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {(e:HTMLElement) => boolean} condition
-         * @returns {HTMLElement | null}
-         */
-        function getClosestMatch(elt, condition) {
-            while (elt && !condition(elt)) {
-                elt = parentElt(elt);
-            }
-
-            return elt ? elt : null;
-        }
-
-        function getAttributeValueWithDisinheritance(initialElement, ancestor, attributeName){
-            var attributeValue = getAttributeValue(ancestor, attributeName);
-            var disinherit = getAttributeValue(ancestor, "hx-disinherit");
-            if (initialElement !== ancestor && disinherit && (disinherit === "*" || disinherit.split(" ").indexOf(attributeName) >= 0)) {
-                return "unset";
-            } else {
-                return attributeValue
-            }
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {string} attributeName
-         * @returns {string | null}
-         */
-        function getClosestAttributeValue(elt, attributeName) {
-            var closestAttr = null;
-            getClosestMatch(elt, function (e) {
-                return closestAttr = getAttributeValueWithDisinheritance(elt, e, attributeName);
-            });
-            if (closestAttr !== "unset") {
-                return closestAttr;
-            }
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {string} selector
-         * @returns {boolean}
-         */
-        function matches(elt, selector) {
-            // @ts-ignore: non-standard properties for browser compatibility
-            // noinspection JSUnresolvedVariable
-            var matchesFunction = elt.matches || elt.matchesSelector || elt.msMatchesSelector || elt.mozMatchesSelector || elt.webkitMatchesSelector || elt.oMatchesSelector;
-            return matchesFunction && matchesFunction.call(elt, selector);
-        }
-
-        /**
-         * @param {string} str
-         * @returns {string}
-         */
-        function getStartTag(str) {
-            var tagMatcher = /<([a-z][^\/\0>\x20\t\r\n\f]*)/i
-            var match = tagMatcher.exec( str );
-            if (match) {
-                return match[1].toLowerCase();
-            } else {
-                return "";
-            }
-        }
-
-        /**
-         *
-         * @param {string} resp
-         * @param {number} depth
-         * @returns {Element}
-         */
-        function parseHTML(resp, depth) {
-            var parser = new DOMParser();
-            var responseDoc = parser.parseFromString(resp, "text/html");
-
-            /** @type {Element} */
-            var responseNode = responseDoc.body;
-            while (depth > 0) {
-                depth--;
-                // @ts-ignore
-                responseNode = responseNode.firstChild;
-            }
-            if (responseNode == null) {
-                // @ts-ignore
-                responseNode = getDocument().createDocumentFragment();
-            }
-            return responseNode;
-        }
-
-        function aFullPageResponse(resp) {
-            return /<body/.test(resp)
-        }
-
-        /**
-         *
-         * @param {string} response
-         * @returns {Element}
-         */
-        function makeFragment(response) {
-            var partialResponse = !aFullPageResponse(response);
-            var startTag = getStartTag(response);
-            var content = response;
-            if (startTag === 'head') {
-                content = content.replace(HEAD_TAG_REGEX, '');
-            }
-            if (htmx.config.useTemplateFragments && partialResponse) {
-                var fragment = parseHTML("<body><template>" + content + "</template></body>", 0);
-                // @ts-ignore type mismatch between DocumentFragment and Element.
-                // TODO: Are these close enough for htmx to use interchangeably?
-                var fragmentContent = fragment.querySelector('template').content;
-                if (htmx.config.allowScriptTags) {
-                    // if there is a nonce set up, set it on the new script tags
-                    forEach(fragmentContent.querySelectorAll("script"), function (script) {
-                        if (htmx.config.inlineScriptNonce) {
-                            script.nonce = htmx.config.inlineScriptNonce;
-                        }
-                        // mark as executed due to template insertion semantics on all browsers except firefox fml
-                        script.htmxExecuted = navigator.userAgent.indexOf("Firefox") === -1;
-                    })
-                } else {
-                    forEach(fragmentContent.querySelectorAll("script"), function (script) {
-                        // remove all script tags if scripts are disabled
-                        removeElement(script);
-                    })
-                }
-                return fragmentContent;
-            }
-            switch (startTag) {
-                case "thead":
-                case "tbody":
-                case "tfoot":
-                case "colgroup":
-                case "caption":
-                    return parseHTML("<table>" + content + "</table>", 1);
-                case "col":
-                    return parseHTML("<table><colgroup>" + content + "</colgroup></table>", 2);
-                case "tr":
-                    return parseHTML("<table><tbody>" + content + "</tbody></table>", 2);
-                case "td":
-                case "th":
-                    return parseHTML("<table><tbody><tr>" + content + "</tr></tbody></table>", 3);
-                case "script":
-                case "style":
-                    return parseHTML("<div>" + content + "</div>", 1);
-                default:
-                    return parseHTML(content, 0);
-            }
-        }
-
-        /**
-         * @param {Function} func
-         */
-        function maybeCall(func){
-            if(func) {
-                func();
-            }
-        }
-
-        /**
-         * @param {any} o
-         * @param {string} type
-         * @returns
-         */
-        function isType(o, type) {
-            return Object.prototype.toString.call(o) === "[object " + type + "]";
-        }
-
-        /**
-         * @param {*} o
-         * @returns {o is Function}
-         */
-        function isFunction(o) {
-            return isType(o, "Function");
-        }
-
-        /**
-         * @param {*} o
-         * @returns {o is Object}
-         */
-        function isRawObject(o) {
-            return isType(o, "Object");
-        }
-
-        /**
-         * getInternalData retrieves "private" data stored by htmx within an element
-         * @param {HTMLElement} elt
-         * @returns {*}
-         */
-        function getInternalData(elt) {
-            var dataProp = 'htmx-internal-data';
-            var data = elt[dataProp];
-            if (!data) {
-                data = elt[dataProp] = {};
-            }
-            return data;
-        }
-
-        /**
-         * toArray converts an ArrayLike object into a real array.
-         * @param {ArrayLike} arr
-         * @returns {any[]}
-         */
-        function toArray(arr) {
-            var returnArr = [];
-            if (arr) {
-                for (var i = 0; i < arr.length; i++) {
-                    returnArr.push(arr[i]);
-                }
-            }
-            return returnArr
-        }
-
-        function forEach(arr, func) {
-            if (arr) {
-                for (var i = 0; i < arr.length; i++) {
-                    func(arr[i]);
-                }
-            }
-        }
-
-        function isScrolledIntoView(el) {
-            var rect = el.getBoundingClientRect();
-            var elemTop = rect.top;
-            var elemBottom = rect.bottom;
-            return elemTop < window.innerHeight && elemBottom >= 0;
-        }
-
-        function bodyContains(elt) {
-            // IE Fix
-            if (elt.getRootNode && elt.getRootNode() instanceof window.ShadowRoot) {
-                return getDocument().body.contains(elt.getRootNode().host);
-            } else {
-                return getDocument().body.contains(elt);
-            }
-        }
-
-        function splitOnWhitespace(trigger) {
-            return trigger.trim().split(/\s+/);
-        }
-
-        /**
-         * mergeObjects takes all of the keys from
-         * obj2 and duplicates them into obj1
-         * @param {Object} obj1
-         * @param {Object} obj2
-         * @returns {Object}
-         */
-        function mergeObjects(obj1, obj2) {
-            for (var key in obj2) {
-                if (obj2.hasOwnProperty(key)) {
-                    obj1[key] = obj2[key];
-                }
-            }
-            return obj1;
-        }
-
-        function parseJSON(jString) {
-            try {
-                return JSON.parse(jString);
-            } catch(error) {
-                logError(error);
-                return null;
-            }
-        }
-
-        function canAccessLocalStorage() {
-            var test = 'htmx:localStorageTest';
-            try {
-                localStorage.setItem(test, test);
-                localStorage.removeItem(test);
-                return true;
-            } catch(e) {
-                return false;
-            }
-        }
-
-        function normalizePath(path) {
-            try {
-                var url = new URL(path);
-                if (url) {
-                    path = url.pathname + url.search;
-                }
-                // remove trailing slash, unless index page
-                if (!(/^\/$/.test(path))) {
-                    path = path.replace(/\/+$/, '');
-                }
-                return path;
-            } catch (e) {
-                // be kind to IE11, which doesn't support URL()
-                return path;
-            }
-        }
-
-        //==========================================================================================
-        // public API
-        //==========================================================================================
-
-        function internalEval(str){
-            return maybeEval(getDocument().body, function () {
-                return eval(str);
-            });
-        }
-
-        function onLoadHelper(callback) {
-            var value = htmx.on("htmx:load", function(evt) {
-                callback(evt.detail.elt);
-            });
-            return value;
-        }
-
-        function logAll(){
-            htmx.logger = function(elt, event, data) {
-                if(console) {
-                    console.log(event, elt, data);
-                }
-            }
-        }
-
-        function logNone() {
-            htmx.logger = null
-        }
-
-        function find(eltOrSelector, selector) {
-            if (selector) {
-                return eltOrSelector.querySelector(selector);
-            } else {
-                return find(getDocument(), eltOrSelector);
-            }
-        }
-
-        function findAll(eltOrSelector, selector) {
-            if (selector) {
-                return eltOrSelector.querySelectorAll(selector);
-            } else {
-                return findAll(getDocument(), eltOrSelector);
-            }
-        }
-
-        function removeElement(elt, delay) {
-            elt = resolveTarget(elt);
-            if (delay) {
-                setTimeout(function(){
-                    removeElement(elt);
-                    elt = null;
-                }, delay);
-            } else {
-                elt.parentElement.removeChild(elt);
-            }
-        }
-
-        function addClassToElement(elt, clazz, delay) {
-            elt = resolveTarget(elt);
-            if (delay) {
-                setTimeout(function(){
-                    addClassToElement(elt, clazz);
-                    elt = null;
-                }, delay);
-            } else {
-                elt.classList && elt.classList.add(clazz);
-            }
-        }
-
-        function removeClassFromElement(elt, clazz, delay) {
-            elt = resolveTarget(elt);
-            if (delay) {
-                setTimeout(function(){
-                    removeClassFromElement(elt, clazz);
-                    elt = null;
-                }, delay);
-            } else {
-                if (elt.classList) {
-                    elt.classList.remove(clazz);
-                    // if there are no classes left, remove the class attribute
-                    if (elt.classList.length === 0) {
-                        elt.removeAttribute("class");
-                    }
-                }
-            }
-        }
-
-        function toggleClassOnElement(elt, clazz) {
-            elt = resolveTarget(elt);
-            elt.classList.toggle(clazz);
-        }
-
-        function takeClassForElement(elt, clazz) {
-            elt = resolveTarget(elt);
-            forEach(elt.parentElement.children, function(child){
-                removeClassFromElement(child, clazz);
-            })
-            addClassToElement(elt, clazz);
-        }
-
-        function closest(elt, selector) {
-            elt = resolveTarget(elt);
-            if (elt.closest) {
-                return elt.closest(selector);
-            } else {
-                // TODO remove when IE goes away
-                do{
-                    if (elt == null || matches(elt, selector)){
-                        return elt;
-                    }
-                }
-                while (elt = elt && parentElt(elt));
-                return null;
-            }
-        }
-
-        function startsWith(str, prefix) {
-            return str.substring(0, prefix.length) === prefix
-        }
-
-        function endsWith(str, suffix) {
-            return str.substring(str.length - suffix.length) === suffix
-        }
-
-        function normalizeSelector(selector) {
-            var trimmedSelector = selector.trim();
-            if (startsWith(trimmedSelector, "<") && endsWith(trimmedSelector, "/>")) {
-                return trimmedSelector.substring(1, trimmedSelector.length - 2);
-            } else {
-                return trimmedSelector;
-            }
-        }
-
-        function querySelectorAllExt(elt, selector) {
-            if (selector.indexOf("closest ") === 0) {
-                return [closest(elt, normalizeSelector(selector.substr(8)))];
-            } else if (selector.indexOf("find ") === 0) {
-                return [find(elt, normalizeSelector(selector.substr(5)))];
-            } else if (selector === "next") {
-                return [elt.nextElementSibling]
-            } else if (selector.indexOf("next ") === 0) {
-                return [scanForwardQuery(elt, normalizeSelector(selector.substr(5)))];
-            } else if (selector === "previous") {
-                return [elt.previousElementSibling]
-            } else if (selector.indexOf("previous ") === 0) {
-                return [scanBackwardsQuery(elt, normalizeSelector(selector.substr(9)))];
-            } else if (selector === 'document') {
-                return [document];
-            } else if (selector === 'window') {
-                return [window];
-            } else if (selector === 'body') {
-                return [document.body];
-            } else {
-                return getDocument().querySelectorAll(normalizeSelector(selector));
-            }
-        }
-
-        var scanForwardQuery = function(start, match) {
-            var results = getDocument().querySelectorAll(match);
-            for (var i = 0; i < results.length; i++) {
-                var elt = results[i];
-                if (elt.compareDocumentPosition(start) === Node.DOCUMENT_POSITION_PRECEDING) {
-                    return elt;
-                }
-            }
-        }
-
-        var scanBackwardsQuery = function(start, match) {
-            var results = getDocument().querySelectorAll(match);
-            for (var i = results.length - 1; i >= 0; i--) {
-                var elt = results[i];
-                if (elt.compareDocumentPosition(start) === Node.DOCUMENT_POSITION_FOLLOWING) {
-                    return elt;
-                }
-            }
-        }
-
-        function querySelectorExt(eltOrSelector, selector) {
-            if (selector) {
-                return querySelectorAllExt(eltOrSelector, selector)[0];
-            } else {
-                return querySelectorAllExt(getDocument().body, eltOrSelector)[0];
-            }
-        }
-
-        function resolveTarget(arg2) {
-            if (isType(arg2, 'String')) {
-                return find(arg2);
-            } else {
-                return arg2;
-            }
-        }
-
-        function processEventArgs(arg1, arg2, arg3) {
-            if (isFunction(arg2)) {
-                return {
-                    target: getDocument().body,
-                    event: arg1,
-                    listener: arg2
-                }
-            } else {
-                return {
-                    target: resolveTarget(arg1),
-                    event: arg2,
-                    listener: arg3
-                }
-            }
-
-        }
-
-        function addEventListenerImpl(arg1, arg2, arg3) {
-            ready(function(){
-                var eventArgs = processEventArgs(arg1, arg2, arg3);
-                eventArgs.target.addEventListener(eventArgs.event, eventArgs.listener);
-            })
-            var b = isFunction(arg2);
-            return b ? arg2 : arg3;
-        }
-
-        function removeEventListenerImpl(arg1, arg2, arg3) {
-            ready(function(){
-                var eventArgs = processEventArgs(arg1, arg2, arg3);
-                eventArgs.target.removeEventListener(eventArgs.event, eventArgs.listener);
-            })
-            return isFunction(arg2) ? arg2 : arg3;
-        }
-
-        //====================================================================
-        // Node processing
-        //====================================================================
-
-        var DUMMY_ELT = getDocument().createElement("output"); // dummy element for bad selectors
-        function findAttributeTargets(elt, attrName) {
-            var attrTarget = getClosestAttributeValue(elt, attrName);
-            if (attrTarget) {
-                if (attrTarget === "this") {
-                    return [findThisElement(elt, attrName)];
-                } else {
-                    var result = querySelectorAllExt(elt, attrTarget);
-                    if (result.length === 0) {
-                        logError('The selector "' + attrTarget + '" on ' + attrName + " returned no matches!");
-                        return [DUMMY_ELT]
-                    } else {
-                        return result;
-                    }
-                }
-            }
-        }
-
-        function findThisElement(elt, attribute){
-            return getClosestMatch(elt, function (elt) {
-                return getAttributeValue(elt, attribute) != null;
-            })
-        }
-
-        function getTarget(elt) {
-            var targetStr = getClosestAttributeValue(elt, "hx-target");
-            if (targetStr) {
-                if (targetStr === "this") {
-                    return findThisElement(elt,'hx-target');
-                } else {
-                    return querySelectorExt(elt, targetStr)
-                }
-            } else {
-                var data = getInternalData(elt);
-                if (data.boosted) {
-                    return getDocument().body;
-                } else {
-                    return elt;
-                }
-            }
-        }
-
-        function shouldSettleAttribute(name) {
-            var attributesToSettle = htmx.config.attributesToSettle;
-            for (var i = 0; i < attributesToSettle.length; i++) {
-                if (name === attributesToSettle[i]) {
-                    return true;
-                }
-            }
-            return false;
-        }
-
-        function cloneAttributes(mergeTo, mergeFrom) {
-            forEach(mergeTo.attributes, function (attr) {
-                if (!mergeFrom.hasAttribute(attr.name) && shouldSettleAttribute(attr.name)) {
-                    mergeTo.removeAttribute(attr.name)
-                }
-            });
-            forEach(mergeFrom.attributes, function (attr) {
-                if (shouldSettleAttribute(attr.name)) {
-                    mergeTo.setAttribute(attr.name, attr.value);
-                }
-            });
-        }
-
-        function isInlineSwap(swapStyle, target) {
-            var extensions = getExtensions(target);
-            for (var i = 0; i < extensions.length; i++) {
-                var extension = extensions[i];
-                try {
-                    if (extension.isInlineSwap(swapStyle)) {
-                        return true;
-                    }
-                } catch(e) {
-                    logError(e);
-                }
-            }
-            return swapStyle === "outerHTML";
-        }
-
-        /**
-         *
-         * @param {string} oobValue
-         * @param {HTMLElement} oobElement
-         * @param {*} settleInfo
-         * @returns
-         */
-        function oobSwap(oobValue, oobElement, settleInfo) {
-            var selector = "#" + getRawAttribute(oobElement, "id");
-            var swapStyle = "outerHTML";
-            if (oobValue === "true") {
-                // do nothing
-            } else if (oobValue.indexOf(":") > 0) {
-                swapStyle = oobValue.substr(0, oobValue.indexOf(":"));
-                selector  = oobValue.substr(oobValue.indexOf(":") + 1, oobValue.length);
-            } else {
-                swapStyle = oobValue;
-            }
-
-            var targets = getDocument().querySelectorAll(selector);
-            if (targets) {
-                forEach(
-                    targets,
-                    function (target) {
-                        var fragment;
-                        var oobElementClone = oobElement.cloneNode(true);
-                        fragment = getDocument().createDocumentFragment();
-                        fragment.appendChild(oobElementClone);
-                        if (!isInlineSwap(swapStyle, target)) {
-                            fragment = oobElementClone; // if this is not an inline swap, we use the content of the node, not the node itself
-                        }
-
-                        var beforeSwapDetails = {shouldSwap: true, target: target, fragment:fragment };
-                        if (!triggerEvent(target, 'htmx:oobBeforeSwap', beforeSwapDetails)) return;
-
-                        target = beforeSwapDetails.target; // allow re-targeting
-                        if (beforeSwapDetails['shouldSwap']){
-                            swap(swapStyle, target, target, fragment, settleInfo);
-                        }
-                        forEach(settleInfo.elts, function (elt) {
-                            triggerEvent(elt, 'htmx:oobAfterSwap', beforeSwapDetails);
-                        });
-                    }
-                );
-                oobElement.parentNode.removeChild(oobElement);
-            } else {
-                oobElement.parentNode.removeChild(oobElement);
-                triggerErrorEvent(getDocument().body, "htmx:oobErrorNoTarget", {content: oobElement});
-            }
-            return oobValue;
-        }
-
-        function handleOutOfBandSwaps(elt, fragment, settleInfo) {
-            var oobSelects = getClosestAttributeValue(elt, "hx-select-oob");
-            if (oobSelects) {
-                var oobSelectValues = oobSelects.split(",");
-                for (var i = 0; i < oobSelectValues.length; i++) {
-                    var oobSelectValue = oobSelectValues[i].split(":", 2);
-                    var id = oobSelectValue[0].trim();
-                    if (id.indexOf("#") === 0) {
-                        id = id.substring(1);
-                    }
-                    var oobValue = oobSelectValue[1] || "true";
-                    var oobElement = fragment.querySelector("#" + id);
-                    if (oobElement) {
-                        oobSwap(oobValue, oobElement, settleInfo);
-                    }
-                }
-            }
-            forEach(findAll(fragment, '[hx-swap-oob], [data-hx-swap-oob]'), function (oobElement) {
-                var oobValue = getAttributeValue(oobElement, "hx-swap-oob");
-                if (oobValue != null) {
-                    oobSwap(oobValue, oobElement, settleInfo);
-                }
-            });
-        }
-
-        function handlePreservedElements(fragment) {
-            forEach(findAll(fragment, '[hx-preserve], [data-hx-preserve]'), function (preservedElt) {
-                var id = getAttributeValue(preservedElt, "id");
-                var oldElt = getDocument().getElementById(id);
-                if (oldElt != null) {
-                    preservedElt.parentNode.replaceChild(oldElt, preservedElt);
-                }
-            });
-        }
-
-        function handleAttributes(parentNode, fragment, settleInfo) {
-            forEach(fragment.querySelectorAll("[id]"), function (newNode) {
-                var id = getRawAttribute(newNode, "id")
-                if (id && id.length > 0) {
-                    var normalizedId = id.replace("'", "\\'");
-                    var normalizedTag = newNode.tagName.replace(':', '\\:');
-                    var oldNode = parentNode.querySelector(normalizedTag + "[id='" + normalizedId + "']");
-                    if (oldNode && oldNode !== parentNode) {
-                        var newAttributes = newNode.cloneNode();
-                        cloneAttributes(newNode, oldNode);
-                        settleInfo.tasks.push(function () {
-                            cloneAttributes(newNode, newAttributes);
-                        });
-                    }
-                }
-            });
-        }
-
-        function makeAjaxLoadTask(child) {
-            return function () {
-                removeClassFromElement(child, htmx.config.addedClass);
-                processNode(child);
-                processScripts(child);
-                processFocus(child)
-                triggerEvent(child, 'htmx:load');
-            };
-        }
-
-        function processFocus(child) {
-            var autofocus = "[autofocus]";
-            var autoFocusedElt = matches(child, autofocus) ? child : child.querySelector(autofocus)
-            if (autoFocusedElt != null) {
-                autoFocusedElt.focus();
-            }
-        }
-
-        function insertNodesBefore(parentNode, insertBefore, fragment, settleInfo) {
-            handleAttributes(parentNode, fragment, settleInfo);
-            while(fragment.childNodes.length > 0){
-                var child = fragment.firstChild;
-                addClassToElement(child, htmx.config.addedClass);
-                parentNode.insertBefore(child, insertBefore);
-                if (child.nodeType !== Node.TEXT_NODE && child.nodeType !== Node.COMMENT_NODE) {
-                    settleInfo.tasks.push(makeAjaxLoadTask(child));
-                }
-            }
-        }
-
-        // based on https://gist.github.com/hyamamoto/fd435505d29ebfa3d9716fd2be8d42f0,
-        // derived from Java's string hashcode implementation
-        function stringHash(string, hash) {
-            var char = 0;
-            while (char < string.length){
-                hash = (hash << 5) - hash + string.charCodeAt(char++) | 0; // bitwise or ensures we have a 32-bit int
-            }
-            return hash;
-        }
-
-        function attributeHash(elt) {
-            var hash = 0;
-            // IE fix
-            if (elt.attributes) {
-                for (var i = 0; i < elt.attributes.length; i++) {
-                    var attribute = elt.attributes[i];
-                    if(attribute.value){ // only include attributes w/ actual values (empty is same as non-existent)
-                        hash = stringHash(attribute.name, hash);
-                        hash = stringHash(attribute.value, hash);
-                    }
-                }
-            }
-            return hash;
-        }
-
-        function deInitOnHandlers(elt) {
-            var internalData = getInternalData(elt);
-            if (internalData.onHandlers) {
-                for (var i = 0; i < internalData.onHandlers.length; i++) {
-                    const handlerInfo = internalData.onHandlers[i];
-                    elt.removeEventListener(handlerInfo.event, handlerInfo.listener);
-                }
-                delete internalData.onHandlers
-            }
-        }
-
-        function deInitNode(element) {
-            var internalData = getInternalData(element);
-            if (internalData.timeout) {
-                clearTimeout(internalData.timeout);
-            }
-            if (internalData.webSocket) {
-                internalData.webSocket.close();
-            }
-            if (internalData.sseEventSource) {
-                internalData.sseEventSource.close();
-            }
-            if (internalData.listenerInfos) {
-                forEach(internalData.listenerInfos, function (info) {
-                    if (info.on) {
-                        info.on.removeEventListener(info.trigger, info.listener);
-                    }
-                });
-            }
-            deInitOnHandlers(element);
-            forEach(Object.keys(internalData), function(key) { delete internalData[key] });
-        }
-
-        function cleanUpElement(element) {
-            triggerEvent(element, "htmx:beforeCleanupElement")
-            deInitNode(element);
-            if (element.children) { // IE
-                forEach(element.children, function(child) { cleanUpElement(child) });
-            }
-        }
-
-        function swapOuterHTML(target, fragment, settleInfo) {
-            if (target.tagName === "BODY") {
-                return swapInnerHTML(target, fragment, settleInfo);
-            } else {
-                // @type {HTMLElement}
-                var newElt
-                var eltBeforeNewContent = target.previousSibling;
-                insertNodesBefore(parentElt(target), target, fragment, settleInfo);
-                if (eltBeforeNewContent == null) {
-                    newElt = parentElt(target).firstChild;
-                } else {
-                    newElt = eltBeforeNewContent.nextSibling;
-                }
-                settleInfo.elts = settleInfo.elts.filter(function(e) { return e != target });
-                while(newElt && newElt !== target) {
-                    if (newElt.nodeType === Node.ELEMENT_NODE) {
-                        settleInfo.elts.push(newElt);
-                    }
-                    newElt = newElt.nextElementSibling;
-                }
-                cleanUpElement(target);
-                parentElt(target).removeChild(target);
-            }
-        }
-
-        function swapAfterBegin(target, fragment, settleInfo) {
-            return insertNodesBefore(target, target.firstChild, fragment, settleInfo);
-        }
-
-        function swapBeforeBegin(target, fragment, settleInfo) {
-            return insertNodesBefore(parentElt(target), target, fragment, settleInfo);
-        }
-
-        function swapBeforeEnd(target, fragment, settleInfo) {
-            return insertNodesBefore(target, null, fragment, settleInfo);
-        }
-
-        function swapAfterEnd(target, fragment, settleInfo) {
-            return insertNodesBefore(parentElt(target), target.nextSibling, fragment, settleInfo);
-        }
-        function swapDelete(target, fragment, settleInfo) {
-            cleanUpElement(target);
-            return parentElt(target).removeChild(target);
-        }
-
-        function swapInnerHTML(target, fragment, settleInfo) {
-            var firstChild = target.firstChild;
-            insertNodesBefore(target, firstChild, fragment, settleInfo);
-            if (firstChild) {
-                while (firstChild.nextSibling) {
-                    cleanUpElement(firstChild.nextSibling)
-                    target.removeChild(firstChild.nextSibling);
-                }
-                cleanUpElement(firstChild)
-                target.removeChild(firstChild);
-            }
-        }
-
-        function maybeSelectFromResponse(elt, fragment, selectOverride) {
-            var selector = selectOverride || getClosestAttributeValue(elt, "hx-select");
-            if (selector) {
-                var newFragment = getDocument().createDocumentFragment();
-                forEach(fragment.querySelectorAll(selector), function (node) {
-                    newFragment.appendChild(node);
-                });
-                fragment = newFragment;
-            }
-            return fragment;
-        }
-
-        function swap(swapStyle, elt, target, fragment, settleInfo) {
-            switch (swapStyle) {
-                case "none":
-                    return;
-                case "outerHTML":
-                    swapOuterHTML(target, fragment, settleInfo);
-                    return;
-                case "afterbegin":
-                    swapAfterBegin(target, fragment, settleInfo);
-                    return;
-                case "beforebegin":
-                    swapBeforeBegin(target, fragment, settleInfo);
-                    return;
-                case "beforeend":
-                    swapBeforeEnd(target, fragment, settleInfo);
-                    return;
-                case "afterend":
-                    swapAfterEnd(target, fragment, settleInfo);
-                    return;
-                case "delete":
-                    swapDelete(target, fragment, settleInfo);
-                    return;
-                default:
-                    var extensions = getExtensions(elt);
-                    for (var i = 0; i < extensions.length; i++) {
-                        var ext = extensions[i];
-                        try {
-                            var newElements = ext.handleSwap(swapStyle, target, fragment, settleInfo);
-                            if (newElements) {
-                                if (typeof newElements.length !== 'undefined') {
-                                    // if handleSwap returns an array (like) of elements, we handle them
-                                    for (var j = 0; j < newElements.length; j++) {
-                                        var child = newElements[j];
-                                        if (child.nodeType !== Node.TEXT_NODE && child.nodeType !== Node.COMMENT_NODE) {
-                                            settleInfo.tasks.push(makeAjaxLoadTask(child));
-                                        }
-                                    }
-                                }
-                                return;
-                            }
-                        } catch (e) {
-                            logError(e);
-                        }
-                    }
-                    if (swapStyle === "innerHTML") {
-                        swapInnerHTML(target, fragment, settleInfo);
-                    } else {
-                        swap(htmx.config.defaultSwapStyle, elt, target, fragment, settleInfo);
-                    }
-            }
-        }
-
-        function findTitle(content) {
-            if (content.indexOf('<title') > -1) {
-                var contentWithSvgsRemoved = content.replace(SVG_TAGS_REGEX, '');
-                var result = contentWithSvgsRemoved.match(TITLE_TAG_REGEX);
-                if (result) {
-                    return result[2];
-                }
-            }
-        }
-
-        function selectAndSwap(swapStyle, target, elt, responseText, settleInfo, selectOverride) {
-            settleInfo.title = findTitle(responseText);
-            var fragment = makeFragment(responseText);
-            if (fragment) {
-                handleOutOfBandSwaps(elt, fragment, settleInfo);
-                fragment = maybeSelectFromResponse(elt, fragment, selectOverride);
-                handlePreservedElements(fragment);
-                return swap(swapStyle, elt, target, fragment, settleInfo);
-            }
-        }
-
-        function handleTrigger(xhr, header, elt) {
-            var triggerBody = xhr.getResponseHeader(header);
-            if (triggerBody.indexOf("{") === 0) {
-                var triggers = parseJSON(triggerBody);
-                for (var eventName in triggers) {
-                    if (triggers.hasOwnProperty(eventName)) {
-                        var detail = triggers[eventName];
-                        if (!isRawObject(detail)) {
-                            detail = {"value": detail}
-                        }
-                        triggerEvent(elt, eventName, detail);
-                    }
-                }
-            } else {
-                var eventNames = triggerBody.split(",")
-                for (var i = 0; i < eventNames.length; i++) {
-                    triggerEvent(elt, eventNames[i].trim(), []);
-                }
-            }
-        }
-
-        var WHITESPACE = /\s/;
-        var WHITESPACE_OR_COMMA = /[\s,]/;
-        var SYMBOL_START = /[_$a-zA-Z]/;
-        var SYMBOL_CONT = /[_$a-zA-Z0-9]/;
-        var STRINGISH_START = ['"', "'", "/"];
-        var NOT_WHITESPACE = /[^\s]/;
-        var COMBINED_SELECTOR_START = /[{(]/;
-        var COMBINED_SELECTOR_END = /[})]/;
-        function tokenizeString(str) {
-            var tokens = [];
-            var position = 0;
-            while (position < str.length) {
-                if(SYMBOL_START.exec(str.charAt(position))) {
-                    var startPosition = position;
-                    while (SYMBOL_CONT.exec(str.charAt(position + 1))) {
-                        position++;
-                    }
-                    tokens.push(str.substr(startPosition, position - startPosition + 1));
-                } else if (STRINGISH_START.indexOf(str.charAt(position)) !== -1) {
-                    var startChar = str.charAt(position);
-                    var startPosition = position;
-                    position++;
-                    while (position < str.length && str.charAt(position) !== startChar ) {
-                        if (str.charAt(position) === "\\") {
-                            position++;
-                        }
-                        position++;
-                    }
-                    tokens.push(str.substr(startPosition, position - startPosition + 1));
-                } else {
-                    var symbol = str.charAt(position);
-                    tokens.push(symbol);
-                }
-                position++;
-            }
-            return tokens;
-        }
-
-        function isPossibleRelativeReference(token, last, paramName) {
-            return SYMBOL_START.exec(token.charAt(0)) &&
-                token !== "true" &&
-                token !== "false" &&
-                token !== "this" &&
-                token !== paramName &&
-                last !== ".";
-        }
-
-        function maybeGenerateConditional(elt, tokens, paramName) {
-            if (tokens[0] === '[') {
-                tokens.shift();
-                var bracketCount = 1;
-                var conditionalSource = " return (function(" + paramName + "){ return (";
-                var last = null;
-                while (tokens.length > 0) {
-                    var token = tokens[0];
-                    if (token === "]") {
-                        bracketCount--;
-                        if (bracketCount === 0) {
-                            if (last === null) {
-                                conditionalSource = conditionalSource + "true";
-                            }
-                            tokens.shift();
-                            conditionalSource += ")})";
-                            try {
-                                var conditionFunction = maybeEval(elt,function () {
-                                    return Function(conditionalSource)();
-                                    },
-                                    function(){return true})
-                                conditionFunction.source = conditionalSource;
-                                return conditionFunction;
-                            } catch (e) {
-                                triggerErrorEvent(getDocument().body, "htmx:syntax:error", {error:e, source:conditionalSource})
-                                return null;
-                            }
-                        }
-                    } else if (token === "[") {
-                        bracketCount++;
-                    }
-                    if (isPossibleRelativeReference(token, last, paramName)) {
-                            conditionalSource += "((" + paramName + "." + token + ") ? (" + paramName + "." + token + ") : (window." + token + "))";
-                    } else {
-                        conditionalSource = conditionalSource + token;
-                    }
-                    last = tokens.shift();
-                }
-            }
-        }
-
-        function consumeUntil(tokens, match) {
-            var result = "";
-            while (tokens.length > 0 && !match.test(tokens[0])) {
-                result += tokens.shift();
-            }
-            return result;
-        }
-
-        function consumeCSSSelector(tokens) {
-            var result;
-            if (tokens.length > 0 && COMBINED_SELECTOR_START.test(tokens[0])) {
-                tokens.shift();
-                result = consumeUntil(tokens, COMBINED_SELECTOR_END).trim();
-                tokens.shift();
-            } else {
-                result = consumeUntil(tokens, WHITESPACE_OR_COMMA);
-            }
-            return result;
-        }
-
-        var INPUT_SELECTOR = 'input, textarea, select';
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {string} explicitTrigger
-         * @param {cache} cache for trigger specs
-         * @returns {import("./htmx").HtmxTriggerSpecification[]}
-         */
-        function parseAndCacheTrigger(elt, explicitTrigger, cache) {
-            var triggerSpecs = [];
-            var tokens = tokenizeString(explicitTrigger);
-            do {
-                consumeUntil(tokens, NOT_WHITESPACE);
-                var initialLength = tokens.length;
-                var trigger = consumeUntil(tokens, /[,\[\s]/);
-                if (trigger !== "") {
-                    if (trigger === "every") {
-                        var every = {trigger: 'every'};
-                        consumeUntil(tokens, NOT_WHITESPACE);
-                        every.pollInterval = parseInterval(consumeUntil(tokens, /[,\[\s]/));
-                        consumeUntil(tokens, NOT_WHITESPACE);
-                        var eventFilter = maybeGenerateConditional(elt, tokens, "event");
-                        if (eventFilter) {
-                            every.eventFilter = eventFilter;
-                        }
-                        triggerSpecs.push(every);
-                    } else if (trigger.indexOf("sse:") === 0) {
-                        triggerSpecs.push({trigger: 'sse', sseEvent: trigger.substr(4)});
-                    } else {
-                        var triggerSpec = {trigger: trigger};
-                        var eventFilter = maybeGenerateConditional(elt, tokens, "event");
-                        if (eventFilter) {
-                            triggerSpec.eventFilter = eventFilter;
-                        }
-                        while (tokens.length > 0 && tokens[0] !== ",") {
-                            consumeUntil(tokens, NOT_WHITESPACE)
-                            var token = tokens.shift();
-                            if (token === "changed") {
-                                triggerSpec.changed = true;
-                            } else if (token === "once") {
-                                triggerSpec.once = true;
-                            } else if (token === "consume") {
-                                triggerSpec.consume = true;
-                            } else if (token === "delay" && tokens[0] === ":") {
-                                tokens.shift();
-                                triggerSpec.delay = parseInterval(consumeUntil(tokens, WHITESPACE_OR_COMMA));
-                            } else if (token === "from" && tokens[0] === ":") {
-                                tokens.shift();
-                                if (COMBINED_SELECTOR_START.test(tokens[0])) {
-                                    var from_arg = consumeCSSSelector(tokens);
-                                } else {
-                                    var from_arg = consumeUntil(tokens, WHITESPACE_OR_COMMA);
-                                    if (from_arg === "closest" || from_arg === "find" || from_arg === "next" || from_arg === "previous") {
-                                        tokens.shift();
-                                        var selector = consumeCSSSelector(tokens);
-                                        // `next` and `previous` allow a selector-less syntax
-                                        if (selector.length > 0) {
-                                            from_arg += " " + selector;
-                                        }
-                                    }
-                                }
-                                triggerSpec.from = from_arg;
-                            } else if (token === "target" && tokens[0] === ":") {
-                                tokens.shift();
-                                triggerSpec.target = consumeCSSSelector(tokens);
-                            } else if (token === "throttle" && tokens[0] === ":") {
-                                tokens.shift();
-                                triggerSpec.throttle = parseInterval(consumeUntil(tokens, WHITESPACE_OR_COMMA));
-                            } else if (token === "queue" && tokens[0] === ":") {
-                                tokens.shift();
-                                triggerSpec.queue = consumeUntil(tokens, WHITESPACE_OR_COMMA);
-                            } else if (token === "root" && tokens[0] === ":") {
-                                tokens.shift();
-                                triggerSpec[token] = consumeCSSSelector(tokens);
-                            } else if (token === "threshold" && tokens[0] === ":") {
-                                tokens.shift();
-                                triggerSpec[token] = consumeUntil(tokens, WHITESPACE_OR_COMMA);
-                            } else {
-                                triggerErrorEvent(elt, "htmx:syntax:error", {token:tokens.shift()});
-                            }
-                        }
-                        triggerSpecs.push(triggerSpec);
-                    }
-                }
-                if (tokens.length === initialLength) {
-                    triggerErrorEvent(elt, "htmx:syntax:error", {token:tokens.shift()});
-                }
-                consumeUntil(tokens, NOT_WHITESPACE);
-            } while (tokens[0] === "," && tokens.shift())
-            if (cache) {
-                cache[explicitTrigger] = triggerSpecs
-            }
-            return triggerSpecs
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @returns {import("./htmx").HtmxTriggerSpecification[]}
-         */
-        function getTriggerSpecs(elt) {
-            var explicitTrigger = getAttributeValue(elt, 'hx-trigger');
-            var triggerSpecs = [];
-            if (explicitTrigger) {
-                var cache = htmx.config.triggerSpecsCache
-                triggerSpecs = (cache && cache[explicitTrigger]) || parseAndCacheTrigger(elt, explicitTrigger, cache)
-            }
-
-            if (triggerSpecs.length > 0) {
-                return triggerSpecs;
-            } else if (matches(elt, 'form')) {
-                return [{trigger: 'submit'}];
-            } else if (matches(elt, 'input[type="button"], input[type="submit"]')){
-                return [{trigger: 'click'}];
-            } else if (matches(elt, INPUT_SELECTOR)) {
-                return [{trigger: 'change'}];
-            } else {
-                return [{trigger: 'click'}];
-            }
-        }
-
-        function cancelPolling(elt) {
-            getInternalData(elt).cancelled = true;
-        }
-
-        function processPolling(elt, handler, spec) {
-            var nodeData = getInternalData(elt);
-            nodeData.timeout = setTimeout(function () {
-                if (bodyContains(elt) && nodeData.cancelled !== true) {
-                    if (!maybeFilterEvent(spec, elt, makeEvent('hx:poll:trigger', {
-                        triggerSpec: spec,
-                        target: elt
-                    }))) {
-                        handler(elt);
-                    }
-                    processPolling(elt, handler, spec);
-                }
-            }, spec.pollInterval);
-        }
-
-        function isLocalLink(elt) {
-            return location.hostname === elt.hostname &&
-                getRawAttribute(elt,'href') &&
-                getRawAttribute(elt,'href').indexOf("#") !== 0;
-        }
-
-        function boostElement(elt, nodeData, triggerSpecs) {
-            if ((elt.tagName === "A" && isLocalLink(elt) && (elt.target === "" || elt.target === "_self")) || elt.tagName === "FORM") {
-                nodeData.boosted = true;
-                var verb, path;
-                if (elt.tagName === "A") {
-                    verb = "get";
-                    path = getRawAttribute(elt, 'href')
-                } else {
-                    var rawAttribute = getRawAttribute(elt, "method");
-                    verb = rawAttribute ? rawAttribute.toLowerCase() : "get";
-                    if (verb === "get") {
-                    }
-                    path = getRawAttribute(elt, 'action');
-                }
-                triggerSpecs.forEach(function(triggerSpec) {
-                    addEventListener(elt, function(elt, evt) {
-                        if (closest(elt, htmx.config.disableSelector)) {
-                            cleanUpElement(elt)
-                            return
-                        }
-                        issueAjaxRequest(verb, path, elt, evt)
-                    }, nodeData, triggerSpec, true);
-                });
-            }
-        }
-
-        /**
-         *
-         * @param {Event} evt
-         * @param {HTMLElement} elt
-         * @returns
-         */
-        function shouldCancel(evt, elt) {
-            if (evt.type === "submit" || evt.type === "click") {
-                if (elt.tagName === "FORM") {
-                    return true;
-                }
-                if (matches(elt, 'input[type="submit"], button') && closest(elt, 'form') !== null) {
-                    return true;
-                }
-                if (elt.tagName === "A" && elt.href &&
-                    (elt.getAttribute('href') === '#' || elt.getAttribute('href').indexOf("#") !== 0)) {
-                    return true;
-                }
-            }
-            return false;
-        }
-
-        function ignoreBoostedAnchorCtrlClick(elt, evt) {
-            return getInternalData(elt).boosted && elt.tagName === "A" && evt.type === "click" && (evt.ctrlKey || evt.metaKey);
-        }
-
-        function maybeFilterEvent(triggerSpec, elt, evt) {
-            var eventFilter = triggerSpec.eventFilter;
-            if(eventFilter){
-                try {
-                    return eventFilter.call(elt, evt) !== true;
-                } catch(e) {
-                    triggerErrorEvent(getDocument().body, "htmx:eventFilter:error", {error: e, source:eventFilter.source});
-                    return true;
-                }
-            }
-            return false;
-        }
-
-        function addEventListener(elt, handler, nodeData, triggerSpec, explicitCancel) {
-            var elementData = getInternalData(elt);
-            var eltsToListenOn;
-            if (triggerSpec.from) {
-                eltsToListenOn = querySelectorAllExt(elt, triggerSpec.from);
-            } else {
-                eltsToListenOn = [elt];
-            }
-            // store the initial values of the elements, so we can tell if they change
-            if (triggerSpec.changed) {
-                eltsToListenOn.forEach(function (eltToListenOn) {
-                    var eltToListenOnData = getInternalData(eltToListenOn);
-                    eltToListenOnData.lastValue = eltToListenOn.value;
-                })
-            }
-            forEach(eltsToListenOn, function (eltToListenOn) {
-                var eventListener = function (evt) {
-                    if (!bodyContains(elt)) {
-                        eltToListenOn.removeEventListener(triggerSpec.trigger, eventListener);
-                        return;
-                    }
-                    if (ignoreBoostedAnchorCtrlClick(elt, evt)) {
-                        return;
-                    }
-                    if (explicitCancel || shouldCancel(evt, elt)) {
-                        evt.preventDefault();
-                    }
-                    if (maybeFilterEvent(triggerSpec, elt, evt)) {
-                        return;
-                    }
-                    var eventData = getInternalData(evt);
-                    eventData.triggerSpec = triggerSpec;
-                    if (eventData.handledFor == null) {
-                        eventData.handledFor = [];
-                    }
-                    if (eventData.handledFor.indexOf(elt) < 0) {
-                        eventData.handledFor.push(elt);
-                        if (triggerSpec.consume) {
-                            evt.stopPropagation();
-                        }
-                        if (triggerSpec.target && evt.target) {
-                            if (!matches(evt.target, triggerSpec.target)) {
-                                return;
-                            }
-                        }
-                        if (triggerSpec.once) {
-                            if (elementData.triggeredOnce) {
-                                return;
-                            } else {
-                                elementData.triggeredOnce = true;
-                            }
-                        }
-                        if (triggerSpec.changed) {
-                            var eltToListenOnData = getInternalData(eltToListenOn)
-                            if (eltToListenOnData.lastValue === eltToListenOn.value) {
-                                return;
-                            }
-                            eltToListenOnData.lastValue = eltToListenOn.value
-                        }
-                        if (elementData.delayed) {
-                            clearTimeout(elementData.delayed);
-                        }
-                        if (elementData.throttle) {
-                            return;
-                        }
-
-                        if (triggerSpec.throttle > 0) {
-                            if (!elementData.throttle) {
-                                handler(elt, evt);
-                                elementData.throttle = setTimeout(function () {
-                                    elementData.throttle = null;
-                                }, triggerSpec.throttle);
-                            }
-                        } else if (triggerSpec.delay > 0) {
-                            elementData.delayed = setTimeout(function() { handler(elt, evt) }, triggerSpec.delay);
-                        } else {
-                            triggerEvent(elt, 'htmx:trigger')
-                            handler(elt, evt);
-                        }
-                    }
-                };
-                if (nodeData.listenerInfos == null) {
-                    nodeData.listenerInfos = [];
-                }
-                nodeData.listenerInfos.push({
-                    trigger: triggerSpec.trigger,
-                    listener: eventListener,
-                    on: eltToListenOn
-                })
-                eltToListenOn.addEventListener(triggerSpec.trigger, eventListener);
-            });
-        }
-
-        var windowIsScrolling = false // used by initScrollHandler
-        var scrollHandler = null;
-        function initScrollHandler() {
-            if (!scrollHandler) {
-                scrollHandler = function() {
-                    windowIsScrolling = true
-                };
-                window.addEventListener("scroll", scrollHandler)
-                setInterval(function() {
-                    if (windowIsScrolling) {
-                        windowIsScrolling = false;
-                        forEach(getDocument().querySelectorAll("[hx-trigger='revealed'],[data-hx-trigger='revealed']"), function (elt) {
-                            maybeReveal(elt);
-                        })
-                    }
-                }, 200);
-            }
-        }
-
-        function maybeReveal(elt) {
-            if (!hasAttribute(elt,'data-hx-revealed') && isScrolledIntoView(elt)) {
-                elt.setAttribute('data-hx-revealed', 'true');
-                var nodeData = getInternalData(elt);
-                if (nodeData.initHash) {
-                    triggerEvent(elt, 'revealed');
-                } else {
-                    // if the node isn't initialized, wait for it before triggering the request
-                    elt.addEventListener("htmx:afterProcessNode", function(evt) { triggerEvent(elt, 'revealed') }, {once: true});
-                }
-            }
-        }
-
-        //====================================================================
-        // Web Sockets
-        //====================================================================
-
-        function processWebSocketInfo(elt, nodeData, info) {
-            var values = splitOnWhitespace(info);
-            for (var i = 0; i < values.length; i++) {
-                var value = values[i].split(/:(.+)/);
-                if (value[0] === "connect") {
-                    ensureWebSocket(elt, value[1], 0);
-                }
-                if (value[0] === "send") {
-                    processWebSocketSend(elt);
-                }
-            }
-        }
-
-        function ensureWebSocket(elt, wssSource, retryCount) {
-            if (!bodyContains(elt)) {
-                return;  // stop ensuring websocket connection when socket bearing element ceases to exist
-            }
-
-            if (wssSource.indexOf("/") == 0) {  // complete absolute paths only
-                var base_part = location.hostname + (location.port ? ':'+location.port: '');
-                if (location.protocol == 'https:') {
-                    wssSource = "wss://" + base_part + wssSource;
-                } else if (location.protocol == 'http:') {
-                    wssSource = "ws://" + base_part + wssSource;
-                }
-            }
-            var socket = htmx.createWebSocket(wssSource);
-            socket.onerror = function (e) {
-                triggerErrorEvent(elt, "htmx:wsError", {error:e, socket:socket});
-                maybeCloseWebSocketSource(elt);
-            };
-
-            socket.onclose = function (e) {
-                if ([1006, 1012, 1013].indexOf(e.code) >= 0) {  // Abnormal Closure/Service Restart/Try Again Later
-                    var delay = getWebSocketReconnectDelay(retryCount);
-                    setTimeout(function() {
-                        ensureWebSocket(elt, wssSource, retryCount+1);  // creates a websocket with a new timeout
-                    }, delay);
-                }
-            };
-            socket.onopen = function (e) {
-                retryCount = 0;
-            }
-
-            getInternalData(elt).webSocket = socket;
-            socket.addEventListener('message', function (event) {
-                if (maybeCloseWebSocketSource(elt)) {
-                    return;
-                }
-
-                var response = event.data;
-                withExtensions(elt, function(extension){
-                    response = extension.transformResponse(response, null, elt);
-                });
-
-                var settleInfo = makeSettleInfo(elt);
-                var fragment = makeFragment(response);
-                var children = toArray(fragment.children);
-                for (var i = 0; i < children.length; i++) {
-                    var child = children[i];
-                    oobSwap(getAttributeValue(child, "hx-swap-oob") || "true", child, settleInfo);
-                }
-
-                settleImmediately(settleInfo.tasks);
-            });
-        }
-
-        function maybeCloseWebSocketSource(elt) {
-            if (!bodyContains(elt)) {
-                getInternalData(elt).webSocket.close();
-                return true;
-            }
-        }
-
-        function processWebSocketSend(elt) {
-            var webSocketSourceElt = getClosestMatch(elt, function (parent) {
-                return getInternalData(parent).webSocket != null;
-            });
-            if (webSocketSourceElt) {
-                elt.addEventListener(getTriggerSpecs(elt)[0].trigger, function (evt) {
-                    var webSocket = getInternalData(webSocketSourceElt).webSocket;
-                    var headers = getHeaders(elt, webSocketSourceElt);
-                    var results = getInputValues(elt, 'post');
-                    var errors = results.errors;
-                    var rawParameters = results.values;
-                    var expressionVars = getExpressionVars(elt);
-                    var allParameters = mergeObjects(rawParameters, expressionVars);
-                    var filteredParameters = filterValues(allParameters, elt);
-                    filteredParameters['HEADERS'] = headers;
-                    if (errors && errors.length > 0) {
-                        triggerEvent(elt, 'htmx:validation:halted', errors);
-                        return;
-                    }
-                    webSocket.send(JSON.stringify(filteredParameters));
-                    if(shouldCancel(evt, elt)){
-                        evt.preventDefault();
-                    }
-                });
-            } else {
-                triggerErrorEvent(elt, "htmx:noWebSocketSourceError");
-            }
-        }
-
-        function getWebSocketReconnectDelay(retryCount) {
-            var delay = htmx.config.wsReconnectDelay;
-            if (typeof delay === 'function') {
-                // @ts-ignore
-                return delay(retryCount);
-            }
-            if (delay === 'full-jitter') {
-                var exp = Math.min(retryCount, 6);
-                var maxDelay = 1000 * Math.pow(2, exp);
-                return maxDelay * Math.random();
-            }
-            logError('htmx.config.wsReconnectDelay must either be a function or the string "full-jitter"');
-        }
-
-        //====================================================================
-        // Server Sent Events
-        //====================================================================
-
-        function processSSEInfo(elt, nodeData, info) {
-            var values = splitOnWhitespace(info);
-            for (var i = 0; i < values.length; i++) {
-                var value = values[i].split(/:(.+)/);
-                if (value[0] === "connect") {
-                    processSSESource(elt, value[1]);
-                }
-
-                if ((value[0] === "swap")) {
-                    processSSESwap(elt, value[1])
-                }
-            }
-        }
-
-        function processSSESource(elt, sseSrc) {
-            var source = htmx.createEventSource(sseSrc);
-            source.onerror = function (e) {
-                triggerErrorEvent(elt, "htmx:sseError", {error:e, source:source});
-                maybeCloseSSESource(elt);
-            };
-            getInternalData(elt).sseEventSource = source;
-        }
-
-        function processSSESwap(elt, sseEventName) {
-            var sseSourceElt = getClosestMatch(elt, hasEventSource);
-            if (sseSourceElt) {
-                var sseEventSource = getInternalData(sseSourceElt).sseEventSource;
-                var sseListener = function (event) {
-                    if (maybeCloseSSESource(sseSourceElt)) {
-                        return;
-                    }
-                    if (!bodyContains(elt)) {
-                        sseEventSource.removeEventListener(sseEventName, sseListener);
-                        return;
-                    }
-
-                    ///////////////////////////
-                    // TODO: merge this code with AJAX and WebSockets code in the future.
-
-                    var response = event.data;
-                    withExtensions(elt, function(extension){
-                        response = extension.transformResponse(response, null, elt);
-                    });
-
-                    var swapSpec = getSwapSpecification(elt)
-                    var target = getTarget(elt)
-                    var settleInfo = makeSettleInfo(elt);
-
-                    selectAndSwap(swapSpec.swapStyle, target, elt, response, settleInfo)
-                    settleImmediately(settleInfo.tasks)
-                    triggerEvent(elt, "htmx:sseMessage", event)
-                };
-
-                getInternalData(elt).sseListener = sseListener;
-                sseEventSource.addEventListener(sseEventName, sseListener);
-            } else {
-                triggerErrorEvent(elt, "htmx:noSSESourceError");
-            }
-        }
-
-        function processSSETrigger(elt, handler, sseEventName) {
-            var sseSourceElt = getClosestMatch(elt, hasEventSource);
-            if (sseSourceElt) {
-                var sseEventSource = getInternalData(sseSourceElt).sseEventSource;
-                var sseListener = function () {
-                    if (!maybeCloseSSESource(sseSourceElt)) {
-                        if (bodyContains(elt)) {
-                            handler(elt);
-                        } else {
-                            sseEventSource.removeEventListener(sseEventName, sseListener);
-                        }
-                    }
-                };
-                getInternalData(elt).sseListener = sseListener;
-                sseEventSource.addEventListener(sseEventName, sseListener);
-            } else {
-                triggerErrorEvent(elt, "htmx:noSSESourceError");
-            }
-        }
-
-        function maybeCloseSSESource(elt) {
-            if (!bodyContains(elt)) {
-                getInternalData(elt).sseEventSource.close();
-                return true;
-            }
-        }
-
-        function hasEventSource(node) {
-            return getInternalData(node).sseEventSource != null;
-        }
-
-        //====================================================================
-
-        function loadImmediately(elt, handler, nodeData, delay) {
-            var load = function(){
-                if (!nodeData.loaded) {
-                    nodeData.loaded = true;
-                    handler(elt);
-                }
-            }
-            if (delay > 0) {
-                setTimeout(load, delay);
-            } else {
-                load();
-            }
-        }
-
-        function processVerbs(elt, nodeData, triggerSpecs) {
-            var explicitAction = false;
-            forEach(VERBS, function (verb) {
-                if (hasAttribute(elt,'hx-' + verb)) {
-                    var path = getAttributeValue(elt, 'hx-' + verb);
-                    explicitAction = true;
-                    nodeData.path = path;
-                    nodeData.verb = verb;
-                    triggerSpecs.forEach(function(triggerSpec) {
-                        addTriggerHandler(elt, triggerSpec, nodeData, function (elt, evt) {
-                            if (closest(elt, htmx.config.disableSelector)) {
-                                cleanUpElement(elt)
-                                return
-                            }
-                            issueAjaxRequest(verb, path, elt, evt)
-                        })
-                    });
-                }
-            });
-            return explicitAction;
-        }
-
-        function addTriggerHandler(elt, triggerSpec, nodeData, handler) {
-            if (triggerSpec.sseEvent) {
-                processSSETrigger(elt, handler, triggerSpec.sseEvent);
-            } else if (triggerSpec.trigger === "revealed") {
-                initScrollHandler();
-                addEventListener(elt, handler, nodeData, triggerSpec);
-                maybeReveal(elt);
-            } else if (triggerSpec.trigger === "intersect") {
-                var observerOptions = {};
-                if (triggerSpec.root) {
-                    observerOptions.root = querySelectorExt(elt, triggerSpec.root)
-                }
-                if (triggerSpec.threshold) {
-                    observerOptions.threshold = parseFloat(triggerSpec.threshold);
-                }
-                var observer = new IntersectionObserver(function (entries) {
-                    for (var i = 0; i < entries.length; i++) {
-                        var entry = entries[i];
-                        if (entry.isIntersecting) {
-                            triggerEvent(elt, "intersect");
-                            break;
-                        }
-                    }
-                }, observerOptions);
-                observer.observe(elt);
-                addEventListener(elt, handler, nodeData, triggerSpec);
-            } else if (triggerSpec.trigger === "load") {
-                if (!maybeFilterEvent(triggerSpec, elt, makeEvent("load", {elt: elt}))) {
-                                loadImmediately(elt, handler, nodeData, triggerSpec.delay);
-                            }
-            } else if (triggerSpec.pollInterval > 0) {
-                nodeData.polling = true;
-                processPolling(elt, handler, triggerSpec);
-            } else {
-                addEventListener(elt, handler, nodeData, triggerSpec);
-            }
-        }
-
-        function evalScript(script) {
-            if (!script.htmxExecuted && htmx.config.allowScriptTags &&
-                (script.type === "text/javascript" || script.type === "module" || script.type === "") ) {
-                var newScript = getDocument().createElement("script");
-                forEach(script.attributes, function (attr) {
-                    newScript.setAttribute(attr.name, attr.value);
-                });
-                newScript.textContent = script.textContent;
-                newScript.async = false;
-                if (htmx.config.inlineScriptNonce) {
-                    newScript.nonce = htmx.config.inlineScriptNonce;
-                }
-                var parent = script.parentElement;
-
-                try {
-                    parent.insertBefore(newScript, script);
-                } catch (e) {
-                    logError(e);
-                } finally {
-                    // remove old script element, but only if it is still in DOM
-                    if (script.parentElement) {
-                        script.parentElement.removeChild(script);
-                    }
-                }
-            }
-        }
-
-        function processScripts(elt) {
-            if (matches(elt, "script")) {
-                evalScript(elt);
-            }
-            forEach(findAll(elt, "script"), function (script) {
-                evalScript(script);
-            });
-        }
-
-        function shouldProcessHxOn(elt) {
-            var attributes = elt.attributes
-            if (!attributes) {
-                return false
-            }
-            for (var j = 0; j < attributes.length; j++) {
-                var attrName = attributes[j].name
-                if (startsWith(attrName, "hx-on:") || startsWith(attrName, "data-hx-on:") ||
-                    startsWith(attrName, "hx-on-") || startsWith(attrName, "data-hx-on-")) {
-                    return true
-                }
-            }
-            return false
-        }
-
-        function findHxOnWildcardElements(elt) {
-            var node = null
-            var elements = []
-
-            if (shouldProcessHxOn(elt)) {
-                elements.push(elt)
-            }
-
-            if (document.evaluate) {
-                var iter = document.evaluate('.//*[@*[ starts-with(name(), "hx-on:") or starts-with(name(), "data-hx-on:") or' +
-                                                                           ' starts-with(name(), "hx-on-") or starts-with(name(), "data-hx-on-") ]]', elt)
-                while (node = iter.iterateNext()) elements.push(node)
-            } else if (typeof elt.getElementsByTagName === "function") {
-                var allElements = elt.getElementsByTagName("*")
-                for (var i = 0; i < allElements.length; i++) {
-                  if (shouldProcessHxOn(allElements[i])) {
-                      elements.push(allElements[i])
-                    }
-                }
-            }
-
-            return elements
-        }
-
-        function findElementsToProcess(elt) {
-            if (elt.querySelectorAll) {
-                var boostedSelector = ", [hx-boost] a, [data-hx-boost] a, a[hx-boost], a[data-hx-boost]";
-                var results = elt.querySelectorAll(VERB_SELECTOR + boostedSelector + ", form, [type='submit'], [hx-sse], [data-hx-sse], [hx-ws]," +
-                    " [data-hx-ws], [hx-ext], [data-hx-ext], [hx-trigger], [data-hx-trigger], [hx-on], [data-hx-on]");
-                return results;
-            } else {
-                return [];
-            }
-        }
-
-        // Handle submit buttons/inputs that have the form attribute set
-        // see https://developer.mozilla.org/docs/Web/HTML/Element/button
-         function maybeSetLastButtonClicked(evt) {
-            var elt = closest(evt.target, "button, input[type='submit']");
-            var internalData = getRelatedFormData(evt)
-            if (internalData) {
-              internalData.lastButtonClicked = elt;
-            }
-        };
-        function maybeUnsetLastButtonClicked(evt){
-            var internalData = getRelatedFormData(evt)
-            if (internalData) {
-              internalData.lastButtonClicked = null;
-            }
-        }
-        function getRelatedFormData(evt) {
-           var elt = closest(evt.target, "button, input[type='submit']");
-           if (!elt) {
-             return;
-           }
-           var form = resolveTarget('#' + getRawAttribute(elt, 'form')) || closest(elt, 'form');
-           if (!form) {
-             return;
-           }
-           return getInternalData(form);
-        }
-        function initButtonTracking(elt) {
-            // need to handle both click and focus in:
-            //   focusin - in case someone tabs in to a button and hits the space bar
-            //   click - on OSX buttons do not focus on click see https://bugs.webkit.org/show_bug.cgi?id=13724
-            elt.addEventListener('click', maybeSetLastButtonClicked)
-            elt.addEventListener('focusin', maybeSetLastButtonClicked)
-            elt.addEventListener('focusout', maybeUnsetLastButtonClicked)
-        }
-
-        function countCurlies(line) {
-            var tokens = tokenizeString(line);
-            var netCurlies = 0;
-            for (var i = 0; i < tokens.length; i++) {
-                const token = tokens[i];
-                if (token === "{") {
-                    netCurlies++;
-                } else if (token === "}") {
-                    netCurlies--;
-                }
-            }
-            return netCurlies;
-        }
-
-        function addHxOnEventHandler(elt, eventName, code) {
-            var nodeData = getInternalData(elt);
-            if (!Array.isArray(nodeData.onHandlers)) {
-                nodeData.onHandlers = [];
-            }
-            var func;
-            var listener = function (e) {
-                return maybeEval(elt, function() {
-                    if (!func) {
-                        func = new Function("event", code);
-                    }
-                    func.call(elt, e);
-                });
-            };
-            elt.addEventListener(eventName, listener);
-            nodeData.onHandlers.push({event:eventName, listener:listener});
-        }
-
-        function processHxOn(elt) {
-            var hxOnValue = getAttributeValue(elt, 'hx-on');
-            if (hxOnValue) {
-                var handlers = {}
-                var lines = hxOnValue.split("\n");
-                var currentEvent = null;
-                var curlyCount = 0;
-                while (lines.length > 0) {
-                    var line = lines.shift();
-                    var match = line.match(/^\s*([a-zA-Z:\-\.]+:)(.*)/);
-                    if (curlyCount === 0 && match) {
-                        line.split(":")
-                        currentEvent = match[1].slice(0, -1); // strip last colon
-                        handlers[currentEvent] = match[2];
-                    } else {
-                        handlers[currentEvent] += line;
-                    }
-                    curlyCount += countCurlies(line);
-                }
-
-                for (var eventName in handlers) {
-                    addHxOnEventHandler(elt, eventName, handlers[eventName]);
-                }
-            }
-        }
-
-        function processHxOnWildcard(elt) {
-            // wipe any previous on handlers so that this function takes precedence
-            deInitOnHandlers(elt)
-
-            for (var i = 0; i < elt.attributes.length; i++) {
-                var name = elt.attributes[i].name
-                var value = elt.attributes[i].value
-                if (startsWith(name, "hx-on") || startsWith(name, "data-hx-on")) {
-                    var afterOnPosition = name.indexOf("-on") + 3;
-                    var nextChar = name.slice(afterOnPosition, afterOnPosition + 1);
-                    if (nextChar === "-" || nextChar === ":") {
-                        var eventName = name.slice(afterOnPosition + 1);
-                        // if the eventName starts with a colon or dash, prepend "htmx" for shorthand support
-                        if (startsWith(eventName, ":")) {
-                            eventName = "htmx" + eventName
-                        } else if (startsWith(eventName, "-")) {
-                            eventName = "htmx:" + eventName.slice(1);
-                        } else if (startsWith(eventName, "htmx-")) {
-                            eventName = "htmx:" + eventName.slice(5);
-                        }
-
-                        addHxOnEventHandler(elt, eventName, value)
-                    }
-                }
-            }
-        }
-
-        function initNode(elt) {
-            if (closest(elt, htmx.config.disableSelector)) {
-                cleanUpElement(elt)
-                return;
-            }
-            var nodeData = getInternalData(elt);
-            if (nodeData.initHash !== attributeHash(elt)) {
-                // clean up any previously processed info
-                deInitNode(elt);
-
-                nodeData.initHash = attributeHash(elt);
-
-                processHxOn(elt);
-
-                triggerEvent(elt, "htmx:beforeProcessNode")
-
-                if (elt.value) {
-                    nodeData.lastValue = elt.value;
-                }
-
-                var triggerSpecs = getTriggerSpecs(elt);
-                var hasExplicitHttpAction = processVerbs(elt, nodeData, triggerSpecs);
-
-                if (!hasExplicitHttpAction) {
-                    if (getClosestAttributeValue(elt, "hx-boost") === "true") {
-                        boostElement(elt, nodeData, triggerSpecs);
-                    } else if (hasAttribute(elt, 'hx-trigger')) {
-                        triggerSpecs.forEach(function (triggerSpec) {
-                            // For "naked" triggers, don't do anything at all
-                            addTriggerHandler(elt, triggerSpec, nodeData, function () {
-                            })
-                        })
-                    }
-                }
-
-                // Handle submit buttons/inputs that have the form attribute set
-                // see https://developer.mozilla.org/docs/Web/HTML/Element/button
-                if (elt.tagName === "FORM" || (getRawAttribute(elt, "type") === "submit" && hasAttribute(elt, "form"))) {
-                    initButtonTracking(elt)
-                }
-
-                var sseInfo = getAttributeValue(elt, 'hx-sse');
-                if (sseInfo) {
-                    processSSEInfo(elt, nodeData, sseInfo);
-                }
-
-                var wsInfo = getAttributeValue(elt, 'hx-ws');
-                if (wsInfo) {
-                    processWebSocketInfo(elt, nodeData, wsInfo);
-                }
-                triggerEvent(elt, "htmx:afterProcessNode");
-            }
-        }
-
-        function processNode(elt) {
-            elt = resolveTarget(elt);
-            if (closest(elt, htmx.config.disableSelector)) {
-                cleanUpElement(elt)
-                return;
-            }
-            initNode(elt);
-            forEach(findElementsToProcess(elt), function(child) { initNode(child) });
-            // Because it happens second, the new way of adding onHandlers superseeds the old one
-            // i.e. if there are any hx-on:eventName attributes, the hx-on attribute will be ignored
-            forEach(findHxOnWildcardElements(elt), processHxOnWildcard);
-        }
-
-        //====================================================================
-        // Event/Log Support
-        //====================================================================
-
-        function kebabEventName(str) {
-            return str.replace(/([a-z0-9])([A-Z])/g, '$1-$2').toLowerCase();
-        }
-
-        function makeEvent(eventName, detail) {
-            var evt;
-            if (window.CustomEvent && typeof window.CustomEvent === 'function') {
-                evt = new CustomEvent(eventName, {bubbles: true, cancelable: true, detail: detail});
-            } else {
-                evt = getDocument().createEvent('CustomEvent');
-                evt.initCustomEvent(eventName, true, true, detail);
-            }
-            return evt;
-        }
-
-        function triggerErrorEvent(elt, eventName, detail) {
-            triggerEvent(elt, eventName, mergeObjects({error:eventName}, detail));
-        }
-
-        function ignoreEventForLogging(eventName) {
-            return eventName === "htmx:afterProcessNode"
-        }
-
-        /**
-         * `withExtensions` locates all active extensions for a provided element, then
-         * executes the provided function using each of the active extensions.  It should
-         * be called internally at every extendable execution point in htmx.
-         *
-         * @param {HTMLElement} elt
-         * @param {(extension:import("./htmx").HtmxExtension) => void} toDo
-         * @returns void
-         */
-        function withExtensions(elt, toDo) {
-            forEach(getExtensions(elt), function(extension){
-                try {
-                    toDo(extension);
-                } catch (e) {
-                    logError(e);
-                }
-            });
-        }
-
-        function logError(msg) {
-            if(console.error) {
-                console.error(msg);
-            } else if (console.log) {
-                console.log("ERROR: ", msg);
-            }
-        }
-
-        function triggerEvent(elt, eventName, detail) {
-            elt = resolveTarget(elt);
-            if (detail == null) {
-                detail = {};
-            }
-            detail["elt"] = elt;
-            var event = makeEvent(eventName, detail);
-            if (htmx.logger && !ignoreEventForLogging(eventName)) {
-                htmx.logger(elt, eventName, detail);
-            }
-            if (detail.error) {
-                logError(detail.error);
-                triggerEvent(elt, "htmx:error", {errorInfo:detail})
-            }
-            var eventResult = elt.dispatchEvent(event);
-            var kebabName = kebabEventName(eventName);
-            if (eventResult && kebabName !== eventName) {
-                var kebabedEvent = makeEvent(kebabName, event.detail);
-                eventResult = eventResult && elt.dispatchEvent(kebabedEvent)
-            }
-            withExtensions(elt, function (extension) {
-                eventResult = eventResult && (extension.onEvent(eventName, event) !== false && !event.defaultPrevented)
-            });
-            return eventResult;
-        }
-
-        //====================================================================
-        // History Support
-        //====================================================================
-        var currentPathForHistory = location.pathname+location.search;
-
-        function getHistoryElement() {
-            var historyElt = getDocument().querySelector('[hx-history-elt],[data-hx-history-elt]');
-            return historyElt || getDocument().body;
-        }
-
-        function saveToHistoryCache(url, content, title, scroll) {
-            if (!canAccessLocalStorage()) {
-                return;
-            }
-
-            if (htmx.config.historyCacheSize <= 0) {
-                // make sure that an eventually already existing cache is purged
-                localStorage.removeItem("htmx-history-cache");
-                return;
-            }
-
-            url = normalizePath(url);
-
-            var historyCache = parseJSON(localStorage.getItem("htmx-history-cache")) || [];
-            for (var i = 0; i < historyCache.length; i++) {
-                if (historyCache[i].url === url) {
-                    historyCache.splice(i, 1);
-                    break;
-                }
-            }
-            var newHistoryItem = {url:url, content: content, title:title, scroll:scroll};
-            triggerEvent(getDocument().body, "htmx:historyItemCreated", {item:newHistoryItem, cache: historyCache})
-            historyCache.push(newHistoryItem)
-            while (historyCache.length > htmx.config.historyCacheSize) {
-                historyCache.shift();
-            }
-            while(historyCache.length > 0){
-                try {
-                    localStorage.setItem("htmx-history-cache", JSON.stringify(historyCache));
-                    break;
-                } catch (e) {
-                    triggerErrorEvent(getDocument().body, "htmx:historyCacheError", {cause:e, cache: historyCache})
-                    historyCache.shift(); // shrink the cache and retry
-                }
-            }
-        }
-
-        function getCachedHistory(url) {
-            if (!canAccessLocalStorage()) {
-                return null;
-            }
-
-            url = normalizePath(url);
-
-            var historyCache = parseJSON(localStorage.getItem("htmx-history-cache")) || [];
-            for (var i = 0; i < historyCache.length; i++) {
-                if (historyCache[i].url === url) {
-                    return historyCache[i];
-                }
-            }
-            return null;
-        }
-
-        function cleanInnerHtmlForHistory(elt) {
-            var className = htmx.config.requestClass;
-            var clone = elt.cloneNode(true);
-            forEach(findAll(clone, "." + className), function(child){
-                removeClassFromElement(child, className);
-            });
-            return clone.innerHTML;
-        }
-
-        function saveCurrentPageToHistory() {
-            var elt = getHistoryElement();
-            var path = currentPathForHistory || location.pathname+location.search;
-
-            // Allow history snapshot feature to be disabled where hx-history="false"
-            // is present *anywhere* in the current document we're about to save,
-            // so we can prevent privileged data entering the cache.
-            // The page will still be reachable as a history entry, but htmx will fetch it
-            // live from the server onpopstate rather than look in the localStorage cache
-            var disableHistoryCache
-            try {
-                disableHistoryCache = getDocument().querySelector('[hx-history="false" i],[data-hx-history="false" i]')
-            } catch (e) {
-                // IE11: insensitive modifier not supported so fallback to case sensitive selector
-                disableHistoryCache = getDocument().querySelector('[hx-history="false"],[data-hx-history="false"]')
-            }
-            if (!disableHistoryCache) {
-                triggerEvent(getDocument().body, "htmx:beforeHistorySave", {path: path, historyElt: elt});
-                saveToHistoryCache(path, cleanInnerHtmlForHistory(elt), getDocument().title, window.scrollY);
-            }
-
-            if (htmx.config.historyEnabled) history.replaceState({htmx: true}, getDocument().title, window.location.href);
-        }
-
-        function pushUrlIntoHistory(path) {
-            // remove the cache buster parameter, if any
-            if (htmx.config.getCacheBusterParam) {
-                path = path.replace(/org\.htmx\.cache-buster=[^&]*&?/, '')
-                if (endsWith(path, '&') || endsWith(path, "?")) {
-                    path = path.slice(0, -1);
-                }
-            }
-            if(htmx.config.historyEnabled) {
-                history.pushState({htmx:true}, "", path);
-            }
-            currentPathForHistory = path;
-        }
-
-        function replaceUrlInHistory(path) {
-            if(htmx.config.historyEnabled)  history.replaceState({htmx:true}, "", path);
-            currentPathForHistory = path;
-        }
-
-        function settleImmediately(tasks) {
-            forEach(tasks, function (task) {
-                task.call();
-            });
-        }
-
-        function loadHistoryFromServer(path) {
-            var request = new XMLHttpRequest();
-            var details = {path: path, xhr:request};
-            triggerEvent(getDocument().body, "htmx:historyCacheMiss", details);
-            request.open('GET', path, true);
-            request.setRequestHeader("HX-Request", "true");
-            request.setRequestHeader("HX-History-Restore-Request", "true");
-            request.setRequestHeader("HX-Current-URL", getDocument().location.href);
-            request.onload = function () {
-                if (this.status >= 200 && this.status < 400) {
-                    triggerEvent(getDocument().body, "htmx:historyCacheMissLoad", details);
-                    var fragment = makeFragment(this.response);
-                    // @ts-ignore
-                    fragment = fragment.querySelector('[hx-history-elt],[data-hx-history-elt]') || fragment;
-                    var historyElement = getHistoryElement();
-                    var settleInfo = makeSettleInfo(historyElement);
-                    var title = findTitle(this.response);
-                    if (title) {
-                        var titleElt = find("title");
-                        if (titleElt) {
-                            titleElt.innerHTML = title;
-                        } else {
-                            window.document.title = title;
-                        }
-                    }
-                    // @ts-ignore
-                    swapInnerHTML(historyElement, fragment, settleInfo)
-                    settleImmediately(settleInfo.tasks);
-                    currentPathForHistory = path;
-                    triggerEvent(getDocument().body, "htmx:historyRestore", {path: path, cacheMiss:true, serverResponse:this.response});
-                } else {
-                    triggerErrorEvent(getDocument().body, "htmx:historyCacheMissLoadError", details);
-                }
-            };
-            request.send();
-        }
-
-        function restoreHistory(path) {
-            saveCurrentPageToHistory();
-            path = path || location.pathname+location.search;
-            var cached = getCachedHistory(path);
-            if (cached) {
-                var fragment = makeFragment(cached.content);
-                var historyElement = getHistoryElement();
-                var settleInfo = makeSettleInfo(historyElement);
-                swapInnerHTML(historyElement, fragment, settleInfo)
-                settleImmediately(settleInfo.tasks);
-                document.title = cached.title;
-                setTimeout(function () {
-                    window.scrollTo(0, cached.scroll);
-                }, 0); // next 'tick', so browser has time to render layout
-                currentPathForHistory = path;
-                triggerEvent(getDocument().body, "htmx:historyRestore", {path:path, item:cached});
-            } else {
-                if (htmx.config.refreshOnHistoryMiss) {
-
-                    // @ts-ignore: optional parameter in reload() function throws error
-                    window.location.reload(true);
-                } else {
-                    loadHistoryFromServer(path);
-                }
-            }
-        }
-
-        function addRequestIndicatorClasses(elt) {
-            var indicators = findAttributeTargets(elt, 'hx-indicator');
-            if (indicators == null) {
-                indicators = [elt];
-            }
-            forEach(indicators, function (ic) {
-                var internalData = getInternalData(ic);
-                internalData.requestCount = (internalData.requestCount || 0) + 1;
-                ic.classList["add"].call(ic.classList, htmx.config.requestClass);
-            });
-            return indicators;
-        }
-
-        function disableElements(elt) {
-            var disabledElts = findAttributeTargets(elt, 'hx-disabled-elt');
-            if (disabledElts == null) {
-                disabledElts = [];
-            }
-            forEach(disabledElts, function (disabledElement) {
-                var internalData = getInternalData(disabledElement);
-                internalData.requestCount = (internalData.requestCount || 0) + 1;
-                disabledElement.setAttribute("disabled", "");
-            });
-            return disabledElts;
-        }
-
-        function removeRequestIndicators(indicators, disabled) {
-            forEach(indicators, function (ic) {
-                var internalData = getInternalData(ic);
-                internalData.requestCount = (internalData.requestCount || 0) - 1;
-                if (internalData.requestCount === 0) {
-                    ic.classList["remove"].call(ic.classList, htmx.config.requestClass);
-                }
-            });
-            forEach(disabled, function (disabledElement) {
-                var internalData = getInternalData(disabledElement);
-                internalData.requestCount = (internalData.requestCount || 0) - 1;
-                if (internalData.requestCount === 0) {
-                    disabledElement.removeAttribute('disabled');
-                }
-            });
-        }
-
-        //====================================================================
-        // Input Value Processing
-        //====================================================================
-
-        function haveSeenNode(processed, elt) {
-            for (var i = 0; i < processed.length; i++) {
-                var node = processed[i];
-                if (node.isSameNode(elt)) {
-                    return true;
-                }
-            }
-            return false;
-        }
-
-        function shouldInclude(elt) {
-            if(elt.name === "" || elt.name == null || elt.disabled || closest(elt, "fieldset[disabled]")) {
-                return false;
-            }
-            // ignore "submitter" types (see jQuery src/serialize.js)
-            if (elt.type === "button" || elt.type === "submit" || elt.tagName === "image" || elt.tagName === "reset" || elt.tagName === "file" ) {
-                return false;
-            }
-            if (elt.type === "checkbox" || elt.type === "radio" ) {
-                return elt.checked;
-            }
-            return true;
-        }
-
-        function addValueToValues(name, value, values) {
-            // This is a little ugly because both the current value of the named value in the form
-            // and the new value could be arrays, so we have to handle all four cases :/
-            if (name != null && value != null) {
-                var current = values[name];
-                if (current === undefined) {
-                    values[name] = value;
-                } else if (Array.isArray(current)) {
-                    if (Array.isArray(value)) {
-                        values[name] = current.concat(value);
-                    } else {
-                        current.push(value);
-                    }
-                } else {
-                    if (Array.isArray(value)) {
-                        values[name] = [current].concat(value);
-                    } else {
-                        values[name] = [current, value];
-                    }
-                }
-            }
-        }
-
-        function processInputValue(processed, values, errors, elt, validate) {
-            if (elt == null || haveSeenNode(processed, elt)) {
-                return;
-            } else {
-                processed.push(elt);
-            }
-            if (shouldInclude(elt)) {
-                var name = getRawAttribute(elt,"name");
-                var value = elt.value;
-                if (elt.multiple && elt.tagName === "SELECT") {
-                    value = toArray(elt.querySelectorAll("option:checked")).map(function (e) { return e.value });
-                }
-                // include file inputs
-                if (elt.files) {
-                    value = toArray(elt.files);
-                }
-                addValueToValues(name, value, values);
-                if (validate) {
-                    validateElement(elt, errors);
-                }
-            }
-            if (matches(elt, 'form')) {
-                var inputs = elt.elements;
-                forEach(inputs, function(input) {
-                    processInputValue(processed, values, errors, input, validate);
-                });
-            }
-        }
-
-        function validateElement(element, errors) {
-            if (element.willValidate) {
-                triggerEvent(element, "htmx:validation:validate")
-                if (!element.checkValidity()) {
-                    errors.push({elt: element, message:element.validationMessage, validity:element.validity});
-                    triggerEvent(element, "htmx:validation:failed", {message:element.validationMessage, validity:element.validity})
-                }
-            }
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {string} verb
-         */
-        function getInputValues(elt, verb) {
-            var processed = [];
-            var values = {};
-            var formValues = {};
-            var errors = [];
-            var internalData = getInternalData(elt);
-            if (internalData.lastButtonClicked && !bodyContains(internalData.lastButtonClicked)) {
-                internalData.lastButtonClicked = null
-            }
-
-            // only validate when form is directly submitted and novalidate or formnovalidate are not set
-            // or if the element has an explicit hx-validate="true" on it
-            var validate = (matches(elt, 'form') && elt.noValidate !== true) || getAttributeValue(elt, "hx-validate") === "true";
-            if (internalData.lastButtonClicked) {
-                validate = validate && internalData.lastButtonClicked.formNoValidate !== true;
-            }
-
-            // for a non-GET include the closest form
-            if (verb !== 'get') {
-                processInputValue(processed, formValues, errors, closest(elt, 'form'), validate);
-            }
-
-            // include the element itself
-            processInputValue(processed, values, errors, elt, validate);
-
-            // if a button or submit was clicked last, include its value
-            if (internalData.lastButtonClicked || elt.tagName === "BUTTON" ||
-                (elt.tagName === "INPUT" && getRawAttribute(elt, "type") === "submit")) {
-                var button = internalData.lastButtonClicked || elt
-                var name = getRawAttribute(button, "name")
-                addValueToValues(name, button.value, formValues)
-            }
-
-            // include any explicit includes
-            var includes = findAttributeTargets(elt, "hx-include");
-            forEach(includes, function(node) {
-                processInputValue(processed, values, errors, node, validate);
-                // if a non-form is included, include any input values within it
-                if (!matches(node, 'form')) {
-                    forEach(node.querySelectorAll(INPUT_SELECTOR), function (descendant) {
-                        processInputValue(processed, values, errors, descendant, validate);
-                    })
-                }
-            });
-
-            // form values take precedence, overriding the regular values
-            values = mergeObjects(values, formValues);
-
-            return {errors:errors, values:values};
-        }
-
-        function appendParam(returnStr, name, realValue) {
-            if (returnStr !== "") {
-                returnStr += "&";
-            }
-            if (String(realValue) === "[object Object]") {
-                realValue = JSON.stringify(realValue);
-            }
-            var s = encodeURIComponent(realValue);
-            returnStr += encodeURIComponent(name) + "=" + s;
-            return returnStr;
-        }
-
-        function urlEncode(values) {
-            var returnStr = "";
-            for (var name in values) {
-                if (values.hasOwnProperty(name)) {
-                    var value = values[name];
-                    if (Array.isArray(value)) {
-                        forEach(value, function(v) {
-                            returnStr = appendParam(returnStr, name, v);
-                        });
-                    } else {
-                        returnStr = appendParam(returnStr, name, value);
-                    }
-                }
-            }
-            return returnStr;
-        }
-
-        function makeFormData(values) {
-            var formData = new FormData();
-            for (var name in values) {
-                if (values.hasOwnProperty(name)) {
-                    var value = values[name];
-                    if (Array.isArray(value)) {
-                        forEach(value, function(v) {
-                            formData.append(name, v);
-                        });
-                    } else {
-                        formData.append(name, value);
-                    }
-                }
-            }
-            return formData;
-        }
-
-        //====================================================================
-        // Ajax
-        //====================================================================
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {HTMLElement} target
-         * @param {string} prompt
-         * @returns {Object} // TODO: Define/Improve HtmxHeaderSpecification
-         */
-        function getHeaders(elt, target, prompt) {
-            var headers = {
-                "HX-Request" : "true",
-                "HX-Trigger" : getRawAttribute(elt, "id"),
-                "HX-Trigger-Name" : getRawAttribute(elt, "name"),
-                "HX-Target" : getAttributeValue(target, "id"),
-                "HX-Current-URL" : getDocument().location.href,
-            }
-            getValuesForElement(elt, "hx-headers", false, headers)
-            if (prompt !== undefined) {
-                headers["HX-Prompt"] = prompt;
-            }
-            if (getInternalData(elt).boosted) {
-                headers["HX-Boosted"] = "true";
-            }
-            return headers;
-        }
-
-        /**
-         * filterValues takes an object containing form input values
-         * and returns a new object that only contains keys that are
-         * specified by the closest "hx-params" attribute
-         * @param {Object} inputValues
-         * @param {HTMLElement} elt
-         * @returns {Object}
-         */
-        function filterValues(inputValues, elt) {
-            var paramsValue = getClosestAttributeValue(elt, "hx-params");
-            if (paramsValue) {
-                if (paramsValue === "none") {
-                    return {};
-                } else if (paramsValue === "*") {
-                    return inputValues;
-                } else if(paramsValue.indexOf("not ") === 0) {
-                    forEach(paramsValue.substr(4).split(","), function (name) {
-                        name = name.trim();
-                        delete inputValues[name];
-                    });
-                    return inputValues;
-                } else {
-                    var newValues = {}
-                    forEach(paramsValue.split(","), function (name) {
-                        name = name.trim();
-                        newValues[name] = inputValues[name];
-                    });
-                    return newValues;
-                }
-            } else {
-                return inputValues;
-            }
-        }
-
-        function isAnchorLink(elt) {
-          return getRawAttribute(elt, 'href') && getRawAttribute(elt, 'href').indexOf("#") >=0
-        }
-
-        /**
-         *
-         * @param {HTMLElement} elt
-         * @param {string} swapInfoOverride
-         * @returns {import("./htmx").HtmxSwapSpecification}
-         */
-        function getSwapSpecification(elt, swapInfoOverride) {
-            var swapInfo = swapInfoOverride ? swapInfoOverride : getClosestAttributeValue(elt, "hx-swap");
-            var swapSpec = {
-                "swapStyle" : getInternalData(elt).boosted ? 'innerHTML' : htmx.config.defaultSwapStyle,
-                "swapDelay" : htmx.config.defaultSwapDelay,
-                "settleDelay" : htmx.config.defaultSettleDelay
-            }
-            if (htmx.config.scrollIntoViewOnBoost && getInternalData(elt).boosted && !isAnchorLink(elt)) {
-              swapSpec["show"] = "top"
-            }
-            if (swapInfo) {
-                var split = splitOnWhitespace(swapInfo);
-                if (split.length > 0) {
-                    for (var i = 0; i < split.length; i++) {
-                        var value = split[i];
-                        if (value.indexOf("swap:") === 0) {
-                            swapSpec["swapDelay"] = parseInterval(value.substr(5));
-                        } else if (value.indexOf("settle:") === 0) {
-                            swapSpec["settleDelay"] = parseInterval(value.substr(7));
-                        } else if (value.indexOf("transition:") === 0) {
-                            swapSpec["transition"] = value.substr(11) === "true";
-                        } else if (value.indexOf("ignoreTitle:") === 0) {
-                            swapSpec["ignoreTitle"] = value.substr(12) === "true";
-                        } else if (value.indexOf("scroll:") === 0) {
-                            var scrollSpec = value.substr(7);
-                            var splitSpec = scrollSpec.split(":");
-                            var scrollVal = splitSpec.pop();
-                            var selectorVal = splitSpec.length > 0 ? splitSpec.join(":") : null;
-                            swapSpec["scroll"] = scrollVal;
-                            swapSpec["scrollTarget"] = selectorVal;
-                        } else if (value.indexOf("show:") === 0) {
-                            var showSpec = value.substr(5);
-                            var splitSpec = showSpec.split(":");
-                            var showVal = splitSpec.pop();
-                            var selectorVal = splitSpec.length > 0 ? splitSpec.join(":") : null;
-                            swapSpec["show"] = showVal;
-                            swapSpec["showTarget"] = selectorVal;
-                        } else if (value.indexOf("focus-scroll:") === 0) {
-                            var focusScrollVal = value.substr("focus-scroll:".length);
-                            swapSpec["focusScroll"] = focusScrollVal == "true";
-                        } else if (i == 0) {
-                            swapSpec["swapStyle"] = value;
-                        } else {
-                            logError('Unknown modifier in hx-swap: ' + value);
-                        }
-                    }
-                }
-            }
-            return swapSpec;
-        }
-
-        function usesFormData(elt) {
-            return getClosestAttributeValue(elt, "hx-encoding") === "multipart/form-data" ||
-                (matches(elt, "form") && getRawAttribute(elt, 'enctype') === "multipart/form-data");
-        }
-
-        function encodeParamsForBody(xhr, elt, filteredParameters) {
-            var encodedParameters = null;
-            withExtensions(elt, function (extension) {
-                if (encodedParameters == null) {
-                    encodedParameters = extension.encodeParameters(xhr, filteredParameters, elt);
-                }
-            });
-            if (encodedParameters != null) {
-                return encodedParameters;
-            } else {
-                if (usesFormData(elt)) {
-                    return makeFormData(filteredParameters);
-                } else {
-                    return urlEncode(filteredParameters);
-                }
-            }
-        }
-
-        /**
-         *
-         * @param {Element} target
-         * @returns {import("./htmx").HtmxSettleInfo}
-         */
-        function makeSettleInfo(target) {
-            return {tasks: [], elts: [target]};
-        }
-
-        function updateScrollState(content, swapSpec) {
-            var first = content[0];
-            var last = content[content.length - 1];
-            if (swapSpec.scroll) {
-                var target = null;
-                if (swapSpec.scrollTarget) {
-                    target = querySelectorExt(first, swapSpec.scrollTarget);
-                }
-                if (swapSpec.scroll === "top" && (first || target)) {
-                    target = target || first;
-                    target.scrollTop = 0;
-                }
-                if (swapSpec.scroll === "bottom" && (last || target)) {
-                    target = target || last;
-                    target.scrollTop = target.scrollHeight;
-                }
-            }
-            if (swapSpec.show) {
-                var target = null;
-                if (swapSpec.showTarget) {
-                    var targetStr = swapSpec.showTarget;
-                    if (swapSpec.showTarget === "window") {
-                        targetStr = "body";
-                    }
-                    target = querySelectorExt(first, targetStr);
-                }
-                if (swapSpec.show === "top" && (first || target)) {
-                    target = target || first;
-                    target.scrollIntoView({block:'start', behavior: htmx.config.scrollBehavior});
-                }
-                if (swapSpec.show === "bottom" && (last || target)) {
-                    target = target || last;
-                    target.scrollIntoView({block:'end', behavior: htmx.config.scrollBehavior});
-                }
-            }
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {string} attr
-         * @param {boolean=} evalAsDefault
-         * @param {Object=} values
-         * @returns {Object}
-         */
-        function getValuesForElement(elt, attr, evalAsDefault, values) {
-            if (values == null) {
-                values = {};
-            }
-            if (elt == null) {
-                return values;
-            }
-            var attributeValue = getAttributeValue(elt, attr);
-            if (attributeValue) {
-                var str = attributeValue.trim();
-                var evaluateValue = evalAsDefault;
-                if (str === "unset") {
-                    return null;
-                }
-                if (str.indexOf("javascript:") === 0) {
-                    str = str.substr(11);
-                    evaluateValue = true;
-                } else if (str.indexOf("js:") === 0) {
-                    str = str.substr(3);
-                    evaluateValue = true;
-                }
-                if (str.indexOf('{') !== 0) {
-                    str = "{" + str + "}";
-                }
-                var varsValues;
-                if (evaluateValue) {
-                    varsValues = maybeEval(elt,function () {return Function("return (" + str + ")")();}, {});
-                } else {
-                    varsValues = parseJSON(str);
-                }
-                for (var key in varsValues) {
-                    if (varsValues.hasOwnProperty(key)) {
-                        if (values[key] == null) {
-                            values[key] = varsValues[key];
-                        }
-                    }
-                }
-            }
-            return getValuesForElement(parentElt(elt), attr, evalAsDefault, values);
-        }
-
-        function maybeEval(elt, toEval, defaultVal) {
-            if (htmx.config.allowEval) {
-                return toEval();
-            } else {
-                triggerErrorEvent(elt, 'htmx:evalDisallowedError');
-                return defaultVal;
-            }
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {*} expressionVars
-         * @returns
-         */
-        function getHXVarsForElement(elt, expressionVars) {
-            return getValuesForElement(elt, "hx-vars", true, expressionVars);
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @param {*} expressionVars
-         * @returns
-         */
-        function getHXValsForElement(elt, expressionVars) {
-            return getValuesForElement(elt, "hx-vals", false, expressionVars);
-        }
-
-        /**
-         * @param {HTMLElement} elt
-         * @returns {Object}
-         */
-        function getExpressionVars(elt) {
-            return mergeObjects(getHXVarsForElement(elt), getHXValsForElement(elt));
-        }
-
-        function safelySetHeaderValue(xhr, header, headerValue) {
-            if (headerValue !== null) {
-                try {
-                    xhr.setRequestHeader(header, headerValue);
-                } catch (e) {
-                    // On an exception, try to set the header URI encoded instead
-                    xhr.setRequestHeader(header, encodeURIComponent(headerValue));
-                    xhr.setRequestHeader(header + "-URI-AutoEncoded", "true");
-                }
-            }
-        }
-
-        function getPathFromResponse(xhr) {
-            // NB: IE11 does not support this stuff
-            if (xhr.responseURL && typeof(URL) !== "undefined") {
-                try {
-                    var url = new URL(xhr.responseURL);
-                    return url.pathname + url.search;
-                } catch (e) {
-                    triggerErrorEvent(getDocument().body, "htmx:badResponseUrl", {url: xhr.responseURL});
-                }
-            }
-        }
-
-        function hasHeader(xhr, regexp) {
-            return regexp.test(xhr.getAllResponseHeaders())
-        }
-
-        function ajaxHelper(verb, path, context) {
-            verb = verb.toLowerCase();
-            if (context) {
-                if (context instanceof Element || isType(context, 'String')) {
-                    return issueAjaxRequest(verb, path, null, null, {
-                        targetOverride: resolveTarget(context),
-                        returnPromise: true
-                    });
-                } else {
-                    return issueAjaxRequest(verb, path, resolveTarget(context.source), context.event,
-                        {
-                            handler : context.handler,
-                            headers : context.headers,
-                            values : context.values,
-                            targetOverride: resolveTarget(context.target),
-                            swapOverride: context.swap,
-                            select: context.select,
-                            returnPromise: true
-                        });
-                }
-            } else {
-                return issueAjaxRequest(verb, path, null, null, {
-                        returnPromise: true
-                });
-            }
-        }
-
-        function hierarchyForElt(elt) {
-            var arr = [];
-            while (elt) {
-                arr.push(elt);
-                elt = elt.parentElement;
-            }
-            return arr;
-        }
-
-        function verifyPath(elt, path, requestConfig) {
-            var sameHost
-            var url
-            if (typeof URL === "function") {
-                url = new URL(path, document.location.href);
-                var origin = document.location.origin;
-                sameHost = origin === url.origin;
-            } else {
-                // IE11 doesn't support URL
-                url = path
-                sameHost = startsWith(path, document.location.origin)
-            }
-
-            if (htmx.config.selfRequestsOnly) {
-                if (!sameHost) {
-                    return false;
-                }
-            }
-            return triggerEvent(elt, "htmx:validateUrl", mergeObjects({url: url, sameHost: sameHost}, requestConfig));
-        }
-
-        function issueAjaxRequest(verb, path, elt, event, etc, confirmed) {
-            var resolve = null;
-            var reject = null;
-            etc = etc != null ? etc : {};
-            if(etc.returnPromise && typeof Promise !== "undefined"){
-                var promise = new Promise(function (_resolve, _reject) {
-                    resolve = _resolve;
-                    reject = _reject;
-                });
-            }
-            if(elt == null) {
-                elt = getDocument().body;
-            }
-            var responseHandler = etc.handler || handleAjaxResponse;
-            var select = etc.select || null;
-
-            if (!bodyContains(elt)) {
-                // do not issue requests for elements removed from the DOM
-                maybeCall(resolve);
-                return promise;
-            }
-            var target = etc.targetOverride || getTarget(elt);
-            if (target == null || target == DUMMY_ELT) {
-                triggerErrorEvent(elt, 'htmx:targetError', {target: getAttributeValue(elt, "hx-target")});
-                maybeCall(reject);
-                return promise;
-            }
-
-            var eltData = getInternalData(elt);
-            var submitter = eltData.lastButtonClicked;
-
-            if (submitter) {
-                var buttonPath = getRawAttribute(submitter, "formaction");
-                if (buttonPath != null) {
-                    path = buttonPath;
-                }
-
-                var buttonVerb = getRawAttribute(submitter, "formmethod")
-                if (buttonVerb != null) {
-                    // ignore buttons with formmethod="dialog"
-                    if (buttonVerb.toLowerCase() !== "dialog") {
-                        verb = buttonVerb;
-                    }
-                }
-            }
-
-            var confirmQuestion = getClosestAttributeValue(elt, "hx-confirm");
-            // allow event-based confirmation w/ a callback
-            if (confirmed === undefined) {
-                var issueRequest = function(skipConfirmation) {
-                    return issueAjaxRequest(verb, path, elt, event, etc, !!skipConfirmation);
-                }
-                var confirmDetails = {target: target, elt: elt, path: path, verb: verb, triggeringEvent: event, etc: etc, issueRequest: issueRequest, question: confirmQuestion};
-                if (triggerEvent(elt, 'htmx:confirm', confirmDetails) === false) {
-                    maybeCall(resolve);
-                    return promise;
-                }
-            }
-
-            var syncElt = elt;
-            var syncStrategy = getClosestAttributeValue(elt, "hx-sync");
-            var queueStrategy = null;
-            var abortable = false;
-            if (syncStrategy) {
-                var syncStrings = syncStrategy.split(":");
-                var selector = syncStrings[0].trim();
-                if (selector === "this") {
-                    syncElt = findThisElement(elt, 'hx-sync');
-                } else {
-                    syncElt = querySelectorExt(elt, selector);
-                }
-                // default to the drop strategy
-                syncStrategy = (syncStrings[1] || 'drop').trim();
-                eltData = getInternalData(syncElt);
-                if (syncStrategy === "drop" && eltData.xhr && eltData.abortable !== true) {
-                    maybeCall(resolve);
-                    return promise;
-                } else if (syncStrategy === "abort") {
-                    if (eltData.xhr) {
-                        maybeCall(resolve);
-                        return promise;
-                    } else {
-                        abortable = true;
-                    }
-                } else if (syncStrategy === "replace") {
-                    triggerEvent(syncElt, 'htmx:abort'); // abort the current request and continue
-                } else if (syncStrategy.indexOf("queue") === 0) {
-                    var queueStrArray = syncStrategy.split(" ");
-                    queueStrategy = (queueStrArray[1] || "last").trim();
-                }
-            }
-
-            if (eltData.xhr) {
-                if (eltData.abortable) {
-                    triggerEvent(syncElt, 'htmx:abort'); // abort the current request and continue
-                } else {
-                    if(queueStrategy == null){
-                        if (event) {
-                            var eventData = getInternalData(event);
-                            if (eventData && eventData.triggerSpec && eventData.triggerSpec.queue) {
-                                queueStrategy = eventData.triggerSpec.queue;
-                            }
-                        }
-                        if (queueStrategy == null) {
-                            queueStrategy = "last";
-                        }
-                    }
-                    if (eltData.queuedRequests == null) {
-                        eltData.queuedRequests = [];
-                    }
-                    if (queueStrategy === "first" && eltData.queuedRequests.length === 0) {
-                        eltData.queuedRequests.push(function () {
-                            issueAjaxRequest(verb, path, elt, event, etc)
-                        });
-                    } else if (queueStrategy === "all") {
-                        eltData.queuedRequests.push(function () {
-                            issueAjaxRequest(verb, path, elt, event, etc)
-                        });
-                    } else if (queueStrategy === "last") {
-                        eltData.queuedRequests = []; // dump existing queue
-                        eltData.queuedRequests.push(function () {
-                            issueAjaxRequest(verb, path, elt, event, etc)
-                        });
-                    }
-                    maybeCall(resolve);
-                    return promise;
-                }
-            }
-
-            var xhr = new XMLHttpRequest();
-            eltData.xhr = xhr;
-            eltData.abortable = abortable;
-            var endRequestLock = function(){
-                eltData.xhr = null;
-                eltData.abortable = false;
-                if (eltData.queuedRequests != null &&
-                    eltData.queuedRequests.length > 0) {
-                    var queuedRequest = eltData.queuedRequests.shift();
-                    queuedRequest();
-                }
-            }
-            var promptQuestion = getClosestAttributeValue(elt, "hx-prompt");
-            if (promptQuestion) {
-                var promptResponse = prompt(promptQuestion);
-                // prompt returns null if cancelled and empty string if accepted with no entry
-                if (promptResponse === null ||
-                    !triggerEvent(elt, 'htmx:prompt', {prompt: promptResponse, target:target})) {
-                    maybeCall(resolve);
-                    endRequestLock();
-                    return promise;
-                }
-            }
-
-            if (confirmQuestion && !confirmed) {
-                if(!confirm(confirmQuestion)) {
-                    maybeCall(resolve);
-                    endRequestLock()
-                    return promise;
-                }
-            }
-
-
-            var headers = getHeaders(elt, target, promptResponse);
-
-            if (verb !== 'get' && !usesFormData(elt)) {
-                headers['Content-Type'] = 'application/x-www-form-urlencoded';
-            }
-
-            if (etc.headers) {
-                headers = mergeObjects(headers, etc.headers);
-            }
-            var results = getInputValues(elt, verb);
-            var errors = results.errors;
-            var rawParameters = results.values;
-            if (etc.values) {
-                rawParameters = mergeObjects(rawParameters, etc.values);
-            }
-            var expressionVars = getExpressionVars(elt);
-            var allParameters = mergeObjects(rawParameters, expressionVars);
-            var filteredParameters = filterValues(allParameters, elt);
-
-            if (htmx.config.getCacheBusterParam && verb === 'get') {
-                filteredParameters['org.htmx.cache-buster'] = getRawAttribute(target, "id") || "true";
-            }
-
-            // behavior of anchors w/ empty href is to use the current URL
-            if (path == null || path === "") {
-                path = getDocument().location.href;
-            }
-
-
-            var requestAttrValues = getValuesForElement(elt, 'hx-request');
-
-            var eltIsBoosted = getInternalData(elt).boosted;
-
-            var useUrlParams = htmx.config.methodsThatUseUrlParams.indexOf(verb) >= 0
-
-            var requestConfig = {
-                boosted: eltIsBoosted,
-                useUrlParams: useUrlParams,
-                parameters: filteredParameters,
-                unfilteredParameters: allParameters,
-                headers:headers,
-                target:target,
-                verb:verb,
-                errors:errors,
-                withCredentials: etc.credentials || requestAttrValues.credentials || htmx.config.withCredentials,
-                timeout:  etc.timeout || requestAttrValues.timeout || htmx.config.timeout,
-                path:path,
-                triggeringEvent:event
-            };
-
-            if(!triggerEvent(elt, 'htmx:configRequest', requestConfig)){
-                maybeCall(resolve);
-                endRequestLock();
-                return promise;
-            }
-
-            // copy out in case the object was overwritten
-            path = requestConfig.path;
-            verb = requestConfig.verb;
-            headers = requestConfig.headers;
-            filteredParameters = requestConfig.parameters;
-            errors = requestConfig.errors;
-            useUrlParams = requestConfig.useUrlParams;
-
-            if(errors && errors.length > 0){
-                triggerEvent(elt, 'htmx:validation:halted', requestConfig)
-                maybeCall(resolve);
-                endRequestLock();
-                return promise;
-            }
-
-            var splitPath = path.split("#");
-            var pathNoAnchor = splitPath[0];
-            var anchor = splitPath[1];
-
-            var finalPath = path
-            if (useUrlParams) {
-                finalPath = pathNoAnchor;
-                var values = Object.keys(filteredParameters).length !== 0;
-                if (values) {
-                    if (finalPath.indexOf("?") < 0) {
-                        finalPath += "?";
-                    } else {
-                        finalPath += "&";
-                    }
-                    finalPath += urlEncode(filteredParameters);
-                    if (anchor) {
-                        finalPath += "#" + anchor;
-                    }
-                }
-            }
-
-            if (!verifyPath(elt, finalPath, requestConfig)) {
-                triggerErrorEvent(elt, 'htmx:invalidPath', requestConfig)
-                maybeCall(reject);
-                return promise;
-            };
-
-            xhr.open(verb.toUpperCase(), finalPath, true);
-            xhr.overrideMimeType("text/html");
-            xhr.withCredentials = requestConfig.withCredentials;
-            xhr.timeout = requestConfig.timeout;
-
-            // request headers
-            if (requestAttrValues.noHeaders) {
-                // ignore all headers
-            } else {
-                for (var header in headers) {
-                    if (headers.hasOwnProperty(header)) {
-                        var headerValue = headers[header];
-                        safelySetHeaderValue(xhr, header, headerValue);
-                    }
-                }
-            }
-
-            var responseInfo = {
-                xhr: xhr, target: target, requestConfig: requestConfig, etc: etc, boosted: eltIsBoosted, select: select,
-                pathInfo: {
-                    requestPath: path,
-                    finalRequestPath: finalPath,
-                    anchor: anchor
-                }
-            };
-
-            xhr.onload = function () {
-                try {
-                    var hierarchy = hierarchyForElt(elt);
-                    responseInfo.pathInfo.responsePath = getPathFromResponse(xhr);
-                    responseHandler(elt, responseInfo);
-                    removeRequestIndicators(indicators, disableElts);
-                    triggerEvent(elt, 'htmx:afterRequest', responseInfo);
-                    triggerEvent(elt, 'htmx:afterOnLoad', responseInfo);
-                    // if the body no longer contains the element, trigger the event on the closest parent
-                    // remaining in the DOM
-                    if (!bodyContains(elt)) {
-                        var secondaryTriggerElt = null;
-                        while (hierarchy.length > 0 && secondaryTriggerElt == null) {
-                            var parentEltInHierarchy = hierarchy.shift();
-                            if (bodyContains(parentEltInHierarchy)) {
-                                secondaryTriggerElt = parentEltInHierarchy;
-                            }
-                        }
-                        if (secondaryTriggerElt) {
-                            triggerEvent(secondaryTriggerElt, 'htmx:afterRequest', responseInfo);
-                            triggerEvent(secondaryTriggerElt, 'htmx:afterOnLoad', responseInfo);
-                        }
-                    }
-                    maybeCall(resolve);
-                    endRequestLock();
-                } catch (e) {
-                    triggerErrorEvent(elt, 'htmx:onLoadError', mergeObjects({error:e}, responseInfo));
-                    throw e;
-                }
-            }
-            xhr.onerror = function () {
-                removeRequestIndicators(indicators, disableElts);
-                triggerErrorEvent(elt, 'htmx:afterRequest', responseInfo);
-                triggerErrorEvent(elt, 'htmx:sendError', responseInfo);
-                maybeCall(reject);
-                endRequestLock();
-            }
-            xhr.onabort = function() {
-                removeRequestIndicators(indicators, disableElts);
-                triggerErrorEvent(elt, 'htmx:afterRequest', responseInfo);
-                triggerErrorEvent(elt, 'htmx:sendAbort', responseInfo);
-                maybeCall(reject);
-                endRequestLock();
-            }
-            xhr.ontimeout = function() {
-                removeRequestIndicators(indicators, disableElts);
-                triggerErrorEvent(elt, 'htmx:afterRequest', responseInfo);
-                triggerErrorEvent(elt, 'htmx:timeout', responseInfo);
-                maybeCall(reject);
-                endRequestLock();
-            }
-            if(!triggerEvent(elt, 'htmx:beforeRequest', responseInfo)){
-                maybeCall(resolve);
-                endRequestLock()
-                return promise
-            }
-            var indicators = addRequestIndicatorClasses(elt);
-            var disableElts = disableElements(elt);
-
-            forEach(['loadstart', 'loadend', 'progress', 'abort'], function(eventName) {
-                forEach([xhr, xhr.upload], function (target) {
-                    target.addEventListener(eventName, function(event){
-                        triggerEvent(elt, "htmx:xhr:" + eventName, {
-                            lengthComputable:event.lengthComputable,
-                            loaded:event.loaded,
-                            total:event.total
-                        });
-                    })
-                });
-            });
-            triggerEvent(elt, 'htmx:beforeSend', responseInfo);
-            var params = useUrlParams ? null : encodeParamsForBody(xhr, elt, filteredParameters)
-            xhr.send(params);
-            return promise;
-        }
-
-        function determineHistoryUpdates(elt, responseInfo) {
-
-            var xhr = responseInfo.xhr;
-
-            //===========================================
-            // First consult response headers
-            //===========================================
-            var pathFromHeaders = null;
-            var typeFromHeaders = null;
-            if (hasHeader(xhr,/HX-Push:/i)) {
-                pathFromHeaders = xhr.getResponseHeader("HX-Push");
-                typeFromHeaders = "push";
-            } else if (hasHeader(xhr,/HX-Push-Url:/i)) {
-                pathFromHeaders = xhr.getResponseHeader("HX-Push-Url");
-                typeFromHeaders = "push";
-            } else if (hasHeader(xhr,/HX-Replace-Url:/i)) {
-                pathFromHeaders = xhr.getResponseHeader("HX-Replace-Url");
-                typeFromHeaders = "replace";
-            }
-
-            // if there was a response header, that has priority
-            if (pathFromHeaders) {
-                if (pathFromHeaders === "false") {
-                    return {}
-                } else {
-                    return {
-                        type: typeFromHeaders,
-                        path : pathFromHeaders
-                    }
-                }
-            }
-
-            //===========================================
-            // Next resolve via DOM values
-            //===========================================
-            var requestPath =  responseInfo.pathInfo.finalRequestPath;
-            var responsePath =  responseInfo.pathInfo.responsePath;
-
-            var pushUrl = getClosestAttributeValue(elt, "hx-push-url");
-            var replaceUrl = getClosestAttributeValue(elt, "hx-replace-url");
-            var elementIsBoosted = getInternalData(elt).boosted;
-
-            var saveType = null;
-            var path = null;
-
-            if (pushUrl) {
-                saveType = "push";
-                path = pushUrl;
-            } else if (replaceUrl) {
-                saveType = "replace";
-                path = replaceUrl;
-            } else if (elementIsBoosted) {
-                saveType = "push";
-                path = responsePath || requestPath; // if there is no response path, go with the original request path
-            }
-
-            if (path) {
-                // false indicates no push, return empty object
-                if (path === "false") {
-                    return {};
-                }
-
-                // true indicates we want to follow wherever the server ended up sending us
-                if (path === "true") {
-                    path = responsePath || requestPath; // if there is no response path, go with the original request path
-                }
-
-                // restore any anchor associated with the request
-                if (responseInfo.pathInfo.anchor &&
-                    path.indexOf("#") === -1) {
-                    path = path + "#" + responseInfo.pathInfo.anchor;
-                }
-
-                return {
-                    type:saveType,
-                    path: path
-                }
-            } else {
-                return {};
-            }
-        }
-
-        function handleAjaxResponse(elt, responseInfo) {
-            var xhr = responseInfo.xhr;
-            var target = responseInfo.target;
-            var etc = responseInfo.etc;
-            var requestConfig = responseInfo.requestConfig;
-            var select = responseInfo.select;
-
-            if (!triggerEvent(elt, 'htmx:beforeOnLoad', responseInfo)) return;
-
-            if (hasHeader(xhr, /HX-Trigger:/i)) {
-                handleTrigger(xhr, "HX-Trigger", elt);
-            }
-
-            if (hasHeader(xhr, /HX-Location:/i)) {
-                saveCurrentPageToHistory();
-                var redirectPath = xhr.getResponseHeader("HX-Location");
-                var swapSpec;
-                if (redirectPath.indexOf("{") === 0) {
-                    swapSpec = parseJSON(redirectPath);
-                    // what's the best way to throw an error if the user didn't include this
-                    redirectPath = swapSpec['path'];
-                    delete swapSpec['path'];
-                }
-                ajaxHelper('GET', redirectPath, swapSpec).then(function(){
-                    pushUrlIntoHistory(redirectPath);
-                });
-                return;
-            }
-
-            var shouldRefresh = hasHeader(xhr, /HX-Refresh:/i) && "true" === xhr.getResponseHeader("HX-Refresh");
-
-            if (hasHeader(xhr, /HX-Redirect:/i)) {
-                location.href = xhr.getResponseHeader("HX-Redirect");
-                shouldRefresh && location.reload();
-                return;
-            }
-
-            if (shouldRefresh) {
-                location.reload();
-                return;
-            }
-
-            if (hasHeader(xhr,/HX-Retarget:/i)) {
-                if (xhr.getResponseHeader("HX-Retarget") === "this") {
-                    responseInfo.target = elt;
-                } else {
-                    responseInfo.target = querySelectorExt(elt, xhr.getResponseHeader("HX-Retarget"));
-                }
-            }
-
-            var historyUpdate = determineHistoryUpdates(elt, responseInfo);
-
-            // by default htmx only swaps on 200 return codes and does not swap
-            // on 204 'No Content'
-            // this can be ovverriden by responding to the htmx:beforeSwap event and
-            // overriding the detail.shouldSwap property
-            var shouldSwap = xhr.status >= 200 && xhr.status < 400 && xhr.status !== 204;
-            var serverResponse = xhr.response;
-            var isError = xhr.status >= 400;
-            var ignoreTitle = htmx.config.ignoreTitle
-            var beforeSwapDetails = mergeObjects({shouldSwap: shouldSwap, serverResponse:serverResponse, isError:isError, ignoreTitle:ignoreTitle }, responseInfo);
-            if (!triggerEvent(target, 'htmx:beforeSwap', beforeSwapDetails)) return;
-
-            target = beforeSwapDetails.target; // allow re-targeting
-            serverResponse = beforeSwapDetails.serverResponse; // allow updating content
-            isError = beforeSwapDetails.isError; // allow updating error
-            ignoreTitle = beforeSwapDetails.ignoreTitle; // allow updating ignoring title
-
-            responseInfo.target = target; // Make updated target available to response events
-            responseInfo.failed = isError; // Make failed property available to response events
-            responseInfo.successful = !isError; // Make successful property available to response events
-
-            if (beforeSwapDetails.shouldSwap) {
-                if (xhr.status === 286) {
-                    cancelPolling(elt);
-                }
-
-                withExtensions(elt, function (extension) {
-                    serverResponse = extension.transformResponse(serverResponse, xhr, elt);
-                });
-
-                // Save current page if there will be a history update
-                if (historyUpdate.type) {
-                    saveCurrentPageToHistory();
-                }
-
-                var swapOverride = etc.swapOverride;
-                if (hasHeader(xhr,/HX-Reswap:/i)) {
-                    swapOverride = xhr.getResponseHeader("HX-Reswap");
-                }
-                var swapSpec = getSwapSpecification(elt, swapOverride);
-
-                if (swapSpec.hasOwnProperty('ignoreTitle')) {
-                    ignoreTitle = swapSpec.ignoreTitle;
-                }
-
-                target.classList.add(htmx.config.swappingClass);
-
-                // optional transition API promise callbacks
-                var settleResolve = null;
-                var settleReject = null;
-
-                var doSwap = function () {
-                    try {
-                        var activeElt = document.activeElement;
-                        var selectionInfo = {};
-                        try {
-                            selectionInfo = {
-                                elt: activeElt,
-                                // @ts-ignore
-                                start: activeElt ? activeElt.selectionStart : null,
-                                // @ts-ignore
-                                end: activeElt ? activeElt.selectionEnd : null
-                            };
-                        } catch (e) {
-                            // safari issue - see https://github.com/microsoft/playwright/issues/5894
-                        }
-
-                        var selectOverride;
-                        if (select) {
-                            selectOverride = select;
-                        }
-
-                        if (hasHeader(xhr, /HX-Reselect:/i)) {
-                            selectOverride = xhr.getResponseHeader("HX-Reselect");
-                        }
-
-                        // if we need to save history, do so, before swapping so that relative resources have the correct base URL
-                        if (historyUpdate.type) {
-                            triggerEvent(getDocument().body, 'htmx:beforeHistoryUpdate', mergeObjects({ history: historyUpdate }, responseInfo));
-                            if (historyUpdate.type === "push") {
-                                pushUrlIntoHistory(historyUpdate.path);
-                                triggerEvent(getDocument().body, 'htmx:pushedIntoHistory', {path: historyUpdate.path});
-                            } else {
-                                replaceUrlInHistory(historyUpdate.path);
-                                triggerEvent(getDocument().body, 'htmx:replacedInHistory', {path: historyUpdate.path});
-                            }
-                        }
-
-                        var settleInfo = makeSettleInfo(target);
-                        selectAndSwap(swapSpec.swapStyle, target, elt, serverResponse, settleInfo, selectOverride);
-
-                        if (selectionInfo.elt &&
-                            !bodyContains(selectionInfo.elt) &&
-                            getRawAttribute(selectionInfo.elt, "id")) {
-                            var newActiveElt = document.getElementById(getRawAttribute(selectionInfo.elt, "id"));
-                            var focusOptions = { preventScroll: swapSpec.focusScroll !== undefined ? !swapSpec.focusScroll : !htmx.config.defaultFocusScroll };
-                            if (newActiveElt) {
-                                // @ts-ignore
-                                if (selectionInfo.start && newActiveElt.setSelectionRange) {
-                                    // @ts-ignore
-                                    try {
-                                        newActiveElt.setSelectionRange(selectionInfo.start, selectionInfo.end);
-                                    } catch (e) {
-                                        // the setSelectionRange method is present on fields that don't support it, so just let this fail
-                                    }
-                                }
-                                newActiveElt.focus(focusOptions);
-                            }
-                        }
-
-                        target.classList.remove(htmx.config.swappingClass);
-                        forEach(settleInfo.elts, function (elt) {
-                            if (elt.classList) {
-                                elt.classList.add(htmx.config.settlingClass);
-                            }
-                            triggerEvent(elt, 'htmx:afterSwap', responseInfo);
-                        });
-
-                        if (hasHeader(xhr, /HX-Trigger-After-Swap:/i)) {
-                            var finalElt = elt;
-                            if (!bodyContains(elt)) {
-                                finalElt = getDocument().body;
-                            }
-                            handleTrigger(xhr, "HX-Trigger-After-Swap", finalElt);
-                        }
-
-                        var doSettle = function () {
-                            forEach(settleInfo.tasks, function (task) {
-                                task.call();
-                            });
-                            forEach(settleInfo.elts, function (elt) {
-                                if (elt.classList) {
-                                    elt.classList.remove(htmx.config.settlingClass);
-                                }
-                                triggerEvent(elt, 'htmx:afterSettle', responseInfo);
-                            });
-
-                            if (responseInfo.pathInfo.anchor) {
-                                var anchorTarget = getDocument().getElementById(responseInfo.pathInfo.anchor);
-                                if(anchorTarget) {
-                                    anchorTarget.scrollIntoView({block:'start', behavior: "auto"});
-                                }
-                            }
-
-                            if(settleInfo.title && !ignoreTitle) {
-                                var titleElt = find("title");
-                                if(titleElt) {
-                                    titleElt.innerHTML = settleInfo.title;
-                                } else {
-                                    window.document.title = settleInfo.title;
-                                }
-                            }
-
-                            updateScrollState(settleInfo.elts, swapSpec);
-
-                            if (hasHeader(xhr, /HX-Trigger-After-Settle:/i)) {
-                                var finalElt = elt;
-                                if (!bodyContains(elt)) {
-                                    finalElt = getDocument().body;
-                                }
-                                handleTrigger(xhr, "HX-Trigger-After-Settle", finalElt);
-                            }
-                            maybeCall(settleResolve);
-                        }
-
-                        if (swapSpec.settleDelay > 0) {
-                            setTimeout(doSettle, swapSpec.settleDelay)
-                        } else {
-                            doSettle();
-                        }
-                    } catch (e) {
-                        triggerErrorEvent(elt, 'htmx:swapError', responseInfo);
-                        maybeCall(settleReject);
-                        throw e;
-                    }
-                };
-
-                var shouldTransition = htmx.config.globalViewTransitions
-                if(swapSpec.hasOwnProperty('transition')){
-                    shouldTransition = swapSpec.transition;
-                }
-
-                if(shouldTransition &&
-                    triggerEvent(elt, 'htmx:beforeTransition', responseInfo) &&
-                    typeof Promise !== "undefined" && document.startViewTransition){
-                    var settlePromise = new Promise(function (_resolve, _reject) {
-                        settleResolve = _resolve;
-                        settleReject = _reject;
-                    });
-                    // wrap the original doSwap() in a call to startViewTransition()
-                    var innerDoSwap = doSwap;
-                    doSwap = function() {
-                        document.startViewTransition(function () {
-                            innerDoSwap();
-                            return settlePromise;
-                        });
-                    }
-                }
-
-
-                if (swapSpec.swapDelay > 0) {
-                    setTimeout(doSwap, swapSpec.swapDelay)
-                } else {
-                    doSwap();
-                }
-            }
-            if (isError) {
-                triggerErrorEvent(elt, 'htmx:responseError', mergeObjects({error: "Response Status Error Code " + xhr.status + " from " + responseInfo.pathInfo.requestPath}, responseInfo));
-            }
-        }
-
-        //====================================================================
-        // Extensions API
-        //====================================================================
-
-        /** @type {Object<string, import("./htmx").HtmxExtension>} */
-        var extensions = {};
-
-        /**
-         * extensionBase defines the default functions for all extensions.
-         * @returns {import("./htmx").HtmxExtension}
-         */
-        function extensionBase() {
-            return {
-                init: function(api) {return null;},
-                onEvent : function(name, evt) {return true;},
-                transformResponse : function(text, xhr, elt) {return text;},
-                isInlineSwap : function(swapStyle) {return false;},
-                handleSwap : function(swapStyle, target, fragment, settleInfo) {return false;},
-                encodeParameters : function(xhr, parameters, elt) {return null;}
-            }
-        }
-
-        /**
-         * defineExtension initializes the extension and adds it to the htmx registry
-         *
-         * @param {string} name
-         * @param {import("./htmx").HtmxExtension} extension
-         */
-        function defineExtension(name, extension) {
-            if(extension.init) {
-                extension.init(internalAPI)
-            }
-            extensions[name] = mergeObjects(extensionBase(), extension);
-        }
-
-        /**
-         * removeExtension removes an extension from the htmx registry
-         *
-         * @param {string} name
-         */
-        function removeExtension(name) {
-            delete extensions[name];
-        }
-
-        /**
-         * getExtensions searches up the DOM tree to return all extensions that can be applied to a given element
-         *
-         * @param {HTMLElement} elt
-         * @param {import("./htmx").HtmxExtension[]=} extensionsToReturn
-         * @param {import("./htmx").HtmxExtension[]=} extensionsToIgnore
-         */
-         function getExtensions(elt, extensionsToReturn, extensionsToIgnore) {
-
-            if (elt == undefined) {
-                return extensionsToReturn;
-            }
-            if (extensionsToReturn == undefined) {
-                extensionsToReturn = [];
-            }
-            if (extensionsToIgnore == undefined) {
-                extensionsToIgnore = [];
-            }
-            var extensionsForElement = getAttributeValue(elt, "hx-ext");
-            if (extensionsForElement) {
-                forEach(extensionsForElement.split(","), function(extensionName){
-                    extensionName = extensionName.replace(/ /g, '');
-                    if (extensionName.slice(0, 7) == "ignore:") {
-                        extensionsToIgnore.push(extensionName.slice(7));
-                        return;
-                    }
-                    if (extensionsToIgnore.indexOf(extensionName) < 0) {
-                        var extension = extensions[extensionName];
-                        if (extension && extensionsToReturn.indexOf(extension) < 0) {
-                            extensionsToReturn.push(extension);
-                        }
-                    }
-                });
-            }
-            return getExtensions(parentElt(elt), extensionsToReturn, extensionsToIgnore);
-        }
-
-        //====================================================================
-        // Initialization
-        //====================================================================
-        var isReady = false
-        getDocument().addEventListener('DOMContentLoaded', function() {
-            isReady = true
-        })
-
-        /**
-         * Execute a function now if DOMContentLoaded has fired, otherwise listen for it.
-         *
-         * This function uses isReady because there is no realiable way to ask the browswer whether
-         * the DOMContentLoaded event has already been fired; there's a gap between DOMContentLoaded
-         * firing and readystate=complete.
-         */
-        function ready(fn) {
-            // Checking readyState here is a failsafe in case the htmx script tag entered the DOM by
-            // some means other than the initial page load.
-            if (isReady || getDocument().readyState === 'complete') {
-                fn();
-            } else {
-                getDocument().addEventListener('DOMContentLoaded', fn);
-            }
-        }
-
-        function insertIndicatorStyles() {
-            if (htmx.config.includeIndicatorStyles !== false) {
-                getDocument().head.insertAdjacentHTML("beforeend",
-                    "<style>\
-                      ." + htmx.config.indicatorClass + "{opacity:0}\
-                      ." + htmx.config.requestClass + " ." + htmx.config.indicatorClass + "{opacity:1; transition: opacity 200ms ease-in;}\
-                      ." + htmx.config.requestClass + "." + htmx.config.indicatorClass + "{opacity:1; transition: opacity 200ms ease-in;}\
-                    </style>");
-            }
-        }
-
-        function getMetaConfig() {
-            var element = getDocument().querySelector('meta[name="htmx-config"]');
-            if (element) {
-                // @ts-ignore
-                return parseJSON(element.content);
-            } else {
-                return null;
-            }
-        }
-
-        function mergeMetaConfig() {
-            var metaConfig = getMetaConfig();
-            if (metaConfig) {
-                htmx.config = mergeObjects(htmx.config , metaConfig)
-            }
-        }
-
-        // initialize the document
-        ready(function () {
-            mergeMetaConfig();
-            insertIndicatorStyles();
-            var body = getDocument().body;
-            processNode(body);
-            var restoredElts = getDocument().querySelectorAll(
-                "[hx-trigger='restored'],[data-hx-trigger='restored']"
-            );
-            body.addEventListener("htmx:abort", function (evt) {
-                var target = evt.target;
-                var internalData = getInternalData(target);
-                if (internalData && internalData.xhr) {
-                    internalData.xhr.abort();
-                }
-            });
-            /** @type {(ev: PopStateEvent) => any} */
-            const originalPopstate = window.onpopstate ? window.onpopstate.bind(window) : null;
-            /** @type {(ev: PopStateEvent) => any} */
-            window.onpopstate = function (event) {
-                if (event.state && event.state.htmx) {
-                    restoreHistory();
-                    forEach(restoredElts, function(elt){
-                        triggerEvent(elt, 'htmx:restored', {
-                            'document': getDocument(),
-                            'triggerEvent': triggerEvent
-                        });
-                    });
-                } else {
-                    if (originalPopstate) {
-                        originalPopstate(event);
-                    }
-                }
-            };
-            setTimeout(function () {
-                triggerEvent(body, 'htmx:load', {}); // give ready handlers a chance to load up before firing this event
-                body = null; // kill reference for gc
-            }, 0);
-        })
-
-        return htmx;
-    }
-)()
-}));
diff --git a/server/core/static/external/htmx.min.1.9.2.js b/server/core/static/external/htmx.min.1.9.2.js
deleted file mode 100644
index f889d0ea5..000000000
--- a/server/core/static/external/htmx.min.1.9.2.js
+++ /dev/null
@@ -1 +0,0 @@
-(function(e,t){if(typeof define==="function"&&define.amd){define([],t)}else if(typeof module==="object"&&module.exports){module.exports=t()}else{e.htmx=e.htmx||t()}})(typeof self!=="undefined"?self:this,function(){return function(){"use strict";var z={onLoad:t,process:Tt,on:le,off:ue,trigger:ie,ajax:dr,find:b,findAll:f,closest:d,values:function(e,t){var r=Jt(e,t||"post");return r.values},remove:B,addClass:j,removeClass:n,toggleClass:U,takeClass:V,defineExtension:yr,removeExtension:br,logAll:F,logger:null,config:{historyEnabled:true,historyCacheSize:10,refreshOnHistoryMiss:false,defaultSwapStyle:"innerHTML",defaultSwapDelay:0,defaultSettleDelay:20,includeIndicatorStyles:true,indicatorClass:"htmx-indicator",requestClass:"htmx-request",addedClass:"htmx-added",settlingClass:"htmx-settling",swappingClass:"htmx-swapping",allowEval:true,inlineScriptNonce:"",attributesToSettle:["class","style","width","height"],withCredentials:false,timeout:0,wsReconnectDelay:"full-jitter",wsBinaryType:"blob",disableSelector:"[hx-disable], [data-hx-disable]",useTemplateFragments:false,scrollBehavior:"smooth",defaultFocusScroll:false,getCacheBusterParam:false,globalViewTransitions:false},parseInterval:v,_:e,createEventSource:function(e){return new EventSource(e,{withCredentials:true})},createWebSocket:function(e){var t=new WebSocket(e,[]);t.binaryType=z.config.wsBinaryType;return t},version:"1.9.2"};var C={addTriggerHandler:xt,bodyContains:ee,canAccessLocalStorage:D,filterValues:er,hasAttribute:q,getAttributeValue:G,getClosestMatch:c,getExpressionVars:fr,getHeaders:Qt,getInputValues:Jt,getInternalData:Y,getSwapSpecification:rr,getTriggerSpecs:ze,getTarget:de,makeFragment:l,mergeObjects:te,makeSettleInfo:S,oobSwap:me,selectAndSwap:Me,settleImmediately:Bt,shouldCancel:Ke,triggerEvent:ie,triggerErrorEvent:ne,withExtensions:w};var R=["get","post","put","delete","patch"];var O=R.map(function(e){return"[hx-"+e+"], [data-hx-"+e+"]"}).join(", ");function v(e){if(e==undefined){return undefined}if(e.slice(-2)=="ms"){return parseFloat(e.slice(0,-2))||undefined}if(e.slice(-1)=="s"){return parseFloat(e.slice(0,-1))*1e3||undefined}if(e.slice(-1)=="m"){return parseFloat(e.slice(0,-1))*1e3*60||undefined}return parseFloat(e)||undefined}function $(e,t){return e.getAttribute&&e.getAttribute(t)}function q(e,t){return e.hasAttribute&&(e.hasAttribute(t)||e.hasAttribute("data-"+t))}function G(e,t){return $(e,t)||$(e,"data-"+t)}function u(e){return e.parentElement}function J(){return document}function c(e,t){while(e&&!t(e)){e=u(e)}return e?e:null}function T(e,t,r){var n=G(t,r);var i=G(t,"hx-disinherit");if(e!==t&&i&&(i==="*"||i.split(" ").indexOf(r)>=0)){return"unset"}else{return n}}function Z(t,r){var n=null;c(t,function(e){return n=T(t,e,r)});if(n!=="unset"){return n}}function h(e,t){var r=e.matches||e.matchesSelector||e.msMatchesSelector||e.mozMatchesSelector||e.webkitMatchesSelector||e.oMatchesSelector;return r&&r.call(e,t)}function H(e){var t=/<([a-z][^\/\0>\x20\t\r\n\f]*)/i;var r=t.exec(e);if(r){return r[1].toLowerCase()}else{return""}}function i(e,t){var r=new DOMParser;var n=r.parseFromString(e,"text/html");var i=n.body;while(t>0){t--;i=i.firstChild}if(i==null){i=J().createDocumentFragment()}return i}function L(e){return e.match(/<body/)}function l(e){var t=!L(e);if(z.config.useTemplateFragments&&t){var r=i("<body><template>"+e+"</template></body>",0);return r.querySelector("template").content}else{var n=H(e);switch(n){case"thead":case"tbody":case"tfoot":case"colgroup":case"caption":return i("<table>"+e+"</table>",1);case"col":return i("<table><colgroup>"+e+"</colgroup></table>",2);case"tr":return i("<table><tbody>"+e+"</tbody></table>",2);case"td":case"th":return i("<table><tbody><tr>"+e+"</tr></tbody></table>",3);case"script":return i("<div>"+e+"</div>",1);default:return i(e,0)}}}function K(e){if(e){e()}}function A(e,t){return Object.prototype.toString.call(e)==="[object "+t+"]"}function N(e){return A(e,"Function")}function I(e){return A(e,"Object")}function Y(e){var t="htmx-internal-data";var r=e[t];if(!r){r=e[t]={}}return r}function k(e){var t=[];if(e){for(var r=0;r<e.length;r++){t.push(e[r])}}return t}function Q(e,t){if(e){for(var r=0;r<e.length;r++){t(e[r])}}}function P(e){var t=e.getBoundingClientRect();var r=t.top;var n=t.bottom;return r<window.innerHeight&&n>=0}function ee(e){if(e.getRootNode&&e.getRootNode()instanceof ShadowRoot){return J().body.contains(e.getRootNode().host)}else{return J().body.contains(e)}}function M(e){return e.trim().split(/\s+/)}function te(e,t){for(var r in t){if(t.hasOwnProperty(r)){e[r]=t[r]}}return e}function y(e){try{return JSON.parse(e)}catch(e){x(e);return null}}function D(){var e="htmx:localStorageTest";try{localStorage.setItem(e,e);localStorage.removeItem(e);return true}catch(e){return false}}function X(t){try{var e=new URL(t);if(e){t=e.pathname+e.search}if(!t.match("^/$")){t=t.replace(/\/+$/,"")}return t}catch(e){return t}}function e(e){return sr(J().body,function(){return eval(e)})}function t(t){var e=z.on("htmx:load",function(e){t(e.detail.elt)});return e}function F(){z.logger=function(e,t,r){if(console){console.log(t,e,r)}}}function b(e,t){if(t){return e.querySelector(t)}else{return b(J(),e)}}function f(e,t){if(t){return e.querySelectorAll(t)}else{return f(J(),e)}}function B(e,t){e=s(e);if(t){setTimeout(function(){B(e);e=null},t)}else{e.parentElement.removeChild(e)}}function j(e,t,r){e=s(e);if(r){setTimeout(function(){j(e,t);e=null},r)}else{e.classList&&e.classList.add(t)}}function n(e,t,r){e=s(e);if(r){setTimeout(function(){n(e,t);e=null},r)}else{if(e.classList){e.classList.remove(t);if(e.classList.length===0){e.removeAttribute("class")}}}}function U(e,t){e=s(e);e.classList.toggle(t)}function V(e,t){e=s(e);Q(e.parentElement.children,function(e){n(e,t)});j(e,t)}function d(e,t){e=s(e);if(e.closest){return e.closest(t)}else{do{if(e==null||h(e,t)){return e}}while(e=e&&u(e));return null}}function r(e){var t=e.trim();if(t.startsWith("<")&&t.endsWith("/>")){return t.substring(1,t.length-2)}else{return t}}function _(e,t){if(t.indexOf("closest ")===0){return[d(e,r(t.substr(8)))]}else if(t.indexOf("find ")===0){return[b(e,r(t.substr(5)))]}else if(t.indexOf("next ")===0){return[W(e,r(t.substr(5)))]}else if(t.indexOf("previous ")===0){return[oe(e,r(t.substr(9)))]}else if(t==="document"){return[document]}else if(t==="window"){return[window]}else{return J().querySelectorAll(r(t))}}var W=function(e,t){var r=J().querySelectorAll(t);for(var n=0;n<r.length;n++){var i=r[n];if(i.compareDocumentPosition(e)===Node.DOCUMENT_POSITION_PRECEDING){return i}}};var oe=function(e,t){var r=J().querySelectorAll(t);for(var n=r.length-1;n>=0;n--){var i=r[n];if(i.compareDocumentPosition(e)===Node.DOCUMENT_POSITION_FOLLOWING){return i}}};function re(e,t){if(t){return _(e,t)[0]}else{return _(J().body,e)[0]}}function s(e){if(A(e,"String")){return b(e)}else{return e}}function se(e,t,r){if(N(t)){return{target:J().body,event:e,listener:t}}else{return{target:s(e),event:t,listener:r}}}function le(t,r,n){Sr(function(){var e=se(t,r,n);e.target.addEventListener(e.event,e.listener)});var e=N(r);return e?r:n}function ue(t,r,n){Sr(function(){var e=se(t,r,n);e.target.removeEventListener(e.event,e.listener)});return N(r)?r:n}var fe=J().createElement("output");function ce(e,t){var r=Z(e,t);if(r){if(r==="this"){return[he(e,t)]}else{var n=_(e,r);if(n.length===0){x('The selector "'+r+'" on '+t+" returned no matches!");return[fe]}else{return n}}}}function he(e,t){return c(e,function(e){return G(e,t)!=null})}function de(e){var t=Z(e,"hx-target");if(t){if(t==="this"){return he(e,"hx-target")}else{return re(e,t)}}else{var r=Y(e);if(r.boosted){return J().body}else{return e}}}function ve(e){var t=z.config.attributesToSettle;for(var r=0;r<t.length;r++){if(e===t[r]){return true}}return false}function ge(t,r){Q(t.attributes,function(e){if(!r.hasAttribute(e.name)&&ve(e.name)){t.removeAttribute(e.name)}});Q(r.attributes,function(e){if(ve(e.name)){t.setAttribute(e.name,e.value)}})}function pe(e,t){var r=wr(t);for(var n=0;n<r.length;n++){var i=r[n];try{if(i.isInlineSwap(e)){return true}}catch(e){x(e)}}return e==="outerHTML"}function me(e,i,a){var t="#"+i.id;var o="outerHTML";if(e==="true"){}else if(e.indexOf(":")>0){o=e.substr(0,e.indexOf(":"));t=e.substr(e.indexOf(":")+1,e.length)}else{o=e}var r=J().querySelectorAll(t);if(r){Q(r,function(e){var t;var r=i.cloneNode(true);t=J().createDocumentFragment();t.appendChild(r);if(!pe(o,e)){t=r}var n={shouldSwap:true,target:e,fragment:t};if(!ie(e,"htmx:oobBeforeSwap",n))return;e=n.target;if(n["shouldSwap"]){ke(o,e,e,t,a)}Q(a.elts,function(e){ie(e,"htmx:oobAfterSwap",n)})});i.parentNode.removeChild(i)}else{i.parentNode.removeChild(i);ne(J().body,"htmx:oobErrorNoTarget",{content:i})}return e}function xe(e,t,r){var n=Z(e,"hx-select-oob");if(n){var i=n.split(",");for(let e=0;e<i.length;e++){var a=i[e].split(":",2);var o=a[0].trim();if(o.indexOf("#")===0){o=o.substring(1)}var s=a[1]||"true";var l=t.querySelector("#"+o);if(l){me(s,l,r)}}}Q(f(t,"[hx-swap-oob], [data-hx-swap-oob]"),function(e){var t=G(e,"hx-swap-oob");if(t!=null){me(t,e,r)}})}function ye(e){Q(f(e,"[hx-preserve], [data-hx-preserve]"),function(e){var t=G(e,"id");var r=J().getElementById(t);if(r!=null){e.parentNode.replaceChild(r,e)}})}function be(a,e,o){Q(e.querySelectorAll("[id]"),function(e){if(e.id&&e.id.length>0){var t=e.id.replace("'","\\'");var r=e.tagName.replace(":","\\:");var n=a.querySelector(r+"[id='"+t+"']");if(n&&n!==a){var i=e.cloneNode();ge(e,n);o.tasks.push(function(){ge(e,i)})}}})}function we(e){return function(){n(e,z.config.addedClass);Tt(e);bt(e);Se(e);ie(e,"htmx:load")}}function Se(e){var t="[autofocus]";var r=h(e,t)?e:e.querySelector(t);if(r!=null){r.focus()}}function a(e,t,r,n){be(e,r,n);while(r.childNodes.length>0){var i=r.firstChild;j(i,z.config.addedClass);e.insertBefore(i,t);if(i.nodeType!==Node.TEXT_NODE&&i.nodeType!==Node.COMMENT_NODE){n.tasks.push(we(i))}}}function Ee(e,t){var r=0;while(r<e.length){t=(t<<5)-t+e.charCodeAt(r++)|0}return t}function Ce(e){var t=0;if(e.attributes){for(var r=0;r<e.attributes.length;r++){var n=e.attributes[r];if(n.value){t=Ee(n.name,t);t=Ee(n.value,t)}}}return t}function Re(t){var r=Y(t);if(r.timeout){clearTimeout(r.timeout)}if(r.webSocket){r.webSocket.close()}if(r.sseEventSource){r.sseEventSource.close()}if(r.listenerInfos){Q(r.listenerInfos,function(e){if(e.on){e.on.removeEventListener(e.trigger,e.listener)}})}if(r.onHandlers){for(let e=0;e<r.onHandlers.length;e++){const n=r.onHandlers[e];t.removeEventListener(n.name,n.handler)}}}function o(e){ie(e,"htmx:beforeCleanupElement");Re(e);if(e.children){Q(e.children,function(e){o(e)})}}function Oe(e,t,r){if(e.tagName==="BODY"){return Ne(e,t,r)}else{var n;var i=e.previousSibling;a(u(e),e,t,r);if(i==null){n=u(e).firstChild}else{n=i.nextSibling}Y(e).replacedWith=n;r.elts=[];while(n&&n!==e){if(n.nodeType===Node.ELEMENT_NODE){r.elts.push(n)}n=n.nextElementSibling}o(e);u(e).removeChild(e)}}function qe(e,t,r){return a(e,e.firstChild,t,r)}function Te(e,t,r){return a(u(e),e,t,r)}function He(e,t,r){return a(e,null,t,r)}function Le(e,t,r){return a(u(e),e.nextSibling,t,r)}function Ae(e,t,r){o(e);return u(e).removeChild(e)}function Ne(e,t,r){var n=e.firstChild;a(e,n,t,r);if(n){while(n.nextSibling){o(n.nextSibling);e.removeChild(n.nextSibling)}o(n);e.removeChild(n)}}function Ie(e,t){var r=Z(e,"hx-select");if(r){var n=J().createDocumentFragment();Q(t.querySelectorAll(r),function(e){n.appendChild(e)});t=n}return t}function ke(e,t,r,n,i){switch(e){case"none":return;case"outerHTML":Oe(r,n,i);return;case"afterbegin":qe(r,n,i);return;case"beforebegin":Te(r,n,i);return;case"beforeend":He(r,n,i);return;case"afterend":Le(r,n,i);return;case"delete":Ae(r,n,i);return;default:var a=wr(t);for(var o=0;o<a.length;o++){var s=a[o];try{var l=s.handleSwap(e,r,n,i);if(l){if(typeof l.length!=="undefined"){for(var u=0;u<l.length;u++){var f=l[u];if(f.nodeType!==Node.TEXT_NODE&&f.nodeType!==Node.COMMENT_NODE){i.tasks.push(we(f))}}}return}}catch(e){x(e)}}if(e==="innerHTML"){Ne(r,n,i)}else{ke(z.config.defaultSwapStyle,t,r,n,i)}}}function Pe(e){if(e.indexOf("<title")>-1){var t=e.replace(/<svg(\s[^>]*>|>)([\s\S]*?)<\/svg>/gim,"");var r=t.match(/<title(\s[^>]*>|>)([\s\S]*?)<\/title>/im);if(r){return r[2]}}}function Me(e,t,r,n,i){i.title=Pe(n);var a=l(n);if(a){xe(r,a,i);a=Ie(r,a);ye(a);return ke(e,r,t,a,i)}}function De(e,t,r){var n=e.getResponseHeader(t);if(n.indexOf("{")===0){var i=y(n);for(var a in i){if(i.hasOwnProperty(a)){var o=i[a];if(!I(o)){o={value:o}}ie(r,a,o)}}}else{ie(r,n,[])}}var Xe=/\s/;var g=/[\s,]/;var Fe=/[_$a-zA-Z]/;var Be=/[_$a-zA-Z0-9]/;var je=['"',"'","/"];var p=/[^\s]/;function Ue(e){var t=[];var r=0;while(r<e.length){if(Fe.exec(e.charAt(r))){var n=r;while(Be.exec(e.charAt(r+1))){r++}t.push(e.substr(n,r-n+1))}else if(je.indexOf(e.charAt(r))!==-1){var i=e.charAt(r);var n=r;r++;while(r<e.length&&e.charAt(r)!==i){if(e.charAt(r)==="\\"){r++}r++}t.push(e.substr(n,r-n+1))}else{var a=e.charAt(r);t.push(a)}r++}return t}function Ve(e,t,r){return Fe.exec(e.charAt(0))&&e!=="true"&&e!=="false"&&e!=="this"&&e!==r&&t!=="."}function _e(e,t,r){if(t[0]==="["){t.shift();var n=1;var i=" return (function("+r+"){ return (";var a=null;while(t.length>0){var o=t[0];if(o==="]"){n--;if(n===0){if(a===null){i=i+"true"}t.shift();i+=")})";try{var s=sr(e,function(){return Function(i)()},function(){return true});s.source=i;return s}catch(e){ne(J().body,"htmx:syntax:error",{error:e,source:i});return null}}}else if(o==="["){n++}if(Ve(o,a,r)){i+="(("+r+"."+o+") ? ("+r+"."+o+") : (window."+o+"))"}else{i=i+o}a=t.shift()}}}function m(e,t){var r="";while(e.length>0&&!e[0].match(t)){r+=e.shift()}return r}var We="input, textarea, select";function ze(e){var t=G(e,"hx-trigger");var r=[];if(t){var n=Ue(t);do{m(n,p);var i=n.length;var a=m(n,/[,\[\s]/);if(a!==""){if(a==="every"){var o={trigger:"every"};m(n,p);o.pollInterval=v(m(n,/[,\[\s]/));m(n,p);var s=_e(e,n,"event");if(s){o.eventFilter=s}r.push(o)}else if(a.indexOf("sse:")===0){r.push({trigger:"sse",sseEvent:a.substr(4)})}else{var l={trigger:a};var s=_e(e,n,"event");if(s){l.eventFilter=s}while(n.length>0&&n[0]!==","){m(n,p);var u=n.shift();if(u==="changed"){l.changed=true}else if(u==="once"){l.once=true}else if(u==="consume"){l.consume=true}else if(u==="delay"&&n[0]===":"){n.shift();l.delay=v(m(n,g))}else if(u==="from"&&n[0]===":"){n.shift();var f=m(n,g);if(f==="closest"||f==="find"||f==="next"||f==="previous"){n.shift();f+=" "+m(n,g)}l.from=f}else if(u==="target"&&n[0]===":"){n.shift();l.target=m(n,g)}else if(u==="throttle"&&n[0]===":"){n.shift();l.throttle=v(m(n,g))}else if(u==="queue"&&n[0]===":"){n.shift();l.queue=m(n,g)}else if((u==="root"||u==="threshold")&&n[0]===":"){n.shift();l[u]=m(n,g)}else{ne(e,"htmx:syntax:error",{token:n.shift()})}}r.push(l)}}if(n.length===i){ne(e,"htmx:syntax:error",{token:n.shift()})}m(n,p)}while(n[0]===","&&n.shift())}if(r.length>0){return r}else if(h(e,"form")){return[{trigger:"submit"}]}else if(h(e,'input[type="button"]')){return[{trigger:"click"}]}else if(h(e,We)){return[{trigger:"change"}]}else{return[{trigger:"click"}]}}function $e(e){Y(e).cancelled=true}function Ge(e,t,r){var n=Y(e);n.timeout=setTimeout(function(){if(ee(e)&&n.cancelled!==true){if(!Qe(r,Lt("hx:poll:trigger",{triggerSpec:r,target:e}))){t(e)}Ge(e,t,r)}},r.pollInterval)}function Je(e){return location.hostname===e.hostname&&$(e,"href")&&$(e,"href").indexOf("#")!==0}function Ze(t,r,e){if(t.tagName==="A"&&Je(t)&&(t.target===""||t.target==="_self")||t.tagName==="FORM"){r.boosted=true;var n,i;if(t.tagName==="A"){n="get";i=t.href}else{var a=$(t,"method");n=a?a.toLowerCase():"get";if(n==="get"){}i=$(t,"action")}e.forEach(function(e){et(t,function(e,t){ae(n,i,e,t)},r,e,true)})}}function Ke(e,t){if(e.type==="submit"||e.type==="click"){if(t.tagName==="FORM"){return true}if(h(t,'input[type="submit"], button')&&d(t,"form")!==null){return true}if(t.tagName==="A"&&t.href&&(t.getAttribute("href")==="#"||t.getAttribute("href").indexOf("#")!==0)){return true}}return false}function Ye(e,t){return Y(e).boosted&&e.tagName==="A"&&t.type==="click"&&(t.ctrlKey||t.metaKey)}function Qe(e,t){var r=e.eventFilter;if(r){try{return r(t)!==true}catch(e){ne(J().body,"htmx:eventFilter:error",{error:e,source:r.source});return true}}return false}function et(i,a,e,o,s){var l=Y(i);var t;if(o.from){t=_(i,o.from)}else{t=[i]}if(o.changed){l.lastValue=i.value}Q(t,function(r){var n=function(e){if(!ee(i)){r.removeEventListener(o.trigger,n);return}if(Ye(i,e)){return}if(s||Ke(e,i)){e.preventDefault()}if(Qe(o,e)){return}var t=Y(e);t.triggerSpec=o;if(t.handledFor==null){t.handledFor=[]}if(t.handledFor.indexOf(i)<0){t.handledFor.push(i);if(o.consume){e.stopPropagation()}if(o.target&&e.target){if(!h(e.target,o.target)){return}}if(o.once){if(l.triggeredOnce){return}else{l.triggeredOnce=true}}if(o.changed){if(l.lastValue===i.value){return}else{l.lastValue=i.value}}if(l.delayed){clearTimeout(l.delayed)}if(l.throttle){return}if(o.throttle){if(!l.throttle){a(i,e);l.throttle=setTimeout(function(){l.throttle=null},o.throttle)}}else if(o.delay){l.delayed=setTimeout(function(){a(i,e)},o.delay)}else{ie(i,"htmx:trigger");a(i,e)}}};if(e.listenerInfos==null){e.listenerInfos=[]}e.listenerInfos.push({trigger:o.trigger,listener:n,on:r});r.addEventListener(o.trigger,n)})}var tt=false;var rt=null;function nt(){if(!rt){rt=function(){tt=true};window.addEventListener("scroll",rt);setInterval(function(){if(tt){tt=false;Q(J().querySelectorAll("[hx-trigger='revealed'],[data-hx-trigger='revealed']"),function(e){it(e)})}},200)}}function it(t){if(!q(t,"data-hx-revealed")&&P(t)){t.setAttribute("data-hx-revealed","true");var e=Y(t);if(e.initHash){ie(t,"revealed")}else{t.addEventListener("htmx:afterProcessNode",function(e){ie(t,"revealed")},{once:true})}}}function at(e,t,r){var n=M(r);for(var i=0;i<n.length;i++){var a=n[i].split(/:(.+)/);if(a[0]==="connect"){ot(e,a[1],0)}if(a[0]==="send"){lt(e)}}}function ot(s,r,n){if(!ee(s)){return}if(r.indexOf("/")==0){var e=location.hostname+(location.port?":"+location.port:"");if(location.protocol=="https:"){r="wss://"+e+r}else if(location.protocol=="http:"){r="ws://"+e+r}}var t=z.createWebSocket(r);t.onerror=function(e){ne(s,"htmx:wsError",{error:e,socket:t});st(s)};t.onclose=function(e){if([1006,1012,1013].indexOf(e.code)>=0){var t=ut(n);setTimeout(function(){ot(s,r,n+1)},t)}};t.onopen=function(e){n=0};Y(s).webSocket=t;t.addEventListener("message",function(e){if(st(s)){return}var t=e.data;w(s,function(e){t=e.transformResponse(t,null,s)});var r=S(s);var n=l(t);var i=k(n.children);for(var a=0;a<i.length;a++){var o=i[a];me(G(o,"hx-swap-oob")||"true",o,r)}Bt(r.tasks)})}function st(e){if(!ee(e)){Y(e).webSocket.close();return true}}function lt(u){var f=c(u,function(e){return Y(e).webSocket!=null});if(f){u.addEventListener(ze(u)[0].trigger,function(e){var t=Y(f).webSocket;var r=Qt(u,f);var n=Jt(u,"post");var i=n.errors;var a=n.values;var o=fr(u);var s=te(a,o);var l=er(s,u);l["HEADERS"]=r;if(i&&i.length>0){ie(u,"htmx:validation:halted",i);return}t.send(JSON.stringify(l));if(Ke(e,u)){e.preventDefault()}})}else{ne(u,"htmx:noWebSocketSourceError")}}function ut(e){var t=z.config.wsReconnectDelay;if(typeof t==="function"){return t(e)}if(t==="full-jitter"){var r=Math.min(e,6);var n=1e3*Math.pow(2,r);return n*Math.random()}x('htmx.config.wsReconnectDelay must either be a function or the string "full-jitter"')}function ft(e,t,r){var n=M(r);for(var i=0;i<n.length;i++){var a=n[i].split(/:(.+)/);if(a[0]==="connect"){ct(e,a[1])}if(a[0]==="swap"){ht(e,a[1])}}}function ct(t,e){var r=z.createEventSource(e);r.onerror=function(e){ne(t,"htmx:sseError",{error:e,source:r});vt(t)};Y(t).sseEventSource=r}function ht(a,o){var s=c(a,gt);if(s){var l=Y(s).sseEventSource;var u=function(e){if(vt(s)){l.removeEventListener(o,u);return}var t=e.data;w(a,function(e){t=e.transformResponse(t,null,a)});var r=rr(a);var n=de(a);var i=S(a);Me(r.swapStyle,a,n,t,i);Bt(i.tasks);ie(a,"htmx:sseMessage",e)};Y(a).sseListener=u;l.addEventListener(o,u)}else{ne(a,"htmx:noSSESourceError")}}function dt(e,t,r){var n=c(e,gt);if(n){var i=Y(n).sseEventSource;var a=function(){if(!vt(n)){if(ee(e)){t(e)}else{i.removeEventListener(r,a)}}};Y(e).sseListener=a;i.addEventListener(r,a)}else{ne(e,"htmx:noSSESourceError")}}function vt(e){if(!ee(e)){Y(e).sseEventSource.close();return true}}function gt(e){return Y(e).sseEventSource!=null}function pt(e,t,r,n){var i=function(){if(!r.loaded){r.loaded=true;t(e)}};if(n){setTimeout(i,n)}else{i()}}function mt(t,i,e){var a=false;Q(R,function(r){if(q(t,"hx-"+r)){var n=G(t,"hx-"+r);a=true;i.path=n;i.verb=r;e.forEach(function(e){xt(t,e,i,function(e,t){ae(r,n,e,t)})})}});return a}function xt(n,e,t,r){if(e.sseEvent){dt(n,r,e.sseEvent)}else if(e.trigger==="revealed"){nt();et(n,r,t,e);it(n)}else if(e.trigger==="intersect"){var i={};if(e.root){i.root=re(n,e.root)}if(e.threshold){i.threshold=parseFloat(e.threshold)}var a=new IntersectionObserver(function(e){for(var t=0;t<e.length;t++){var r=e[t];if(r.isIntersecting){ie(n,"intersect");break}}},i);a.observe(n);et(n,r,t,e)}else if(e.trigger==="load"){if(!Qe(e,Lt("load",{elt:n}))){pt(n,r,t,e.delay)}}else if(e.pollInterval){t.polling=true;Ge(n,r,e)}else{et(n,r,t,e)}}function yt(e){if(e.type==="text/javascript"||e.type==="module"||e.type===""){var t=J().createElement("script");Q(e.attributes,function(e){t.setAttribute(e.name,e.value)});t.textContent=e.textContent;t.async=false;if(z.config.inlineScriptNonce){t.nonce=z.config.inlineScriptNonce}var r=e.parentElement;try{r.insertBefore(t,e)}catch(e){x(e)}finally{if(e.parentElement){e.parentElement.removeChild(e)}}}}function bt(e){if(h(e,"script")){yt(e)}Q(f(e,"script"),function(e){yt(e)})}function wt(){return document.querySelector("[hx-boost], [data-hx-boost]")}function St(e){if(e.querySelectorAll){var t=wt()?", a, form":"";var r=e.querySelectorAll(O+t+", [hx-sse], [data-hx-sse], [hx-ws],"+" [data-hx-ws], [hx-ext], [data-hx-ext], [hx-trigger], [data-hx-trigger], [hx-on], [data-hx-on]");return r}else{return[]}}function Et(n){var e=function(e){var t=d(e.target,"button, input[type='submit']");if(t!==null){var r=Y(n);r.lastButtonClicked=t}};n.addEventListener("click",e);n.addEventListener("focusin",e);n.addEventListener("focusout",function(e){var t=Y(n);t.lastButtonClicked=null})}function Ct(e){var t=Ue(e);var r=0;for(let e=0;e<t.length;e++){const n=t[e];if(n==="{"){r++}else if(n==="}"){r--}}return r}function Rt(t,e,r){var n=Y(t);n.onHandlers=[];var i=new Function("event",r+"; return;");var a=t.addEventListener(e,function(e){return i.call(t,e)});n.onHandlers.push({event:e,listener:a});return{nodeData:n,code:r,func:i,listener:a}}function Ot(e){var t=G(e,"hx-on");if(t){var r={};var n=t.split("\n");var i=null;var a=0;while(n.length>0){var o=n.shift();var s=o.match(/^\s*([a-zA-Z:\-]+:)(.*)/);if(a===0&&s){o.split(":");i=s[1].slice(0,-1);r[i]=s[2]}else{r[i]+=o}a+=Ct(o)}for(var l in r){Rt(e,l,r[l])}}}function qt(t){if(t.closest&&t.closest(z.config.disableSelector)){return}var r=Y(t);if(r.initHash!==Ce(t)){r.initHash=Ce(t);Re(t);Ot(t);ie(t,"htmx:beforeProcessNode");if(t.value){r.lastValue=t.value}var e=ze(t);var n=mt(t,r,e);if(!n){if(Z(t,"hx-boost")==="true"){Ze(t,r,e)}else if(q(t,"hx-trigger")){e.forEach(function(e){xt(t,e,r,function(){})})}}if(t.tagName==="FORM"){Et(t)}var i=G(t,"hx-sse");if(i){ft(t,r,i)}var a=G(t,"hx-ws");if(a){at(t,r,a)}ie(t,"htmx:afterProcessNode")}}function Tt(e){e=s(e);qt(e);Q(St(e),function(e){qt(e)})}function Ht(e){return e.replace(/([a-z0-9])([A-Z])/g,"$1-$2").toLowerCase()}function Lt(e,t){var r;if(window.CustomEvent&&typeof window.CustomEvent==="function"){r=new CustomEvent(e,{bubbles:true,cancelable:true,detail:t})}else{r=J().createEvent("CustomEvent");r.initCustomEvent(e,true,true,t)}return r}function ne(e,t,r){ie(e,t,te({error:t},r))}function At(e){return e==="htmx:afterProcessNode"}function w(e,t){Q(wr(e),function(e){try{t(e)}catch(e){x(e)}})}function x(e){if(console.error){console.error(e)}else if(console.log){console.log("ERROR: ",e)}}function ie(e,t,r){e=s(e);if(r==null){r={}}r["elt"]=e;var n=Lt(t,r);if(z.logger&&!At(t)){z.logger(e,t,r)}if(r.error){x(r.error);ie(e,"htmx:error",{errorInfo:r})}var i=e.dispatchEvent(n);var a=Ht(t);if(i&&a!==t){var o=Lt(a,n.detail);i=i&&e.dispatchEvent(o)}w(e,function(e){i=i&&e.onEvent(t,n)!==false});return i}var Nt=location.pathname+location.search;function It(){var e=J().querySelector("[hx-history-elt],[data-hx-history-elt]");return e||J().body}function kt(e,t,r,n){if(!D()){return}e=X(e);var i=y(localStorage.getItem("htmx-history-cache"))||[];for(var a=0;a<i.length;a++){if(i[a].url===e){i.splice(a,1);break}}var o={url:e,content:t,title:r,scroll:n};ie(J().body,"htmx:historyItemCreated",{item:o,cache:i});i.push(o);while(i.length>z.config.historyCacheSize){i.shift()}while(i.length>0){try{localStorage.setItem("htmx-history-cache",JSON.stringify(i));break}catch(e){ne(J().body,"htmx:historyCacheError",{cause:e,cache:i});i.shift()}}}function Pt(e){if(!D()){return null}e=X(e);var t=y(localStorage.getItem("htmx-history-cache"))||[];for(var r=0;r<t.length;r++){if(t[r].url===e){return t[r]}}return null}function Mt(e){var t=z.config.requestClass;var r=e.cloneNode(true);Q(f(r,"."+t),function(e){n(e,t)});return r.innerHTML}function Dt(){var e=It();var t=Nt||location.pathname+location.search;var r=J().querySelector('[hx-history="false" i],[data-hx-history="false" i]');if(!r){ie(J().body,"htmx:beforeHistorySave",{path:t,historyElt:e});kt(t,Mt(e),J().title,window.scrollY)}if(z.config.historyEnabled)history.replaceState({htmx:true},J().title,window.location.href)}function Xt(e){if(z.config.getCacheBusterParam){e=e.replace(/org\.htmx\.cache-buster=[^&]*&?/,"");if(e.endsWith("&")||e.endsWith("?")){e=e.slice(0,-1)}}if(z.config.historyEnabled){history.pushState({htmx:true},"",e)}Nt=e}function Ft(e){if(z.config.historyEnabled)history.replaceState({htmx:true},"",e);Nt=e}function Bt(e){Q(e,function(e){e.call()})}function jt(a){var e=new XMLHttpRequest;var o={path:a,xhr:e};ie(J().body,"htmx:historyCacheMiss",o);e.open("GET",a,true);e.setRequestHeader("HX-History-Restore-Request","true");e.onload=function(){if(this.status>=200&&this.status<400){ie(J().body,"htmx:historyCacheMissLoad",o);var e=l(this.response);e=e.querySelector("[hx-history-elt],[data-hx-history-elt]")||e;var t=It();var r=S(t);var n=Pe(this.response);if(n){var i=b("title");if(i){i.innerHTML=n}else{window.document.title=n}}Ne(t,e,r);Bt(r.tasks);Nt=a;ie(J().body,"htmx:historyRestore",{path:a,cacheMiss:true,serverResponse:this.response})}else{ne(J().body,"htmx:historyCacheMissLoadError",o)}};e.send()}function Ut(e){Dt();e=e||location.pathname+location.search;var t=Pt(e);if(t){var r=l(t.content);var n=It();var i=S(n);Ne(n,r,i);Bt(i.tasks);document.title=t.title;window.scrollTo(0,t.scroll);Nt=e;ie(J().body,"htmx:historyRestore",{path:e,item:t})}else{if(z.config.refreshOnHistoryMiss){window.location.reload(true)}else{jt(e)}}}function Vt(e){var t=ce(e,"hx-indicator");if(t==null){t=[e]}Q(t,function(e){var t=Y(e);t.requestCount=(t.requestCount||0)+1;e.classList["add"].call(e.classList,z.config.requestClass)});return t}function _t(e){Q(e,function(e){var t=Y(e);t.requestCount=(t.requestCount||0)-1;if(t.requestCount===0){e.classList["remove"].call(e.classList,z.config.requestClass)}})}function Wt(e,t){for(var r=0;r<e.length;r++){var n=e[r];if(n.isSameNode(t)){return true}}return false}function zt(e){if(e.name===""||e.name==null||e.disabled){return false}if(e.type==="button"||e.type==="submit"||e.tagName==="image"||e.tagName==="reset"||e.tagName==="file"){return false}if(e.type==="checkbox"||e.type==="radio"){return e.checked}return true}function $t(t,r,n,e,i){if(e==null||Wt(t,e)){return}else{t.push(e)}if(zt(e)){var a=$(e,"name");var o=e.value;if(e.multiple){o=k(e.querySelectorAll("option:checked")).map(function(e){return e.value})}if(e.files){o=k(e.files)}if(a!=null&&o!=null){var s=r[a];if(s!==undefined){if(Array.isArray(s)){if(Array.isArray(o)){r[a]=s.concat(o)}else{s.push(o)}}else{if(Array.isArray(o)){r[a]=[s].concat(o)}else{r[a]=[s,o]}}}else{r[a]=o}}if(i){Gt(e,n)}}if(h(e,"form")){var l=e.elements;Q(l,function(e){$t(t,r,n,e,i)})}}function Gt(e,t){if(e.willValidate){ie(e,"htmx:validation:validate");if(!e.checkValidity()){t.push({elt:e,message:e.validationMessage,validity:e.validity});ie(e,"htmx:validation:failed",{message:e.validationMessage,validity:e.validity})}}}function Jt(e,t){var r=[];var n={};var i={};var a=[];var o=Y(e);var s=h(e,"form")&&e.noValidate!==true||G(e,"hx-validate")==="true";if(o.lastButtonClicked){s=s&&o.lastButtonClicked.formNoValidate!==true}if(t!=="get"){$t(r,i,a,d(e,"form"),s)}$t(r,n,a,e,s);if(o.lastButtonClicked){var l=$(o.lastButtonClicked,"name");if(l){n[l]=o.lastButtonClicked.value}}var u=ce(e,"hx-include");Q(u,function(e){$t(r,n,a,e,s);if(!h(e,"form")){Q(e.querySelectorAll(We),function(e){$t(r,n,a,e,s)})}});n=te(n,i);return{errors:a,values:n}}function Zt(e,t,r){if(e!==""){e+="&"}if(String(r)==="[object Object]"){r=JSON.stringify(r)}var n=encodeURIComponent(r);e+=encodeURIComponent(t)+"="+n;return e}function Kt(e){var t="";for(var r in e){if(e.hasOwnProperty(r)){var n=e[r];if(Array.isArray(n)){Q(n,function(e){t=Zt(t,r,e)})}else{t=Zt(t,r,n)}}}return t}function Yt(e){var t=new FormData;for(var r in e){if(e.hasOwnProperty(r)){var n=e[r];if(Array.isArray(n)){Q(n,function(e){t.append(r,e)})}else{t.append(r,n)}}}return t}function Qt(e,t,r){var n={"HX-Request":"true","HX-Trigger":$(e,"id"),"HX-Trigger-Name":$(e,"name"),"HX-Target":G(t,"id"),"HX-Current-URL":J().location.href};or(e,"hx-headers",false,n);if(r!==undefined){n["HX-Prompt"]=r}if(Y(e).boosted){n["HX-Boosted"]="true"}return n}function er(t,e){var r=Z(e,"hx-params");if(r){if(r==="none"){return{}}else if(r==="*"){return t}else if(r.indexOf("not ")===0){Q(r.substr(4).split(","),function(e){e=e.trim();delete t[e]});return t}else{var n={};Q(r.split(","),function(e){e=e.trim();n[e]=t[e]});return n}}else{return t}}function tr(e){return $(e,"href")&&$(e,"href").indexOf("#")>=0}function rr(e,t){var r=t?t:Z(e,"hx-swap");var n={swapStyle:Y(e).boosted?"innerHTML":z.config.defaultSwapStyle,swapDelay:z.config.defaultSwapDelay,settleDelay:z.config.defaultSettleDelay};if(Y(e).boosted&&!tr(e)){n["show"]="top"}if(r){var i=M(r);if(i.length>0){n["swapStyle"]=i[0];for(var a=1;a<i.length;a++){var o=i[a];if(o.indexOf("swap:")===0){n["swapDelay"]=v(o.substr(5))}if(o.indexOf("settle:")===0){n["settleDelay"]=v(o.substr(7))}if(o.indexOf("transition:")===0){n["transition"]=o.substr(11)==="true"}if(o.indexOf("scroll:")===0){var s=o.substr(7);var l=s.split(":");var u=l.pop();var f=l.length>0?l.join(":"):null;n["scroll"]=u;n["scrollTarget"]=f}if(o.indexOf("show:")===0){var c=o.substr(5);var l=c.split(":");var h=l.pop();var f=l.length>0?l.join(":"):null;n["show"]=h;n["showTarget"]=f}if(o.indexOf("focus-scroll:")===0){var d=o.substr("focus-scroll:".length);n["focusScroll"]=d=="true"}}}}return n}function nr(e){return Z(e,"hx-encoding")==="multipart/form-data"||h(e,"form")&&$(e,"enctype")==="multipart/form-data"}function ir(t,r,n){var i=null;w(r,function(e){if(i==null){i=e.encodeParameters(t,n,r)}});if(i!=null){return i}else{if(nr(r)){return Yt(n)}else{return Kt(n)}}}function S(e){return{tasks:[],elts:[e]}}function ar(e,t){var r=e[0];var n=e[e.length-1];if(t.scroll){var i=null;if(t.scrollTarget){i=re(r,t.scrollTarget)}if(t.scroll==="top"&&(r||i)){i=i||r;i.scrollTop=0}if(t.scroll==="bottom"&&(n||i)){i=i||n;i.scrollTop=i.scrollHeight}}if(t.show){var i=null;if(t.showTarget){var a=t.showTarget;if(t.showTarget==="window"){a="body"}i=re(r,a)}if(t.show==="top"&&(r||i)){i=i||r;i.scrollIntoView({block:"start",behavior:z.config.scrollBehavior})}if(t.show==="bottom"&&(n||i)){i=i||n;i.scrollIntoView({block:"end",behavior:z.config.scrollBehavior})}}}function or(e,t,r,n){if(n==null){n={}}if(e==null){return n}var i=G(e,t);if(i){var a=i.trim();var o=r;if(a==="unset"){return null}if(a.indexOf("javascript:")===0){a=a.substr(11);o=true}else if(a.indexOf("js:")===0){a=a.substr(3);o=true}if(a.indexOf("{")!==0){a="{"+a+"}"}var s;if(o){s=sr(e,function(){return Function("return ("+a+")")()},{})}else{s=y(a)}for(var l in s){if(s.hasOwnProperty(l)){if(n[l]==null){n[l]=s[l]}}}}return or(u(e),t,r,n)}function sr(e,t,r){if(z.config.allowEval){return t()}else{ne(e,"htmx:evalDisallowedError");return r}}function lr(e,t){return or(e,"hx-vars",true,t)}function ur(e,t){return or(e,"hx-vals",false,t)}function fr(e){return te(lr(e),ur(e))}function cr(t,r,n){if(n!==null){try{t.setRequestHeader(r,n)}catch(e){t.setRequestHeader(r,encodeURIComponent(n));t.setRequestHeader(r+"-URI-AutoEncoded","true")}}}function hr(t){if(t.responseURL&&typeof URL!=="undefined"){try{var e=new URL(t.responseURL);return e.pathname+e.search}catch(e){ne(J().body,"htmx:badResponseUrl",{url:t.responseURL})}}}function E(e,t){return e.getAllResponseHeaders().match(t)}function dr(e,t,r){e=e.toLowerCase();if(r){if(r instanceof Element||A(r,"String")){return ae(e,t,null,null,{targetOverride:s(r),returnPromise:true})}else{return ae(e,t,s(r.source),r.event,{handler:r.handler,headers:r.headers,values:r.values,targetOverride:s(r.target),swapOverride:r.swap,returnPromise:true})}}else{return ae(e,t,null,null,{returnPromise:true})}}function vr(e){var t=[];while(e){t.push(e);e=e.parentElement}return t}function ae(e,t,n,r,i,M){var a=null;var o=null;i=i!=null?i:{};if(i.returnPromise&&typeof Promise!=="undefined"){var s=new Promise(function(e,t){a=e;o=t})}if(n==null){n=J().body}var D=i.handler||pr;if(!ee(n)){return}var l=i.targetOverride||de(n);if(l==null||l==fe){ne(n,"htmx:targetError",{target:G(n,"hx-target")});return}if(!M){var X=function(){return ae(e,t,n,r,i,true)};var F={target:l,elt:n,path:t,verb:e,triggeringEvent:r,etc:i,issueRequest:X};if(ie(n,"htmx:confirm",F)===false){return}}var u=n;var f=Y(n);var c=Z(n,"hx-sync");var h=null;var d=false;if(c){var v=c.split(":");var g=v[0].trim();if(g==="this"){u=he(n,"hx-sync")}else{u=re(n,g)}c=(v[1]||"drop").trim();f=Y(u);if(c==="drop"&&f.xhr&&f.abortable!==true){return}else if(c==="abort"){if(f.xhr){return}else{d=true}}else if(c==="replace"){ie(u,"htmx:abort")}else if(c.indexOf("queue")===0){var B=c.split(" ");h=(B[1]||"last").trim()}}if(f.xhr){if(f.abortable){ie(u,"htmx:abort")}else{if(h==null){if(r){var p=Y(r);if(p&&p.triggerSpec&&p.triggerSpec.queue){h=p.triggerSpec.queue}}if(h==null){h="last"}}if(f.queuedRequests==null){f.queuedRequests=[]}if(h==="first"&&f.queuedRequests.length===0){f.queuedRequests.push(function(){ae(e,t,n,r,i)})}else if(h==="all"){f.queuedRequests.push(function(){ae(e,t,n,r,i)})}else if(h==="last"){f.queuedRequests=[];f.queuedRequests.push(function(){ae(e,t,n,r,i)})}return}}var m=new XMLHttpRequest;f.xhr=m;f.abortable=d;var x=function(){f.xhr=null;f.abortable=false;if(f.queuedRequests!=null&&f.queuedRequests.length>0){var e=f.queuedRequests.shift();e()}};var y=Z(n,"hx-prompt");if(y){var b=prompt(y);if(b===null||!ie(n,"htmx:prompt",{prompt:b,target:l})){K(a);x();return s}}var w=Z(n,"hx-confirm");if(w){if(!confirm(w)){K(a);x();return s}}var S=Qt(n,l,b);if(i.headers){S=te(S,i.headers)}var E=Jt(n,e);var C=E.errors;var R=E.values;if(i.values){R=te(R,i.values)}var j=fr(n);var O=te(R,j);var q=er(O,n);if(e!=="get"&&!nr(n)){S["Content-Type"]="application/x-www-form-urlencoded"}if(z.config.getCacheBusterParam&&e==="get"){q["org.htmx.cache-buster"]=$(l,"id")||"true"}if(t==null||t===""){t=J().location.href}var T=or(n,"hx-request");var H=Y(n).boosted;var L={boosted:H,parameters:q,unfilteredParameters:O,headers:S,target:l,verb:e,errors:C,withCredentials:i.credentials||T.credentials||z.config.withCredentials,timeout:i.timeout||T.timeout||z.config.timeout,path:t,triggeringEvent:r};if(!ie(n,"htmx:configRequest",L)){K(a);x();return s}t=L.path;e=L.verb;S=L.headers;q=L.parameters;C=L.errors;if(C&&C.length>0){ie(n,"htmx:validation:halted",L);K(a);x();return s}var U=t.split("#");var V=U[0];var A=U[1];var N=null;if(e==="get"){N=V;var _=Object.keys(q).length!==0;if(_){if(N.indexOf("?")<0){N+="?"}else{N+="&"}N+=Kt(q);if(A){N+="#"+A}}m.open("GET",N,true)}else{m.open(e.toUpperCase(),t,true)}m.overrideMimeType("text/html");m.withCredentials=L.withCredentials;m.timeout=L.timeout;if(T.noHeaders){}else{for(var I in S){if(S.hasOwnProperty(I)){var W=S[I];cr(m,I,W)}}}var k={xhr:m,target:l,requestConfig:L,etc:i,boosted:H,pathInfo:{requestPath:t,finalRequestPath:N||t,anchor:A}};m.onload=function(){try{var e=vr(n);k.pathInfo.responsePath=hr(m);D(n,k);_t(P);ie(n,"htmx:afterRequest",k);ie(n,"htmx:afterOnLoad",k);if(!ee(n)){var t=null;while(e.length>0&&t==null){var r=e.shift();if(ee(r)){t=r}}if(t){ie(t,"htmx:afterRequest",k);ie(t,"htmx:afterOnLoad",k)}}K(a);x()}catch(e){ne(n,"htmx:onLoadError",te({error:e},k));throw e}};m.onerror=function(){_t(P);ne(n,"htmx:afterRequest",k);ne(n,"htmx:sendError",k);K(o);x()};m.onabort=function(){_t(P);ne(n,"htmx:afterRequest",k);ne(n,"htmx:sendAbort",k);K(o);x()};m.ontimeout=function(){_t(P);ne(n,"htmx:afterRequest",k);ne(n,"htmx:timeout",k);K(o);x()};if(!ie(n,"htmx:beforeRequest",k)){K(a);x();return s}var P=Vt(n);Q(["loadstart","loadend","progress","abort"],function(t){Q([m,m.upload],function(e){e.addEventListener(t,function(e){ie(n,"htmx:xhr:"+t,{lengthComputable:e.lengthComputable,loaded:e.loaded,total:e.total})})})});ie(n,"htmx:beforeSend",k);m.send(e==="get"?null:ir(m,n,q));return s}function gr(e,t){var r=t.xhr;var n=null;var i=null;if(E(r,/HX-Push:/i)){n=r.getResponseHeader("HX-Push");i="push"}else if(E(r,/HX-Push-Url:/i)){n=r.getResponseHeader("HX-Push-Url");i="push"}else if(E(r,/HX-Replace-Url:/i)){n=r.getResponseHeader("HX-Replace-Url");i="replace"}if(n){if(n==="false"){return{}}else{return{type:i,path:n}}}var a=t.pathInfo.finalRequestPath;var o=t.pathInfo.responsePath;var s=Z(e,"hx-push-url");var l=Z(e,"hx-replace-url");var u=Y(e).boosted;var f=null;var c=null;if(s){f="push";c=s}else if(l){f="replace";c=l}else if(u){f="push";c=o||a}if(c){if(c==="false"){return{}}if(c==="true"){c=o||a}if(t.pathInfo.anchor&&c.indexOf("#")===-1){c=c+"#"+t.pathInfo.anchor}return{type:f,path:c}}else{return{}}}function pr(s,l){var u=l.xhr;var f=l.target;var e=l.etc;if(!ie(s,"htmx:beforeOnLoad",l))return;if(E(u,/HX-Trigger:/i)){De(u,"HX-Trigger",s)}if(E(u,/HX-Location:/i)){Dt();var t=u.getResponseHeader("HX-Location");var c;if(t.indexOf("{")===0){c=y(t);t=c["path"];delete c["path"]}dr("GET",t,c).then(function(){Xt(t)});return}if(E(u,/HX-Redirect:/i)){location.href=u.getResponseHeader("HX-Redirect");return}if(E(u,/HX-Refresh:/i)){if("true"===u.getResponseHeader("HX-Refresh")){location.reload();return}}if(E(u,/HX-Retarget:/i)){l.target=J().querySelector(u.getResponseHeader("HX-Retarget"))}var h=gr(s,l);var r=u.status>=200&&u.status<400&&u.status!==204;var d=u.response;var n=u.status>=400;var i=te({shouldSwap:r,serverResponse:d,isError:n},l);if(!ie(f,"htmx:beforeSwap",i))return;f=i.target;d=i.serverResponse;n=i.isError;l.target=f;l.failed=n;l.successful=!n;if(i.shouldSwap){if(u.status===286){$e(s)}w(s,function(e){d=e.transformResponse(d,u,s)});if(h.type){Dt()}var a=e.swapOverride;if(E(u,/HX-Reswap:/i)){a=u.getResponseHeader("HX-Reswap")}var c=rr(s,a);f.classList.add(z.config.swappingClass);var v=null;var g=null;var o=function(){try{var e=document.activeElement;var t={};try{t={elt:e,start:e?e.selectionStart:null,end:e?e.selectionEnd:null}}catch(e){}var n=S(f);Me(c.swapStyle,f,s,d,n);if(t.elt&&!ee(t.elt)&&t.elt.id){var r=document.getElementById(t.elt.id);var i={preventScroll:c.focusScroll!==undefined?!c.focusScroll:!z.config.defaultFocusScroll};if(r){if(t.start&&r.setSelectionRange){try{r.setSelectionRange(t.start,t.end)}catch(e){}}r.focus(i)}}f.classList.remove(z.config.swappingClass);Q(n.elts,function(e){if(e.classList){e.classList.add(z.config.settlingClass)}ie(e,"htmx:afterSwap",l)});if(E(u,/HX-Trigger-After-Swap:/i)){var a=s;if(!ee(s)){a=J().body}De(u,"HX-Trigger-After-Swap",a)}var o=function(){Q(n.tasks,function(e){e.call()});Q(n.elts,function(e){if(e.classList){e.classList.remove(z.config.settlingClass)}ie(e,"htmx:afterSettle",l)});if(h.type){if(h.type==="push"){Xt(h.path);ie(J().body,"htmx:pushedIntoHistory",{path:h.path})}else{Ft(h.path);ie(J().body,"htmx:replacedInHistory",{path:h.path})}}if(l.pathInfo.anchor){var e=b("#"+l.pathInfo.anchor);if(e){e.scrollIntoView({block:"start",behavior:"auto"})}}if(n.title){var t=b("title");if(t){t.innerHTML=n.title}else{window.document.title=n.title}}ar(n.elts,c);if(E(u,/HX-Trigger-After-Settle:/i)){var r=s;if(!ee(s)){r=J().body}De(u,"HX-Trigger-After-Settle",r)}K(v)};if(c.settleDelay>0){setTimeout(o,c.settleDelay)}else{o()}}catch(e){ne(s,"htmx:swapError",l);K(g);throw e}};var p=z.config.globalViewTransitions;if(c.hasOwnProperty("transition")){p=c.transition}if(p&&ie(s,"htmx:beforeTransition",l)&&typeof Promise!=="undefined"&&document.startViewTransition){var m=new Promise(function(e,t){v=e;g=t});var x=o;o=function(){document.startViewTransition(function(){x();return m})}}if(c.swapDelay>0){setTimeout(o,c.swapDelay)}else{o()}}if(n){ne(s,"htmx:responseError",te({error:"Response Status Error Code "+u.status+" from "+l.pathInfo.requestPath},l))}}var mr={};function xr(){return{init:function(e){return null},onEvent:function(e,t){return true},transformResponse:function(e,t,r){return e},isInlineSwap:function(e){return false},handleSwap:function(e,t,r,n){return false},encodeParameters:function(e,t,r){return null}}}function yr(e,t){if(t.init){t.init(C)}mr[e]=te(xr(),t)}function br(e){delete mr[e]}function wr(e,r,n){if(e==undefined){return r}if(r==undefined){r=[]}if(n==undefined){n=[]}var t=G(e,"hx-ext");if(t){Q(t.split(","),function(e){e=e.replace(/ /g,"");if(e.slice(0,7)=="ignore:"){n.push(e.slice(7));return}if(n.indexOf(e)<0){var t=mr[e];if(t&&r.indexOf(t)<0){r.push(t)}}})}return wr(u(e),r,n)}function Sr(e){if(J().readyState!=="loading"){e()}else{J().addEventListener("DOMContentLoaded",e)}}function Er(){if(z.config.includeIndicatorStyles!==false){J().head.insertAdjacentHTML("beforeend","<style>                      ."+z.config.indicatorClass+"{opacity:0;transition: opacity 200ms ease-in;}                      ."+z.config.requestClass+" ."+z.config.indicatorClass+"{opacity:1}                      ."+z.config.requestClass+"."+z.config.indicatorClass+"{opacity:1}                    </style>")}}function Cr(){var e=J().querySelector('meta[name="htmx-config"]');if(e){return y(e.content)}else{return null}}function Rr(){var e=Cr();if(e){z.config=te(z.config,e)}}Sr(function(){Rr();Er();var e=J().body;Tt(e);var t=J().querySelectorAll("[hx-trigger='restored'],[data-hx-trigger='restored']");e.addEventListener("htmx:abort",function(e){var t=e.target;var r=Y(t);if(r&&r.xhr){r.xhr.abort()}});var r=window.onpopstate;window.onpopstate=function(e){if(e.state&&e.state.htmx){Ut();Q(t,function(e){ie(e,"htmx:restored",{document:J(),triggerEvent:ie})})}else{if(r){r(e)}}};setTimeout(function(){ie(e,"htmx:load",{});e=null},0)});return z}()});
\ No newline at end of file
diff --git a/server/core/templates/apps.html b/server/core/templates/apps.html
index c8eb6b93f..6bc27b14f 100644
--- a/server/core/templates/apps.html
+++ b/server/core/templates/apps.html
@@ -1,9 +1,9 @@
 (% extends "base_htmx_with_nav.html" %)
-(% block title %)Apps(% endblock %)
+(% block title %)Applications(% endblock %)
 
 (% block head %)
 (% endblock %)
 
 (% block main %)
 	(( apps_partial|safe ))
-(% endblock %)
\ No newline at end of file
+(% endblock %)
diff --git a/server/core/templates/apps_partial.html b/server/core/templates/apps_partial.html
index 1e63e5682..c5afa1abb 100644
--- a/server/core/templates/apps_partial.html
+++ b/server/core/templates/apps_partial.html
@@ -1,6 +1,6 @@
 <main class="container-lg">
 	<div>
-		<h2>Applications list</h2>
+		<h2>Applications</h2>
 	</div>
 	<hr />
 	(% if apps.is_empty() %)
diff --git a/server/core/templates/credentials_update_partial.html b/server/core/templates/credentials_update_partial.html
index 6b70cee27..5e62ff4a4 100644
--- a/server/core/templates/credentials_update_partial.html
+++ b/server/core/templates/credentials_update_partial.html
@@ -33,9 +33,10 @@
 
                 (% match warning %)
                 (% when CURegWarning::MfaRequired %)
-                Multi-Factor Authentication is required for your account. Either
-                add TOTP or remove your password in favour of passkeys to
-                submit.
+                Multi-Factor Authentication is required for your account. Delete
+                the generated password and set up either a passkey (recommended)
+                or password and two-factor authentication (TOTP) to save
+                changes.
                 (% when CURegWarning::PasskeyRequired %)
                 Passkeys are required for your account.
                 (% when CURegWarning::AttestedPasskeyRequired %)
@@ -44,10 +45,10 @@
                 Attested Resident Keys are required for your account.
                 (% when CURegWarning::WebauthnAttestationUnsatisfiable %)
                 A webauthn attestation policy conflict has occurred and you will
-                not be able to save your credentials
+                not be able to save your credentials.
                 (% when CURegWarning::Unsatisfiable %)
                 An account policy conflict has occurred and you will not be able
-                to save your credentials
+                to save your credentials.
                 (% endmatch %)
 
                 (% if is_danger %)
diff --git a/server/core/templates/enrol_device.html b/server/core/templates/enrol_device.html
index c314bdfdd..d745bf9be 100644
--- a/server/core/templates/enrol_device.html
+++ b/server/core/templates/enrol_device.html
@@ -9,9 +9,11 @@ Enrol Another Device
 
 <div id="intentInfo">
     <div>((qr_code_svg|safe))</div>
-    <ul>
-        <li>Url: <code>((uri|safe))</code></li>
-        <li>Secret: <code>(( secret ))</code></li>
-    </ul>
+    <dl>
+        <dt>URL</dt>
+        <dd><code>((uri|safe))</code></dd>
+        <dt>Secret</dt>
+        <dd><code>(( secret ))</code></dd>
+    </dl>
 </div>
 (% endblock %)
diff --git a/server/core/templates/navbar.html b/server/core/templates/navbar.html
index cb7efa814..4c665cf95 100644
--- a/server/core/templates/navbar.html
+++ b/server/core/templates/navbar.html
@@ -24,7 +24,7 @@
             <ul class="navbar-nav me-auto mb-2 mb-md-0">
                 <li>
                     <a class="nav-link" href=((Urls::Apps))>
-                        <span data-feather="file"></span>Apps</a>
+                        <span data-feather="file"></span>Applications</a>
                 </li>
                 <li>
                     <a class="nav-link" href=((Urls::Profile))>

From b3be758b74cb03276e1f55d4db66deacc3812435 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Mon, 20 Jan 2025 21:28:22 +1000
Subject: [PATCH 59/87] 20250114 3325 SCIM access control (#3359)

Add an extended query operation to return effective access controls so that UI's can dynamically display what is or is not editable on an entry.
---
 proto/src/scim_v1/client.rs         |  16 +-
 proto/src/scim_v1/mod.rs            |  14 +-
 proto/src/scim_v1/server.rs         |  40 +++++
 server/lib-macros/src/entry.rs      |   5 +-
 server/lib/src/entry.rs             |  23 +++
 server/lib/src/event.rs             |  14 ++
 server/lib/src/server/access/mod.rs | 245 ++++++++++++++++++----------
 server/lib/src/server/mod.rs        |  47 +++++-
 server/lib/src/server/scim.rs       |   9 +
 server/testkit/tests/scim_test.rs   |   2 +
 tools/cli/src/cli/person.rs         |   1 +
 11 files changed, 320 insertions(+), 96 deletions(-)

diff --git a/proto/src/scim_v1/client.rs b/proto/src/scim_v1/client.rs
index 07108b7b1..ae5a8a330 100644
--- a/proto/src/scim_v1/client.rs
+++ b/proto/src/scim_v1/client.rs
@@ -1,4 +1,5 @@
 //! These are types that a client will send to the server.
+use super::ScimEntryGetQuery;
 use super::ScimOauth2ClaimMapJoinChar;
 use crate::attribute::Attribute;
 use serde::{Deserialize, Serialize};
@@ -89,10 +90,17 @@ pub struct ScimEntryPutKanidm {
 #[derive(Deserialize, Serialize, Debug, Clone)]
 pub struct ScimStrings(#[serde_as(as = "OneOrMany<_, PreferMany>")] pub Vec<String>);
 
-#[derive(Debug, Clone, Deserialize)]
+#[derive(Debug, Clone, Deserialize, Default)]
 pub struct ScimEntryPutGeneric {
     // id is only used to target the entry in question
     pub id: Uuid,
+
+    #[serde(flatten)]
+    /// Non-standard extension - allow query options to be set in a put request. This
+    /// is because a put request also returns the entry state post put, so we want
+    /// to allow putters to adjust and control what is returned here.
+    pub query: ScimEntryGetQuery,
+
     // external_id can't be set by put
     // meta is skipped on put
     // Schemas are decoded as part of "attrs".
@@ -119,6 +127,10 @@ impl TryFrom<ScimEntryPutKanidm> for ScimEntryPutGeneric {
             })
             .collect::<Result<_, _>>()?;
 
-        Ok(ScimEntryPutGeneric { id, attrs })
+        Ok(ScimEntryPutGeneric {
+            id,
+            attrs,
+            query: Default::default(),
+        })
     }
 }
diff --git a/proto/src/scim_v1/mod.rs b/proto/src/scim_v1/mod.rs
index 76b6c807d..db9c7a8aa 100644
--- a/proto/src/scim_v1/mod.rs
+++ b/proto/src/scim_v1/mod.rs
@@ -20,6 +20,7 @@ use crate::attribute::Attribute;
 use serde::{Deserialize, Serialize};
 use sshkey_attest::proto::PublicKey as SshPublicKey;
 use std::collections::BTreeMap;
+use std::ops::Not;
 use utoipa::ToSchema;
 
 use serde_with::formats::CommaSeparator;
@@ -47,10 +48,12 @@ pub struct ScimEntryGeneric {
 /// SCIM Query Parameters used during the get of a single entry
 #[serde_as]
 #[skip_serializing_none]
-#[derive(Serialize, Deserialize, Debug, Default)]
+#[derive(Serialize, Deserialize, Clone, Debug, Default)]
 pub struct ScimEntryGetQuery {
     #[serde_as(as = "Option<StringWithSeparator::<CommaSeparator, Attribute>>")]
     pub attributes: Option<Vec<Attribute>>,
+    #[serde(default, skip_serializing_if = "<&bool>::not")]
+    pub ext_access_check: bool,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, ToSchema)]
@@ -178,7 +181,10 @@ mod tests {
     fn scim_entry_get_query() {
         use super::*;
 
-        let q = ScimEntryGetQuery { attributes: None };
+        let q = ScimEntryGetQuery {
+            attributes: None,
+            ..Default::default()
+        };
 
         let txt = serde_urlencoded::to_string(&q).unwrap();
 
@@ -186,6 +192,7 @@ mod tests {
 
         let q = ScimEntryGetQuery {
             attributes: Some(vec![Attribute::Name]),
+            ext_access_check: false,
         };
 
         let txt = serde_urlencoded::to_string(&q).unwrap();
@@ -193,9 +200,10 @@ mod tests {
 
         let q = ScimEntryGetQuery {
             attributes: Some(vec![Attribute::Name, Attribute::Spn]),
+            ext_access_check: true,
         };
 
         let txt = serde_urlencoded::to_string(&q).unwrap();
-        assert_eq!(txt, "attributes=name%2Cspn");
+        assert_eq!(txt, "attributes=name%2Cspn&ext_access_check=true");
     }
 }
diff --git a/proto/src/scim_v1/server.rs b/proto/src/scim_v1/server.rs
index 4c61cdff7..555071f16 100644
--- a/proto/src/scim_v1/server.rs
+++ b/proto/src/scim_v1/server.rs
@@ -16,14 +16,54 @@ use uuid::Uuid;
 /// A strongly typed ScimEntry that is for transmission to clients. This uses
 /// Kanidm internal strong types for values allowing direct serialisation and
 /// transmission.
+#[serde_as]
+#[skip_serializing_none]
 #[derive(Serialize, Debug, Clone, ToSchema)]
 pub struct ScimEntryKanidm {
     #[serde(flatten)]
     pub header: ScimEntryHeader,
+
+    pub ext_access_check: Option<ScimEffectiveAccess>,
     #[serde(flatten)]
     pub attrs: BTreeMap<Attribute, ScimValueKanidm>,
 }
 
+#[derive(Serialize, Debug, Clone, ToSchema)]
+pub enum ScimAttributeEffectiveAccess {
+    /// All attributes on the entry have this permission granted
+    Grant,
+    /// All attributes on the entry have this permission denied
+    Denied,
+    /// The following attributes on the entry have this permission granted
+    Allow(BTreeSet<Attribute>),
+}
+
+impl ScimAttributeEffectiveAccess {
+    /// Check if the effective access allows or denies this attribute
+    pub fn check(&self, attr: &Attribute) -> bool {
+        match self {
+            Self::Grant => true,
+            Self::Denied => false,
+            Self::Allow(set) => set.contains(attr),
+        }
+    }
+}
+
+#[derive(Serialize, Debug, Clone, ToSchema)]
+#[serde(rename_all = "camelCase")]
+pub struct ScimEffectiveAccess {
+    /// The identity that inherits the effective permission
+    pub ident: Uuid,
+    /// If the ident may delete the target entry
+    pub delete: bool,
+    /// The set of effective access over search events
+    pub search: ScimAttributeEffectiveAccess,
+    /// The set of effective access over modify present events
+    pub modify_present: ScimAttributeEffectiveAccess,
+    /// The set of effective access over modify remove events
+    pub modify_remove: ScimAttributeEffectiveAccess,
+}
+
 #[derive(Serialize, Debug, Clone, ToSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct ScimAddress {
diff --git a/server/lib-macros/src/entry.rs b/server/lib-macros/src/entry.rs
index 6301eb182..aad516042 100644
--- a/server/lib-macros/src/entry.rs
+++ b/server/lib-macros/src/entry.rs
@@ -20,10 +20,7 @@ fn parse_attributes(
     input: &syn::ItemFn,
 ) -> Result<(proc_macro2::TokenStream, Flags), syn::Error> {
     let args: Punctuated<ExprAssign, syn::token::Comma> =
-        match Punctuated::<ExprAssign, Token![,]>::parse_terminated.parse(args.clone()) {
-            Ok(it) => it,
-            Err(e) => return Err(e),
-        };
+        Punctuated::<ExprAssign, Token![,]>::parse_terminated.parse(args.clone())?;
 
     let args_are_allowed = args.pairs().all(|p| {
         ALLOWED_ATTRIBUTES.to_vec().contains(
diff --git a/server/lib/src/entry.rs b/server/lib/src/entry.rs
index a9004da15..5ad112a07 100644
--- a/server/lib/src/entry.rs
+++ b/server/lib/src/entry.rs
@@ -41,12 +41,14 @@ use crate::prelude::*;
 use crate::repl::cid::Cid;
 use crate::repl::entry::EntryChangeState;
 use crate::repl::proto::{ReplEntryV1, ReplIncrementalEntryV1};
+use crate::server::access::AccessEffectivePermission;
 use compact_jwt::JwsEs256Signer;
 use hashbrown::{HashMap, HashSet};
 use kanidm_proto::internal::ImageValue;
 use kanidm_proto::internal::{
     ConsistencyError, Filter as ProtoFilter, OperationError, SchemaError, UiHint,
 };
+use kanidm_proto::scim_v1::server::ScimEffectiveAccess;
 use kanidm_proto::v1::Entry as ProtoEntry;
 use ldap3_proto::simple::{LdapPartialAttribute, LdapSearchResultEntry};
 use openssl::ec::EcKey;
@@ -160,6 +162,7 @@ pub struct EntrySealed {
 #[derive(Clone, Debug)]
 pub struct EntryReduced {
     uuid: Uuid,
+    effective_access: Option<Box<AccessEffectivePermission>>,
 }
 
 // One day this is going to be Map<Attribute, ValueSet> - @yaleman
@@ -1782,6 +1785,7 @@ impl Entry<EntrySealed, EntryCommitted> {
         Entry {
             valid: EntryReduced {
                 uuid: self.valid.uuid,
+                effective_access: None,
             },
             state: self.state,
             attrs: self.attrs,
@@ -1793,6 +1797,7 @@ impl Entry<EntrySealed, EntryCommitted> {
     pub fn reduce_attributes(
         &self,
         allowed_attrs: &BTreeSet<Attribute>,
+        effective_access: Option<Box<AccessEffectivePermission>>,
     ) -> Entry<EntryReduced, EntryCommitted> {
         // Remove all attrs from our tree that are NOT in the allowed set.
         let f_attrs: Map<_, _> = self
@@ -1809,6 +1814,7 @@ impl Entry<EntrySealed, EntryCommitted> {
 
         let valid = EntryReduced {
             uuid: self.valid.uuid,
+            effective_access,
         };
         let state = self.state.clone();
 
@@ -2293,6 +2299,22 @@ impl Entry<EntryReduced, EntryCommitted> {
 
         let attrs = result?;
 
+        let ext_access_check = self.valid.effective_access.as_ref().map(|eff_acc| {
+            let ident = eff_acc.ident;
+            let delete = eff_acc.delete;
+            let search = (&eff_acc.search).into();
+            let modify_present = (&eff_acc.modify_pres).into();
+            let modify_remove = (&eff_acc.modify_rem).into();
+
+            ScimEffectiveAccess {
+                ident,
+                delete,
+                search,
+                modify_present,
+                modify_remove,
+            }
+        });
+
         let id = self.get_uuid();
 
         // Not sure how I want to handle this yet, I think we need some schema changes
@@ -2309,6 +2331,7 @@ impl Entry<EntryReduced, EntryCommitted> {
                 // entry to store some extra metadata.
                 meta: None,
             },
+            ext_access_check,
             attrs,
         })
     }
diff --git a/server/lib/src/event.rs b/server/lib/src/event.rs
index b80f95336..6b98f97f6 100644
--- a/server/lib/src/event.rs
+++ b/server/lib/src/event.rs
@@ -77,6 +77,7 @@ pub struct SearchEvent {
     // This is the original filter, for the purpose of ACI checking.
     pub filter_orig: Filter<FilterValid>,
     pub attrs: Option<BTreeSet<Attribute>>,
+    pub effective_access_check: bool,
 }
 
 impl SearchEvent {
@@ -99,6 +100,7 @@ impl SearchEvent {
             // We can't get this from the SearchMessage because it's annoying with the
             // current macro design.
             attrs: None,
+            effective_access_check: false,
         })
     }
 
@@ -132,6 +134,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs: r_attrs,
+            effective_access_check: false,
         })
     }
 
@@ -168,6 +171,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs: r_attrs,
+            effective_access_check: false,
         })
     }
 
@@ -185,6 +189,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs: None,
+            effective_access_check: false,
         })
     }
 
@@ -202,6 +207,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs: None,
+            effective_access_check: false,
         })
     }
 
@@ -217,6 +223,7 @@ impl SearchEvent {
             filter: filter.clone().into_valid(),
             filter_orig: filter.into_valid(),
             attrs: None,
+            effective_access_check: false,
         }
     }
 
@@ -229,6 +236,7 @@ impl SearchEvent {
             filter: filter.clone().into_valid(),
             filter_orig: filter.into_valid(),
             attrs: None,
+            effective_access_check: false,
         }
     }
 
@@ -242,6 +250,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs: None,
+            effective_access_check: false,
         }
     }
 
@@ -260,6 +269,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs: None,
+            effective_access_check: false,
         }
     }
 
@@ -276,6 +286,7 @@ impl SearchEvent {
             filter: filter.clone().into_valid().into_ignore_hidden(),
             filter_orig: filter.into_valid(),
             attrs: None,
+            effective_access_check: false,
         }
     }
 
@@ -296,6 +307,7 @@ impl SearchEvent {
             filter,
             filter_orig,
             attrs,
+            effective_access_check: false,
         })
     }
 
@@ -308,6 +320,7 @@ impl SearchEvent {
             filter: filter.clone().into_valid(),
             filter_orig: filter.into_valid(),
             attrs: None,
+            effective_access_check: false,
         }
     }
 
@@ -317,6 +330,7 @@ impl SearchEvent {
             filter: filter.clone(),
             filter_orig: filter,
             attrs: None,
+            effective_access_check: false,
         }
     }
 }
diff --git a/server/lib/src/server/access/mod.rs b/server/lib/src/server/access/mod.rs
index 358992127..4847bfa37 100644
--- a/server/lib/src/server/access/mod.rs
+++ b/server/lib/src/server/access/mod.rs
@@ -23,7 +23,7 @@ use concread::arcache::ARCacheBuilder;
 use concread::cowcell::*;
 use uuid::Uuid;
 
-use crate::entry::{Entry, EntryCommitted, EntryInit, EntryNew, EntryReduced};
+use crate::entry::{Entry, EntryInit, EntryNew};
 use crate::event::{CreateEvent, DeleteEvent, ModifyEvent, SearchEvent};
 use crate::filter::{Filter, FilterValid, ResolveFilterCache, ResolveFilterCacheReadTxn};
 use crate::modify::Modify;
@@ -36,6 +36,8 @@ use self::profiles::{
     AccessControlSearchResolved, AccessControlTarget, AccessControlTargetCondition,
 };
 
+use kanidm_proto::scim_v1::server::ScimAttributeEffectiveAccess;
+
 use self::create::{apply_create_access, CreateResult};
 use self::delete::{apply_delete_access, DeleteResult};
 use self::modify::{apply_modify_access, ModifyResult};
@@ -57,6 +59,16 @@ pub enum Access {
     Allow(BTreeSet<Attribute>),
 }
 
+impl From<&Access> for ScimAttributeEffectiveAccess {
+    fn from(value: &Access) -> Self {
+        match value {
+            Access::Grant => Self::Grant,
+            Access::Denied => Self::Denied,
+            Access::Allow(set) => Self::Allow(set.clone()),
+        }
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub enum AccessClass {
     Grant,
@@ -66,8 +78,9 @@ pub enum AccessClass {
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct AccessEffectivePermission {
-    // I don't think we need this? The ident is implied by the requester.
-    // ident: Uuid,
+    /// Who the access applies to
+    pub ident: Uuid,
+    /// The target the access affects
     pub target: Uuid,
     pub delete: bool,
     pub search: Access,
@@ -79,12 +92,13 @@ pub struct AccessEffectivePermission {
 pub enum AccessResult {
     // Deny this operation unconditionally.
     Denied,
-    // Unbounded allow, provided no denied exists.
+    // Unbounded allow, provided no deny state exists.
     Grant,
     // This module makes no decisions about this entry.
     Ignore,
     // Limit the allowed attr set to this - this doesn't
-    // allow anything, it constrains what might be allowed.
+    // allow anything, it constrains what might be allowed
+    // by a later module.
     Constrain(BTreeSet<Attribute>),
     // Allow these attributes within constraints.
     Allow(BTreeSet<Attribute>),
@@ -181,7 +195,11 @@ pub trait AccessControlsTransaction<'a> {
     fn get_acp_resolve_filter_cache(&self) -> &mut ResolveFilterCacheReadTxn<'a>;
 
     #[instrument(level = "trace", name = "access::search_related_acp", skip_all)]
-    fn search_related_acp<'b>(&'b self, ident: &Identity) -> Vec<AccessControlSearchResolved<'b>> {
+    fn search_related_acp<'b>(
+        &'b self,
+        ident: &Identity,
+        attrs: Option<&BTreeSet<Attribute>>,
+    ) -> Vec<AccessControlSearchResolved<'b>> {
         let search_state = self.get_search();
         let acp_resolve_filter_cache = self.get_acp_resolve_filter_cache();
 
@@ -249,8 +267,18 @@ pub trait AccessControlsTransaction<'a> {
             })
             .collect();
 
+        // Trim any search rule that doesn't provide attributes related to the request.
+        let related_acp = if let Some(r_attrs) = attrs.as_ref() {
+            related_acp
+                .into_iter()
+                .filter(|acs| !acs.acp.attrs.is_disjoint(r_attrs))
+                .collect()
+        } else {
+            // None here means all attrs requested.
+            related_acp
+        };
+
         related_acp
-        // }
     }
 
     #[instrument(level = "debug", name = "access::filter_entries", skip_all)]
@@ -267,7 +295,7 @@ pub trait AccessControlsTransaction<'a> {
         let requested_attrs: BTreeSet<Attribute> = filter_orig.get_attr_set();
 
         // First get the set of acps that apply to this receiver
-        let related_acp = self.search_related_acp(ident);
+        let related_acp = self.search_related_acp(ident, None);
 
         // For each entry.
         let entries_is_empty = entries.is_empty();
@@ -318,33 +346,61 @@ pub trait AccessControlsTransaction<'a> {
         name = "access::search_filter_entry_attributes",
         skip_all
     )]
-    fn search_filter_entry_attributes(
-        &self,
+    fn search_filter_entry_attributes<'b>(
+        &'b self,
         se: &SearchEvent,
         entries: Vec<Arc<EntrySealedCommitted>>,
-    ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError> {
+    ) -> Result<Vec<EntryReducedCommitted>, OperationError> {
+        struct DoEffectiveCheck<'b> {
+            modify_related_acp: Vec<AccessControlModifyResolved<'b>>,
+            delete_related_acp: Vec<AccessControlDeleteResolved<'b>>,
+            sync_agmts: &'b HashMap<Uuid, BTreeSet<Attribute>>,
+        }
+
+        let ident_uuid = match &se.ident.origin {
+            IdentType::Internal => {
+                // In production we can't risk leaking data here, so we return
+                // empty sets.
+                security_critical!("IMPOSSIBLE STATE: Internal search in external interface?! Returning empty for safety.");
+                // No need to check ACS
+                return Err(OperationError::InvalidState);
+            }
+            IdentType::Synch(_) => {
+                security_critical!("Blocking sync check");
+                return Err(OperationError::InvalidState);
+            }
+            IdentType::User(u) => u.entry.get_uuid(),
+        };
+
         // Build a reference set from the req_attrs. This is what we test against
         // to see if the attribute is something we currently want.
 
+        let do_effective_check = se.effective_access_check.then(|| {
+            debug!("effective permission check requested during reduction phase");
+
+            // == modify ==
+            let modify_related_acp = self.modify_related_acp(&se.ident);
+            // == delete ==
+            let delete_related_acp = self.delete_related_acp(&se.ident);
+
+            let sync_agmts = self.get_sync_agreements();
+
+            DoEffectiveCheck {
+                modify_related_acp,
+                delete_related_acp,
+                sync_agmts,
+            }
+        });
+
         // Get the relevant acps for this receiver.
-        let related_acp = self.search_related_acp(&se.ident);
-        let related_acp: Vec<_> = if let Some(r_attrs) = se.attrs.as_ref() {
-            // If the acp doesn't overlap with our requested attrs, there is no point in
-            // testing it!
-            related_acp
-                .into_iter()
-                .filter(|acs| !acs.acp.attrs.is_disjoint(r_attrs))
-                .collect()
-        } else {
-            related_acp
-        };
+        let search_related_acp = self.search_related_acp(&se.ident, se.attrs.as_ref());
 
         // For each entry.
         let entries_is_empty = entries.is_empty();
         let allowed_entries: Vec<_> = entries
             .into_iter()
-            .filter_map(|e| {
-                match apply_search_access(&se.ident, related_acp.as_slice(), &e) {
+            .filter_map(|entry| {
+                match apply_search_access(&se.ident, &search_related_acp, &entry) {
                     SearchResult::Denied => {
                         None
                     }
@@ -369,11 +425,20 @@ pub trait AccessControlsTransaction<'a> {
                             allowed_attrs
                         };
 
-                        if reduced_attrs.is_empty() {
-                            None
-                        } else {
-                            Some(e.reduce_attributes(&reduced_attrs))
-                        }
+                        let effective_permissions = do_effective_check.as_ref().map(|do_check| {
+                            self.entry_effective_permission_check(
+                                &se.ident,
+                                ident_uuid,
+                                &entry,
+                                &search_related_acp,
+                                &do_check.modify_related_acp,
+                                &do_check.delete_related_acp,
+                                do_check.sync_agmts,
+                            )
+                        })
+                        .map(Box::new);
+
+                        Some(entry.reduce_attributes(&reduced_attrs, effective_permissions))
                     }
                 }
 
@@ -798,7 +863,7 @@ pub trait AccessControlsTransaction<'a> {
         // have an entry template. I think james was right about the create being
         // a template copy op ...
 
-        match &ident.origin {
+        let ident_uuid = match &ident.origin {
             IdentType::Internal => {
                 // In production we can't risk leaking data here, so we return
                 // empty sets.
@@ -810,7 +875,7 @@ pub trait AccessControlsTransaction<'a> {
                 security_critical!("Blocking sync check");
                 return Err(OperationError::InvalidState);
             }
-            IdentType::User(_) => {}
+            IdentType::User(u) => u.entry.get_uuid(),
         };
 
         trace!(ident = %ident, "Effective permission check");
@@ -818,71 +883,26 @@ pub trait AccessControlsTransaction<'a> {
 
         // == search ==
         // Get the relevant acps for this receiver.
-        let search_related_acp = self.search_related_acp(ident);
-        // Trim any search rule that doesn't provide attributes related to the request.
-        let search_related_acp = if let Some(r_attrs) = attrs.as_ref() {
-            search_related_acp
-                .into_iter()
-                .filter(|acs| !acs.acp.attrs.is_disjoint(r_attrs))
-                .collect()
-        } else {
-            // None here means all attrs requested.
-            search_related_acp
-        };
-
+        let search_related_acp = self.search_related_acp(ident, attrs.as_ref());
         // == modify ==
-
         let modify_related_acp = self.modify_related_acp(ident);
+        // == delete ==
         let delete_related_acp = self.delete_related_acp(ident);
 
         let sync_agmts = self.get_sync_agreements();
 
         let effective_permissions: Vec<_> = entries
             .iter()
-            .map(|e| {
-                // == search ==
-                let search_effective =
-                    match apply_search_access(ident, search_related_acp.as_slice(), e) {
-                        SearchResult::Denied => Access::Denied,
-                        SearchResult::Grant => Access::Grant,
-                        SearchResult::Allow(allowed_attrs) => {
-                            // Bound by requested attrs?
-                            Access::Allow(allowed_attrs.into_iter().collect())
-                        }
-                    };
-
-                // == modify ==
-                let (modify_pres, modify_rem, modify_class) = match apply_modify_access(
+            .map(|entry| {
+                self.entry_effective_permission_check(
                     ident,
-                    modify_related_acp.as_slice(),
+                    ident_uuid,
+                    entry,
+                    &search_related_acp,
+                    &modify_related_acp,
+                    &delete_related_acp,
                     sync_agmts,
-                    e,
-                ) {
-                    ModifyResult::Denied => (Access::Denied, Access::Denied, AccessClass::Denied),
-                    ModifyResult::Grant => (Access::Grant, Access::Grant, AccessClass::Grant),
-                    ModifyResult::Allow { pres, rem, cls } => (
-                        Access::Allow(pres.into_iter().collect()),
-                        Access::Allow(rem.into_iter().collect()),
-                        AccessClass::Allow(cls.into_iter().map(|s| s.into()).collect()),
-                    ),
-                };
-
-                // == delete ==
-                let delete_status = apply_delete_access(ident, delete_related_acp.as_slice(), e);
-
-                let delete = match delete_status {
-                    DeleteResult::Denied => false,
-                    DeleteResult::Grant => true,
-                };
-
-                AccessEffectivePermission {
-                    target: e.get_uuid(),
-                    delete,
-                    search: search_effective,
-                    modify_pres,
-                    modify_rem,
-                    modify_class,
-                }
+                )
             })
             .collect();
 
@@ -892,6 +912,57 @@ pub trait AccessControlsTransaction<'a> {
 
         Ok(effective_permissions)
     }
+
+    fn entry_effective_permission_check<'b>(
+        &'b self,
+        ident: &Identity,
+        ident_uuid: Uuid,
+        entry: &Arc<EntrySealedCommitted>,
+        search_related_acp: &[AccessControlSearchResolved<'b>],
+        modify_related_acp: &[AccessControlModifyResolved<'b>],
+        delete_related_acp: &[AccessControlDeleteResolved<'b>],
+        sync_agmts: &HashMap<Uuid, BTreeSet<Attribute>>,
+    ) -> AccessEffectivePermission {
+        // == search ==
+        let search_effective = match apply_search_access(ident, search_related_acp, entry) {
+            SearchResult::Denied => Access::Denied,
+            SearchResult::Grant => Access::Grant,
+            SearchResult::Allow(allowed_attrs) => {
+                // Bound by requested attrs?
+                Access::Allow(allowed_attrs.into_iter().collect())
+            }
+        };
+
+        // == modify ==
+        let (modify_pres, modify_rem, modify_class) =
+            match apply_modify_access(ident, modify_related_acp, sync_agmts, entry) {
+                ModifyResult::Denied => (Access::Denied, Access::Denied, AccessClass::Denied),
+                ModifyResult::Grant => (Access::Grant, Access::Grant, AccessClass::Grant),
+                ModifyResult::Allow { pres, rem, cls } => (
+                    Access::Allow(pres.into_iter().collect()),
+                    Access::Allow(rem.into_iter().collect()),
+                    AccessClass::Allow(cls.into_iter().map(|s| s.into()).collect()),
+                ),
+            };
+
+        // == delete ==
+        let delete_status = apply_delete_access(ident, delete_related_acp, entry);
+
+        let delete = match delete_status {
+            DeleteResult::Denied => false,
+            DeleteResult::Grant => true,
+        };
+
+        AccessEffectivePermission {
+            ident: ident_uuid,
+            target: entry.get_uuid(),
+            delete,
+            search: search_effective,
+            modify_pres,
+            modify_rem,
+            modify_class,
+        }
+    }
 }
 
 pub struct AccessControlsWriteTransaction<'a> {
@@ -2535,6 +2606,7 @@ mod tests {
             vec![],
             &r_set,
             vec![AccessEffectivePermission {
+                ident: UUID_TEST_ACCOUNT_1,
                 delete: false,
                 target: uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
                 search: Access::Allow(btreeset![Attribute::Name]),
@@ -2576,6 +2648,7 @@ mod tests {
             )],
             &r_set,
             vec![AccessEffectivePermission {
+                ident: UUID_TEST_ACCOUNT_1,
                 delete: false,
                 target: uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
                 search: Access::Allow(BTreeSet::new()),
diff --git a/server/lib/src/server/mod.rs b/server/lib/src/server/mod.rs
index 5230138e0..f9b2e2012 100644
--- a/server/lib/src/server/mod.rs
+++ b/server/lib/src/server/mod.rs
@@ -284,7 +284,7 @@ pub trait QueryServerTransaction<'a> {
     fn search_ext(
         &mut self,
         se: &SearchEvent,
-    ) -> Result<Vec<Entry<EntryReduced, EntryCommitted>>, OperationError> {
+    ) -> Result<Vec<EntryReducedCommitted>, OperationError> {
         /*
          * This just wraps search, but it's for the external interface
          * so as a result it also reduces the entry set's attributes at
@@ -1546,6 +1546,7 @@ impl QueryServerReadTransaction<'_> {
             filter: f_valid,
             filter_orig: f_intent_valid,
             attrs: r_attrs,
+            effective_access_check: query.ext_access_check,
         };
 
         let mut vs = self.search_ext(&se)?;
@@ -2639,6 +2640,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
 mod tests {
     use crate::prelude::*;
     use kanidm_proto::scim_v1::server::ScimReference;
+    use kanidm_proto::scim_v1::ScimEntryGetQuery;
 
     #[qs_test]
     async fn test_name_to_uuid(server: &QueryServer) {
@@ -3046,4 +3048,47 @@ mod tests {
             }
         }
     }
+
+    #[qs_test]
+    async fn test_scim_effective_access_query(server: &QueryServer) {
+        let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
+
+        let group_uuid = Uuid::new_v4();
+        let e1 = entry_init!(
+            (Attribute::Class, EntryClass::Object.to_value()),
+            (Attribute::Class, EntryClass::Group.to_value()),
+            (Attribute::Name, Value::new_iname("testgroup")),
+            (Attribute::Uuid, Value::Uuid(group_uuid))
+        );
+
+        assert!(server_txn.internal_create(vec![e1]).is_ok());
+        assert!(server_txn.commit().is_ok());
+
+        // Now read that entry.
+
+        let mut server_txn = server.read().await.unwrap();
+
+        let idm_admin_entry = server_txn.internal_search_uuid(UUID_IDM_ADMIN).unwrap();
+        let idm_admin_ident = Identity::from_impersonate_entry_readwrite(idm_admin_entry);
+
+        let query = ScimEntryGetQuery {
+            ext_access_check: true,
+            ..Default::default()
+        };
+
+        let scim_entry = server_txn
+            .scim_entry_id_get_ext(group_uuid, EntryClass::Group, query, idm_admin_ident)
+            .unwrap();
+
+        let ext_access_check = scim_entry.ext_access_check.unwrap();
+
+        trace!(?ext_access_check);
+
+        assert!(ext_access_check.delete);
+        assert!(ext_access_check.search.check(&Attribute::DirectMemberOf));
+        assert!(ext_access_check.search.check(&Attribute::MemberOf));
+        assert!(ext_access_check.search.check(&Attribute::Name));
+        assert!(ext_access_check.modify_present.check(&Attribute::Name));
+        assert!(ext_access_check.modify_remove.check(&Attribute::Name));
+    }
 }
diff --git a/server/lib/src/server/scim.rs b/server/lib/src/server/scim.rs
index a6a190df4..be529e8be 100644
--- a/server/lib/src/server/scim.rs
+++ b/server/lib/src/server/scim.rs
@@ -14,6 +14,10 @@ pub struct ScimEntryPutEvent {
     /// Update an attribute to contain the following value state.
     /// If the attribute is None, it is removed.
     pub attrs: BTreeMap<Attribute, Option<ValueSet>>,
+
+    /// If an effective access check should be carried out post modification
+    /// of the entries
+    pub effective_access_check: bool,
 }
 
 impl ScimEntryPutEvent {
@@ -33,10 +37,13 @@ impl ScimEntryPutEvent {
             })
             .collect::<Result<_, _>>()?;
 
+        let query = entry.query;
+
         Ok(ScimEntryPutEvent {
             ident,
             target,
             attrs,
+            effective_access_check: query.ext_access_check,
         })
     }
 }
@@ -54,6 +61,7 @@ impl QueryServerWriteTransaction<'_> {
             ident,
             target,
             attrs,
+            effective_access_check,
         } = scim_entry_put;
 
         // This function transforms the put event into a modify event.
@@ -91,6 +99,7 @@ impl QueryServerWriteTransaction<'_> {
             filter_orig: f_intent_valid,
             // Return all attributes, even ones we didn't affect
             attrs: None,
+            effective_access_check,
         };
 
         let mut vs = self.search_ext(&se)?;
diff --git a/server/testkit/tests/scim_test.rs b/server/testkit/tests/scim_test.rs
index 9ee7c2d98..b760406eb 100644
--- a/server/testkit/tests/scim_test.rs
+++ b/server/testkit/tests/scim_test.rs
@@ -202,6 +202,7 @@ async fn test_scim_sync_entry_get(rsclient: KanidmClient) {
     // Limit the attributes we want.
     let query = ScimEntryGetQuery {
         attributes: Some(vec![Attribute::Name]),
+        ..Default::default()
     };
 
     let scim_entry = rsclient
@@ -238,6 +239,7 @@ async fn test_scim_sync_entry_get(rsclient: KanidmClient) {
     // Limit the attributes we want.
     let query = ScimEntryGetQuery {
         attributes: Some(vec![Attribute::Name]),
+        ..Default::default()
     };
 
     let scim_entry = rsclient
diff --git a/tools/cli/src/cli/person.rs b/tools/cli/src/cli/person.rs
index 0626af6c5..2469fb85b 100644
--- a/tools/cli/src/cli/person.rs
+++ b/tools/cli/src/cli/person.rs
@@ -238,6 +238,7 @@ impl PersonOpt {
                             aopt.aopts.account_id.as_str(),
                             Some(ScimEntryGetQuery {
                                 attributes: Some(vec![Attribute::SshPublicKey]),
+                                ..Default::default()
                             }),
                         )
                         .await

From c324fa92f5611663504c7b197b67d819146871a8 Mon Sep 17 00:00:00 2001
From: George Wu <gbw@users.noreply.github.com>
Date: Mon, 20 Jan 2025 12:43:26 -0800
Subject: [PATCH 60/87] fix(ci): Add setup-oras step to include ORAS CLI for
 container builds on ubuntu-24.04. (#3368)

---
 .github/workflows/docker_build_kanidm.yml  | 3 ++-
 .github/workflows/docker_build_kanidmd.yml | 3 ++-
 .github/workflows/docker_build_radiusd.yml | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker_build_kanidm.yml b/.github/workflows/docker_build_kanidm.yml
index 8e351caf0..68c120155 100644
--- a/.github/workflows/docker_build_kanidm.yml
+++ b/.github/workflows/docker_build_kanidm.yml
@@ -71,7 +71,8 @@ jobs:
         with:
           name: kanidm-docker
           path: /tmp
-
+      - name: Set up ORAS
+        uses: oras-project/setup-oras@v1
       - name: Push image to GHCR
         run: |
           echo "${{ secrets.GITHUB_TOKEN }}" | \
diff --git a/.github/workflows/docker_build_kanidmd.yml b/.github/workflows/docker_build_kanidmd.yml
index 18d8b8a62..a4ada5cb6 100644
--- a/.github/workflows/docker_build_kanidmd.yml
+++ b/.github/workflows/docker_build_kanidmd.yml
@@ -88,7 +88,8 @@ jobs:
         with:
           name: kanidmd-docker
           path: /tmp
-
+      - name: Set up ORAS
+        uses: oras-project/setup-oras@v1
       - name: Push image to GHCR
         run: |
           echo "${{ secrets.GITHUB_TOKEN }}" | \
diff --git a/.github/workflows/docker_build_radiusd.yml b/.github/workflows/docker_build_radiusd.yml
index 45ce04147..c6f8a8846 100644
--- a/.github/workflows/docker_build_radiusd.yml
+++ b/.github/workflows/docker_build_radiusd.yml
@@ -70,7 +70,8 @@ jobs:
         with:
           name: radius-docker
           path: /tmp
-
+      - name: Set up ORAS
+        uses: oras-project/setup-oras@v1
       # Docker won't directly import OCI images and keep their multi-arch
       # features, but ORAS will: https://oras.land/docs/commands/oras_copy
       - name: Push image to GHCR

From 10f03e19c018a2ed200f9fa04e20897bff57f6d9 Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Tue, 21 Jan 2025 20:26:43 +1100
Subject: [PATCH 61/87] Added shell.nix to create dev environment (#3362)

---
 CODEOWNERS          |  2 ++
 rust-toolchain.toml |  2 ++
 shell.nix           | 25 +++++++++++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 rust-toolchain.toml
 create mode 100644 shell.nix

diff --git a/CODEOWNERS b/CODEOWNERS
index f6e57524b..fccf9d157 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1,2 +1,4 @@
 # yale-mistakes were made
 /pykanidm/* @yaleman
+# Least qualified nix guy :P
+shell.nix @cebbinghaus
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
new file mode 100644
index 000000000..31578d3bf
--- /dev/null
+++ b/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+channel = "stable"
\ No newline at end of file
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 000000000..2f07072c3
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,25 @@
+{ pkgs ? import <nixpkgs> {} }:
+	let
+	overrides = (builtins.fromTOML (builtins.readFile ./rust-toolchain.toml));
+in
+pkgs.mkShellNoCC rec {
+	# Kanidm dependencies
+	buildInputs = with pkgs; [
+		pkg-config
+		
+		cargo
+		rustc
+
+		clang
+		llvmPackages.bintools
+		
+		openssl
+	] ++ pkgs.lib.optionals (pkgs.stdenv.isLinux) [
+		systemd
+		linux-pam
+	];
+	
+	RUSTC_VERSION = overrides.toolchain.channel;
+	# https://github.com/rust-lang/rust-bindgen#environment-variables
+	LIBCLANG_PATH = pkgs.lib.makeLibraryPath [ pkgs.llvmPackages_latest.libclang.lib ];
+}
\ No newline at end of file

From 12532ee32d5324afb6d104f48f1c60cfca80fd3f Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Tue, 21 Jan 2025 20:45:06 +1100
Subject: [PATCH 62/87] Book: Added small section on primary cred fallback
 (#3365)

---
 book/src/accounts/account_policy.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/book/src/accounts/account_policy.md b/book/src/accounts/account_policy.md
index 024006cf9..c6c5674bf 100644
--- a/book/src/accounts/account_policy.md
+++ b/book/src/accounts/account_policy.md
@@ -188,6 +188,23 @@ account policy for a group. For example, to set the allowlist for all persons, r
 kanidm group account-policy webauthn-attestation-ca-list idm_all_persons trusted-authenticators
 ```
 
+### Setting Primary Credential Fallback
+
+The primary credential fallback enables behavior which allows authenticating
+using the primary account password when logging in via LDAP.
+
+If both an LDAP and primary password are specified, Kanidm will only accept the LDAP password.
+
+```bash
+kanidm group account-policy allow-primary-cred-fallback <group name> <enabled>
+```
+
+to disable it for a group you would run:
+
+```bash
+kanidm group account-policy allow-primary-cred-fallback <group name> false
+```
+
 ## Global Settings
 
 There are a small number of account policy settings that are set globally rather than on a per group

From ed76bdbfb1cc283cfe1ea73244b6fc63ec5a98c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 29 Jan 2025 13:57:38 +1000
Subject: [PATCH 63/87] Bump the all group with 22 updates (#3376)

* Bump the all group with 22 updates

Bumps the all group with 22 updates:

| Package | From | To |
| --- | --- | --- |
| [async-trait](https://github.com/dtolnay/async-trait) | `0.1.83` | `0.1.85` |
| [bitflags](https://github.com/bitflags/bitflags) | `2.6.0` | `2.8.0` |
| [clap](https://github.com/clap-rs/clap) | `4.5.23` | `4.5.27` |
| [clap_complete](https://github.com/clap-rs/clap) | `4.5.40` | `4.5.42` |
| [lodepng](https://github.com/kornelski/lodepng-rust) | `3.10.7` | `3.11.0` |
| [openssl](https://github.com/sfackler/rust-openssl) | `0.10.68` | `0.10.69` |
| [proc-macro2](https://github.com/dtolnay/proc-macro2) | `1.0.92` | `1.0.93` |
| [reqwest](https://github.com/seanmonstar/reqwest) | `0.12.11` | `0.12.12` |
| [rustls](https://github.com/rustls/rustls) | `0.23.20` | `0.23.21` |
| [sd-notify](https://github.com/lnicola/sd-notify) | `0.4.4` | `0.4.5` |
| [serde_json](https://github.com/serde-rs/json) | `1.0.134` | `1.0.137` |
| [syn](https://github.com/dtolnay/syn) | `2.0.93` | `2.0.96` |
| [tempfile](https://github.com/Stebalien/tempfile) | `3.14.0` | `3.15.0` |
| [tokio](https://github.com/tokio-rs/tokio) | `1.42.0` | `1.43.0` |
| [uuid](https://github.com/uuid-rs/uuid) | `1.11.0` | `1.12.1` |
| [oauth2](https://github.com/ramosbugs/oauth2-rs) | `4.4.2` | `5.0.0` |
| [cc](https://github.com/rust-lang/cc-rs) | `1.2.6` | `1.2.10` |
| [axum-extra](https://github.com/tokio-rs/axum) | `0.9.6` | `0.10.0` |
| [axum-macros](https://github.com/tokio-rs/axum) | `0.4.2` | `0.5.0` |
| [fantoccini](https://github.com/jonhoo/fantoccini) | `0.21.3` | `0.21.4` |
| [petgraph](https://github.com/petgraph/petgraph) | `0.6.5` | `0.7.1` |
| [jsonschema](https://github.com/Stranger6667/jsonschema) | `0.28.0` | `0.28.3` |


Updates `async-trait` from 0.1.83 to 0.1.85
- [Release notes](https://github.com/dtolnay/async-trait/releases)
- [Commits](https://github.com/dtolnay/async-trait/compare/0.1.83...0.1.85)

Updates `bitflags` from 2.6.0 to 2.8.0
- [Release notes](https://github.com/bitflags/bitflags/releases)
- [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bitflags/bitflags/compare/2.6.0...2.8.0)

Updates `clap` from 4.5.23 to 4.5.27
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.23...clap_complete-v4.5.27)

Updates `clap_complete` from 4.5.40 to 4.5.42
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_complete-v4.5.40...clap_complete-v4.5.42)

Updates `lodepng` from 3.10.7 to 3.11.0
- [Commits](https://github.com/kornelski/lodepng-rust/compare/v3.10.7...v3.11.0)

Updates `openssl` from 0.10.68 to 0.10.69
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.68...openssl-v0.10.69)

Updates `proc-macro2` from 1.0.92 to 1.0.93
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.92...1.0.93)

Updates `reqwest` from 0.12.11 to 0.12.12
- [Release notes](https://github.com/seanmonstar/reqwest/releases)
- [Changelog](https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/reqwest/compare/v0.12.11...v0.12.12)

Updates `rustls` from 0.23.20 to 0.23.21
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rustls/rustls/compare/v/0.23.20...v/0.23.21)

Updates `sd-notify` from 0.4.4 to 0.4.5
- [Changelog](https://github.com/lnicola/sd-notify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lnicola/sd-notify/compare/v0.4.4...v0.4.5)

Updates `serde_json` from 1.0.134 to 1.0.137
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.134...v1.0.137)

Updates `syn` from 2.0.93 to 2.0.96
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.93...2.0.96)

Updates `tempfile` from 3.14.0 to 3.15.0
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.14.0...v3.15.0)

Updates `tokio` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/tokio-rs/tokio/releases)
- [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.42.0...tokio-1.43.0)

Updates `uuid` from 1.11.0 to 1.12.1
- [Release notes](https://github.com/uuid-rs/uuid/releases)
- [Commits](https://github.com/uuid-rs/uuid/compare/1.11.0...1.12.1)

Updates `oauth2` from 4.4.2 to 5.0.0
- [Release notes](https://github.com/ramosbugs/oauth2-rs/releases)
- [Upgrade guide](https://github.com/ramosbugs/oauth2-rs/blob/main/UPGRADE.md)
- [Commits](https://github.com/ramosbugs/oauth2-rs/compare/4.4.2...5.0.0)

Updates `cc` from 1.2.6 to 1.2.10
- [Release notes](https://github.com/rust-lang/cc-rs/releases)
- [Changelog](https://github.com/rust-lang/cc-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/cc-rs/compare/cc-v1.2.6...cc-v1.2.10)

Updates `axum-extra` from 0.9.6 to 0.10.0
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-extra-v0.9.6...axum-extra-v0.10.0)

Updates `axum-macros` from 0.4.2 to 0.5.0
- [Release notes](https://github.com/tokio-rs/axum/releases)
- [Changelog](https://github.com/tokio-rs/axum/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tokio-rs/axum/compare/axum-macros-v0.4.2...axum-macros-v0.5.0)

Updates `fantoccini` from 0.21.3 to 0.21.4
- [Commits](https://github.com/jonhoo/fantoccini/compare/v0.21.3...v0.21.4)

Updates `petgraph` from 0.6.5 to 0.7.1
- [Changelog](https://github.com/petgraph/petgraph/blob/master/RELEASES.rst)
- [Commits](https://github.com/petgraph/petgraph/compare/petgraph@v0.6.5...petgraph@v0.7.1)

Updates `jsonschema` from 0.28.0 to 0.28.3
- [Release notes](https://github.com/Stranger6667/jsonschema/releases)
- [Changelog](https://github.com/Stranger6667/jsonschema/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stranger6667/jsonschema/compare/rust-v0.28.0...rust-v0.28.3)

---
updated-dependencies:
- dependency-name: async-trait
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: bitflags
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: clap_complete
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: lodepng
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: openssl
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: proc-macro2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: reqwest
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sd-notify
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: syn
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tempfile
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: tokio
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: oauth2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: cc
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: axum-extra
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: axum-macros
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: fantoccini
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: petgraph
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* ok the otel stuff works now

* linting fixes

* fix: less parse more from_str, adding a todo

* fix: removing a TODO

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 Cargo.lock                                | 788 +++++++++-------------
 Cargo.toml                                |  43 +-
 libs/sketching/Cargo.toml                 |   7 +-
 libs/sketching/src/otel.rs                | 119 ++--
 server/core/Cargo.toml                    |   2 +-
 server/lib/src/idm/application.rs         |   2 +-
 server/lib/src/idm/ldap.rs                |   4 +-
 server/lib/src/idm/oauth2.rs              |   2 +-
 server/lib/src/idm/reauth.rs              |   2 +-
 server/lib/src/idm/server.rs              |   2 +-
 server/lib/src/modify.rs                  |   5 +-
 server/lib/src/valueset/eckey.rs          |   4 +-
 server/testkit/Cargo.toml                 |   6 +-
 tools/device_flow/Cargo.toml              |   4 +-
 tools/device_flow/examples/device_flow.rs |  84 ++-
 unix_integration/nss_kanidm/Cargo.toml    |   2 +-
 16 files changed, 474 insertions(+), 602 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 34310e226..8570ee139 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -102,11 +102,12 @@ dependencies = [
 
 [[package]]
 name = "anstyle-wincon"
-version = "3.0.6"
+version = "3.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2109dbce0e72be3ec00bed26e6a7479ca384ad226efdd66db8fa2e3a38c83125"
+checksum = "ca3534e77181a9cc07539ad51f2141fe32f6c3ffd4df76db8ad92346b003ae4e"
 dependencies = [
  "anstyle",
+ "once_cell",
  "windows-sys 0.59.0",
 ]
 
@@ -155,7 +156,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a41603f7cdbf5ac4af60760f17253eb6adf6ec5b6f14a7ed830cf687d375f163"
 dependencies = [
  "askama",
- "axum-core 0.4.5",
+ "axum-core",
  "http 1.2.0",
 ]
 
@@ -172,7 +173,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "serde",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -214,7 +215,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
  "synstructure",
 ]
 
@@ -226,7 +227,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -277,18 +278,18 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "async-trait"
-version = "0.1.83"
+version = "0.1.85"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd"
+checksum = "3f934833b4b7233644e5848f235df3f57ed8c80f1528a26c3dfa13d2147fa056"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -330,34 +331,6 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
-[[package]]
-name = "axum"
-version = "0.6.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf"
-dependencies = [
- "async-trait",
- "axum-core 0.3.4",
- "bitflags 1.3.2",
- "bytes",
- "futures-util",
- "http 0.2.12",
- "http-body 0.4.6",
- "hyper 0.14.32",
- "itoa",
- "matchit",
- "memchr",
- "mime",
- "percent-encoding",
- "pin-project-lite",
- "rustversion",
- "serde",
- "sync_wrapper 0.1.2",
- "tower 0.4.13",
- "tower-layer",
- "tower-service",
-]
-
 [[package]]
 name = "axum"
 version = "0.7.9"
@@ -365,7 +338,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f"
 dependencies = [
  "async-trait",
- "axum-core 0.4.5",
+ "axum-core",
  "axum-macros",
  "bytes",
  "futures-util",
@@ -394,23 +367,6 @@ dependencies = [
  "tracing",
 ]
 
-[[package]]
-name = "axum-core"
-version = "0.3.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c"
-dependencies = [
- "async-trait",
- "bytes",
- "futures-util",
- "http 0.2.12",
- "http-body 0.4.6",
- "mime",
- "rustversion",
- "tower-layer",
- "tower-service",
-]
-
 [[package]]
 name = "axum-core"
 version = "0.4.5"
@@ -438,8 +394,8 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c794b30c904f0a1c2fb7740f7df7f7972dfaa14ef6f57cb6178dc63e5dca2f04"
 dependencies = [
- "axum 0.7.9",
- "axum-core 0.4.5",
+ "axum",
+ "axum-core",
  "bytes",
  "cookie 0.18.1",
  "fastrand",
@@ -463,7 +419,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "40f7051fdc094b6e5ea06cab9bca4b198c54dee4472a9419155f0ff19f19901e"
 dependencies = [
  "async-trait",
- "axum-core 0.4.5",
+ "axum-core",
  "futures-core",
  "http 1.2.0",
  "pin-project-lite",
@@ -480,7 +436,7 @@ checksum = "57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -573,7 +529,7 @@ version = "0.66.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f2b84e06fc203107bfbad243f4aba2af864eb7db3b1cf46ea0a023b0b433d2a7"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "cexpr",
  "clang-sys",
  "lazy_static",
@@ -586,7 +542,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.93",
+ "syn 2.0.96",
  "which",
 ]
 
@@ -596,7 +552,7 @@ version = "0.70.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "cexpr",
  "clang-sys",
  "itertools 0.13.0",
@@ -607,7 +563,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -654,9 +610,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
 [[package]]
 name = "bitflags"
-version = "2.6.0"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
+checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"
 
 [[package]]
 name = "blake2"
@@ -684,9 +640,9 @@ checksum = "3eeab4423108c5d7c744f4d234de88d18d636100093ae04caf4825134b9c3a32"
 
 [[package]]
 name = "bstr"
-version = "1.11.1"
+version = "1.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "786a307d683a5bf92e6fd5fd69a7eb613751668d1d8d67d802846dfe367c62c8"
+checksum = "531a9155a481e2ee699d4f98f43c0ca4ff8ee1bfd55c31e9e98fb29d2b176fe0"
 dependencies = [
  "memchr",
  "regex-automata 0.4.9",
@@ -725,9 +681,9 @@ checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
 
 [[package]]
 name = "cc"
-version = "1.2.6"
+version = "1.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d6dbb628b8f8555f86d0323c2eb39e3ec81901f4b83e091db8a6a76d316a333"
+checksum = "13208fcbb66eaeffe09b99fffbe1af420f00a7b35aa99ad683dfc1aa76145229"
 dependencies = [
  "shlex",
 ]
@@ -787,9 +743,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.23"
+version = "4.5.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84"
+checksum = "769b0145982b4b48713e01ec42d61614425f27b7058bda7180a3a41f30104796"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -797,9 +753,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.23"
+version = "4.5.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838"
+checksum = "1b26884eb4b57140e4d2d93652abfa49498b938b3c9179f9fc487b0acc3edad7"
 dependencies = [
  "anstream",
  "anstyle",
@@ -809,23 +765,23 @@ dependencies = [
 
 [[package]]
 name = "clap_complete"
-version = "4.5.40"
+version = "4.5.42"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac2e663e3e3bed2d32d065a8404024dad306e699a04263ec59919529f803aee9"
+checksum = "33a7e468e750fa4b6be660e8b5651ad47372e8fb114030b594c2d75d48c5ffd0"
 dependencies = [
  "clap",
 ]
 
 [[package]]
 name = "clap_derive"
-version = "4.5.18"
+version = "4.5.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab"
+checksum = "54b755194d6389280185988721fffba69495eed5ee9feeee9a599b53db80318c"
 dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -974,9 +930,9 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
 
 [[package]]
 name = "cpufeatures"
-version = "0.2.16"
+version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
 dependencies = [
  "libc",
 ]
@@ -1104,7 +1060,7 @@ dependencies = [
  "kanidmd_core",
  "mimalloc",
  "prctl",
- "reqwest 0.12.11",
+ "reqwest 0.12.12",
  "sd-notify",
  "serde",
  "serde_json",
@@ -1160,7 +1116,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "strsim 0.11.1",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -1182,14 +1138,14 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core 0.20.10",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "data-encoding"
-version = "2.6.0"
+version = "2.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2"
+checksum = "0e60eed09d8c01d3cee5b7d30acb059b76614c918fa0f992e0dd6eeb10daad6f"
 
 [[package]]
 name = "der"
@@ -1226,7 +1182,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -1353,7 +1309,7 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -1430,27 +1386,27 @@ checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "enumflags2"
-version = "0.7.10"
+version = "0.7.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d232db7f5956f3f14313dc2f87985c58bd2c695ce124c8cdd984e08e15ac133d"
+checksum = "ba2f4b465f5318854c6f8dd686ede6c0a9dc67d4b1ac241cf0eb51521a309147"
 dependencies = [
  "enumflags2_derive",
 ]
 
 [[package]]
 name = "enumflags2_derive"
-version = "0.7.10"
+version = "0.7.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de0d48a183585823424a4ce1aa132d174a6a81bd540895822eb4c8373a8e49e8"
+checksum = "fc4caf64a58d7a6d65ab00639b046ff54399a39f5f2554728895ace4b297cd79"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -1516,9 +1472,9 @@ dependencies = [
 
 [[package]]
 name = "fantoccini"
-version = "0.21.3"
+version = "0.21.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e681009c468d99de858e7757b0cfd5f16311ca999b13ccf543c87da3c04c2c5"
+checksum = "7722aeee9c2be6fa131166990295089d73d973012b758a2208b9ba51af5dd024"
 dependencies = [
  "base64 0.22.1",
  "cookie 0.18.1",
@@ -1587,9 +1543,9 @@ dependencies = [
 
 [[package]]
 name = "fixedbitset"
-version = "0.4.2"
+version = "0.5.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"
+checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99"
 
 [[package]]
 name = "flagset"
@@ -1739,7 +1695,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -1871,16 +1827,16 @@ dependencies = [
  "gix-utils",
  "itoa",
  "thiserror 1.0.69",
- "winnow 0.6.20",
+ "winnow 0.6.24",
 ]
 
 [[package]]
 name = "gix-chunk"
-version = "0.4.10"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6ffbeb3a5c0b8b84c3fe4133a6f8c82fa962f4caefe8d0762eced025d3eb4f7"
+checksum = "0b1f1d8764958699dc764e3f727cef280ff4d1bd92c107bbf8acd85b30c1bd6f"
 dependencies = [
- "thiserror 2.0.8",
+ "thiserror 2.0.11",
 ]
 
 [[package]]
@@ -1915,20 +1871,20 @@ dependencies = [
  "smallvec",
  "thiserror 1.0.69",
  "unicode-bom",
- "winnow 0.6.20",
+ "winnow 0.6.24",
 ]
 
 [[package]]
 name = "gix-config-value"
-version = "0.14.10"
+version = "0.14.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49aaeef5d98390a3bcf9dbc6440b520b793d1bf3ed99317dc407b02be995b28e"
+checksum = "11365144ef93082f3403471dbaa94cfe4b5e72743bdb9560719a251d439f4cee"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "bstr",
  "gix-path",
  "libc",
- "thiserror 2.0.8",
+ "thiserror 2.0.11",
 ]
 
 [[package]]
@@ -2007,7 +1963,7 @@ version = "0.16.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "74908b4bbc0a0a40852737e5d7889f676f081e340d5451a16e5b4c50d592f111"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "bstr",
  "gix-features",
  "gix-path",
@@ -2053,7 +2009,7 @@ checksum = "999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -2072,7 +2028,7 @@ dependencies = [
  "itoa",
  "smallvec",
  "thiserror 1.0.69",
- "winnow 0.6.20",
+ "winnow 0.6.24",
 ]
 
 [[package]]
@@ -2115,26 +2071,26 @@ dependencies = [
 
 [[package]]
 name = "gix-path"
-version = "0.10.13"
+version = "0.10.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "afc292ef1a51e340aeb0e720800338c805975724c1dfbd243185452efd8645b7"
+checksum = "c40f12bb65a8299be0cfb90fe718e3be236b7a94b434877012980863a883a99f"
 dependencies = [
  "bstr",
  "gix-trace",
  "home",
  "once_cell",
- "thiserror 2.0.8",
+ "thiserror 2.0.11",
 ]
 
 [[package]]
 name = "gix-quote"
-version = "0.4.14"
+version = "0.4.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64a1e282216ec2ab2816cd57e6ed88f8009e634aec47562883c05ac8a7009a63"
+checksum = "e49357fccdb0c85c0d3a3292a9f6db32d9b3535959b5471bb9624908f4a066c6"
 dependencies = [
  "bstr",
  "gix-utils",
- "thiserror 2.0.8",
+ "thiserror 2.0.11",
 ]
 
 [[package]]
@@ -2155,7 +2111,7 @@ dependencies = [
  "gix-validate",
  "memmap2",
  "thiserror 1.0.69",
- "winnow 0.6.20",
+ "winnow 0.6.24",
 ]
 
 [[package]]
@@ -2203,11 +2159,11 @@ dependencies = [
 
 [[package]]
 name = "gix-sec"
-version = "0.10.10"
+version = "0.10.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8b876ef997a955397809a2ec398d6a45b7a55b4918f2446344330f778d14fd6"
+checksum = "d84dae13271f4313f8d60a166bf27e54c968c7c33e2ffd31c48cafe5da649875"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "gix-path",
  "libc",
  "windows-sys 0.52.0",
@@ -2228,9 +2184,9 @@ dependencies = [
 
 [[package]]
 name = "gix-trace"
-version = "0.1.11"
+version = "0.1.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04bdde120c29f1fc23a24d3e115aeeea3d60d8e65bab92cc5f9d90d9302eb952"
+checksum = "7c396a2036920c69695f760a65e7f2677267ccf483f25046977d87e4cb2665f7"
 
 [[package]]
 name = "gix-traverse"
@@ -2238,7 +2194,7 @@ version = "0.39.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e499a18c511e71cf4a20413b743b9f5bcf64b3d9e81e9c3c6cd399eae55a8840"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "gix-commitgraph",
  "gix-date",
  "gix-hash",
@@ -2265,9 +2221,9 @@ dependencies = [
 
 [[package]]
 name = "gix-utils"
-version = "0.1.13"
+version = "0.1.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba427e3e9599508ed98a6ddf8ed05493db114564e338e41f6a996d2e4790335f"
+checksum = "ff08f24e03ac8916c478c8419d7d3c33393da9bb41fa4c24455d5406aeefd35f"
 dependencies = [
  "fastrand",
  "unicode-normalization",
@@ -2285,9 +2241,9 @@ dependencies = [
 
 [[package]]
 name = "glob"
-version = "0.3.1"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
+checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
 
 [[package]]
 name = "h2"
@@ -2301,7 +2257,7 @@ dependencies = [
  "futures-sink",
  "futures-util",
  "http 0.2.12",
- "indexmap 2.7.0",
+ "indexmap 2.7.1",
  "slab",
  "tokio",
  "tokio-util",
@@ -2320,7 +2276,7 @@ dependencies = [
  "futures-core",
  "futures-sink",
  "http 1.2.0",
- "indexmap 2.7.0",
+ "indexmap 2.7.1",
  "slab",
  "tokio",
  "tokio-util",
@@ -2525,20 +2481,6 @@ dependencies = [
  "want",
 ]
 
-[[package]]
-name = "hyper-rustls"
-version = "0.24.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590"
-dependencies = [
- "futures-util",
- "http 0.2.12",
- "hyper 0.14.32",
- "rustls 0.21.12",
- "tokio",
- "tokio-rustls 0.24.1",
-]
-
 [[package]]
 name = "hyper-rustls"
 version = "0.27.5"
@@ -2549,25 +2491,26 @@ dependencies = [
  "http 1.2.0",
  "hyper 1.5.2",
  "hyper-util",
- "rustls 0.23.20",
+ "rustls",
  "rustls-native-certs",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls 0.26.1",
+ "tokio-rustls",
  "tower-service",
- "webpki-roots 0.26.7",
+ "webpki-roots",
 ]
 
 [[package]]
 name = "hyper-timeout"
-version = "0.4.1"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1"
+checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0"
 dependencies = [
- "hyper 0.14.32",
+ "hyper 1.5.2",
+ "hyper-util",
  "pin-project-lite",
  "tokio",
- "tokio-io-timeout",
+ "tower-service",
 ]
 
 [[package]]
@@ -2743,7 +2686,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -2825,9 +2768,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.7.0"
+version = "2.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
+checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652"
 dependencies = [
  "equivalent",
  "hashbrown 0.15.2",
@@ -2856,9 +2799,9 @@ dependencies = [
 
 [[package]]
 name = "ipnet"
-version = "2.10.1"
+version = "2.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ddc24109865250148c2e0f3d25d4f0f479571723792d3802153c60922a4fb708"
+checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130"
 
 [[package]]
 name = "is_terminal_polyfill"
@@ -2898,9 +2841,9 @@ checksum = "f5d4a7da358eff58addd2877a45865158f0d78c911d43a5784ceb7bbf52833b0"
 
 [[package]]
 name = "js-sys"
-version = "0.3.76"
+version = "0.3.77"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7"
+checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f"
 dependencies = [
  "once_cell",
  "wasm-bindgen",
@@ -2908,9 +2851,9 @@ dependencies = [
 
 [[package]]
 name = "jsonschema"
-version = "0.28.0"
+version = "0.28.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74d8eb539cdb4222da29bb658cc9881aa2477b33fb1a74c5c31450395fc1a4b2"
+checksum = "4b8f66fe41fa46a5c83ed1c717b7e0b4635988f427083108c8cf0a882cc13441"
 dependencies = [
  "ahash",
  "base64 0.22.1",
@@ -2925,7 +2868,7 @@ dependencies = [
  "percent-encoding",
  "referencing",
  "regex-syntax 0.8.5",
- "reqwest 0.12.11",
+ "reqwest 0.12.12",
  "serde",
  "serde_json",
  "uuid-simd",
@@ -3016,7 +2959,7 @@ dependencies = [
  "hyper 1.5.2",
  "kanidm_lib_file_permissions",
  "kanidm_proto",
- "reqwest 0.12.11",
+ "reqwest 0.12.12",
  "serde",
  "serde_json",
  "serde_urlencoded",
@@ -3036,8 +2979,8 @@ dependencies = [
  "anyhow",
  "base64 0.22.1",
  "kanidm_proto",
- "oauth2",
- "reqwest 0.12.11",
+ "oauth2 5.0.0",
+ "reqwest 0.12.12",
  "sketching",
  "tokio",
  "tracing",
@@ -3202,7 +3145,7 @@ version = "1.5.0-dev"
 dependencies = [
  "askama",
  "askama_axum",
- "axum 0.7.9",
+ "axum",
  "axum-extra",
  "axum-htmx",
  "axum-macros",
@@ -3255,7 +3198,7 @@ version = "1.5.0-dev"
 dependencies = [
  "base64 0.22.1",
  "base64urlsafedata",
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "compact_jwt",
  "concread",
  "dhat",
@@ -3308,7 +3251,7 @@ version = "1.5.0-dev"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -3328,10 +3271,10 @@ dependencies = [
  "kanidm_proto",
  "kanidmd_core",
  "kanidmd_lib",
- "oauth2",
+ "oauth2 4.4.2",
  "openssl",
  "petgraph",
- "reqwest 0.12.11",
+ "reqwest 0.12.12",
  "serde",
  "serde_json",
  "sketching",
@@ -3474,7 +3417,7 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "libc",
  "redox_syscall",
 ]
@@ -3512,9 +3455,9 @@ dependencies = [
 
 [[package]]
 name = "linux-raw-sys"
-version = "0.4.14"
+version = "0.4.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
+checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
 
 [[package]]
 name = "litemap"
@@ -3540,9 +3483,9 @@ dependencies = [
 
 [[package]]
 name = "lodepng"
-version = "3.10.7"
+version = "3.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b2dea7cda68e381418c985fd8f32a9c279a21ae8c715f2376adb20c27a0fad3"
+checksum = "a7720115060cd38dcfe5c758525a43fd34dc615d0566374212ff0dc3b6151eac"
 dependencies = [
  "crc32fast",
  "flate2",
@@ -3552,9 +3495,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.22"
+version = "0.4.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
+checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"
 
 [[package]]
 name = "lru"
@@ -3652,9 +3595,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
 [[package]]
 name = "miniz_oxide"
-version = "0.8.2"
+version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394"
+checksum = "b8402cab7aefae129c6977bb0ff1b8fd9a04eb5b51efc50a70bea51cda0c7924"
 dependencies = [
  "adler2",
 ]
@@ -3707,9 +3650,9 @@ dependencies = [
 
 [[package]]
 name = "native-tls"
-version = "0.2.12"
+version = "0.2.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466"
+checksum = "0dab59f8e050d5df8e4dd87d9206fb6f65a483e20ac9fda365ade4fab353196c"
 dependencies = [
  "libc",
  "log",
@@ -3728,7 +3671,7 @@ version = "0.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "cfg-if",
  "cfg_aliases",
  "libc",
@@ -3759,7 +3702,7 @@ version = "6.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "crossbeam-channel",
  "filetime",
  "fsevent-sys",
@@ -3965,10 +3908,30 @@ dependencies = [
 ]
 
 [[package]]
-name = "object"
-version = "0.36.5"
+name = "oauth2"
+version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e"
+checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d"
+dependencies = [
+ "base64 0.22.1",
+ "chrono",
+ "getrandom",
+ "http 1.2.0",
+ "rand",
+ "reqwest 0.12.12",
+ "serde",
+ "serde_json",
+ "serde_path_to_error",
+ "sha2",
+ "thiserror 1.0.69",
+ "url",
+]
+
+[[package]]
+name = "object"
+version = "0.36.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87"
 dependencies = [
  "memchr",
 ]
@@ -3999,11 +3962,11 @@ checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
 
 [[package]]
 name = "openssl"
-version = "0.10.68"
+version = "0.10.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
+checksum = "f5e534d133a060a3c19daec1eb3e98ec6f4685978834f2dbadfe2ec215bab64e"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "cfg-if",
  "foreign-types",
  "libc",
@@ -4020,14 +3983,14 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "openssl-probe"
-version = "0.1.5"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
 
 [[package]]
 name = "openssl-sys"
@@ -4043,39 +4006,42 @@ dependencies = [
 
 [[package]]
 name = "opentelemetry"
-version = "0.20.0"
+version = "0.27.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54"
+checksum = "ab70038c28ed37b97d8ed414b6429d343a8bbf44c9f79ec854f3a643029ba6d7"
 dependencies = [
- "opentelemetry_api",
- "opentelemetry_sdk",
+ "futures-core",
+ "futures-sink",
+ "js-sys",
+ "pin-project-lite",
+ "thiserror 1.0.69",
+ "tracing",
 ]
 
 [[package]]
 name = "opentelemetry-http"
-version = "0.9.0"
+version = "0.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7594ec0e11d8e33faf03530a4c49af7064ebba81c1480e01be67d90b356508b"
+checksum = "10a8a7f5f6ba7c1b286c2fbca0454eaba116f63bbe69ed250b642d36fbb04d80"
 dependencies = [
  "async-trait",
  "bytes",
- "http 0.2.12",
- "opentelemetry_api",
+ "http 1.2.0",
+ "opentelemetry",
 ]
 
 [[package]]
 name = "opentelemetry-otlp"
-version = "0.13.0"
+version = "0.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e5e5a5c4135864099f3faafbe939eb4d7f9b80ebf68a8448da961b32a7c1275"
+checksum = "91cf61a1868dacc576bf2b2a1c3e9ab150af7272909e80085c3173384fe11f76"
 dependencies = [
  "async-trait",
  "futures-core",
- "http 0.2.12",
+ "http 1.2.0",
+ "opentelemetry",
  "opentelemetry-http",
  "opentelemetry-proto",
- "opentelemetry-semantic-conventions",
- "opentelemetry_api",
  "opentelemetry_sdk",
  "prost",
  "serde",
@@ -4086,11 +4052,11 @@ dependencies = [
 
 [[package]]
 name = "opentelemetry-proto"
-version = "0.3.0"
+version = "0.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1e3f814aa9f8c905d0ee4bde026afd3b2577a97c10e1699912e3e44f0c4cbeb"
+checksum = "a6e05acbfada5ec79023c85368af14abd0b307c015e9064d249b2a950ef459a6"
 dependencies = [
- "opentelemetry_api",
+ "opentelemetry",
  "opentelemetry_sdk",
  "prost",
  "tonic",
@@ -4098,50 +4064,29 @@ dependencies = [
 
 [[package]]
 name = "opentelemetry-semantic-conventions"
-version = "0.12.0"
+version = "0.27.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73c9f9340ad135068800e7f1b24e9e09ed9e7143f5bf8518ded3d3ec69789269"
-dependencies = [
- "opentelemetry",
-]
-
-[[package]]
-name = "opentelemetry_api"
-version = "0.20.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a81f725323db1b1206ca3da8bb19874bbd3f57c3bcd59471bfb04525b265b9b"
-dependencies = [
- "futures-channel",
- "futures-util",
- "indexmap 1.9.3",
- "js-sys",
- "once_cell",
- "pin-project-lite",
- "thiserror 1.0.69",
- "urlencoding",
-]
+checksum = "bc1b6902ff63b32ef6c489e8048c5e253e2e4a803ea3ea7e783914536eb15c52"
 
 [[package]]
 name = "opentelemetry_sdk"
-version = "0.20.0"
+version = "0.27.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa8e705a0612d48139799fcbaba0d4a90f06277153e43dd2bdc16c6f0edd8026"
+checksum = "231e9d6ceef9b0b2546ddf52335785ce41252bc7474ee8ba05bfad277be13ab8"
 dependencies = [
  "async-trait",
- "crossbeam-channel",
  "futures-channel",
  "futures-executor",
  "futures-util",
- "once_cell",
- "opentelemetry_api",
- "ordered-float",
+ "glob",
+ "opentelemetry",
  "percent-encoding",
  "rand",
- "regex",
  "serde_json",
  "thiserror 1.0.69",
  "tokio",
  "tokio-stream",
+ "tracing",
 ]
 
 [[package]]
@@ -4169,20 +4114,11 @@ dependencies = [
  "tracing-subscriber",
 ]
 
-[[package]]
-name = "ordered-float"
-version = "3.9.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1e1c390732d15f1d48471625cd92d154e66db2c56645e29a9cd26f4699f72dc"
-dependencies = [
- "num-traits",
-]
-
 [[package]]
 name = "outref"
-version = "0.5.1"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4030760ffd992bef45b0ae3f10ce1aba99e33464c90d14dd7c039884963ddc7a"
+checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e"
 
 [[package]]
 name = "overload"
@@ -4292,12 +4228,12 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 
 [[package]]
 name = "petgraph"
-version = "0.6.5"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
+checksum = "3672b37090dbd86368a4145bc067582552b29c27377cad4e0a306c97f9bd7772"
 dependencies = [
  "fixedbitset",
- "indexmap 2.7.0",
+ "indexmap 2.7.1",
  "serde",
  "serde_derive",
 ]
@@ -4339,29 +4275,29 @@ dependencies = [
 
 [[package]]
 name = "pin-project"
-version = "1.1.7"
+version = "1.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be57f64e946e500c8ee36ef6331845d40a93055567ec57e8fae13efd33759b95"
+checksum = "1e2ec53ad785f4d35dac0adea7f7dc6f1bb277ad84a680c7afefeae05d1f5916"
 dependencies = [
  "pin-project-internal",
 ]
 
 [[package]]
 name = "pin-project-internal"
-version = "1.1.7"
+version = "1.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c"
+checksum = "d56a66c0c55993aa927429d0f8a0abfd74f084e4d9c192cffed01e418d83eefb"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "pin-project-lite"
-version = "0.2.15"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff"
+checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
 
 [[package]]
 name = "pin-utils"
@@ -4429,12 +4365,12 @@ dependencies = [
 
 [[package]]
 name = "prettyplease"
-version = "0.2.25"
+version = "0.2.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
+checksum = "6924ced06e1f7dfe3fa48d57b9f74f55d8915f5036121bef647ef4b204895fac"
 dependencies = [
  "proc-macro2",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -4473,9 +4409,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.92"
+version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0"
+checksum = "60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99"
 dependencies = [
  "unicode-ident",
 ]
@@ -4488,9 +4424,9 @@ checksum = "744a264d26b88a6a7e37cbad97953fa233b94d585236310bcbc88474b4092d79"
 
 [[package]]
 name = "prost"
-version = "0.11.9"
+version = "0.13.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b82eaa1d779e9a4bc1c3217db8ffbeabaae1dca241bf70183242128d48681cd"
+checksum = "2c0fef6c4230e4ccf618a35c59d7ede15dea37de8427500f50aff708806e42ec"
 dependencies = [
  "bytes",
  "prost-derive",
@@ -4498,15 +4434,15 @@ dependencies = [
 
 [[package]]
 name = "prost-derive"
-version = "0.11.9"
+version = "0.13.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5d2d8d10f3c6ded6da8b05b5fb3b8a5082514344d56c9f871412d29b4e075b4"
+checksum = "157c5a9d7ea5c2ed2d9fb8f495b64759f7816c7eaea54ba3978f0d63000162e3"
 dependencies = [
  "anyhow",
- "itertools 0.10.5",
+ "itertools 0.13.0",
  "proc-macro2",
  "quote",
- "syn 1.0.109",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -4552,9 +4488,9 @@ dependencies = [
  "quinn-proto",
  "quinn-udp",
  "rustc-hash 2.1.0",
- "rustls 0.23.20",
+ "rustls",
  "socket2",
- "thiserror 2.0.8",
+ "thiserror 2.0.11",
  "tokio",
  "tracing",
 ]
@@ -4570,10 +4506,10 @@ dependencies = [
  "rand",
  "ring",
  "rustc-hash 2.1.0",
- "rustls 0.23.20",
+ "rustls",
  "rustls-pki-types",
  "slab",
- "thiserror 2.0.8",
+ "thiserror 2.0.11",
  "tinyvec",
  "tracing",
  "web-time",
@@ -4638,7 +4574,7 @@ version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
 ]
 
 [[package]]
@@ -4669,7 +4605,7 @@ checksum = "bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -4680,9 +4616,9 @@ checksum = "5daffa8f5ca827e146485577fa9dba9bd9c6921e06e954ab8f6408c10f753086"
 
 [[package]]
 name = "referencing"
-version = "0.28.0"
+version = "0.28.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "093a875008827c0ae15c746189966e162faa05bf347719d06302c548ac63630f"
+checksum = "d0dcb5ab28989ad7c91eb1b9531a37a1a137cc69a0499aee4117cae4a107c464"
 dependencies = [
  "ahash",
  "fluent-uri",
@@ -4750,7 +4686,6 @@ dependencies = [
  "http 0.2.12",
  "http-body 0.4.6",
  "hyper 0.14.32",
- "hyper-rustls 0.24.2",
  "ipnet",
  "js-sys",
  "log",
@@ -4758,29 +4693,25 @@ dependencies = [
  "once_cell",
  "percent-encoding",
  "pin-project-lite",
- "rustls 0.21.12",
- "rustls-pemfile 1.0.4",
  "serde",
  "serde_json",
  "serde_urlencoded",
  "sync_wrapper 0.1.2",
  "system-configuration",
  "tokio",
- "tokio-rustls 0.24.1",
  "tower-service",
  "url",
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
- "webpki-roots 0.25.4",
  "winreg",
 ]
 
 [[package]]
 name = "reqwest"
-version = "0.12.11"
+version = "0.12.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7fe060fe50f524be480214aba758c71f99f90ee8c83c5a36b5e9e1d568eb4eb3"
+checksum = "43e734407157c3c2034e0258f5e4473ddb361b1e85f95a66690d67264d7cd1da"
 dependencies = [
  "async-compression",
  "base64 0.22.1",
@@ -4795,7 +4726,7 @@ dependencies = [
  "http-body 1.0.1",
  "http-body-util",
  "hyper 1.5.2",
- "hyper-rustls 0.27.5",
+ "hyper-rustls",
  "hyper-util",
  "ipnet",
  "js-sys",
@@ -4806,16 +4737,16 @@ dependencies = [
  "percent-encoding",
  "pin-project-lite",
  "quinn",
- "rustls 0.23.20",
+ "rustls",
  "rustls-native-certs",
- "rustls-pemfile 2.2.0",
+ "rustls-pemfile",
  "rustls-pki-types",
  "serde",
  "serde_json",
  "serde_urlencoded",
  "sync_wrapper 1.0.2",
  "tokio",
- "tokio-rustls 0.26.1",
+ "tokio-rustls",
  "tokio-util",
  "tower 0.5.2",
  "tower-service",
@@ -4823,7 +4754,7 @@ dependencies = [
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
- "webpki-roots 0.26.7",
+ "webpki-roots",
  "windows-registry",
 ]
 
@@ -4901,7 +4832,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rust-embed-utils",
- "syn 2.0.93",
+ "syn 2.0.96",
  "walkdir",
 ]
 
@@ -4944,11 +4875,11 @@ dependencies = [
 
 [[package]]
 name = "rustix"
-version = "0.38.42"
+version = "0.38.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85"
+checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "errno",
  "libc",
  "linux-raw-sys",
@@ -4957,26 +4888,14 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.21.12"
+version = "0.23.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki 0.101.7",
- "sct",
-]
-
-[[package]]
-name = "rustls"
-version = "0.23.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
+checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8"
 dependencies = [
  "once_cell",
  "ring",
  "rustls-pki-types",
- "rustls-webpki 0.102.8",
+ "rustls-webpki",
  "subtle",
  "zeroize",
 ]
@@ -4990,16 +4909,7 @@ dependencies = [
  "openssl-probe",
  "rustls-pki-types",
  "schannel",
- "security-framework 3.1.0",
-]
-
-[[package]]
-name = "rustls-pemfile"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
-dependencies = [
- "base64 0.21.7",
+ "security-framework 3.2.0",
 ]
 
 [[package]]
@@ -5020,16 +4930,6 @@ dependencies = [
  "web-time",
 ]
 
-[[package]]
-name = "rustls-webpki"
-version = "0.101.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "rustls-webpki"
 version = "0.102.8"
@@ -5043,9 +4943,9 @@ dependencies = [
 
 [[package]]
 name = "rustversion"
-version = "1.0.18"
+version = "1.0.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e819f2bc632f285be6d7cd36e25940d45b2391dd6d9b939e79de557f7014248"
+checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"
 
 [[package]]
 name = "ryu"
@@ -5094,21 +4994,11 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "sd-notify"
-version = "0.4.4"
+version = "0.4.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "561e6b346a5e59e0b8a07894004897d7160567e3352d2ebd6c3741d4e086b6f5"
+checksum = "b943eadf71d8b69e661330cb0e2656e31040acf21ee7708e2c238a0ec6af2bf4"
 dependencies = [
  "libc",
 ]
@@ -5119,7 +5009,7 @@ version = "2.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "core-foundation 0.9.4",
  "core-foundation-sys",
  "libc",
@@ -5128,11 +5018,11 @@ dependencies = [
 
 [[package]]
 name = "security-framework"
-version = "3.1.0"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81d3f8c9bfcc3cbb6b0179eb57042d75b1582bdc65c3cb95f3fa999509c03cbc"
+checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "core-foundation 0.10.0",
  "core-foundation-sys",
  "libc",
@@ -5141,9 +5031,9 @@ dependencies = [
 
 [[package]]
 name = "security-framework-sys"
-version = "2.13.0"
+version = "2.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5"
+checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
 dependencies = [
  "core-foundation-sys",
  "libc",
@@ -5155,7 +5045,7 @@ version = "0.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0139b2436c81305eb6bda33af151851f75bd62783817b25f44daa371119c30b5"
 dependencies = [
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "libc",
  "once_cell",
  "reference-counted-singleton",
@@ -5177,9 +5067,9 @@ dependencies = [
 
 [[package]]
 name = "semver"
-version = "1.0.24"
+version = "1.0.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
+checksum = "f79dfe2d285b0488816f30e700a7438c5a73d816b5b7d3ac72fbc48b0d185e03"
 
 [[package]]
 name = "serde"
@@ -5227,14 +5117,14 @@ checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.134"
+version = "1.0.137"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d"
+checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b"
 dependencies = [
  "itoa",
  "memchr",
@@ -5274,7 +5164,7 @@ dependencies = [
  "chrono",
  "hex",
  "indexmap 1.9.3",
- "indexmap 2.7.0",
+ "indexmap 2.7.1",
  "serde",
  "serde_derive",
  "serde_json",
@@ -5291,7 +5181,7 @@ dependencies = [
  "darling 0.20.10",
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -5370,9 +5260,11 @@ dependencies = [
  "num_enum",
  "opentelemetry",
  "opentelemetry-otlp",
+ "opentelemetry-semantic-conventions",
  "opentelemetry_sdk",
  "serde",
  "tracing",
+ "tracing-core",
  "tracing-forest",
  "tracing-opentelemetry",
  "tracing-subscriber",
@@ -5528,9 +5420,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.93"
+version = "2.0.96"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c786062daee0d6db1132800e623df74274a0a87322d8e183338e01b3d98d058"
+checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5560,7 +5452,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -5592,12 +5484,13 @@ checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
 
 [[package]]
 name = "tempfile"
-version = "3.14.0"
+version = "3.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28cce251fcbc87fac86a866eeb0d6c2d536fc16d06f184bb61aeae11aa4cee0c"
+checksum = "9a8a559c81686f576e8cd0290cd2a24a2a9ad80c98b3478856500fcbd7acd704"
 dependencies = [
  "cfg-if",
  "fastrand",
+ "getrandom",
  "once_cell",
  "rustix",
  "windows-sys 0.59.0",
@@ -5615,7 +5508,7 @@ version = "0.1.0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -5629,11 +5522,11 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "2.0.8"
+version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08f5383f3e0071702bf93ab5ee99b52d26936be9dedd9413067cbdcddcb6141a"
+checksum = "d452f284b73e6d76dd36758a0c8684b1d5be31f92b89d07fd5822175732206fc"
 dependencies = [
- "thiserror-impl 2.0.8",
+ "thiserror-impl 2.0.11",
 ]
 
 [[package]]
@@ -5644,18 +5537,18 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.8"
+version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943"
+checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -5750,14 +5643,14 @@ checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
 name = "tokio"
-version = "1.42.0"
+version = "1.43.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551"
+checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e"
 dependencies = [
  "backtrace",
  "bytes",
@@ -5771,25 +5664,15 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "tokio-io-timeout"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf"
-dependencies = [
- "pin-project-lite",
- "tokio",
-]
-
 [[package]]
 name = "tokio-macros"
-version = "2.4.0"
+version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
+checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -5813,23 +5696,13 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "tokio-rustls"
-version = "0.24.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
-dependencies = [
- "rustls 0.21.12",
- "tokio",
-]
-
 [[package]]
 name = "tokio-rustls"
 version = "0.26.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37"
 dependencies = [
- "rustls 0.23.20",
+ "rustls",
  "tokio",
 ]
 
@@ -5879,31 +5752,33 @@ version = "0.19.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421"
 dependencies = [
- "indexmap 2.7.0",
+ "indexmap 2.7.1",
  "toml_datetime",
  "winnow 0.5.40",
 ]
 
 [[package]]
 name = "tonic"
-version = "0.9.2"
+version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a"
+checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52"
 dependencies = [
+ "async-stream",
  "async-trait",
- "axum 0.6.20",
- "base64 0.21.7",
+ "axum",
+ "base64 0.22.1",
  "bytes",
- "futures-core",
- "futures-util",
- "h2 0.3.26",
- "http 0.2.12",
- "http-body 0.4.6",
- "hyper 0.14.32",
+ "h2 0.4.7",
+ "http 1.2.0",
+ "http-body 1.0.1",
+ "http-body-util",
+ "hyper 1.5.2",
  "hyper-timeout",
+ "hyper-util",
  "percent-encoding",
  "pin-project",
  "prost",
+ "socket2",
  "tokio",
  "tokio-stream",
  "tower 0.4.13",
@@ -5956,7 +5831,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "403fa3b783d4b626a8ad51d766ab03cb6d2dbfc46b1c5d4448395e6628dc9697"
 dependencies = [
  "async-compression",
- "bitflags 2.6.0",
+ "bitflags 2.8.0",
  "bytes",
  "futures-core",
  "futures-util",
@@ -6009,7 +5884,7 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -6036,17 +5911,6 @@ dependencies = [
  "uuid",
 ]
 
-[[package]]
-name = "tracing-log"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f751112709b4e791d8ce53e32c4ed2d353565a795ce84da2285393f41557bdf2"
-dependencies = [
- "log",
- "once_cell",
- "tracing-core",
-]
-
 [[package]]
 name = "tracing-log"
 version = "0.2.0"
@@ -6060,18 +5924,20 @@ dependencies = [
 
 [[package]]
 name = "tracing-opentelemetry"
-version = "0.21.0"
+version = "0.28.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75327c6b667828ddc28f5e3f169036cb793c3f588d83bf0f262a7f062ffed3c8"
+checksum = "97a971f6058498b5c0f1affa23e7ea202057a7301dbff68e968b2d578bcbd053"
 dependencies = [
+ "js-sys",
  "once_cell",
  "opentelemetry",
  "opentelemetry_sdk",
  "smallvec",
  "tracing",
  "tracing-core",
- "tracing-log 0.1.4",
+ "tracing-log",
  "tracing-subscriber",
+ "web-time",
 ]
 
 [[package]]
@@ -6089,7 +5955,7 @@ dependencies = [
  "thread_local",
  "tracing",
  "tracing-core",
- "tracing-log 0.2.0",
+ "tracing-log",
 ]
 
 [[package]]
@@ -6142,9 +6008,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
 
 [[package]]
 name = "unicase"
-version = "2.8.0"
+version = "2.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e51b68083f157f853b6379db119d1c1be0e6e4dec98101079dec41f6f5cf6df"
+checksum = "75b844d17643ee918803943289730bec8aac480150456169e647ed0b576ba539"
 
 [[package]]
 name = "unicode-bom"
@@ -6154,9 +6020,9 @@ checksum = "7eec5d1121208364f6793f7d2e222bf75a915c19557537745b195b253dd64217"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.14"
+version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83"
+checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243"
 
 [[package]]
 name = "unicode-normalization"
@@ -6227,7 +6093,7 @@ version = "4.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23"
 dependencies = [
- "indexmap 2.7.0",
+ "indexmap 2.7.1",
  "serde",
  "serde_json",
  "utoipa-gen",
@@ -6243,7 +6109,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex",
- "syn 2.0.93",
+ "syn 2.0.96",
  "url",
  "uuid",
 ]
@@ -6254,7 +6120,7 @@ version = "6.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b39868d43c011961e04b41623e050aedf2cc93652562ff7935ce0f819aaf2da"
 dependencies = [
- "axum 0.7.9",
+ "axum",
  "mime_guess",
  "regex",
  "rust-embed",
@@ -6266,9 +6132,9 @@ dependencies = [
 
 [[package]]
 name = "uuid"
-version = "1.11.0"
+version = "1.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a"
+checksum = "b3758f5e68192bb96cc8f9b7e2c2cfdabb435499a28499a42f8f984092adad4b"
 dependencies = [
  "getrandom",
  "serde",
@@ -6287,9 +6153,9 @@ dependencies = [
 
 [[package]]
 name = "valuable"
-version = "0.1.0"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
+checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"
 
 [[package]]
 name = "vcpkg"
@@ -6351,34 +6217,35 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.99"
+version = "0.2.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396"
+checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5"
 dependencies = [
  "cfg-if",
  "once_cell",
+ "rustversion",
  "wasm-bindgen-macro",
 ]
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.99"
+version = "0.2.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
+checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
 dependencies = [
  "bumpalo",
  "log",
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.49"
+version = "0.4.50"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38176d9b44ea84e9184eff0bc34cc167ed044f816accfe5922e54d84cf48eca2"
+checksum = "555d470ec0bc3bb57890405e5d4322cc9ea83cebb085523ced7be4144dac1e61"
 dependencies = [
  "cfg-if",
  "js-sys",
@@ -6389,9 +6256,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.99"
+version = "0.2.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe"
+checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -6399,28 +6266,31 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.99"
+version = "0.2.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2"
+checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.99"
+version = "0.2.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6"
+checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d"
+dependencies = [
+ "unicode-ident",
+]
 
 [[package]]
 name = "web-sys"
-version = "0.3.76"
+version = "0.3.77"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc"
+checksum = "33b6dd2ef9186f1f2072e409e99cd22a975331a6b3591b12c764e0e55c60d5d2"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -6557,12 +6427,6 @@ dependencies = [
  "url",
 ]
 
-[[package]]
-name = "webpki-roots"
-version = "0.25.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
-
 [[package]]
 name = "webpki-roots"
 version = "0.26.7"
@@ -6887,9 +6751,9 @@ dependencies = [
 
 [[package]]
 name = "winnow"
-version = "0.6.20"
+version = "0.6.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b"
+checksum = "c8d71a593cc5c42ad7876e2c1fda56f314f3754c084128833e64f1345ff8a03a"
 dependencies = [
  "memchr",
 ]
@@ -6965,7 +6829,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
  "synstructure",
 ]
 
@@ -6987,7 +6851,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -7007,7 +6871,7 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
  "synstructure",
 ]
 
@@ -7028,7 +6892,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
@@ -7050,7 +6914,7 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.93",
+ "syn 2.0.96",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 875cccf72..2efec7e1d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -140,7 +140,7 @@ anyhow = { version = "1.0.95" }
 argon2 = { version = "0.5.3", features = ["alloc"] }
 askama = { version = "0.12.1", features = ["serde", "with-axum"] }
 askama_axum = { version = "0.4.0" }
-async-trait = "^0.1.83"
+async-trait = "^0.1.85"
 axum = { version = "0.7.9", features = [
     "form",
     "json",
@@ -155,10 +155,10 @@ axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
 base32 = "^0.5.1"
 base64 = "^0.22.1"
 base64urlsafedata = "0.5.1"
-bitflags = "^2.6.0"
+bitflags = "^2.8.0"
 bytes = "^1.9.0"
-clap = { version = "^4.5.23", features = ["derive", "env"] }
-clap_complete = "^4.5.38"
+clap = { version = "^4.5.27", features = ["derive", "env"] }
+clap_complete = "^4.5.42"
 # Forced by saffron/cron
 chrono = "^0.4.39"
 compact_jwt = { version = "^0.4.2", default-features = false }
@@ -199,7 +199,7 @@ ldap3_proto = { version = "^0.5.2", features = ["serde"] }
 libc = "^0.2.168"
 libnss = "^0.8.0"
 libsqlite3-sys = "^0.25.2"
-lodepng = "3.10.7"
+lodepng = "3.11.0"
 lru = "^0.12.5"
 mathru = "^0.13.0"
 mimalloc = "0.1.43"
@@ -207,31 +207,33 @@ notify-debouncer-full = { version = "0.1" }
 num_enum = "^0.5.11"
 oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false }
 openssl-sys = "^0.9"
-openssl = "^0.10.68"
+openssl = "^0.10.69"
 
-opentelemetry = { version = "0.20.0" }
-opentelemetry_api = { version = "0.20.0", features = ["logs", "metrics"] }
-opentelemetry-otlp = { version = "0.13.0", default-features = false, features = [
+opentelemetry = { version = "0.27.0" }
+opentelemetry_api = { version = "0.27.0", features = ["logs", "metrics"] }
+opentelemetry-otlp = { version = "0.27.0", default-features = false, features = [
     "serde",
     "logs",
     "metrics",
     "http-proto",
     "grpc-tonic",
 ] }
-opentelemetry_sdk = "0.20.0"
-tracing-opentelemetry = "0.21.0"
+opentelemetry_sdk = { version = "0.27.0", features = ["rt-tokio"] }
+opentelemetry-semantic-conventions = "0.27.0"
+tracing-opentelemetry = "0.28.0"
+tracing-core = "0.1.33"
 
 paste = "^1.0.14"
 peg = "0.8"
 pkg-config = "^0.3.31"
 prctl = "1.0.0"
-proc-macro2 = "1.0.92"
+proc-macro2 = "1.0.93"
 qrcode = "^0.12.0"
 quote = "1"
 rand = "^0.8.5"
 rand_chacha = "0.3.1"
 regex = "1.11.0"
-reqwest = { version = "0.12.11", default-features = false, features = [
+reqwest = { version = "0.12.12", default-features = false, features = [
     "cookies",
     "http2",
     "json",
@@ -239,15 +241,15 @@ reqwest = { version = "0.12.11", default-features = false, features = [
     "rustls-tls-native-roots",
 ] }
 rusqlite = { version = "^0.28.0", features = ["array", "bundled"] }
-rustls = { version = "0.23.20", default-features = false, features = [
+rustls = { version = "0.23.21", default-features = false, features = [
     "aws_lc_rs",
 ] }
 
-sd-notify = "^0.4.4"
+sd-notify = "^0.4.5"
 selinux = "^0.4.6"
 serde = "^1.0.217"
 serde_cbor = { version = "0.12.0-dev", package = "serde_cbor_2" }
-serde_json = "^1.0.134"
+serde_json = "^1.0.137"
 serde_urlencoded = "^0.7.1"
 serde_with = "3.12.0"
 sha-crypt = "0.5.0"
@@ -258,12 +260,12 @@ smolset = "^1.3.1"
 sshkey-attest = "^0.5.0"
 sshkeys = "0.3.3"
 svg = "0.13.1"
-syn = { version = "2.0.93", features = ["full"] }
-tempfile = "3.14.0"
+syn = { version = "2.0.96", features = ["full"] }
+tempfile = "3.15.0"
 testkit-macros = { path = "./server/testkit-macros" }
 time = { version = "^0.3.36", features = ["formatting", "local-offset"] }
 
-tokio = "^1.42.0"
+tokio = "^1.43.0"
 tokio-openssl = "^0.6.5"
 tokio-util = "^0.7.13"
 
@@ -279,7 +281,7 @@ url = "^2.5.2"
 urlencoding = "2.1.3"
 utoipa = { version = "4.2.0", features = ["url", "uuid"] }
 utoipa-swagger-ui = "6.0.0"
-uuid = "^1.11.0"
+uuid = "^1.12.1"
 
 webauthn-authenticator-rs = { version = "0.5.1", features = [
     "softpasskey",
@@ -297,4 +299,3 @@ x509-cert = "0.2.5"
 zxcvbn = "^2.2.2"
 
 nonempty = "0.8.1"
-
diff --git a/libs/sketching/Cargo.toml b/libs/sketching/Cargo.toml
index 33586fd88..71d997ccd 100644
--- a/libs/sketching/Cargo.toml
+++ b/libs/sketching/Cargo.toml
@@ -19,7 +19,7 @@ doctest = false
 [dependencies]
 gethostname = "0.5.0"
 num_enum = { workspace = true }
-opentelemetry = { workspace = true, features = ["metrics", "rt-tokio"] }
+opentelemetry = { workspace = true, features = ["metrics"] }
 opentelemetry-otlp = { workspace = true, default-features = false, features = [
     "serde",
     "logs",
@@ -27,9 +27,12 @@ opentelemetry-otlp = { workspace = true, default-features = false, features = [
     "http-proto",
     "grpc-tonic",
 ] }
-opentelemetry_sdk = { workspace = true }
+opentelemetry_sdk = { workspace = true, features = ["rt-tokio"] }
+opentelemetry-semantic-conventions = { workspace = true }
+
 serde = { workspace = true, features = ["derive"] }
 tracing = { workspace = true, features = ["attributes"] }
+tracing-core = { workspace = true }
 tracing-forest = { workspace = true, features = [
     "uuid",
     "smallvec",
diff --git a/libs/sketching/src/otel.rs b/libs/sketching/src/otel.rs
index 5c8fe32d8..d3220a4f5 100644
--- a/libs/sketching/src/otel.rs
+++ b/libs/sketching/src/otel.rs
@@ -1,16 +1,26 @@
-use gethostname::gethostname;
-use opentelemetry::KeyValue;
+use std::{str::FromStr, time::Duration};
+
 use opentelemetry_otlp::{Protocol, WithExportConfig};
-use opentelemetry_sdk::trace::{self, Sampler};
-use opentelemetry_sdk::Resource;
-use std::time::Duration;
+
+use opentelemetry::{global, trace::TracerProvider as _, KeyValue};
+
+use opentelemetry_sdk::{
+    trace::{Sampler, TracerProvider},
+    Resource,
+};
 use tracing::Subscriber;
-use tracing_subscriber::Registry;
-use tracing_subscriber::{prelude::*, EnvFilter};
+use tracing_core::Level;
+
+use tracing_subscriber::{filter::Directive, prelude::*, EnvFilter, Registry};
 
 pub const MAX_EVENTS_PER_SPAN: u32 = 64 * 1024;
 pub const MAX_ATTRIBUTES_PER_SPAN: u32 = 128;
 
+use opentelemetry_semantic_conventions::{
+    attribute::{SERVICE_NAME, SERVICE_VERSION},
+    SCHEMA_URL,
+};
+
 // TODO: this is coming back later
 // #[allow(dead_code)]
 // pub fn init_metrics() -> metrics::Result<MeterProvider> {
@@ -44,28 +54,26 @@ pub fn start_logging_pipeline(
             // adding these filters because when you close out the process the OTLP comms layer is NOISY
             let forest_filter = forest_filter
                 .add_directive(
-                    "tonic=info"
-                        .parse()
-                        .expect("Failed to set tonic logging to info"),
+                    Directive::from_str("tonic=info").expect("Failed to set tonic logging to info"),
                 )
-                .add_directive("h2=info".parse().expect("Failed to set h2 logging to info"))
                 .add_directive(
-                    "hyper=info"
-                        .parse()
-                        .expect("Failed to set hyper logging to info"),
+                    Directive::from_str("h2=info").expect("Failed to set h2 logging to info"),
+                )
+                .add_directive(
+                    Directive::from_str("hyper=info").expect("Failed to set hyper logging to info"),
                 );
             let forest_layer = tracing_forest::ForestLayer::default().with_filter(forest_filter);
             let t_filter: EnvFilter = EnvFilter::builder()
                 .with_default_directive(log_filter.into())
                 .from_env_lossy();
 
-            let tracer = opentelemetry_otlp::new_pipeline().tracing().with_exporter(
-                opentelemetry_otlp::new_exporter()
-                    .tonic()
-                    .with_endpoint(endpoint)
-                    .with_timeout(Duration::from_secs(5))
-                    .with_protocol(Protocol::HttpBinary),
-            );
+            let otlp_exporter = opentelemetry_otlp::SpanExporter::builder()
+                .with_tonic()
+                .with_endpoint(endpoint)
+                .with_protocol(Protocol::HttpBinary)
+                .with_timeout(Duration::from_secs(5))
+                .build()
+                .map_err(|err| err.to_string())?;
 
             // this env var gets set at build time, if we can pull it, add it to the metadata
             let git_rev = match option_env!("KANIDM_PKG_COMMIT_REV") {
@@ -74,39 +82,47 @@ pub fn start_logging_pipeline(
             };
 
             let version = format!("{}{}", env!("CARGO_PKG_VERSION"), git_rev);
-            let hostname = gethostname();
-            let hostname = hostname.to_string_lossy();
-            let hostname = hostname.to_lowercase();
+            // let hostname = gethostname::gethostname();
+            // let hostname = hostname.to_string_lossy();
+            // let hostname = hostname.to_lowercase();
 
-            let tracer = tracer
-                .with_trace_config(
-                    trace::config()
-                        // we want *everything!*
-                        .with_sampler(Sampler::AlwaysOn)
-                        .with_max_events_per_span(MAX_EVENTS_PER_SPAN)
-                        .with_max_attributes_per_span(MAX_ATTRIBUTES_PER_SPAN)
-                        .with_resource(Resource::new(vec![
-                            KeyValue::new("service.name", service_name),
-                            KeyValue::new("service.version", version),
-                            KeyValue::new("host.name", hostname),
-                            // TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
-                        ])),
+            let resource = Resource::from_schema_url(
+                [
+                    // TODO: it'd be really nice to be able to set the instance ID here, from the server UUID so we know *which* instance on this host is logging
+                    KeyValue::new(SERVICE_NAME, service_name),
+                    KeyValue::new(SERVICE_VERSION, version),
+                    // TODO: currently marked as an experimental flag, leaving it out for now
+                    // KeyValue::new(DEPLOYMENT_ENVIRONMENT_NAME, hostname),
+                ],
+                SCHEMA_URL,
+            );
+
+            let provider = TracerProvider::builder()
+                .with_batch_exporter(otlp_exporter, opentelemetry_sdk::runtime::Tokio)
+                // we want *everything!*
+                .with_sampler(Sampler::AlwaysOn)
+                .with_max_events_per_span(MAX_EVENTS_PER_SPAN)
+                .with_max_attributes_per_span(MAX_ATTRIBUTES_PER_SPAN)
+                .with_resource(resource)
+                .build();
+
+            global::set_tracer_provider(provider.clone());
+            provider.tracer("tracing-otel-subscriber");
+            use tracing_opentelemetry::OpenTelemetryLayer;
+
+            let registry = tracing_subscriber::registry()
+                .with(
+                    tracing_subscriber::filter::LevelFilter::from_level(Level::INFO)
+                        .with_filter(t_filter),
                 )
-                .install_batch(opentelemetry::runtime::Tokio)
-                .map_err(|err| {
-                    let err = format!("Failed to start OTLP pipeline: {:?}", err);
-                    eprintln!("{}", err);
-                    err
-                })?;
-            // Create a tracing layer with the configured tracer;
-            let telemetry = tracing_opentelemetry::layer()
-                .with_tracer(tracer)
-                .with_threads(true)
-                .with_filter(t_filter);
+                .with(tracing_subscriber::fmt::layer())
+                // .with(MetricsLayer::new(meter_provider.clone()))
+                .with(forest_layer)
+                .with(OpenTelemetryLayer::new(
+                    provider.tracer("tracing-otel-subscriber"),
+                ));
 
-            Ok(Box::new(
-                Registry::default().with(forest_layer).with(telemetry),
-            ))
+            Ok(Box::new(registry))
         }
         None => {
             let forest_layer = tracing_forest::ForestLayer::default().with_filter(forest_filter);
@@ -122,7 +138,6 @@ pub struct TracingPipelineGuard {}
 impl Drop for TracingPipelineGuard {
     fn drop(&mut self) {
         opentelemetry::global::shutdown_tracer_provider();
-        opentelemetry::global::shutdown_logger_provider();
         eprintln!("Logging pipeline completed shutdown");
     }
 }
diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml
index c0bab238d..3b7e6200c 100644
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@@ -25,7 +25,7 @@ askama_axum = { workspace = true }
 axum = { workspace = true }
 axum-htmx = { workspace = true }
 axum-extra = { version = "0.9.6", features = ["cookie"] }
-axum-macros = "0.4.1"
+axum-macros = "0.4.2"
 axum-server = { version = "0.7.1", default-features = false }
 bytes = { workspace = true }
 chrono = { workspace = true }
diff --git a/server/lib/src/idm/application.rs b/server/lib/src/idm/application.rs
index d5c3c1dd9..42fb98485 100644
--- a/server/lib/src/idm/application.rs
+++ b/server/lib/src/idm/application.rs
@@ -134,7 +134,7 @@ impl TryFrom<Vec<Arc<EntrySealedCommitted>>> for LdapApplications {
     }
 }
 
-impl<'a> IdmServerAuthTransaction<'a> {
+impl IdmServerAuthTransaction<'_> {
     pub async fn application_auth_ldap(
         &mut self,
         lae: &LdapApplicationAuthEvent,
diff --git a/server/lib/src/idm/ldap.rs b/server/lib/src/idm/ldap.rs
index 4f572f7cc..f71562b72 100644
--- a/server/lib/src/idm/ldap.rs
+++ b/server/lib/src/idm/ldap.rs
@@ -693,9 +693,9 @@ impl LdapServer {
         } // end match server op
     }
 
-    async fn bind_target_from_bind_dn<'a>(
+    async fn bind_target_from_bind_dn(
         &self,
-        idm_auth: &mut IdmServerAuthTransaction<'a>,
+        idm_auth: &mut IdmServerAuthTransaction<'_>,
         dn: &str,
         pw: &str,
     ) -> Result<LdapBindTarget, OperationError> {
diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs
index b555b3609..c5d564dfc 100644
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@@ -2968,7 +2968,7 @@ fn host_is_local(host: &Host<&str>) -> bool {
 
 /// Ensure that the redirect URI is a loopback/localhost address
 fn check_is_loopback(redirect_uri: &Url) -> bool {
-    redirect_uri.host().map_or(false, |host| {
+    redirect_uri.host().is_some_and(|host| {
         // Check if the host is a loopback/localhost address.
         host_is_local(&host)
     })
diff --git a/server/lib/src/idm/reauth.rs b/server/lib/src/idm/reauth.rs
index 1895fc6a8..b09ceeae2 100644
--- a/server/lib/src/idm/reauth.rs
+++ b/server/lib/src/idm/reauth.rs
@@ -17,7 +17,7 @@ use kanidm_proto::v1::AuthIssueSession;
 
 use super::server::CredSoftLockMutex;
 
-impl<'a> IdmServerAuthTransaction<'a> {
+impl IdmServerAuthTransaction<'_> {
     pub async fn reauth_init(
         &mut self,
         ident: Identity,
diff --git a/server/lib/src/idm/server.rs b/server/lib/src/idm/server.rs
index 6b289e797..038c44fc5 100644
--- a/server/lib/src/idm/server.rs
+++ b/server/lib/src/idm/server.rs
@@ -1008,7 +1008,7 @@ impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a> {
     }
 }
 
-impl<'a> IdmServerAuthTransaction<'a> {
+impl IdmServerAuthTransaction<'_> {
     #[cfg(test)]
     pub fn is_sessionid_present(&self, sessionid: Uuid) -> bool {
         let session_read = self.sessions.read();
diff --git a/server/lib/src/modify.rs b/server/lib/src/modify.rs
index d228dde1f..723c9a998 100644
--- a/server/lib/src/modify.rs
+++ b/server/lib/src/modify.rs
@@ -214,10 +214,7 @@ impl ModifyList<ModifyInvalid> {
             })
             .collect();
 
-        let valid_mods = match res {
-            Ok(v) => v,
-            Err(e) => return Err(e),
-        };
+        let valid_mods = res?;
 
         // Return new ModifyList!
         Ok(ModifyList {
diff --git a/server/lib/src/valueset/eckey.rs b/server/lib/src/valueset/eckey.rs
index 8cb502764..5a512ea8b 100644
--- a/server/lib/src/valueset/eckey.rs
+++ b/server/lib/src/valueset/eckey.rs
@@ -158,8 +158,8 @@ impl ValueSetT for ValueSetEcKeyPrivate {
 
     fn equal(&self, other: &super::ValueSet) -> bool {
         #[allow(clippy::expect_used)]
-        other.as_ec_key_private().map_or(false, |other_key| {
-            self.set.as_ref().map_or(false, |key| {
+        other.as_ec_key_private().is_some_and(|other_key| {
+            self.set.as_ref().is_some_and(|key| {
                 key.priv_key
                     .private_key_to_der()
                     .expect("Failed to retrieve key der")
diff --git a/server/testkit/Cargo.toml b/server/testkit/Cargo.toml
index 7d4f0f78a..1c0563c21 100644
--- a/server/testkit/Cargo.toml
+++ b/server/testkit/Cargo.toml
@@ -53,17 +53,17 @@ assert_cmd = "2.0.16"
 compact_jwt = { workspace = true }
 escargot = "0.5.13"
 # used for webdriver testing
-fantoccini = { version = "0.21.3" }
+fantoccini = { version = "0.21.4" }
 futures = { workspace = true }
 oauth2_ext = { workspace = true, default-features = false, features = [
     "reqwest",
 ] }
 openssl = { workspace = true }
-petgraph = { version = "0.6.4", features = ["serde", "serde-1"] }
+petgraph = { version = "0.7.1", features = ["serde", "serde-1"] }
 serde_json = { workspace = true }
 time = { workspace = true }
 tokio-openssl = { workspace = true }
 kanidm_lib_crypto = { workspace = true }
 uuid = { workspace = true }
 webauthn-authenticator-rs = { workspace = true }
-jsonschema = "0.28.0"
+jsonschema = "0.28.3"
diff --git a/tools/device_flow/Cargo.toml b/tools/device_flow/Cargo.toml
index 373c99241..24417cd7f 100644
--- a/tools/device_flow/Cargo.toml
+++ b/tools/device_flow/Cargo.toml
@@ -20,8 +20,8 @@ doctest = false
 [dependencies]
 kanidm_proto = { workspace = true }
 anyhow = { workspace = true }
-oauth2 = "4.4.2"
-reqwest = { version = "0.12.11", default-features = false, features = [
+oauth2 = "5.0.0"
+reqwest = { version = "0.12.12", default-features = false, features = [
     "rustls-tls",
 ] }
 
diff --git a/tools/device_flow/examples/device_flow.rs b/tools/device_flow/examples/device_flow.rs
index 68c2e518b..a744c1c55 100644
--- a/tools/device_flow/examples/device_flow.rs
+++ b/tools/device_flow/examples/device_flow.rs
@@ -4,10 +4,11 @@ use kanidm_proto::constants::uri::{
     OAUTH2_AUTHORISE, OAUTH2_AUTHORISE_DEVICE, OAUTH2_TOKEN_ENDPOINT,
 };
 use oauth2::basic::BasicClient;
-use oauth2::devicecode::StandardDeviceAuthorizationResponse;
+
 use oauth2::http::StatusCode;
 use oauth2::{
-    AuthUrl, ClientId, DeviceAuthorizationUrl, HttpRequest, HttpResponse, Scope, TokenUrl,
+    AuthUrl, ClientId, DeviceAuthorizationUrl, HttpRequest, HttpResponse, Scope,
+    StandardDeviceAuthorizationResponse, TokenUrl,
 };
 use reqwest::Client;
 use sketching::tracing_subscriber::layer::SubscriberExt;
@@ -16,41 +17,34 @@ use sketching::tracing_subscriber::{fmt, EnvFilter};
 use tracing::level_filters::LevelFilter;
 use tracing::{debug, error, info};
 
-async fn http_client(
-    request: HttpRequest,
-) -> Result<HttpResponse, oauth2::reqwest::Error<reqwest::Error>> {
+async fn http_client(request: HttpRequest) -> Result<HttpResponse, oauth2::reqwest::Error> {
     let client = Client::builder()
         .danger_accept_invalid_certs(true)
         // Following redirects opens the client up to SSRF vulnerabilities.
         .redirect(reqwest::redirect::Policy::none())
-        .build()
-        .map_err(oauth2::reqwest::Error::Reqwest)?;
+        .build()?;
 
-    let method = reqwest::Method::from_str(request.method.as_str())
-        .map_err(|err| oauth2::reqwest::Error::Other(err.to_string()))?;
+    let method = reqwest::Method::from_str(request.method().as_str())
+        .expect("this is definitely a bug but OK in an example!");
 
     let mut request_builder = client
-        .request(method, request.url.as_str())
-        .body(request.body);
+        .request(method, request.uri().to_string())
+        .body(request.body().to_vec());
 
-    for (name, value) in &request.headers {
+    for (name, value) in request.headers().iter() {
         request_builder = request_builder.header(name.as_str(), value.as_bytes());
     }
 
     let response = client
-        .execute(request_builder.build().map_err(|err| {
-            error!("Failed to build request... {:?}", err);
-            oauth2::reqwest::Error::Reqwest(err)
-        })?)
+        .execute(request_builder.build()?)
         .await
-        .map_err(|err| {
-            error!("Failed to query url {} error={:?}", request.url, err);
-            oauth2::reqwest::Error::Reqwest(err)
+        .inspect_err(|err| {
+            error!("Failed to query url {} error={:?}", request.uri(), err);
         })?;
 
-    let status_code = StatusCode::from_u16(response.status().as_u16())
-        .map_err(|err| oauth2::reqwest::Error::Other(err.to_string()))?;
-    let headers = response
+    let status_code =
+        StatusCode::from_u16(response.status().as_u16()).expect("This'll work, for an example");
+    let headers: Vec<(oauth2::http::HeaderName, oauth2::http::HeaderValue)> = response
         .headers()
         .into_iter()
         .map(|(k, v)| {
@@ -65,17 +59,17 @@ async fn http_client(
         })
         .collect();
 
-    let body = response.bytes().await.map_err(|err| {
-        error!("Failed to parse body...? {:?}", err);
-        oauth2::reqwest::Error::Reqwest(err)
-    })?;
+    let body = response.bytes().await?;
     info!("Response body: {:?}", String::from_utf8(body.to_vec()));
 
-    Ok(HttpResponse {
-        status_code,
-        headers,
-        body: body.to_vec(),
-    })
+    let mut response = HttpResponse::new(body.to_vec());
+
+    let headers_mut = response.headers_mut();
+    headers_mut.extend(headers);
+
+    *response.status_mut() = status_code;
+
+    Ok(response)
 }
 
 #[tokio::main]
@@ -94,27 +88,25 @@ async fn main() -> anyhow::Result<()> {
     info!("building client...");
 
     // kanidm system oauth2 create-public device_flow device_flow 'https://deviceauth'
-    let client = BasicClient::new(
-        ClientId::new("device_code".to_string()),
-        None,
-        AuthUrl::new(format!("https://localhost:8443{}", OAUTH2_AUTHORISE))?,
-        Some(TokenUrl::new(format!(
+    let client = BasicClient::new(ClientId::new("device_code".to_string()))
+        .set_token_uri(TokenUrl::from_url(
+            format!("https://localhost:8443{}", OAUTH2_TOKEN_ENDPOINT).parse()?,
+        ))
+        .set_auth_uri(AuthUrl::from_url(
+            format!("https://localhost:8443{}", OAUTH2_AUTHORISE).parse()?,
+        ))
+        .set_device_authorization_url(DeviceAuthorizationUrl::new(format!(
             "https://localhost:8443{}",
-            OAUTH2_TOKEN_ENDPOINT
-        ))?),
-    )
-    .set_device_authorization_url(DeviceAuthorizationUrl::new(format!(
-        "https://localhost:8443{}",
-        OAUTH2_AUTHORISE_DEVICE
-    ))?);
+            OAUTH2_AUTHORISE_DEVICE
+        ))?);
 
     info!("Getting details...");
 
     let details: StandardDeviceAuthorizationResponse = client
         .exchange_device_code()
-        .inspect_err(|err| error!("configuration error: {:?}", err))?
+        // .inspect_err(|err| error!("configuration error: {:?}", err))?
         .add_scope(Scope::new("read".to_string()))
-        .request_async(http_client)
+        .request_async(&http_client)
         .await?;
 
     println!(
@@ -129,7 +121,7 @@ async fn main() -> anyhow::Result<()> {
 
     let token_result = client
         .exchange_device_access_token(&details)
-        .request_async(http_client, tokio::time::sleep, None)
+        .request_async(&http_client, tokio::time::sleep, None)
         .await?;
     println!("Result: {:?}", token_result);
     Ok(())
diff --git a/unix_integration/nss_kanidm/Cargo.toml b/unix_integration/nss_kanidm/Cargo.toml
index 76ba3bf07..17a7a89c9 100644
--- a/unix_integration/nss_kanidm/Cargo.toml
+++ b/unix_integration/nss_kanidm/Cargo.toml
@@ -25,7 +25,7 @@ paste = { workspace = true }
 lazy_static = { workspace = true }
 
 [target."cfg(target_os = \"freebsd\")".build-dependencies]
-cc = "^1.2.6"
+cc = "^1.2.10"
 
 ## Debian packaging
 # The base metadata does **not** work to build a functioning package!

From 1453ba5d74663b4ab4dcb16006baf04425eb87b4 Mon Sep 17 00:00:00 2001
From: Fabian Kammel <datosh18@gmail.com>
Date: Wed, 29 Jan 2025 06:41:03 +0100
Subject: [PATCH 64/87] extend oauth2 examples with gitea (#3351)

* extend oauth2 examples with gitea
* add myself to contributors

---------

Signed-off-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 CONTRIBUTORS.md                          |  1 +
 book/src/integrations/oauth2/examples.md | 93 ++++++++++++++++++++++++
 2 files changed, 94 insertions(+)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 18d677b92..f18c7b93d 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -44,6 +44,7 @@
 - adamcstephens
 - Chris Olstrom (colstrom)
 - Christopher-Robin (cebbinghaus)
+- Fabian Kammel (datosh)
 
 ## Acknowledgements
 
diff --git a/book/src/integrations/oauth2/examples.md b/book/src/integrations/oauth2/examples.md
index b4cf56509..42b3ab4db 100644
--- a/book/src/integrations/oauth2/examples.md
+++ b/book/src/integrations/oauth2/examples.md
@@ -54,6 +54,99 @@ In the virtual host, to protect a location/directory
 </Directory>
 ```
 
+## Gitea
+
+[Gitea](https://docs.gitea.com/) is a painless, self-hosted, all-in-one software
+development service. It has built in support for
+[external authentication](https://docs.gitea.com/administration/authentication)
+including OAuth2.
+
+To set up a Gitea instance to authenticate with Kanidm:
+
+1.  Add an email address to your regular Kanidm account, if it doesn't have one
+    already:
+
+    ```sh
+    kanidm person update your_username -m your_username@example.com
+    ```
+
+2. Create a new Kanidm group for your Gitea users (`gitea_users`), and add your
+    regular account to it:
+
+    ```sh
+    kanidm group create gitea_users
+    kanidm group add-members gitea_users your_username
+    ```
+
+3. Create a new OAuth2 application configuration in Kanidm (`gitea`), configure
+    the redirect URL, and scope access to the `gitea_users` group:
+
+    ```sh
+    kanidm system oauth2 create gitea Gitea https://gitea.example.com/user/login
+    kanidm system oauth2 add-redirect-url gitea https://gitea.example.com/user/oauth2/kanidm/callback
+    kanidm system oauth2 update-scope-map gitea gitea_users email openid profile groups
+    ```
+
+4. Gitea currently [does not support PKCE](https://github.com/go-gitea/gitea/issues/21376)
+    in their OIDC implementation. If you do not perform this step, you will see an error like
+    `No PKCE code challenge was provided with client in enforced PKCE mode.`
+    in your Kanidm server logs. Therefore, we have to disable PKCE for Gitea:
+
+    ```sh
+    kanidm system oauth2 warning-insecure-client-disable-pkce gitea
+    ```
+
+5. Get the `gitea` OAuth2 client secret from Kanidm:
+
+    ```sh
+    kanidm system oauth2 show-basic-secret gitea
+    ```
+
+6. Log in to Gitea with an administrator account and go to Site Administration
+    -> Identity & Access -> Authentication Sources, and "Add Authentication Source",
+    then provide the following details:
+    * **Type**: `OAuth2`
+    * **Name**: `kanidm`, in case you want to choose a different name, make sure
+    to update `kanidm` in the redirect URL in step 3. The full redirect URL is
+    provided at the bottom of the current configuration page in Gitea.
+    * **OAuth2 Provider**: `OpenID Connect`
+    * **Client ID (key)**: `gitea`
+    * **Client Secret**: [from show-basic-secret above]
+    * **OpenID Connect Auto Discovery URL**: `https://kanidm.example.com/oauth2/openid/gitea/.well-known/openid-configuration`
+
+    Alternatively, you can provide the configuration via the CLI:
+
+    ```sh
+    gitea admin auth add-oauth \
+        --provider=openidConnect \
+        --name=kanidm \
+        --key=gitea \
+        --secret=[from show-basic-secret above] \
+        --auto-discover-url=https://kanidm.example.com/oauth2/openid/gitea/.well-known/openid-configuration \
+    ```
+
+You should now see a "Sign in with Kanidm" button on your Gitea login page.
+
+You may additionally want to configure:
+
+*   A Gitea themed icon in Kanidm for the `gitea` OAuth2 application:
+    ```sh
+    curl -LO https://gitea.example.com/assets/img/logo.svg
+    kanidm system oauth2 set-image gitea logo.svg svg
+    rm logo.svg
+    ```
+
+*   To disable password authentication in Gitea, add the following
+    [configuration](https://docs.gitea.com/next/administration/config-cheat-sheet)
+    to `app.ini`:
+
+    ```ini
+    [service]
+    ALLOW_ONLY_EXTERNAL_REGISTRATION = true
+    SHOW_REGISTRATION_BUTTON = false
+    ENABLE_PASSWORD_SIGNIN_FORM = false
+    ```
+
 ## GitLab
 
 [GitLab](https://gitlab.com) is a Git-based software development platform, which

From 351fdcdef04739b6c365642c079d771daf1bf2d5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Feb 2025 09:05:30 +1100
Subject: [PATCH 65/87] Bump the all group across 1 directory with 7 updates
 (#3385)

Bumps the all group with 7 updates in the /pykanidm directory:

| Package | From | To |
| --- | --- | --- |
| [pydantic](https://github.com/pydantic/pydantic) | `2.10.5` | `2.10.6` |
| [authlib](https://github.com/lepture/authlib) | `1.4.0` | `1.4.1` |
| [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) | `0.25.2` | `0.25.3` |
| [pytest-aiohttp](https://github.com/aio-libs/pytest-aiohttp) | `1.0.5` | `1.1.0` |
| [black](https://github.com/psf/black) | `24.10.0` | `25.1.0` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.50` | `9.6.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.9.2` | `0.9.4` |



Updates `pydantic` from 2.10.5 to 2.10.6
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](https://github.com/pydantic/pydantic/compare/v2.10.5...v2.10.6)

Updates `authlib` from 1.4.0 to 1.4.1
- [Release notes](https://github.com/lepture/authlib/releases)
- [Changelog](https://github.com/lepture/authlib/blob/master/docs/changelog.rst)
- [Commits](https://github.com/lepture/authlib/compare/v1.4.0...v1.4.1)

Updates `pytest-asyncio` from 0.25.2 to 0.25.3
- [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases)
- [Commits](https://github.com/pytest-dev/pytest-asyncio/compare/v0.25.2...v0.25.3)

Updates `pytest-aiohttp` from 1.0.5 to 1.1.0
- [Release notes](https://github.com/aio-libs/pytest-aiohttp/releases)
- [Changelog](https://github.com/aio-libs/pytest-aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/pytest-aiohttp/compare/v1.0.5...v1.1.0)

Updates `black` from 24.10.0 to 25.1.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/24.10.0...25.1.0)

Updates `mkdocs-material` from 9.5.50 to 9.6.1
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.50...9.6.1)

Updates `ruff` from 0.9.2 to 0.9.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.2...0.9.4)

---
updated-dependencies:
- dependency-name: pydantic
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: authlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-asyncio
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pytest-aiohttp
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 122 ++++++++++++++++++++--------------------
 pykanidm/pyproject.toml |  10 ++--
 2 files changed, 66 insertions(+), 66 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 39bd36856..4a394cf19 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -180,13 +180,13 @@ tests-mypy = ["mypy (>=1.11.1)", "pytest-mypy-plugins"]
 
 [[package]]
 name = "authlib"
-version = "1.4.0"
+version = "1.4.1"
 description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "Authlib-1.4.0-py2.py3-none-any.whl", hash = "sha256:4bb20b978c8b636222b549317c1815e1fe62234fc1c5efe8855d84aebf3a74e3"},
-    {file = "authlib-1.4.0.tar.gz", hash = "sha256:1c1e6608b5ed3624aeeee136ca7f8c120d6f51f731aa152b153d54741840e1f2"},
+    {file = "Authlib-1.4.1-py2.py3-none-any.whl", hash = "sha256:edc29c3f6a3e72cd9e9f45fff67fc663a2c364022eb0371c003f22d5405915c1"},
+    {file = "authlib-1.4.1.tar.gz", hash = "sha256:30ead9ea4993cdbab821dc6e01e818362f92da290c04c7f6a1940f86507a790d"},
 ]
 
 [package.dependencies]
@@ -208,33 +208,33 @@ dev = ["freezegun (>=1.0,<2.0)", "pytest (>=6.0)", "pytest-cov"]
 
 [[package]]
 name = "black"
-version = "24.10.0"
+version = "25.1.0"
 description = "The uncompromising code formatter."
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "black-24.10.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e6668650ea4b685440857138e5fe40cde4d652633b1bdffc62933d0db4ed9812"},
-    {file = "black-24.10.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:1c536fcf674217e87b8cc3657b81809d3c085d7bf3ef262ead700da345bfa6ea"},
-    {file = "black-24.10.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:649fff99a20bd06c6f727d2a27f401331dc0cc861fb69cde910fe95b01b5928f"},
-    {file = "black-24.10.0-cp310-cp310-win_amd64.whl", hash = "sha256:fe4d6476887de70546212c99ac9bd803d90b42fc4767f058a0baa895013fbb3e"},
-    {file = "black-24.10.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:5a2221696a8224e335c28816a9d331a6c2ae15a2ee34ec857dcf3e45dbfa99ad"},
-    {file = "black-24.10.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:f9da3333530dbcecc1be13e69c250ed8dfa67f43c4005fb537bb426e19200d50"},
-    {file = "black-24.10.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4007b1393d902b48b36958a216c20c4482f601569d19ed1df294a496eb366392"},
-    {file = "black-24.10.0-cp311-cp311-win_amd64.whl", hash = "sha256:394d4ddc64782e51153eadcaaca95144ac4c35e27ef9b0a42e121ae7e57a9175"},
-    {file = "black-24.10.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b5e39e0fae001df40f95bd8cc36b9165c5e2ea88900167bddf258bacef9bbdc3"},
-    {file = "black-24.10.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:d37d422772111794b26757c5b55a3eade028aa3fde43121ab7b673d050949d65"},
-    {file = "black-24.10.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:14b3502784f09ce2443830e3133dacf2c0110d45191ed470ecb04d0f5f6fcb0f"},
-    {file = "black-24.10.0-cp312-cp312-win_amd64.whl", hash = "sha256:30d2c30dc5139211dda799758559d1b049f7f14c580c409d6ad925b74a4208a8"},
-    {file = "black-24.10.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:1cbacacb19e922a1d75ef2b6ccaefcd6e93a2c05ede32f06a21386a04cedb981"},
-    {file = "black-24.10.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:1f93102e0c5bb3907451063e08b9876dbeac810e7da5a8bfb7aeb5a9ef89066b"},
-    {file = "black-24.10.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ddacb691cdcdf77b96f549cf9591701d8db36b2f19519373d60d31746068dbf2"},
-    {file = "black-24.10.0-cp313-cp313-win_amd64.whl", hash = "sha256:680359d932801c76d2e9c9068d05c6b107f2584b2a5b88831c83962eb9984c1b"},
-    {file = "black-24.10.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:17374989640fbca88b6a448129cd1745c5eb8d9547b464f281b251dd00155ccd"},
-    {file = "black-24.10.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:63f626344343083322233f175aaf372d326de8436f5928c042639a4afbbf1d3f"},
-    {file = "black-24.10.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ccfa1d0cb6200857f1923b602f978386a3a2758a65b52e0950299ea014be6800"},
-    {file = "black-24.10.0-cp39-cp39-win_amd64.whl", hash = "sha256:2cd9c95431d94adc56600710f8813ee27eea544dd118d45896bb734e9d7a0dc7"},
-    {file = "black-24.10.0-py3-none-any.whl", hash = "sha256:3bb2b7a1f7b685f85b11fed1ef10f8a9148bceb49853e47a294a3dd963c1dd7d"},
-    {file = "black-24.10.0.tar.gz", hash = "sha256:846ea64c97afe3bc677b761787993be4991810ecc7a4a937816dd6bddedc4875"},
+    {file = "black-25.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:759e7ec1e050a15f89b770cefbf91ebee8917aac5c20483bc2d80a6c3a04df32"},
+    {file = "black-25.1.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0e519ecf93120f34243e6b0054db49c00a35f84f195d5bce7e9f5cfc578fc2da"},
+    {file = "black-25.1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:055e59b198df7ac0b7efca5ad7ff2516bca343276c466be72eb04a3bcc1f82d7"},
+    {file = "black-25.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:db8ea9917d6f8fc62abd90d944920d95e73c83a5ee3383493e35d271aca872e9"},
+    {file = "black-25.1.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:a39337598244de4bae26475f77dda852ea00a93bd4c728e09eacd827ec929df0"},
+    {file = "black-25.1.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:96c1c7cd856bba8e20094e36e0f948718dc688dba4a9d78c3adde52b9e6c2299"},
+    {file = "black-25.1.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:bce2e264d59c91e52d8000d507eb20a9aca4a778731a08cfff7e5ac4a4bb7096"},
+    {file = "black-25.1.0-cp311-cp311-win_amd64.whl", hash = "sha256:172b1dbff09f86ce6f4eb8edf9dede08b1fce58ba194c87d7a4f1a5aa2f5b3c2"},
+    {file = "black-25.1.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:4b60580e829091e6f9238c848ea6750efed72140b91b048770b64e74fe04908b"},
+    {file = "black-25.1.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1e2978f6df243b155ef5fa7e558a43037c3079093ed5d10fd84c43900f2d8ecc"},
+    {file = "black-25.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:3b48735872ec535027d979e8dcb20bf4f70b5ac75a8ea99f127c106a7d7aba9f"},
+    {file = "black-25.1.0-cp312-cp312-win_amd64.whl", hash = "sha256:ea0213189960bda9cf99be5b8c8ce66bb054af5e9e861249cd23471bd7b0b3ba"},
+    {file = "black-25.1.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8f0b18a02996a836cc9c9c78e5babec10930862827b1b724ddfe98ccf2f2fe4f"},
+    {file = "black-25.1.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:afebb7098bfbc70037a053b91ae8437c3857482d3a690fefc03e9ff7aa9a5fd3"},
+    {file = "black-25.1.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:030b9759066a4ee5e5aca28c3c77f9c64789cdd4de8ac1df642c40b708be6171"},
+    {file = "black-25.1.0-cp313-cp313-win_amd64.whl", hash = "sha256:a22f402b410566e2d1c950708c77ebf5ebd5d0d88a6a2e87c86d9fb48afa0d18"},
+    {file = "black-25.1.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a1ee0a0c330f7b5130ce0caed9936a904793576ef4d2b98c40835d6a65afa6a0"},
+    {file = "black-25.1.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:f3df5f1bf91d36002b0a75389ca8663510cf0531cca8aa5c1ef695b46d98655f"},
+    {file = "black-25.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d9e6827d563a2c820772b32ce8a42828dc6790f095f441beef18f96aa6f8294e"},
+    {file = "black-25.1.0-cp39-cp39-win_amd64.whl", hash = "sha256:bacabb307dca5ebaf9c118d2d2f6903da0d62c9faa82bd21a33eecc319559355"},
+    {file = "black-25.1.0-py3-none-any.whl", hash = "sha256:95e8176dae143ba9097f351d174fdaf0ccd29efb414b362ae3fd72bf0f710717"},
+    {file = "black-25.1.0.tar.gz", hash = "sha256:33496d5cd1222ad73391352b4ae8da15253c5de89b93a80b3e2c8d9a19ec2666"},
 ]
 
 [package.dependencies]
@@ -1032,13 +1032,13 @@ pyyaml = ">=5.1"
 
 [[package]]
 name = "mkdocs-material"
-version = "9.5.50"
+version = "9.6.1"
 description = "Documentation that simply works"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "mkdocs_material-9.5.50-py3-none-any.whl", hash = "sha256:f24100f234741f4d423a9d672a909d859668a4f404796be3cf035f10d6050385"},
-    {file = "mkdocs_material-9.5.50.tar.gz", hash = "sha256:ae5fe16f3d7c9ccd05bb6916a7da7420cf99a9ce5e33debd9d40403a090d5825"},
+    {file = "mkdocs_material-9.6.1-py3-none-any.whl", hash = "sha256:c1742d410be29811a9b7e863cb25a578b9e255fe6f04c69f8c6838863a58e141"},
+    {file = "mkdocs_material-9.6.1.tar.gz", hash = "sha256:da37dba220d9fbfc5f1fc567fafc4028e3c3d7d828f2779ed09ab726ceca77dc"},
 ]
 
 [package.dependencies]
@@ -1501,13 +1501,13 @@ files = [
 
 [[package]]
 name = "pydantic"
-version = "2.10.5"
+version = "2.10.6"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "pydantic-2.10.5-py3-none-any.whl", hash = "sha256:4dd4e322dbe55472cb7ca7e73f4b63574eecccf2835ffa2af9021ce113c83c53"},
-    {file = "pydantic-2.10.5.tar.gz", hash = "sha256:278b38dbbaec562011d659ee05f63346951b3a248a6f3642e1bc68894ea2b4ff"},
+    {file = "pydantic-2.10.6-py3-none-any.whl", hash = "sha256:427d664bf0b8a2b34ff5dd0f5a18df00591adcee7198fbd71981054cef37b584"},
+    {file = "pydantic-2.10.6.tar.gz", hash = "sha256:ca5daa827cce33de7a42be142548b0096bf05a7e7b365aebfa5f8eeec7128236"},
 ]
 
 [package.dependencies]
@@ -1761,32 +1761,32 @@ dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "pygments
 
 [[package]]
 name = "pytest-aiohttp"
-version = "1.0.5"
+version = "1.1.0"
 description = "Pytest plugin for aiohttp support"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.9"
 files = [
-    {file = "pytest-aiohttp-1.0.5.tar.gz", hash = "sha256:880262bc5951e934463b15e3af8bb298f11f7d4d3ebac970aab425aff10a780a"},
-    {file = "pytest_aiohttp-1.0.5-py3-none-any.whl", hash = "sha256:63a5360fd2f34dda4ab8e6baee4c5f5be4cd186a403cabd498fced82ac9c561e"},
+    {file = "pytest_aiohttp-1.1.0-py3-none-any.whl", hash = "sha256:f39a11693a0dce08dd6c542d241e199dd8047a6e6596b2bcfa60d373f143456d"},
+    {file = "pytest_aiohttp-1.1.0.tar.gz", hash = "sha256:147de8cb164f3fc9d7196967f109ab3c0b93ea3463ab50631e56438eab7b5adc"},
 ]
 
 [package.dependencies]
-aiohttp = ">=3.8.1"
+aiohttp = ">=3.11.0b0"
 pytest = ">=6.1.0"
 pytest-asyncio = ">=0.17.2"
 
 [package.extras]
-testing = ["coverage (==6.2)", "mypy (==0.931)"]
+testing = ["coverage (==6.2)", "mypy (==1.12.1)"]
 
 [[package]]
 name = "pytest-asyncio"
-version = "0.25.2"
+version = "0.25.3"
 description = "Pytest support for asyncio"
 optional = false
 python-versions = ">=3.9"
 files = [
-    {file = "pytest_asyncio-0.25.2-py3-none-any.whl", hash = "sha256:0d0bb693f7b99da304a0634afc0a4b19e49d5e0de2d670f38dc4bfa5727c5075"},
-    {file = "pytest_asyncio-0.25.2.tar.gz", hash = "sha256:3f8ef9a98f45948ea91a0ed3dc4268b5326c0e7bce73892acc654df4262ad45f"},
+    {file = "pytest_asyncio-0.25.3-py3-none-any.whl", hash = "sha256:9e89518e0f9bd08928f97a3482fdc4e244df17529460bc038291ccaf8f85c7c3"},
+    {file = "pytest_asyncio-0.25.3.tar.gz", hash = "sha256:fc1da2cf9f125ada7e710b4ddad05518d4cee187ae9412e9ac9271003497f07a"},
 ]
 
 [package.dependencies]
@@ -2141,29 +2141,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.9.2"
+version = "0.9.4"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "ruff-0.9.2-py3-none-linux_armv6l.whl", hash = "sha256:80605a039ba1454d002b32139e4970becf84b5fee3a3c3bf1c2af6f61a784347"},
-    {file = "ruff-0.9.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:b9aab82bb20afd5f596527045c01e6ae25a718ff1784cb92947bff1f83068b00"},
-    {file = "ruff-0.9.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:fbd337bac1cfa96be615f6efcd4bc4d077edbc127ef30e2b8ba2a27e18c054d4"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:82b35259b0cbf8daa22a498018e300b9bb0174c2bbb7bcba593935158a78054d"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:8b6a9701d1e371bf41dca22015c3f89769da7576884d2add7317ec1ec8cb9c3c"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9cc53e68b3c5ae41e8faf83a3b89f4a5d7b2cb666dff4b366bb86ed2a85b481f"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:8efd9da7a1ee314b910da155ca7e8953094a7c10d0c0a39bfde3fcfd2a015684"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3292c5a22ea9a5f9a185e2d131dc7f98f8534a32fb6d2ee7b9944569239c648d"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1a605fdcf6e8b2d39f9436d343d1f0ff70c365a1e681546de0104bef81ce88df"},
-    {file = "ruff-0.9.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c547f7f256aa366834829a08375c297fa63386cbe5f1459efaf174086b564247"},
-    {file = "ruff-0.9.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:d18bba3d3353ed916e882521bc3e0af403949dbada344c20c16ea78f47af965e"},
-    {file = "ruff-0.9.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:b338edc4610142355ccf6b87bd356729b62bf1bc152a2fad5b0c7dc04af77bfe"},
-    {file = "ruff-0.9.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:492a5e44ad9b22a0ea98cf72e40305cbdaf27fac0d927f8bc9e1df316dcc96eb"},
-    {file = "ruff-0.9.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:af1e9e9fe7b1f767264d26b1075ac4ad831c7db976911fa362d09b2d0356426a"},
-    {file = "ruff-0.9.2-py3-none-win32.whl", hash = "sha256:71cbe22e178c5da20e1514e1e01029c73dc09288a8028a5d3446e6bba87a5145"},
-    {file = "ruff-0.9.2-py3-none-win_amd64.whl", hash = "sha256:c5e1d6abc798419cf46eed03f54f2e0c3adb1ad4b801119dedf23fcaf69b55b5"},
-    {file = "ruff-0.9.2-py3-none-win_arm64.whl", hash = "sha256:a1b63fa24149918f8b37cef2ee6fff81f24f0d74b6f0bdc37bc3e1f2143e41c6"},
-    {file = "ruff-0.9.2.tar.gz", hash = "sha256:b5eceb334d55fae5f316f783437392642ae18e16dcf4f1858d55d3c2a0f8f5d0"},
+    {file = "ruff-0.9.4-py3-none-linux_armv6l.whl", hash = "sha256:64e73d25b954f71ff100bb70f39f1ee09e880728efb4250c632ceed4e4cdf706"},
+    {file = "ruff-0.9.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:6ce6743ed64d9afab4fafeaea70d3631b4d4b28b592db21a5c2d1f0ef52934bf"},
+    {file = "ruff-0.9.4-py3-none-macosx_11_0_arm64.whl", hash = "sha256:54499fb08408e32b57360f6f9de7157a5fec24ad79cb3f42ef2c3f3f728dfe2b"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:37c892540108314a6f01f105040b5106aeb829fa5fb0561d2dcaf71485021137"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:de9edf2ce4b9ddf43fd93e20ef635a900e25f622f87ed6e3047a664d0e8f810e"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:87c90c32357c74f11deb7fbb065126d91771b207bf9bfaaee01277ca59b574ec"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:56acd6c694da3695a7461cc55775f3a409c3815ac467279dfa126061d84b314b"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e0c93e7d47ed951b9394cf352d6695b31498e68fd5782d6cbc282425655f687a"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1d4c8772670aecf037d1bf7a07c39106574d143b26cfe5ed1787d2f31e800214"},
+    {file = "ruff-0.9.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bfc5f1d7afeda8d5d37660eeca6d389b142d7f2b5a1ab659d9214ebd0e025231"},
+    {file = "ruff-0.9.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:faa935fc00ae854d8b638c16a5f1ce881bc3f67446957dd6f2af440a5fc8526b"},
+    {file = "ruff-0.9.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:a6c634fc6f5a0ceae1ab3e13c58183978185d131a29c425e4eaa9f40afe1e6d6"},
+    {file = "ruff-0.9.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:433dedf6ddfdec7f1ac7575ec1eb9844fa60c4c8c2f8887a070672b8d353d34c"},
+    {file = "ruff-0.9.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d612dbd0f3a919a8cc1d12037168bfa536862066808960e0cc901404b77968f0"},
+    {file = "ruff-0.9.4-py3-none-win32.whl", hash = "sha256:db1192ddda2200671f9ef61d9597fcef89d934f5d1705e571a93a67fb13a4402"},
+    {file = "ruff-0.9.4-py3-none-win_amd64.whl", hash = "sha256:05bebf4cdbe3ef75430d26c375773978950bbf4ee3c95ccb5448940dc092408e"},
+    {file = "ruff-0.9.4-py3-none-win_arm64.whl", hash = "sha256:585792f1e81509e38ac5123492f8875fbc36f3ede8185af0a26df348e5154f41"},
+    {file = "ruff-0.9.4.tar.gz", hash = "sha256:6907ee3529244bb0ed066683e075f09285b38dd5b4039370df6ff06041ca19e7"},
 ]
 
 [[package]]
@@ -2420,4 +2420,4 @@ type = ["pytest-mypy"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "d0b1a79e65224b8e7311bed6a03d65508b00c8615c1e57ee3e43b024a2b6d4fb"
+content-hash = "d50ee3f4906f391687d4295ee8d332766e060a554b5596dde79e36b91ab45d45"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index 63b4e8e72..89d1453c6 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -34,18 +34,18 @@ types-toml = "^0.10.8"
 pylint-pydantic = "^0.3.5"
 coverage = "^7.6.10"
 pylint-pytest = "^1.1.7"
-pytest-asyncio = "^0.25.2"
+pytest-asyncio = "^0.25.3"
 pytest-mock = "^3.14.0"
-pytest-aiohttp = "^1.0.5"
-black = "^24.10.0"
+pytest-aiohttp = "^1.1.0"
+black = "^25.1.0"
 mkdocs = "^1.5.3"
-mkdocs-material = "^9.5.50"
+mkdocs-material = "^9.6.1"
 mkdocstrings = "^0.27.0"
 mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.9.3"
+ruff = ">=0.5.1,<0.9.5"
 
 [build-system]
 requires = ["poetry-core>=1.0.0"]

From f93d07b6ccbbbcdd9023a477ac2880e13555f3c4 Mon Sep 17 00:00:00 2001
From: James <james@jameskr.dev>
Date: Sun, 2 Feb 2025 19:57:05 -0500
Subject: [PATCH 66/87] Add /.well-known/change-password endpoint (#3382)

* feat: Add /.well-known/change-password endpoint
* fix: make the https view constants available inside the crate

---------
Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 server/core/src/https/generic.rs         | 15 ++++++++++++++-
 server/core/src/https/mod.rs             |  6 +++++-
 server/core/src/https/views/constants.rs |  5 ++---
 server/core/src/https/views/mod.rs       |  2 +-
 4 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/server/core/src/https/generic.rs b/server/core/src/https/generic.rs
index 28f5907a0..ce8eb9119 100644
--- a/server/core/src/https/generic.rs
+++ b/server/core/src/https/generic.rs
@@ -1,10 +1,11 @@
 use axum::extract::State;
 use axum::http::header::CONTENT_TYPE;
-use axum::response::IntoResponse;
+use axum::response::{IntoResponse, Redirect};
 use axum::{Extension, Json};
 use kanidmd_lib::status::StatusRequestEvent;
 
 use super::middleware::KOpId;
+use super::views::constants::Urls;
 use super::ServerState;
 
 #[utoipa::path(
@@ -50,3 +51,15 @@ pub async fn robots_txt() -> impl IntoResponse {
         ),
     )
 }
+
+#[utoipa::path(
+    get,
+    path = Urls::WellKnownChangePassword.as_ref(),
+    responses(
+        (status = 303, description = "See other"),
+    ),
+    tag = "ui",
+)]
+pub async fn redirect_to_update_credentials() -> impl IntoResponse {
+    Redirect::to(Urls::UpdateCredentials.as_ref())
+}
diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index 049c62e00..645f35202 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -251,7 +251,11 @@ pub async fn create_https_server(
         .merge(oauth2::route_setup(state.clone()))
         .merge(v1_scim::route_setup())
         .merge(v1::route_setup(state.clone()))
-        .route("/robots.txt", get(generic::robots_txt));
+        .route("/robots.txt", get(generic::robots_txt))
+        .route(
+            views::constants::Urls::WellKnownChangePassword.as_ref(),
+            get(generic::redirect_to_update_credentials),
+        );
 
     let app = match config.role {
         ServerRole::WriteReplicaNoUI => app,
diff --git a/server/core/src/https/views/constants.rs b/server/core/src/https/views/constants.rs
index 55c5f84aa..8e4167941 100644
--- a/server/core/src/https/views/constants.rs
+++ b/server/core/src/https/views/constants.rs
@@ -21,17 +21,16 @@ impl std::fmt::Display for UiMessage {
     }
 }
 
-#[allow(dead_code)]
 pub(crate) enum Urls {
     Apps,
     CredReset,
-    CredResetError,
     EnrolDevice,
     Profile,
     UpdateCredentials,
     Oauth2Resume,
     Login,
     Ui,
+    WellKnownChangePassword,
 }
 
 impl AsRef<str> for Urls {
@@ -39,13 +38,13 @@ impl AsRef<str> for Urls {
         match self {
             Self::Apps => "/ui/apps",
             Self::CredReset => "/ui/reset",
-            Self::CredResetError => "/ui/reset/err",
             Self::EnrolDevice => "/ui/enrol",
             Self::Profile => "/ui/profile",
             Self::UpdateCredentials => "/ui/update_credentials",
             Self::Oauth2Resume => "/ui/oauth2/resume",
             Self::Login => "/ui/login",
             Self::Ui => "/ui",
+            Self::WellKnownChangePassword => "/.well-known/change-password",
         }
     }
 }
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index e4b5bcfa1..cefb475d6 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -17,7 +17,7 @@ use kanidmd_lib::{
 use crate::https::ServerState;
 
 mod apps;
-mod constants;
+pub(crate) mod constants;
 mod cookies;
 mod enrol;
 mod errors;

From d3457ff3c1c2a32819b9501a314740cba00d1ecc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Feb 2025 08:21:03 +1000
Subject: [PATCH 67/87] Bump openssl from 0.10.69 to 0.10.70 in the cargo group
 (#3391)

Bumps the cargo group with 1 update: [openssl](https://github.com/sfackler/rust-openssl).


Updates `openssl` from 0.10.69 to 0.10.70
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.69...openssl-v0.10.70)

---
updated-dependencies:
- dependency-name: openssl
  dependency-type: direct:production
  dependency-group: cargo
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Cargo.lock | 8 ++++----
 Cargo.toml | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 8570ee139..2bd45e759 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3962,9 +3962,9 @@ checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
 
 [[package]]
 name = "openssl"
-version = "0.10.69"
+version = "0.10.70"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f5e534d133a060a3c19daec1eb3e98ec6f4685978834f2dbadfe2ec215bab64e"
+checksum = "61cfb4e166a8bb8c9b55c500bc2308550148ece889be90f609377e58140f42c6"
 dependencies = [
  "bitflags 2.8.0",
  "cfg-if",
@@ -3994,9 +3994,9 @@ checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
 
 [[package]]
 name = "openssl-sys"
-version = "0.9.104"
+version = "0.9.105"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
+checksum = "8b22d5b84be05a8d6947c7cb71f7c849aa0f112acd4bf51c2a7c1c988ac0a9dc"
 dependencies = [
  "cc",
  "libc",
diff --git a/Cargo.toml b/Cargo.toml
index 2efec7e1d..d6c49b15b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -207,7 +207,7 @@ notify-debouncer-full = { version = "0.1" }
 num_enum = "^0.5.11"
 oauth2_ext = { version = "^4.4.2", package = "oauth2", default-features = false }
 openssl-sys = "^0.9"
-openssl = "^0.10.69"
+openssl = "^0.10.70"
 
 opentelemetry = { version = "0.27.0" }
 opentelemetry_api = { version = "0.27.0", features = ["logs", "metrics"] }

From d4c5a6f4a9009bdecd2aeed223f74835597b6435 Mon Sep 17 00:00:00 2001
From: Andris Raugulis <arthepsy@users.noreply.github.com>
Date: Tue, 4 Feb 2025 00:39:50 +0200
Subject: [PATCH 68/87] OpenBSD support (#3381)

* Implement OpenBSD support.
---
 CONTRIBUTORS.md                   | 1 +
 libs/file_permissions/src/unix.rs | 3 +++
 tools/cli/Cargo.toml              | 4 ++++
 tools/cli/src/cli/webauthn/mod.rs | 5 +++++
 4 files changed, 13 insertions(+)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index f18c7b93d..09a4eafbd 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -45,6 +45,7 @@
 - Chris Olstrom (colstrom)
 - Christopher-Robin (cebbinghaus)
 - Fabian Kammel (datosh)
+- Andris Raugulis (arthepsy)
 
 ## Acknowledgements
 
diff --git a/libs/file_permissions/src/unix.rs b/libs/file_permissions/src/unix.rs
index c3ede12f7..6e1a195a6 100644
--- a/libs/file_permissions/src/unix.rs
+++ b/libs/file_permissions/src/unix.rs
@@ -3,6 +3,9 @@ use std::fs::Metadata;
 #[cfg(target_os = "freebsd")]
 use std::os::freebsd::fs::MetadataExt;
 
+#[cfg(target_os = "openbsd")]
+use std::os::openbsd::fs::MetadataExt;
+
 #[cfg(target_os = "linux")]
 use std::os::linux::fs::MetadataExt;
 
diff --git a/tools/cli/Cargo.toml b/tools/cli/Cargo.toml
index e0acdd794..5d5ee7778 100644
--- a/tools/cli/Cargo.toml
+++ b/tools/cli/Cargo.toml
@@ -93,6 +93,10 @@ features = ["mozilla"]
 workspace = true
 features = ["mozilla"]
 
+[target."cfg(target_os = \"openbsd\")".dependencies.webauthn-authenticator-rs]
+workspace = true
+features = ["mozilla"]
+
 ## Debian packaging
 [package.metadata.deb]
 name = "kanidm"
diff --git a/tools/cli/src/cli/webauthn/mod.rs b/tools/cli/src/cli/webauthn/mod.rs
index 0af5641f1..3078c4d41 100644
--- a/tools/cli/src/cli/webauthn/mod.rs
+++ b/tools/cli/src/cli/webauthn/mod.rs
@@ -13,6 +13,11 @@ mod mozilla;
 #[cfg(target_os = "freebsd")]
 use mozilla::get_authenticator_backend;
 
+#[cfg(target_os = "openbsd")]
+mod mozilla;
+#[cfg(target_os = "openbsd")]
+use mozilla::get_authenticator_backend;
+
 #[cfg(target_os = "windows")]
 mod win10;
 #[cfg(target_os = "windows")]

From 99e37e987afb24c8a48670c5953c996221726e69 Mon Sep 17 00:00:00 2001
From: Jason <jasonhsu2013@gmail.com>
Date: Tue, 4 Feb 2025 01:22:32 -0500
Subject: [PATCH 69/87] Allow POST on oauth userinfo (#3395)

---
 CONTRIBUTORS.md                     |  1 +
 server/core/src/https/oauth2.rs     |  4 +++-
 server/testkit/tests/oauth2_test.rs | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 09a4eafbd..3a75f2ca1 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -46,6 +46,7 @@
 - Christopher-Robin (cebbinghaus)
 - Fabian Kammel (datosh)
 - Andris Raugulis (arthepsy)
+- Jason (argonaut0)
 
 ## Acknowledgements
 
diff --git a/server/core/src/https/oauth2.rs b/server/core/src/https/oauth2.rs
index ae986119a..33a142507 100644
--- a/server/core/src/https/oauth2.rs
+++ b/server/core/src/https/oauth2.rs
@@ -774,7 +774,9 @@ pub fn route_setup(state: ServerState) -> Router<ServerState> {
         // // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
         .route(
             "/oauth2/openid/:client_id/userinfo",
-            get(oauth2_openid_userinfo_get).options(oauth2_preflight_options),
+            get(oauth2_openid_userinfo_get)
+                .post(oauth2_openid_userinfo_get)
+                .options(oauth2_preflight_options),
         )
         // // ⚠️  ⚠️   WARNING  ⚠️  ⚠️
         // // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
diff --git a/server/testkit/tests/oauth2_test.rs b/server/testkit/tests/oauth2_test.rs
index 21f3096f3..faab08575 100644
--- a/server/testkit/tests/oauth2_test.rs
+++ b/server/testkit/tests/oauth2_test.rs
@@ -447,6 +447,24 @@ async fn test_oauth2_openid_basic_flow_impl(
 
     assert_eq!(userinfo, oidc);
 
+    let response = client
+        .post(rsclient.make_url("/oauth2/openid/test_integration/userinfo"))
+        .bearer_auth(atr.access_token.clone())
+        .send()
+        .await
+        .expect("Failed to send userinfo POST request.");
+
+    tracing::trace!("{:?}", response.headers());
+    assert!(
+        response.headers().get(CONTENT_TYPE) == Some(&HeaderValue::from_static(APPLICATION_JSON))
+    );
+    let userinfo_post = response
+        .json::<OidcToken>()
+        .await
+        .expect("Unable to decode OidcToken from POST userinfo");
+
+    assert_eq!(userinfo_post, userinfo);
+
     // Step 6 - Show that our client can perform a client credentials grant
 
     let form_req: AccessTokenRequest = GrantTypeReq::ClientCredentials {

From 3b3c029e30915318430b649393f5daca5048656a Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Tue, 4 Feb 2025 20:30:25 +1100
Subject: [PATCH 70/87] #3387 - RADIUS Startup fixin's (#3388)

* fix: outdated poetry.toml entries
* fix: better handling errors on startup in radius_entrypoint
* fix: radiusd eap config, removing dh_file per error message in freeradius startup
* fix: updating docs to be a little clearer and reflect new config
* fix: fixing up handling dhparam, trying to throw better errors
* fix: unified how the config path is found in pykanidm radius, new default config path

---------

Co-authored-by: Firstyear <william@blackhats.net.au>
---
 book/src/integrations/radius.md    |  85 +++-----------
 examples/radius.toml               |  18 +++
 examples/radius_full.toml          |  28 +++++
 pykanidm/kanidm/radius/__init__.py |  43 ++++----
 pykanidm/kanidm/types.py           |   1 -
 pykanidm/kanidm/utils.py           |   2 +-
 pykanidm/poetry.lock               | 171 ++++++++++++++++++-----------
 pykanidm/pyproject.toml            |  23 ++--
 rlm_python/Dockerfile              |   2 +-
 rlm_python/mods-available/eap      |  32 +++---
 rlm_python/radius_entrypoint.py    |  28 ++---
 11 files changed, 227 insertions(+), 206 deletions(-)
 create mode 100644 examples/radius.toml
 create mode 100644 examples/radius_full.toml

diff --git a/book/src/integrations/radius.md b/book/src/integrations/radius.md
index 97e339c26..cbeb54101 100644
--- a/book/src/integrations/radius.md
+++ b/book/src/integrations/radius.md
@@ -103,82 +103,26 @@ kanidm service-account credential generate --name admin radius_service_account
 ## Deploying a RADIUS Container
 
 We provide a RADIUS container that has all the needed integrations. This container requires some
-cryptographic material, with the following files being in `/etc/raddb/certs`. (Modifiable in the
+cryptographic material, with the following files mounted in `/data`. (Modifiable in the
 configuration)
 
-| filename | description                                                   |
-| -------- | ------------------------------------------------------------- |
-| ca.pem   | The signing CA of the RADIUS certificate                      |
-| dh.pem   | The output of `openssl dhparam -in ca.pem -out ./dh.pem 2048` |
-| cert.pem | The certificate for the RADIUS server                         |
-| key.pem  | The signing key for the RADIUS certificate                    |
+| filename    | description                                                   |
+| --------    | ------------------------------------------------------------- |
+| ca.pem      | The signing CA of the RADIUS certificate                      |
+| cert.pem    | The certificate for the RADIUS server                         |
+| key.pem     | The private key for the RADIUS certificate                    |
+| radius.toml | The configuration file                                        |
 
-The configuration file (`/data/kanidm`) has the following template:
+The configuration file (which you should mount at `/data/radius.toml`, or specify its path with the environment variable `KANIDM_RLM_CONFIG`) has the following template:
 
 ```toml
-uri = "https://example.com" # URL to the Kanidm server
-verify_hostnames = true     # verify the hostname of the Kanidm server
-
-verify_ca = false           # Strict CA verification
-ca = /data/ca.pem           # Path to the kanidm ca
-
-auth_token = "ABC..."       # Auth token for the service account
-                            # See: kanidm service-account api-token generate
-
-# Default vlans for groups that don't specify one.
-radius_default_vlan = 1
-
-# A list of Kanidm groups which must be a member
-# before they can authenticate via RADIUS.
-radius_required_groups = [
-    "radius_access_allowed@idm.example.com",
-]
-
-# A mapping between Kanidm groups and VLANS
-radius_groups = [
-    { spn = "radius_access_allowed@idm.example.com", vlan = 10 },
-]
-
-# A mapping of clients and their authentication tokens
-radius_clients = [
-    { name = "test", ipaddr = "127.0.0.1", secret  = "testing123" },
-    { name = "docker" , ipaddr = "172.17.0.0/16", secret = "testing123" },
-]
-
-# radius_cert_path = "/etc/raddb/certs/cert.pem"
-# the signing key for radius TLS
-# radius_key_path = "/etc/raddb/certs/key.pem"
-# the diffie-hellman output
-# radius_dh_path = "/etc/raddb/certs/dh.pem"
-# the CA certificate
-# radius_ca_path = "/etc/raddb/certs/ca.pem"
+{{#rustdoc_include ../../../examples/radius.toml}}
 ```
 
 ## A fully configured example
 
 ```toml
-url = "https://example.com"
-
-# The auth token for the service account
-auth_token = "ABC..."
-
-# default vlan for groups that don't specify one.
-radius_default_vlan = 99
-
-# if the user is in one of these Kanidm groups,
-# then they're allowed to authenticate
-radius_required_groups = [
-    "radius_access_allowed@idm.example.com",
-]
-
-radius_groups = [
-    { spn = "radius_access_allowed@idm.example.com", vlan = 10 }
-]
-
-radius_clients = [
-    { name = "localhost", ipaddr = "127.0.0.1", secret = "testing123" },
-    { name = "docker" , ipaddr = "172.17.0.0/16", secret = "testing123" },
-]
+{{#rustdoc_include ../../../examples/radius_full.toml}}
 ```
 
 ## Moving to Production
@@ -200,14 +144,17 @@ the problem. To increase the logging level you can re-run your environment with
 ```bash
 docker rm radiusd
 docker run --name radiusd \
-    -e DEBUG=True \
+    --rm -e DEBUG=True \
     -p 1812:1812 \
-    -p 1812:1812/udp
+    -p 1812:1812/udp \
     --interactive --tty \
-    --volume /tmp/kanidm:/etc/raddb/certs \
+    --mount "type=bind,src=$(pwd)/examples/radius.toml,target=/data/kanidm" \
+    --mount "type=bind,src=/tmp/kanidm,target=/data" \
     kanidm/radius:latest
 ```
 
+In this example we're running it from the root of the repository and loading an example config, and using the certificates generated in dev-mode. You'll need to adjust your mounts to suit!
+
 Note: the RADIUS container _is_ configured to provide
 [Tunnel-Private-Group-ID](https://freeradius.org/rfc/rfc2868.html#Tunnel-Private-Group-ID), so if
 you wish to use Wi-Fi-assigned VLANs on your infrastructure, you can assign these by groups in the
diff --git a/examples/radius.toml b/examples/radius.toml
new file mode 100644
index 000000000..aacc3d8da
--- /dev/null
+++ b/examples/radius.toml
@@ -0,0 +1,18 @@
+uri = "https://example.com"
+
+# The auth token for the service account
+auth_token = "ABC..."
+
+# default vlan for groups that don't specify one.
+radius_default_vlan = 99
+
+# if the user is in one of these Kanidm groups,
+# then they're allowed to authenticate
+radius_required_groups = ["radius_access_allowed@idm.example.com"]
+
+radius_groups = [{ spn = "radius_access_allowed@idm.example.com", vlan = 10 }]
+
+radius_clients = [
+    { name = "localhost", ipaddr = "127.0.0.1", secret = "testing123" },
+    { name = "docker", ipaddr = "172.17.0.0/16", secret = "testing123" },
+]
diff --git a/examples/radius_full.toml b/examples/radius_full.toml
new file mode 100644
index 000000000..d4b7663d9
--- /dev/null
+++ b/examples/radius_full.toml
@@ -0,0 +1,28 @@
+uri = "https://example.com" # URL to the Kanidm server
+verify_hostnames = true     # verify the hostname of the Kanidm server
+verify_ca = true            # Strict CA verification
+
+auth_token = "ABC..." # Auth token for the service account
+# See: kanidm service-account api-token generate
+
+# Default vlans for groups that don't specify one.
+radius_default_vlan = 1
+
+# A list of Kanidm groups which must be a member
+# before they can authenticate via RADIUS.
+radius_required_groups = ["radius_access_allowed@idm.example.com"]
+
+# A mapping between Kanidm groups and VLANS
+radius_groups = [{ spn = "radius_access_allowed@idm.example.com", vlan = 10 }]
+
+# A mapping of clients and their authentication tokens
+radius_clients = [
+    { name = "test", ipaddr = "127.0.0.1", secret = "testing123" },
+    { name = "docker", ipaddr = "172.17.0.0/16", secret = "testing123" },
+]
+
+# radius_cert_path = "/etc/raddb/certs/cert.pem"
+# the signing key for radius TLS
+# radius_key_path = "/etc/raddb/certs/key.pem"
+radius_ca_path = "/data/ca.pem" # Path to the kanidm ca
+# radius_ca_dir = "/data/ca"
diff --git a/pykanidm/kanidm/radius/__init__.py b/pykanidm/kanidm/radius/__init__.py
index b44a6ff50..e707cf602 100644
--- a/pykanidm/kanidm/radius/__init__.py
+++ b/pykanidm/kanidm/radius/__init__.py
@@ -1,4 +1,5 @@
-""" kanidm RADIUS module """
+"""kanidm RADIUS module"""
+
 import asyncio
 from aiohttp.client_exceptions import ClientConnectorError
 from functools import reduce
@@ -16,15 +17,26 @@ from .. import KanidmClient
 from . import radiusd
 from .utils import check_vlan
 
+CONTAINER_CONFIG_FILE_PATH = "/data/radius.toml"
+
 # the list of places to try
 CONFIG_PATHS = [
-    os.getenv("KANIDM_RLM_CONFIG", "/data/kanidm"),  # container goodness
-    "~/.config/kanidm",  # for a user
-    "/etc/kanidm/kanidm",  # system-wide
-    "../examples/kanidm",  # test mode
+    os.getenv("KANIDM_RLM_CONFIG", CONTAINER_CONFIG_FILE_PATH),  # container goodness
+    "~/.config/radius.toml",  # for a user
+    "/etc/kanidm/radius.toml",  # system-wide
+    "../examples/radius.toml",  # test mode
+    "/data/kanidm",  # fallback to old path
 ]
 
 
+def find_radius_config_path() -> Optional[Path]:
+    for config_file_path in CONFIG_PATHS:
+        config_path = Path(config_file_path).expanduser().resolve()
+        if config_path.exists():
+            return config_path
+    return None
+
+
 def instantiate(_: Any) -> Any:
     """start up radiusd"""
     logging.basicConfig(
@@ -33,16 +45,9 @@ def instantiate(_: Any) -> Any:
     )
     logging.info("Starting up!")
 
-    config_path = None
-    for config_file_path in CONFIG_PATHS:
-        config_path = Path(config_file_path).expanduser().resolve()
-        if config_path.exists():
-            break
-
-    if (config_path is None) or (not config_path.exists()):
-        logging.error(
-            "Failed to find configuration file, checked (%s), quitting!", CONFIG_PATHS
-        )
+    config_path = find_radius_config_path()
+    if config_path is None:
+        logging.error("Failed to find configuration file, checked (%s), quitting!", CONFIG_PATHS)
         sys.exit(1)
 
     kanidm_client = KanidmClient(config_file=config_path)
@@ -107,9 +112,7 @@ def authorize(
     tok = None
     try:
         loop = asyncio.get_event_loop()
-        tok = RadiusTokenResponse.model_validate(
-            loop.run_until_complete(_get_radius_token(username=user_id))
-        )
+        tok = RadiusTokenResponse.model_validate(loop.run_until_complete(_get_radius_token(username=user_id)))
         logging.debug("radius information token: %s", tok)
     except NoMatchingEntries as error_message:
         logging.info(
@@ -125,9 +128,7 @@ def authorize(
         logging.error("kanidm exception: %s, %s", type(error_message), error_message)
         return radiusd.RLM_MODULE_FAIL
     if tok is None:
-        logging.info(
-            "kanidm RLM_MODULE_REJECT - unable to retrieve radius information token"
-        )
+        logging.info("kanidm RLM_MODULE_REJECT - unable to retrieve radius information token")
         return radiusd.RLM_MODULE_REJECT
 
     # Get values out of the token
diff --git a/pykanidm/kanidm/types.py b/pykanidm/kanidm/types.py
index 383678967..2f9bf209d 100644
--- a/pykanidm/kanidm/types.py
+++ b/pykanidm/kanidm/types.py
@@ -171,7 +171,6 @@ class KanidmClientConfig(BaseModel):
 
     radius_cert_path: str = "/data/cert.pem"
     radius_key_path: str = "/data/key.pem"  # the signing key for radius TLS
-    radius_dh_path: str = "/data/dh.pem"  # the diffie-hellman output
     radius_ca_path: Optional[str] = None
     radius_ca_dir: Optional[str] = None
 
diff --git a/pykanidm/kanidm/utils.py b/pykanidm/kanidm/utils.py
index 562a6dd65..e193f0866 100644
--- a/pykanidm/kanidm/utils.py
+++ b/pykanidm/kanidm/utils.py
@@ -1,4 +1,4 @@
-""" utility functions """
+"""utility functions"""
 
 from pathlib import Path
 from typing import Any, Dict, Union
diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 4a394cf19..4cb00acb0 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.0.1 and should not be changed by hand.
 
 [[package]]
 name = "aiohappyeyeballs"
@@ -6,6 +6,7 @@ version = "2.4.0"
 description = "Happy Eyeballs for asyncio"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "aiohappyeyeballs-2.4.0-py3-none-any.whl", hash = "sha256:7ce92076e249169a13c2f49320d1967425eaf1f407522d707d59cac7628d62bd"},
     {file = "aiohappyeyeballs-2.4.0.tar.gz", hash = "sha256:55a1714f084e63d49639800f95716da97a1f173d46a16dfcfda0016abb93b6b2"},
@@ -17,6 +18,7 @@ version = "3.11.11"
 description = "Async http client/server framework (asyncio)"
 optional = false
 python-versions = ">=3.9"
+groups = ["main", "dev"]
 files = [
     {file = "aiohttp-3.11.11-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a60804bff28662cbcf340a4d61598891f12eea3a66af48ecfdc975ceec21e3c8"},
     {file = "aiohttp-3.11.11-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:4b4fa1cb5f270fb3eab079536b764ad740bb749ce69a94d4ec30ceee1b5940d5"},
@@ -115,6 +117,7 @@ version = "1.3.1"
 description = "aiosignal: a list of registered asynchronous callbacks"
 optional = false
 python-versions = ">=3.7"
+groups = ["main", "dev"]
 files = [
     {file = "aiosignal-1.3.1-py3-none-any.whl", hash = "sha256:f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"},
     {file = "aiosignal-1.3.1.tar.gz", hash = "sha256:54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc"},
@@ -129,6 +132,7 @@ version = "0.7.0"
 description = "Reusable constraint types to use with typing.Annotated"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "annotated_types-0.7.0-py3-none-any.whl", hash = "sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53"},
     {file = "annotated_types-0.7.0.tar.gz", hash = "sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89"},
@@ -140,6 +144,7 @@ version = "3.2.4"
 description = "An abstract syntax tree for Python with inference support."
 optional = false
 python-versions = ">=3.8.0"
+groups = ["dev"]
 files = [
     {file = "astroid-3.2.4-py3-none-any.whl", hash = "sha256:413658a61eeca6202a59231abb473f932038fbcbf1666587f66d482083413a25"},
     {file = "astroid-3.2.4.tar.gz", hash = "sha256:0e14202810b30da1b735827f78f5157be2bbd4a7a59b7707ca0bfc2fb4c0063a"},
@@ -154,6 +159,8 @@ version = "4.0.3"
 description = "Timeout context manager for asyncio programs"
 optional = false
 python-versions = ">=3.7"
+groups = ["main", "dev"]
+markers = "python_version < \"3.11\""
 files = [
     {file = "async-timeout-4.0.3.tar.gz", hash = "sha256:4640d96be84d82d02ed59ea2b7105a0f7b33abe8703703cd0ab0bf87c427522f"},
     {file = "async_timeout-4.0.3-py3-none-any.whl", hash = "sha256:7405140ff1230c310e51dc27b3145b9092d659ce68ff733fb0cefe3ee42be028"},
@@ -165,6 +172,7 @@ version = "24.2.0"
 description = "Classes Without Boilerplate"
 optional = false
 python-versions = ">=3.7"
+groups = ["main", "dev"]
 files = [
     {file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"},
     {file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"},
@@ -184,6 +192,7 @@ version = "1.4.1"
 description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
 optional = false
 python-versions = ">=3.9"
+groups = ["main"]
 files = [
     {file = "Authlib-1.4.1-py2.py3-none-any.whl", hash = "sha256:edc29c3f6a3e72cd9e9f45fff67fc663a2c364022eb0371c003f22d5405915c1"},
     {file = "authlib-1.4.1.tar.gz", hash = "sha256:30ead9ea4993cdbab821dc6e01e818362f92da290c04c7f6a1940f86507a790d"},
@@ -198,6 +207,7 @@ version = "2.16.0"
 description = "Internationalization utilities"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "babel-2.16.0-py3-none-any.whl", hash = "sha256:368b5b98b37c06b7daf6696391c3240c938b37767d4584413e8438c5c435fa8b"},
     {file = "babel-2.16.0.tar.gz", hash = "sha256:d1f3554ca26605fe173f3de0c65f750f5a42f924499bf134de6423582298e316"},
@@ -206,58 +216,13 @@ files = [
 [package.extras]
 dev = ["freezegun (>=1.0,<2.0)", "pytest (>=6.0)", "pytest-cov"]
 
-[[package]]
-name = "black"
-version = "25.1.0"
-description = "The uncompromising code formatter."
-optional = false
-python-versions = ">=3.9"
-files = [
-    {file = "black-25.1.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:759e7ec1e050a15f89b770cefbf91ebee8917aac5c20483bc2d80a6c3a04df32"},
-    {file = "black-25.1.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0e519ecf93120f34243e6b0054db49c00a35f84f195d5bce7e9f5cfc578fc2da"},
-    {file = "black-25.1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:055e59b198df7ac0b7efca5ad7ff2516bca343276c466be72eb04a3bcc1f82d7"},
-    {file = "black-25.1.0-cp310-cp310-win_amd64.whl", hash = "sha256:db8ea9917d6f8fc62abd90d944920d95e73c83a5ee3383493e35d271aca872e9"},
-    {file = "black-25.1.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:a39337598244de4bae26475f77dda852ea00a93bd4c728e09eacd827ec929df0"},
-    {file = "black-25.1.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:96c1c7cd856bba8e20094e36e0f948718dc688dba4a9d78c3adde52b9e6c2299"},
-    {file = "black-25.1.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:bce2e264d59c91e52d8000d507eb20a9aca4a778731a08cfff7e5ac4a4bb7096"},
-    {file = "black-25.1.0-cp311-cp311-win_amd64.whl", hash = "sha256:172b1dbff09f86ce6f4eb8edf9dede08b1fce58ba194c87d7a4f1a5aa2f5b3c2"},
-    {file = "black-25.1.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:4b60580e829091e6f9238c848ea6750efed72140b91b048770b64e74fe04908b"},
-    {file = "black-25.1.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1e2978f6df243b155ef5fa7e558a43037c3079093ed5d10fd84c43900f2d8ecc"},
-    {file = "black-25.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:3b48735872ec535027d979e8dcb20bf4f70b5ac75a8ea99f127c106a7d7aba9f"},
-    {file = "black-25.1.0-cp312-cp312-win_amd64.whl", hash = "sha256:ea0213189960bda9cf99be5b8c8ce66bb054af5e9e861249cd23471bd7b0b3ba"},
-    {file = "black-25.1.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8f0b18a02996a836cc9c9c78e5babec10930862827b1b724ddfe98ccf2f2fe4f"},
-    {file = "black-25.1.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:afebb7098bfbc70037a053b91ae8437c3857482d3a690fefc03e9ff7aa9a5fd3"},
-    {file = "black-25.1.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:030b9759066a4ee5e5aca28c3c77f9c64789cdd4de8ac1df642c40b708be6171"},
-    {file = "black-25.1.0-cp313-cp313-win_amd64.whl", hash = "sha256:a22f402b410566e2d1c950708c77ebf5ebd5d0d88a6a2e87c86d9fb48afa0d18"},
-    {file = "black-25.1.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:a1ee0a0c330f7b5130ce0caed9936a904793576ef4d2b98c40835d6a65afa6a0"},
-    {file = "black-25.1.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:f3df5f1bf91d36002b0a75389ca8663510cf0531cca8aa5c1ef695b46d98655f"},
-    {file = "black-25.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d9e6827d563a2c820772b32ce8a42828dc6790f095f441beef18f96aa6f8294e"},
-    {file = "black-25.1.0-cp39-cp39-win_amd64.whl", hash = "sha256:bacabb307dca5ebaf9c118d2d2f6903da0d62c9faa82bd21a33eecc319559355"},
-    {file = "black-25.1.0-py3-none-any.whl", hash = "sha256:95e8176dae143ba9097f351d174fdaf0ccd29efb414b362ae3fd72bf0f710717"},
-    {file = "black-25.1.0.tar.gz", hash = "sha256:33496d5cd1222ad73391352b4ae8da15253c5de89b93a80b3e2c8d9a19ec2666"},
-]
-
-[package.dependencies]
-click = ">=8.0.0"
-mypy-extensions = ">=0.4.3"
-packaging = ">=22.0"
-pathspec = ">=0.9.0"
-platformdirs = ">=2"
-tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
-typing-extensions = {version = ">=4.0.1", markers = "python_version < \"3.11\""}
-
-[package.extras]
-colorama = ["colorama (>=0.4.3)"]
-d = ["aiohttp (>=3.10)"]
-jupyter = ["ipython (>=7.8.0)", "tokenize-rt (>=3.2.0)"]
-uvloop = ["uvloop (>=0.15.2)"]
-
 [[package]]
 name = "certifi"
 version = "2024.8.30"
 description = "Python package for providing Mozilla's CA Bundle."
 optional = false
 python-versions = ">=3.6"
+groups = ["dev"]
 files = [
     {file = "certifi-2024.8.30-py3-none-any.whl", hash = "sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8"},
     {file = "certifi-2024.8.30.tar.gz", hash = "sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9"},
@@ -269,6 +234,8 @@ version = "1.17.1"
 description = "Foreign Function Interface for Python calling C code."
 optional = false
 python-versions = ">=3.8"
+groups = ["main"]
+markers = "platform_python_implementation != \"PyPy\""
 files = [
     {file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"},
     {file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"},
@@ -348,6 +315,7 @@ version = "3.3.2"
 description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
 optional = false
 python-versions = ">=3.7.0"
+groups = ["dev"]
 files = [
     {file = "charset-normalizer-3.3.2.tar.gz", hash = "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5"},
     {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3"},
@@ -447,6 +415,7 @@ version = "8.1.7"
 description = "Composable command line interface toolkit"
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
 files = [
     {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"},
     {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"},
@@ -461,6 +430,7 @@ version = "0.4.6"
 description = "Cross-platform colored terminal text."
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
+groups = ["dev"]
 files = [
     {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
     {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
@@ -472,6 +442,7 @@ version = "7.6.10"
 description = "Code coverage measurement for Python"
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "coverage-7.6.10-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5c912978f7fbf47ef99cec50c4401340436d200d41d714c7a4766f377c5b7b78"},
     {file = "coverage-7.6.10-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a01ec4af7dfeb96ff0078ad9a48810bb0cc8abcb0115180c6013a6b26237626c"},
@@ -546,6 +517,7 @@ version = "43.0.1"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = ">=3.7"
+groups = ["main"]
 files = [
     {file = "cryptography-43.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"},
     {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062"},
@@ -595,6 +567,7 @@ version = "0.3.8"
 description = "serialize all of Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "dill-0.3.8-py3-none-any.whl", hash = "sha256:c36ca9ffb54365bdd2f8eb3eff7d2a21237f8452b57ace88b1ac615b7e815bd7"},
     {file = "dill-0.3.8.tar.gz", hash = "sha256:3ebe3c479ad625c4553aca177444d89b486b1d84982eeacded644afc0cf797ca"},
@@ -610,6 +583,8 @@ version = "1.2.2"
 description = "Backport of PEP 654 (exception groups)"
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
+markers = "python_version < \"3.11\""
 files = [
     {file = "exceptiongroup-1.2.2-py3-none-any.whl", hash = "sha256:3111b9d131c238bec2f8f516e123e14ba243563fb135d3fe885990585aa7795b"},
     {file = "exceptiongroup-1.2.2.tar.gz", hash = "sha256:47c2edf7c6738fafb49fd34290706d1a1a2f4d1c6df275526b62cbb4aa5393cc"},
@@ -624,6 +599,7 @@ version = "1.4.1"
 description = "A list-like structure which implements collections.abc.MutableSequence"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "frozenlist-1.4.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:f9aa1878d1083b276b0196f2dfbe00c9b7e752475ed3b682025ff20c1c1f51ac"},
     {file = "frozenlist-1.4.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:29acab3f66f0f24674b7dc4736477bcd4bc3ad4b896f5f45379a67bce8b96868"},
@@ -710,6 +686,7 @@ version = "2.1.3"
 description = "URL manipulation made simple."
 optional = false
 python-versions = "*"
+groups = ["dev"]
 files = [
     {file = "furl-2.1.3-py2.py3-none-any.whl", hash = "sha256:9ab425062c4217f9802508e45feb4a83e54324273ac4b202f1850363309666c0"},
     {file = "furl-2.1.3.tar.gz", hash = "sha256:5a6188fe2666c484a12159c18be97a1977a71d632ef5bb867ef15f54af39cc4e"},
@@ -725,6 +702,7 @@ version = "2.1.0"
 description = "Copy your docs directly to the gh-pages branch."
 optional = false
 python-versions = "*"
+groups = ["dev"]
 files = [
     {file = "ghp-import-2.1.0.tar.gz", hash = "sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343"},
     {file = "ghp_import-2.1.0-py3-none-any.whl", hash = "sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619"},
@@ -742,6 +720,7 @@ version = "1.2.0"
 description = "Signatures for entire Python programs. Extract the structure, the frame, the skeleton of your project, to generate API documentation or find breaking changes in your API."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "griffe-1.2.0-py3-none-any.whl", hash = "sha256:a8b2fcb1ecdc5a412e646b0b4375eb20a5d2eac3a11dd8c10c56967a4097663c"},
     {file = "griffe-1.2.0.tar.gz", hash = "sha256:1c9f6ef7455930f3f9b0c4145a961c90385d1e2cbc496f7796fbff560ec60d31"},
@@ -756,6 +735,7 @@ version = "3.8"
 description = "Internationalized Domain Names in Applications (IDNA)"
 optional = false
 python-versions = ">=3.6"
+groups = ["main", "dev"]
 files = [
     {file = "idna-3.8-py3-none-any.whl", hash = "sha256:050b4e5baadcd44d760cedbd2b8e639f2ff89bbc7a5730fcc662954303377aac"},
     {file = "idna-3.8.tar.gz", hash = "sha256:d838c2c0ed6fced7693d5e8ab8e734d5f8fda53a039c0164afb0b82e771e3603"},
@@ -767,6 +747,8 @@ version = "8.4.0"
 description = "Read metadata from Python packages"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
+markers = "python_version < \"3.10\""
 files = [
     {file = "importlib_metadata-8.4.0-py3-none-any.whl", hash = "sha256:66f342cc6ac9818fc6ff340576acd24d65ba0b3efabb2b4ac08b598965a4a2f1"},
     {file = "importlib_metadata-8.4.0.tar.gz", hash = "sha256:9a547d3bc3608b025f93d403fdd1aae741c24fbb8314df4b155675742ce303c5"},
@@ -786,6 +768,7 @@ version = "2.0.0"
 description = "brain-dead simple config-ini parsing"
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
 files = [
     {file = "iniconfig-2.0.0-py3-none-any.whl", hash = "sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374"},
     {file = "iniconfig-2.0.0.tar.gz", hash = "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3"},
@@ -797,6 +780,7 @@ version = "5.13.2"
 description = "A Python utility / library to sort Python imports."
 optional = false
 python-versions = ">=3.8.0"
+groups = ["dev"]
 files = [
     {file = "isort-5.13.2-py3-none-any.whl", hash = "sha256:8ca5e72a8d85860d5a3fa69b8745237f2939afe12dbf656afbcb47fe72d947a6"},
     {file = "isort-5.13.2.tar.gz", hash = "sha256:48fdfcb9face5d58a4f6dde2e72a1fb8dcaf8ab26f95ab49fab84c2ddefb0109"},
@@ -811,6 +795,7 @@ version = "3.1.5"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
 files = [
     {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
     {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
@@ -828,6 +813,7 @@ version = "4.23.0"
 description = "An implementation of JSON Schema validation for Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "jsonschema-4.23.0-py3-none-any.whl", hash = "sha256:fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"},
     {file = "jsonschema-4.23.0.tar.gz", hash = "sha256:d71497fef26351a33265337fa77ffeb82423f3ea21283cd9467bb03999266bc4"},
@@ -849,6 +835,7 @@ version = "2023.12.1"
 description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "jsonschema_specifications-2023.12.1-py3-none-any.whl", hash = "sha256:87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"},
     {file = "jsonschema_specifications-2023.12.1.tar.gz", hash = "sha256:48a76787b3e70f5ed53f1160d2b81f586e4ca6d1548c5de7085d1682674764cc"},
@@ -863,6 +850,7 @@ version = "3.7"
 description = "Python implementation of John Gruber's Markdown."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "Markdown-3.7-py3-none-any.whl", hash = "sha256:7eb6df5690b81a1d7942992c97fad2938e956e79df20cbc6186e9c3a77b1c803"},
     {file = "markdown-3.7.tar.gz", hash = "sha256:2ae2471477cfd02dbbf038d5d9bc226d40def84b4fe2986e49b59b6b472bbed2"},
@@ -881,6 +869,7 @@ version = "2.1.5"
 description = "Safely add untrusted strings to HTML/XML markup."
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
 files = [
     {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"},
     {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5"},
@@ -950,6 +939,7 @@ version = "0.7.0"
 description = "McCabe checker, plugin for flake8"
 optional = false
 python-versions = ">=3.6"
+groups = ["dev"]
 files = [
     {file = "mccabe-0.7.0-py2.py3-none-any.whl", hash = "sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e"},
     {file = "mccabe-0.7.0.tar.gz", hash = "sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325"},
@@ -961,6 +951,7 @@ version = "1.3.4"
 description = "A deep merge function for 🐍."
 optional = false
 python-versions = ">=3.6"
+groups = ["dev"]
 files = [
     {file = "mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307"},
     {file = "mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8"},
@@ -972,6 +963,7 @@ version = "1.6.1"
 description = "Project documentation with Markdown."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "mkdocs-1.6.1-py3-none-any.whl", hash = "sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e"},
     {file = "mkdocs-1.6.1.tar.gz", hash = "sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2"},
@@ -1003,6 +995,7 @@ version = "1.2.0"
 description = "Automatically link across pages in MkDocs."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "mkdocs_autorefs-1.2.0-py3-none-any.whl", hash = "sha256:d588754ae89bd0ced0c70c06f58566a4ee43471eeeee5202427da7de9ef85a2f"},
     {file = "mkdocs_autorefs-1.2.0.tar.gz", hash = "sha256:a86b93abff653521bda71cf3fc5596342b7a23982093915cb74273f67522190f"},
@@ -1019,6 +1012,7 @@ version = "0.2.0"
 description = "MkDocs extension that lists all dependencies according to a mkdocs.yml file"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "mkdocs_get_deps-0.2.0-py3-none-any.whl", hash = "sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134"},
     {file = "mkdocs_get_deps-0.2.0.tar.gz", hash = "sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c"},
@@ -1036,6 +1030,7 @@ version = "9.6.1"
 description = "Documentation that simply works"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "mkdocs_material-9.6.1-py3-none-any.whl", hash = "sha256:c1742d410be29811a9b7e863cb25a578b9e255fe6f04c69f8c6838863a58e141"},
     {file = "mkdocs_material-9.6.1.tar.gz", hash = "sha256:da37dba220d9fbfc5f1fc567fafc4028e3c3d7d828f2779ed09ab726ceca77dc"},
@@ -1065,6 +1060,7 @@ version = "1.3.1"
 description = "Extension pack for Python Markdown and MkDocs Material."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "mkdocs_material_extensions-1.3.1-py3-none-any.whl", hash = "sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31"},
     {file = "mkdocs_material_extensions-1.3.1.tar.gz", hash = "sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443"},
@@ -1076,6 +1072,7 @@ version = "0.27.0"
 description = "Automatic documentation from sources, for MkDocs."
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "mkdocstrings-0.27.0-py3-none-any.whl", hash = "sha256:6ceaa7ea830770959b55a16203ac63da24badd71325b96af950e59fd37366332"},
     {file = "mkdocstrings-0.27.0.tar.gz", hash = "sha256:16adca6d6b0a1f9e0c07ff0b02ced8e16f228a9d65a37c063ec4c14d7b76a657"},
@@ -1104,6 +1101,7 @@ version = "1.13.0"
 description = "A Python handler for mkdocstrings."
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "mkdocstrings_python-1.13.0-py3-none-any.whl", hash = "sha256:b88bbb207bab4086434743849f8e796788b373bd32e7bfefbf8560ac45d88f97"},
     {file = "mkdocstrings_python-1.13.0.tar.gz", hash = "sha256:2dbd5757e8375b9720e81db16f52f1856bf59905428fd7ef88005d1370e2f64c"},
@@ -1120,6 +1118,7 @@ version = "6.0.5"
 description = "multidict implementation"
 optional = false
 python-versions = ">=3.7"
+groups = ["main", "dev"]
 files = [
     {file = "multidict-6.0.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:228b644ae063c10e7f324ab1ab6b548bdf6f8b47f3ec234fef1093bc2735e5f9"},
     {file = "multidict-6.0.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:896ebdcf62683551312c30e20614305f53125750803b614e9e6ce74a96232604"},
@@ -1219,6 +1218,7 @@ version = "1.14.1"
 description = "Optional static typing for Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "mypy-1.14.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:52686e37cf13d559f668aa398dd7ddf1f92c5d613e4f8cb262be2fb4fedb0fcb"},
     {file = "mypy-1.14.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:1fb545ca340537d4b45d3eecdb3def05e913299ca72c290326be19b3804b39c0"},
@@ -1278,6 +1278,7 @@ version = "1.0.0"
 description = "Type system extensions for programs checked with the mypy type checker."
 optional = false
 python-versions = ">=3.5"
+groups = ["dev"]
 files = [
     {file = "mypy_extensions-1.0.0-py3-none-any.whl", hash = "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d"},
     {file = "mypy_extensions-1.0.0.tar.gz", hash = "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782"},
@@ -1289,6 +1290,7 @@ version = "1.0.1"
 description = "Ordered Multivalue Dictionary"
 optional = false
 python-versions = "*"
+groups = ["dev"]
 files = [
     {file = "orderedmultidict-1.0.1-py2.py3-none-any.whl", hash = "sha256:43c839a17ee3cdd62234c47deca1a8508a3f2ca1d0678a3bf791c87cf84adbf3"},
     {file = "orderedmultidict-1.0.1.tar.gz", hash = "sha256:04070bbb5e87291cc9bfa51df413677faf2141c73c61d2a5f7b26bea3cd882ad"},
@@ -1303,6 +1305,7 @@ version = "24.1"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
     {file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
@@ -1314,6 +1317,7 @@ version = "0.5.7"
 description = "Divides large result sets into pages for easier browsing"
 optional = false
 python-versions = "*"
+groups = ["dev"]
 files = [
     {file = "paginate-0.5.7-py2.py3-none-any.whl", hash = "sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591"},
     {file = "paginate-0.5.7.tar.gz", hash = "sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945"},
@@ -1329,6 +1333,7 @@ version = "0.12.1"
 description = "Utility library for gitignore style pattern matching of file paths."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pathspec-0.12.1-py3-none-any.whl", hash = "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08"},
     {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"},
@@ -1340,6 +1345,7 @@ version = "4.3.2"
 description = "A small Python package for determining appropriate platform-specific dirs, e.g. a `user data dir`."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "platformdirs-4.3.2-py3-none-any.whl", hash = "sha256:eb1c8582560b34ed4ba105009a4badf7f6f85768b30126f351328507b2beb617"},
     {file = "platformdirs-4.3.2.tar.gz", hash = "sha256:9e5e27a08aa095dd127b9f2e764d74254f482fef22b0970773bfba79d091ab8c"},
@@ -1356,6 +1362,7 @@ version = "1.5.0"
 description = "plugin and hook calling mechanisms for python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pluggy-1.5.0-py3-none-any.whl", hash = "sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"},
     {file = "pluggy-1.5.0.tar.gz", hash = "sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1"},
@@ -1371,6 +1378,7 @@ version = "2.1.3"
 description = "HTTP traffic mocking and expectations made easy"
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "pook-2.1.3-py3-none-any.whl", hash = "sha256:f8e75e2e41b1f6da37d0bc6b77a0f4da33c4d4de382105046efd644fe5ca2f8e"},
     {file = "pook-2.1.3.tar.gz", hash = "sha256:441191c0f3d014b141ca71430a0c2bfa6d2369ac24703a3fdfbbf5a25146d8c0"},
@@ -1387,6 +1395,7 @@ version = "0.2.0"
 description = "Accelerated property cache"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "propcache-0.2.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58"},
     {file = "propcache-0.2.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:952e0d9d07609d9c5be361f33b0d6d650cd2bae393aabb11d9b719364521984b"},
@@ -1494,6 +1503,8 @@ version = "2.22"
 description = "C parser in Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["main"]
+markers = "platform_python_implementation != \"PyPy\""
 files = [
     {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
     {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
@@ -1505,6 +1516,7 @@ version = "2.10.6"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "pydantic-2.10.6-py3-none-any.whl", hash = "sha256:427d664bf0b8a2b34ff5dd0f5a18df00591adcee7198fbd71981054cef37b584"},
     {file = "pydantic-2.10.6.tar.gz", hash = "sha256:ca5daa827cce33de7a42be142548b0096bf05a7e7b365aebfa5f8eeec7128236"},
@@ -1525,6 +1537,7 @@ version = "2.27.2"
 description = "Core functionality for Pydantic validation and serialization"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "pydantic_core-2.27.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:2d367ca20b2f14095a8f4fa1210f5a7b78b8a20009ecced6b12818f455b1e9fa"},
     {file = "pydantic_core-2.27.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:491a2b73db93fab69731eaee494f320faa4e093dbed776be1a829c2eb222c34c"},
@@ -1637,6 +1650,7 @@ version = "2.18.0"
 description = "Pygments is a syntax highlighting package written in Python."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pygments-2.18.0-py3-none-any.whl", hash = "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"},
     {file = "pygments-2.18.0.tar.gz", hash = "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199"},
@@ -1651,6 +1665,7 @@ version = "3.2.7"
 description = "python code static checker"
 optional = false
 python-versions = ">=3.8.0"
+groups = ["dev"]
 files = [
     {file = "pylint-3.2.7-py3-none-any.whl", hash = "sha256:02f4aedeac91be69fb3b4bea997ce580a4ac68ce58b89eaefeaf06749df73f4b"},
     {file = "pylint-3.2.7.tar.gz", hash = "sha256:1b7a721b575eaeaa7d39db076b6e7743c993ea44f57979127c517c6c572c803e"},
@@ -1681,6 +1696,7 @@ version = "0.8.2"
 description = "Utilities and helpers for writing Pylint plugins"
 optional = false
 python-versions = ">=3.7,<4.0"
+groups = ["dev"]
 files = [
     {file = "pylint_plugin_utils-0.8.2-py3-none-any.whl", hash = "sha256:ae11664737aa2effbf26f973a9e0b6779ab7106ec0adc5fe104b0907ca04e507"},
     {file = "pylint_plugin_utils-0.8.2.tar.gz", hash = "sha256:d3cebf68a38ba3fba23a873809155562571386d4c1b03e5b4c4cc26c3eee93e4"},
@@ -1695,6 +1711,7 @@ version = "0.3.5"
 description = "A Pylint plugin to help Pylint understand the Pydantic"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pylint_pydantic-0.3.5-py3-none-any.whl", hash = "sha256:e7a54f09843b000676633ed02d5985a4a61c8da2560a3b0d46082d2ff171c4a1"},
 ]
@@ -1704,27 +1721,13 @@ pydantic = "<3.0"
 pylint = ">2.0,<4.0"
 pylint-plugin-utils = "*"
 
-[[package]]
-name = "pylint-pytest"
-version = "1.1.7"
-description = "A Pylint plugin to suppress pytest-related false positives."
-optional = false
-python-versions = ">=3.6"
-files = [
-    {file = "pylint-pytest-1.1.7.tar.gz", hash = "sha256:7a38be02c014eb6d98791eb978e79ed292f1904d3a518289c6d7ac4fb4122e98"},
-    {file = "pylint_pytest-1.1.7-py3-none-any.whl", hash = "sha256:5d687a2f4b17e85654fc2a8f04944761efb11cb15dc46d008f420c377b149151"},
-]
-
-[package.dependencies]
-pylint = ">=2"
-pytest = ">=4.6"
-
 [[package]]
 name = "pymdown-extensions"
 version = "10.9"
 description = "Extension pack for Python Markdown."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pymdown_extensions-10.9-py3-none-any.whl", hash = "sha256:d323f7e90d83c86113ee78f3fe62fc9dee5f56b54d912660703ea1816fed5626"},
     {file = "pymdown_extensions-10.9.tar.gz", hash = "sha256:6ff740bcd99ec4172a938970d42b96128bdc9d4b9bcad72494f29921dc69b753"},
@@ -1743,6 +1746,7 @@ version = "8.3.4"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pytest-8.3.4-py3-none-any.whl", hash = "sha256:50e16d954148559c9a74109af1eaf0c945ba2d8f30f0a3d3335edde19788b6f6"},
     {file = "pytest-8.3.4.tar.gz", hash = "sha256:965370d062bce11e73868e0335abac31b4d3de0e82f4007408d242b4f8610761"},
@@ -1765,6 +1769,7 @@ version = "1.1.0"
 description = "Pytest plugin for aiohttp support"
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "pytest_aiohttp-1.1.0-py3-none-any.whl", hash = "sha256:f39a11693a0dce08dd6c542d241e199dd8047a6e6596b2bcfa60d373f143456d"},
     {file = "pytest_aiohttp-1.1.0.tar.gz", hash = "sha256:147de8cb164f3fc9d7196967f109ab3c0b93ea3463ab50631e56438eab7b5adc"},
@@ -1784,6 +1789,7 @@ version = "0.25.3"
 description = "Pytest support for asyncio"
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "pytest_asyncio-0.25.3-py3-none-any.whl", hash = "sha256:9e89518e0f9bd08928f97a3482fdc4e244df17529460bc038291ccaf8f85c7c3"},
     {file = "pytest_asyncio-0.25.3.tar.gz", hash = "sha256:fc1da2cf9f125ada7e710b4ddad05518d4cee187ae9412e9ac9271003497f07a"},
@@ -1802,6 +1808,7 @@ version = "3.14.0"
 description = "Thin-wrapper around the mock package for easier use with pytest"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "pytest-mock-3.14.0.tar.gz", hash = "sha256:2719255a1efeceadbc056d6bf3df3d1c5015530fb40cf347c0f9afac88410bd0"},
     {file = "pytest_mock-3.14.0-py3-none-any.whl", hash = "sha256:0b72c38033392a5f4621342fe11e9219ac11ec9d375f8e2a0c164539e0d70f6f"},
@@ -1819,6 +1826,7 @@ version = "2.9.0.post0"
 description = "Extensions to the standard Python datetime module"
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
+groups = ["dev"]
 files = [
     {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"},
     {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"},
@@ -1833,6 +1841,7 @@ version = "6.0.2"
 description = "YAML parser and emitter for Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"},
     {file = "PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf"},
@@ -1895,6 +1904,7 @@ version = "0.1"
 description = "A custom YAML tag for referencing environment variables in YAML files. "
 optional = false
 python-versions = ">=3.6"
+groups = ["dev"]
 files = [
     {file = "pyyaml_env_tag-0.1-py3-none-any.whl", hash = "sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069"},
     {file = "pyyaml_env_tag-0.1.tar.gz", hash = "sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb"},
@@ -1909,6 +1919,7 @@ version = "0.35.1"
 description = "JSON Referencing + Python"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "referencing-0.35.1-py3-none-any.whl", hash = "sha256:eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"},
     {file = "referencing-0.35.1.tar.gz", hash = "sha256:25b42124a6c8b632a425174f24087783efb348a6f1e0008e63cd4466fedf703c"},
@@ -1924,6 +1935,7 @@ version = "2024.7.24"
 description = "Alternative regular expression module, to replace re."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "regex-2024.7.24-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:228b0d3f567fafa0633aee87f08b9276c7062da9616931382993c03808bb68ce"},
     {file = "regex-2024.7.24-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:3426de3b91d1bc73249042742f45c2148803c111d1175b283270177fdf669024"},
@@ -2012,6 +2024,7 @@ version = "2.32.3"
 description = "Python HTTP for Humans."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"},
     {file = "requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"},
@@ -2033,6 +2046,7 @@ version = "0.20.0"
 description = "Python bindings to Rust's persistent data structures (rpds)"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "rpds_py-0.20.0-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:3ad0fda1635f8439cde85c700f964b23ed5fc2d28016b32b9ee5fe30da5c84e2"},
     {file = "rpds_py-0.20.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9bb4a0d90fdb03437c109a17eade42dfbf6190408f29b2744114d11586611d6f"},
@@ -2145,6 +2159,7 @@ version = "0.9.4"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
 files = [
     {file = "ruff-0.9.4-py3-none-linux_armv6l.whl", hash = "sha256:64e73d25b954f71ff100bb70f39f1ee09e880728efb4250c632ceed4e4cdf706"},
     {file = "ruff-0.9.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:6ce6743ed64d9afab4fafeaea70d3631b4d4b28b592db21a5c2d1f0ef52934bf"},
@@ -2172,6 +2187,7 @@ version = "1.16.0"
 description = "Python 2 and 3 compatibility utilities"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*"
+groups = ["dev"]
 files = [
     {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"},
     {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"},
@@ -2183,6 +2199,7 @@ version = "0.10.2"
 description = "Python Library for Tom's Obvious, Minimal Language"
 optional = false
 python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
+groups = ["main"]
 files = [
     {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
     {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
@@ -2194,6 +2211,8 @@ version = "2.0.1"
 description = "A lil' TOML parser"
 optional = false
 python-versions = ">=3.7"
+groups = ["dev"]
+markers = "python_version < \"3.11\""
 files = [
     {file = "tomli-2.0.1-py3-none-any.whl", hash = "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc"},
     {file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"},
@@ -2205,17 +2224,34 @@ version = "0.13.2"
 description = "Style preserving TOML library"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "tomlkit-0.13.2-py3-none-any.whl", hash = "sha256:7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde"},
     {file = "tomlkit-0.13.2.tar.gz", hash = "sha256:fff5fe59a87295b278abd31bec92c15d9bc4a06885ab12bcea52c71119392e79"},
 ]
 
+[[package]]
+name = "types-requests"
+version = "2.32.0.20241016"
+description = "Typing stubs for requests"
+optional = false
+python-versions = ">=3.8"
+groups = ["dev"]
+files = [
+    {file = "types-requests-2.32.0.20241016.tar.gz", hash = "sha256:0d9cad2f27515d0e3e3da7134a1b6f28fb97129d86b867f24d9c726452634d95"},
+    {file = "types_requests-2.32.0.20241016-py3-none-any.whl", hash = "sha256:4195d62d6d3e043a4eaaf08ff8a62184584d2e8684e9d2aa178c7915a7da3747"},
+]
+
+[package.dependencies]
+urllib3 = ">=2"
+
 [[package]]
 name = "types-toml"
 version = "0.10.8.20240310"
 description = "Typing stubs for toml"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "types-toml-0.10.8.20240310.tar.gz", hash = "sha256:3d41501302972436a6b8b239c850b26689657e25281b48ff0ec06345b8830331"},
     {file = "types_toml-0.10.8.20240310-py3-none-any.whl", hash = "sha256:627b47775d25fa29977d9c70dc0cbab3f314f32c8d8d0c012f2ef5de7aaec05d"},
@@ -2227,6 +2263,7 @@ version = "4.12.2"
 description = "Backported and Experimental Type Hints for Python 3.8+"
 optional = false
 python-versions = ">=3.8"
+groups = ["main", "dev"]
 files = [
     {file = "typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"},
     {file = "typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8"},
@@ -2238,6 +2275,7 @@ version = "2.2.2"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
 files = [
     {file = "urllib3-2.2.2-py3-none-any.whl", hash = "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472"},
     {file = "urllib3-2.2.2.tar.gz", hash = "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"},
@@ -2255,6 +2293,7 @@ version = "5.0.2"
 description = "Filesystem events monitoring"
 optional = false
 python-versions = ">=3.9"
+groups = ["dev"]
 files = [
     {file = "watchdog-5.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d961f4123bb3c447d9fcdcb67e1530c366f10ab3a0c7d1c0c9943050936d4877"},
     {file = "watchdog-5.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72990192cb63872c47d5e5fefe230a401b87fd59d257ee577d61c9e5564c62e5"},
@@ -2297,6 +2336,7 @@ version = "0.13.0"
 description = "Makes working with XML feel like you are working with JSON"
 optional = false
 python-versions = ">=3.4"
+groups = ["dev"]
 files = [
     {file = "xmltodict-0.13.0-py2.py3-none-any.whl", hash = "sha256:aa89e8fd76320154a40d19a0df04a4695fb9dc5ba977cbb68ab3e4eb225e7852"},
     {file = "xmltodict-0.13.0.tar.gz", hash = "sha256:341595a488e3e01a85a9d8911d8912fd922ede5fecc4dce437eb4b6c8d037e56"},
@@ -2308,6 +2348,7 @@ version = "1.18.0"
 description = "Yet another URL library"
 optional = false
 python-versions = ">=3.9"
+groups = ["main", "dev"]
 files = [
     {file = "yarl-1.18.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:074fee89caab89a97e18ef5f29060ef61ba3cae6cd77673acc54bfdd3214b7b7"},
     {file = "yarl-1.18.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b026cf2c32daf48d90c0c4e406815c3f8f4cfe0c6dfccb094a9add1ff6a0e41a"},
@@ -2404,6 +2445,8 @@ version = "3.20.1"
 description = "Backport of pathlib-compatible object wrapper for zip files"
 optional = false
 python-versions = ">=3.8"
+groups = ["dev"]
+markers = "python_version < \"3.10\""
 files = [
     {file = "zipp-3.20.1-py3-none-any.whl", hash = "sha256:9960cd8967c8f85a56f920d5d507274e74f9ff813a0ab8889a5b5be2daf44064"},
     {file = "zipp-3.20.1.tar.gz", hash = "sha256:c22b14cc4763c5a5b04134207736c107db42e9d3ef2d9779d465f5f1bcba572b"},
@@ -2418,6 +2461,6 @@ test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools",
 type = ["pytest-mypy"]
 
 [metadata]
-lock-version = "2.0"
+lock-version = "2.1"
 python-versions = "^3.9"
-content-hash = "d50ee3f4906f391687d4295ee8d332766e060a554b5596dde79e36b91ab45d45"
+content-hash = "2054bfa713e5795de404383ba78c6383671ef5a4b04624026e2e578d2a644fcb"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index 89d1453c6..0705b3eba 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "kanidm"
-version = "1.0.0"
+version = "1.0.1"
 description = "Kanidm client library"
 license = "MPL-2.0"
 
@@ -27,26 +27,23 @@ pydantic = ">=2.0.0,<3.0.0"
 aiohttp = "^3.8.1"
 Authlib = "^1.2.0"
 
-[tool.poetry.dev-dependencies]
-mypy = "^1.14"
+
+[tool.poetry.group.dev.dependencies]
+ruff = ">=0.5.1,<0.9.5"
 pytest = "^8.3.4"
-types-toml = "^0.10.8"
+mypy = "^1.14.1"
+types-requests = "^2.32.0.20241016"
+pytest-aiohttp = "^1.1.0"
+pytest-mock = "^3.14.0"
+types-toml = "^0.10.8.20240310"
 pylint-pydantic = "^0.3.5"
 coverage = "^7.6.10"
-pylint-pytest = "^1.1.7"
-pytest-asyncio = "^0.25.3"
-pytest-mock = "^3.14.0"
-pytest-aiohttp = "^1.1.0"
-black = "^25.1.0"
-mkdocs = "^1.5.3"
+mkdocs = "^1.6.1"
 mkdocs-material = "^9.6.1"
 mkdocstrings = "^0.27.0"
 mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 
-[tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.9.5"
-
 [build-system]
 requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
diff --git a/rlm_python/Dockerfile b/rlm_python/Dockerfile
index 25aa9fa3f..262f71fb7 100644
--- a/rlm_python/Dockerfile
+++ b/rlm_python/Dockerfile
@@ -63,7 +63,7 @@ RUN python3 -m pip install \
 
 COPY rlm_python/radius_entrypoint.py /radius_entrypoint.py
 
-
+RUN mkdir /data && chown radiusd /data
 RUN chmod a+r /etc/raddb/certs/ -R
 USER $RADIUS_USER
 
diff --git a/rlm_python/mods-available/eap b/rlm_python/mods-available/eap
index 6096c1c2f..51d3e9d64 100644
--- a/rlm_python/mods-available/eap
+++ b/rlm_python/mods-available/eap
@@ -75,23 +75,21 @@ eap {
 	#
 	# EAP-pwd -- secure password-based authentication
 	#
-#	pwd {
-#		group = 19
+	#pwd {
+	#		group = 19
+	#		server_id = theserver@example.com
+	#
+	#  This has the same meaning as for TLS.
+	#		fragment_size = 1020
 
-		#
-#		server_id = theserver@example.com
-
-		#  This has the same meaning as for TLS.
-#		fragment_size = 1020
-
-		# The virtual server which determines the
-		# "known good" password for the user.
-		# Note that unlike TLS, only the "authorize"
-		# section is processed.  EAP-PWD requests can be
-		# distinguished by having a User-Name, but
-		# no User-Password, CHAP-Password, EAP-Message, etc.
-#		virtual_server = "inner-tunnel"
-#	}
+	# The virtual server which determines the
+	# "known good" password for the user.
+	# Note that unlike TLS, only the "authorize"
+	# section is processed.  EAP-PWD requests can be
+	# distinguished by having a User-Name, but
+	# no User-Password, CHAP-Password, EAP-Message, etc.
+	#	virtual_server = "inner-tunnel"
+	#	}
 
 	# Cisco LEAP
 	#
@@ -236,7 +234,7 @@ eap {
 		#
 		#  	openssl dhparam -out certs/dh 2048
 		#
-		dh_file = ${certdir}/dh.pem
+		#dh_file = ${certdir}/dh.pem
 
 		#
 		#  If your system doesn't have /dev/urandom,
diff --git a/rlm_python/radius_entrypoint.py b/rlm_python/radius_entrypoint.py
index 3c2cbaa14..56d7cac8b 100644
--- a/rlm_python/radius_entrypoint.py
+++ b/rlm_python/radius_entrypoint.py
@@ -10,6 +10,7 @@ import sys
 from typing import Any
 
 # import toml
+import kanidm.radius
 from kanidm.types import KanidmClientConfig
 from kanidm.utils import load_config
 
@@ -17,8 +18,6 @@ DEBUG = True
 if os.environ.get('DEBUG', False):
     DEBUG = True
 
-CONFIG_FILE_PATH = "/data/kanidm"
-
 CERT_SERVER_DEST = "/etc/raddb/certs/server.pem"
 CERT_CA_DEST = "/etc/raddb/certs/ca.pem"
 CERT_CA_DIR = "/etc/raddb/certs/"
@@ -59,7 +58,11 @@ def setup_certs(
             sys.exit(1)
         if cert_ca != CERT_CA_DEST:
             print(f"Copying {cert_ca} to {CERT_CA_DEST}")
-            shutil.copyfile(cert_ca, CERT_CA_DEST)
+            try:
+                shutil.copyfile(cert_ca, CERT_CA_DEST)
+            except shutil.SameFileError:
+                pass
+
 
     # This dir can also contain crls!
     if kanidm_config_object.radius_ca_dir:
@@ -75,19 +78,6 @@ def setup_certs(
     # not hashed as a ca.
     subprocess.check_call(["openssl", "rehash", CERT_CA_DIR])
 
-    # let's put some dhparams in place
-    if kanidm_config_object.radius_dh_path is not None:
-        cert_dh = Path(kanidm_config_object.radius_dh_path).expanduser().resolve()
-        if not cert_dh.exists():
-            # print(f"Failed to find radiusd dh file ({cert_dh}), quitting!", file=sys.stderr)
-            # sys.exit(1)
-            print(f"Generating dh params in {cert_dh}")
-            subprocess.check_call(["openssl", "dhparam", "-out", cert_dh, "2048"])
-        if cert_dh != CERT_DH_DEST:
-            print(f"Copying {cert_dh} to {CERT_DH_DEST}")
-            shutil.copyfile(cert_dh, CERT_DH_DEST)
-
-
     server_key = Path(kanidm_config_object.radius_key_path).expanduser().resolve()
     if not server_key.exists() or not server_key.is_file():
         print(
@@ -157,15 +147,15 @@ def run_radiusd() -> None:
 if __name__ == '__main__':
     signal.signal(signal.SIGCHLD, _sigchild_handler)
 
-    config_file = Path(CONFIG_FILE_PATH).expanduser().resolve()
-    if not config_file.exists:
+    config_file = kanidm.radius.find_radius_config_path()
+    if config_file is None:
         print(
             "Failed to find configuration file ({config_file}), quitting!",
             file=sys.stderr,
             )
         sys.exit(1)
 
-    kanidm_config = KanidmClientConfig.parse_obj(load_config(CONFIG_FILE_PATH))
+    kanidm_config = KanidmClientConfig.model_validate(load_config(config_file))
     setup_certs(kanidm_config)
     write_clients_conf(kanidm_config)
     print("Configuration set up, starting...")

From 9505b5a7320bacd32e8c2a7ab32348b95a6f58d3 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 5 Feb 2025 10:39:53 +1000
Subject: [PATCH 71/87] Allow OAuth2 with empty state parameter (#3396)

---
 proto/src/oauth2.rs          |  7 ++--
 server/lib/src/idm/oauth2.rs | 63 +++++++++++++++++++-----------------
 2 files changed, 39 insertions(+), 31 deletions(-)

diff --git a/proto/src/oauth2.rs b/proto/src/oauth2.rs
index a276e0386..e34b9eaac 100644
--- a/proto/src/oauth2.rs
+++ b/proto/src/oauth2.rs
@@ -6,7 +6,9 @@ use base64::{engine::general_purpose::STANDARD, Engine as _};
 use serde::{Deserialize, Serialize};
 use serde_with::base64::{Base64, UrlSafe};
 use serde_with::formats::SpaceSeparator;
-use serde_with::{formats, serde_as, skip_serializing_none, StringWithSeparator};
+use serde_with::{
+    formats, serde_as, skip_serializing_none, NoneAsEmptyString, StringWithSeparator,
+};
 use url::Url;
 use uuid::Uuid;
 
@@ -49,7 +51,8 @@ pub struct AuthorisationRequest {
     /// [OAuth 2.0 Multiple Response Type Encoding Practices: Response Modes](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes)
     pub response_mode: Option<ResponseMode>,
     pub client_id: String,
-    pub state: String,
+    #[serde_as(as = "NoneAsEmptyString")]
+    pub state: Option<String>,
     #[serde(flatten)]
     pub pkce_request: Option<PkceRequest>,
     pub redirect_uri: Url,
diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs
index c5d564dfc..152924b16 100644
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@@ -132,7 +132,7 @@ struct ConsentToken {
     // So we can ensure that we really match the same uat to prevent confusions.
     pub ident_id: IdentityId,
     // CSRF
-    pub state: String,
+    pub state: Option<String>,
     // The S256 code challenge.
     #[serde_as(
         as = "Option<serde_with::base64::Base64<serde_with::base64::UrlSafe, formats::Unpadded>>"
@@ -235,7 +235,7 @@ pub struct AuthorisePermitSuccess {
     // Where the client wants us to go back to.
     pub redirect_uri: Url,
     // The CSRF as a string
-    pub state: String,
+    pub state: Option<String>,
     // The exchange code as a String
     pub code: String,
     /// The format the response should be returned to the application in.
@@ -253,10 +253,15 @@ impl AuthorisePermitSuccess {
         redirect_uri.set_fragment(None);
 
         // We can't set query pairs on fragments, only query.
-        let encoded = url::form_urlencoded::Serializer::new(String::new())
-            .append_pair("state", &self.state)
-            .append_pair("code", &self.code)
-            .finish();
+        let mut uri_builder = url::form_urlencoded::Serializer::new(String::new());
+
+        uri_builder.append_pair("code", &self.code);
+
+        if let Some(state) = self.state.as_ref() {
+            uri_builder.append_pair("state", state);
+        };
+
+        let encoded = uri_builder.finish();
 
         match self.response_mode {
             ResponseMode::Query => redirect_uri.set_query(Some(&encoded)),
@@ -3034,7 +3039,7 @@ mod tests {
                 response_type: ResponseType::Code,
                 response_mode: None,
                 client_id: "test_resource_server".to_string(),
-                state: "123".to_string(),
+                state: Some("123".to_string()),
                 pkce_request: Some(PkceRequest {
                     code_challenge: $code_challenge.into(),
                     code_challenge_method: CodeChallengeMethod::S256,
@@ -3416,7 +3421,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert_eq!(permit_success.state, "123");
+        assert_eq!(permit_success.state.as_deref(), Some("123"));
 
         // == Submit the token exchange code.
 
@@ -3478,7 +3483,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert_eq!(permit_success.state, "123");
+        assert_eq!(permit_success.state.as_deref(), Some("123"));
 
         // == Submit the token exchange code.
 
@@ -3532,7 +3537,7 @@ mod tests {
             response_type: ResponseType::Token,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -3554,7 +3559,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: None,
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -3576,7 +3581,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "NOT A REAL RESOURCE SERVER".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -3598,7 +3603,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://totes.not.sus.org/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -3620,7 +3625,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://demo.example.com/oauth2/wrong_place").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -3642,7 +3647,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -3666,7 +3671,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset!["invalid_scope".to_string(), "read".to_string()],
@@ -3688,7 +3693,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: pkce_request.clone(),
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset!["openid".to_string(), "read".to_string()],
@@ -3710,7 +3715,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request,
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset!["openid".to_string(), "read".to_string()],
@@ -4002,7 +4007,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: None,
             pkce_request: Some(PkceRequest {
                 code_challenge: code_challenge.clone(),
                 code_challenge_method: CodeChallengeMethod::S256,
@@ -4035,7 +4040,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert_eq!(permit_success.state, "123");
+        assert_eq!(permit_success.state.as_deref(), None);
 
         // == Submit the token exchange code.
         // ⚠️  This is where we submit a different origin!
@@ -4073,7 +4078,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: Some(PkceRequest {
                 code_challenge,
                 code_challenge_method: CodeChallengeMethod::S256,
@@ -4098,7 +4103,7 @@ mod tests {
 
         // == Manually submit the consent token to the permit for the permit_success
         // Check we are reflecting the CSRF properly.
-        assert_eq!(permit_success.state, "123");
+        assert_eq!(permit_success.state.as_deref(), Some("123"));
 
         // == Submit the token exchange code.
         // ⚠️  This is where we submit a different origin!
@@ -5414,7 +5419,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: None,
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_GROUPS.to_string()],
@@ -5626,7 +5631,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: Some(PkceRequest {
                 code_challenge,
                 code_challenge_method: CodeChallengeMethod::S256,
@@ -5685,7 +5690,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: Some(PkceRequest {
                 code_challenge,
                 code_challenge_method: CodeChallengeMethod::S256,
@@ -5828,7 +5833,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: None,
             redirect_uri: Url::parse("https://demo.example.com/oauth2/result").unwrap(),
             scope: btreeset![OAUTH2_SCOPE_OPENID.to_string()],
@@ -5904,7 +5909,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: Some(PkceRequest {
                 code_challenge: code_challenge.clone(),
                 code_challenge_method: CodeChallengeMethod::S256,
@@ -6869,7 +6874,7 @@ mod tests {
             response_type: ResponseType::Code,
             response_mode: None,
             client_id: "test_resource_server".to_string(),
-            state: "123".to_string(),
+            state: Some("123".to_string()),
             pkce_request: Some(PkceRequest {
                 code_challenge,
                 code_challenge_method: CodeChallengeMethod::S256,
@@ -6900,7 +6905,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert_eq!(permit_success.state, "123");
+        assert_eq!(permit_success.state.as_deref(), Some("123"));
 
         // == Submit the token exchange code.
         let token_req = AccessTokenRequest {

From 9c2825b9dc0ff894cf0f5122b1098d2f8170b9b6 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 5 Feb 2025 11:33:30 +1000
Subject: [PATCH 72/87] Improve spans in unixd (#3397)

Some areas of the code were emitting 0 uuids, rather than associating
a client/connection uuid. This improves the startup and client handling
code so that we have stable uuids present during operation.
---
 .../resolver/src/bin/kanidm_unixd.rs          | 25 ++++++++++++++++---
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/unix_integration/resolver/src/bin/kanidm_unixd.rs b/unix_integration/resolver/src/bin/kanidm_unixd.rs
index 414554488..2ce34edad 100644
--- a/unix_integration/resolver/src/bin/kanidm_unixd.rs
+++ b/unix_integration/resolver/src/bin/kanidm_unixd.rs
@@ -197,7 +197,10 @@ async fn handle_client(
     cachelayer: Arc<Resolver>,
     task_channel_tx: &Sender<AsyncTaskRequest>,
 ) -> Result<(), Box<dyn Error>> {
-    debug!("Accepted connection");
+    let conn_id = uuid::Uuid::new_v4();
+
+    let span = span!(Level::DEBUG, "accepted connection", uuid = %conn_id);
+    let _enter = span.enter();
 
     let Ok(ucred) = sock.peer_cred() else {
         return Err(Box::new(IoError::new(
@@ -206,6 +209,8 @@ async fn handle_client(
         )));
     };
 
+    debug!(uid = ?ucred.uid(), gid = ?ucred.gid(), pid = ?ucred.pid());
+
     let mut reqs = Framed::new(sock, ClientCodec);
     let mut pam_auth_session_state = None;
 
@@ -213,9 +218,12 @@ async fn handle_client(
     // tell consumers to stop work.
     let (shutdown_tx, _shutdown_rx) = broadcast::channel(1);
 
-    trace!("Waiting for requests ...");
+    debug!("Waiting for requests ...");
+    // Drop the span here so that there are no parent spans during the request loop.
+    drop(_enter);
+
     while let Some(Ok(req)) = reqs.next().await {
-        let span = span!(Level::DEBUG, "client_request");
+        let span = span!(Level::INFO, "client request", uuid = %conn_id);
         let _enter = span.enter();
 
         let resp = match req {
@@ -405,7 +413,10 @@ async fn handle_client(
     }
 
     // Disconnect them
-    debug!("Disconnecting client ...");
+    let span = span!(Level::DEBUG, "disconnecting client", uuid = %conn_id);
+    let _enter = span.enter();
+    debug!(uid = ?ucred.uid(), gid = ?ucred.gid(), pid = ?ucred.pid());
+
     Ok(())
 }
 
@@ -595,6 +606,9 @@ async fn main() -> ExitCode {
             )
         )
         .on(async {
+            let span = span!(Level::DEBUG, "starting resolver");
+            let _enter = span.enter();
+
             if clap_args.get_flag("skip-root-check") {
                 warn!("Skipping root user check, if you're running this for testing, ensure you clean up temporary files.")
                 // TODO: this wording is not great m'kay.
@@ -1165,6 +1179,9 @@ async fn main() -> ExitCode {
 
             info!("Server started ...");
 
+            // End the startup span, we can now proceed.
+            drop(_enter);
+
             // On linux, notify systemd.
             #[cfg(target_os = "linux")]
             let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);

From 4938c6796b937f7b7b2ec7943cfe7157ada30a28 Mon Sep 17 00:00:00 2001
From: James <james@jameskr.dev>
Date: Tue, 4 Feb 2025 21:52:20 -0500
Subject: [PATCH 73/87] Add handle_group_error to cli client (#3399)

Closes #2616
---
 tools/cli/src/cli/group/account_policy.rs | 30 +++++++++++------------
 tools/cli/src/cli/lib.rs                  | 14 ++++++++++-
 2 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/tools/cli/src/cli/group/account_policy.rs b/tools/cli/src/cli/group/account_policy.rs
index 3f6d0f49a..2a1298c04 100644
--- a/tools/cli/src/cli/group/account_policy.rs
+++ b/tools/cli/src/cli/group/account_policy.rs
@@ -1,5 +1,5 @@
 use crate::common::OpType;
-use crate::{handle_client_error, GroupAccountPolicyOpt};
+use crate::{handle_client_error, handle_group_account_policy_error, GroupAccountPolicyOpt};
 
 impl GroupAccountPolicyOpt {
     pub fn debug(&self) -> bool {
@@ -38,7 +38,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_authsession_expiry_set(name, *expiry)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated authsession expiry.");
                 }
@@ -50,7 +50,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_authsession_expiry_reset(name)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Successfully reset authsession expiry.");
                 }
@@ -62,7 +62,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_credential_type_minimum_set(name, value.as_str())
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated credential type minimum.");
                 }
@@ -73,7 +73,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_password_minimum_length_set(name, *length)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated password minimum length.");
                 }
@@ -84,7 +84,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_password_minimum_length_reset(name)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Successfully reset password minimum length.");
                 }
@@ -95,7 +95,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_privilege_expiry_set(name, *expiry)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated privilege session expiry.");
                 }
@@ -106,7 +106,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_privilege_expiry_reset(name)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Successfully reset privilege session expiry.");
                 }
@@ -126,7 +126,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_webauthn_attestation_set(name, &json)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated webauthn attestation CA list.");
                 }
@@ -138,7 +138,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_webauthn_attestation_reset(name)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Successfully reset webauthn attestation CA list.");
                 }
@@ -154,7 +154,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_limit_search_max_results(name, *maximum)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated search maximum results limit.");
                 }
@@ -165,7 +165,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_limit_search_max_results_reset(name)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Successfully reset search maximum results limit to default.");
                 }
@@ -180,7 +180,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_limit_search_max_filter_test(name, *maximum)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated search maximum filter test limit.");
                 }
@@ -191,7 +191,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_limit_search_max_filter_test_reset(name)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Successfully reset search maximum filter test limit.");
                 }
@@ -202,7 +202,7 @@ impl GroupAccountPolicyOpt {
                     .group_account_policy_allow_primary_cred_fallback(name, *allow)
                     .await
                 {
-                    handle_client_error(e, copt.output_mode);
+                    handle_group_account_policy_error(e, copt.output_mode);
                 } else {
                     println!("Updated primary credential fallback policy.");
                 }
diff --git a/tools/cli/src/cli/lib.rs b/tools/cli/src/cli/lib.rs
index e3a32b7c3..9c2721b4c 100644
--- a/tools/cli/src/cli/lib.rs
+++ b/tools/cli/src/cli/lib.rs
@@ -42,7 +42,7 @@ mod webauthn;
 pub(crate) fn handle_client_error(response: ClientError, _output_mode: OutputMode) {
     match response {
         ClientError::Http(status, error, opid) => {
-            let error_msg = match error {
+            let error_msg = match &error {
                 Some(msg) => format!(" {:?}", msg),
                 None => "".to_string(),
             };
@@ -70,6 +70,18 @@ pub(crate) fn handle_client_error(response: ClientError, _output_mode: OutputMod
     };
 }
 
+pub(crate) fn handle_group_account_policy_error(response: ClientError, _output_mode: OutputMode) {
+    use kanidm_proto::internal::OperationError::SchemaViolation;
+    use kanidm_proto::internal::SchemaError::AttributeNotValidForClass;
+
+    if let ClientError::Http(_status, Some(SchemaViolation(AttributeNotValidForClass(att))), opid) = response {
+        error!("OperationId: {:?}", opid);
+        error!("Cannot update account-policy attribute {att}. Is account-policy enabled on this group?");
+    } else {
+        handle_client_error(response, _output_mode);
+    }
+}
+
 impl SelfOpt {
     pub fn debug(&self) -> bool {
         match self {

From 41b2eac1f43b1ef6aad566bdbe5849e49c7d036f Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Wed, 5 Feb 2025 14:18:09 +1000
Subject: [PATCH 74/87] Fix the password reset form and possible resolver issue
 (#3398)

While testing for everything open I noticed two possible
issues. This PR fixes both.

The first is a possible recursion in the resolver. I think
I need to fix up it's transactions a bit in another PR.

The second was that the submit button on the reset form
doesn't work. This fixes that as well as post reset redirecting
to the correct location.
---
 server/core/src/https/views/reset.rs          | 48 ++++++++++++++-----
 .../templates/credentials_reset_form.html     |  7 ++-
 .../templates/credentials_update_primary.html |  2 +-
 unix_integration/resolver/src/resolver.rs     |  4 ++
 4 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs
index 73ce55c32..2caa70cbe 100644
--- a/server/core/src/https/views/reset.rs
+++ b/server/core/src/https/views/reset.rs
@@ -24,6 +24,7 @@ use kanidm_proto::internal::{
     CredentialDetail, OperationError, PasskeyDetail, PasswordFeedback, TotpAlgo, UserAuthToken,
     COOKIE_CU_SESSION_TOKEN,
 };
+use kanidmd_lib::prelude::ClientAuthInfo;
 
 use super::constants::Urls;
 use super::navbar::NavbarCtx;
@@ -204,11 +205,41 @@ impl Display for PasskeyClass {
     }
 }
 
+/// When the credential update session is ended through a commit or discard of the changes
+/// we need to redirect the user to a relevant location. This location depends on the sessions
+/// current authentication state. If they are authenticated, they are sent to their profile. If
+/// they are not authenticated, they are sent to the login screen.
+async fn end_session_response(
+    state: ServerState,
+    kopid: KOpId,
+    client_auth_info: ClientAuthInfo,
+    jar: CookieJar,
+) -> axum::response::Result<Response> {
+    let is_logged_in = state
+        .qe_r_ref
+        .handle_auth_valid(client_auth_info, kopid.eventid)
+        .await
+        .is_ok();
+
+    let redirect_location = if is_logged_in {
+        Urls::Profile.as_ref()
+    } else {
+        Urls::Login.as_ref()
+    };
+
+    Ok((
+        jar,
+        HxLocation::from(Uri::from_static(redirect_location)),
+        "",
+    )
+        .into_response())
+}
+
 pub(crate) async fn commit(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
-    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
     DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
@@ -223,14 +254,14 @@ pub(crate) async fn commit(
     // No longer need the cookie jar.
     let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state);
 
-    Ok((jar, HxLocation::from(Uri::from_static("/ui")), "").into_response())
+    end_session_response(state, kopid, client_auth_info, jar).await
 }
 
 pub(crate) async fn cancel_cred_update(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
-    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
     DomainInfo(domain_info): DomainInfo,
     jar: CookieJar,
 ) -> axum::response::Result<Response> {
@@ -245,12 +276,7 @@ pub(crate) async fn cancel_cred_update(
     // No longer need the cookie jar.
     let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state);
 
-    Ok((
-        jar,
-        HxLocation::from(Uri::from_static(Urls::Profile.as_ref())),
-        "",
-    )
-        .into_response())
+    end_session_response(state, kopid, client_auth_info, jar).await
 }
 
 pub(crate) async fn cancel_mfareg(
@@ -782,7 +808,7 @@ pub(crate) async fn view_reset_get(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
     HxRequest(_hx_request): HxRequest,
-    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    VerifiedClientInformation(client_auth_info): VerifiedClientInformation,
     DomainInfo(domain_info): DomainInfo,
     Query(params): Query<ResetTokenParam>,
     mut jar: CookieJar,
@@ -791,7 +817,7 @@ pub(crate) async fn view_reset_get(
     let cookie = jar.get(COOKIE_CU_SESSION_TOKEN);
     let is_logged_in = state
         .qe_r_ref
-        .handle_auth_valid(_client_auth_info.clone(), kopid.eventid)
+        .handle_auth_valid(client_auth_info.clone(), kopid.eventid)
         .await
         .is_ok();
 
diff --git a/server/core/templates/credentials_reset_form.html b/server/core/templates/credentials_reset_form.html
index ec37c7be7..ae7d6700b 100644
--- a/server/core/templates/credentials_reset_form.html
+++ b/server/core/templates/credentials_reset_form.html
@@ -56,10 +56,9 @@
             Return to the home page
         </button>
         <button class="btn btn-primary"
-            hx-get=(Urls::CredReset)
-            hx-include="#token"
-            hx-target="#cred-reset-form" hx-select="#cred-reset-form"
-            hx-swap="outerHTML"
+            hx-get=""
+            hx-include="form"
+            hx-target="body"
             type="submit">
             Submit
         </button>
diff --git a/server/core/templates/credentials_update_primary.html b/server/core/templates/credentials_update_primary.html
index 52e1263d1..7aefda358 100644
--- a/server/core/templates/credentials_update_primary.html
+++ b/server/core/templates/credentials_update_primary.html
@@ -42,7 +42,7 @@
                         </div>
                     </div>
                     <div>
-                        <button type="button" class="btn btn-outline-danger" hx-post="/ui/api/delete_alt_creds" hx-confirm="Delete your Password and any associated MFA?\nNote: this will not remove Passkeys.">
+                        <button type="button" class="btn btn-outline-danger" hx-post="/ui/api/delete_alt_creds" hx-confirm="Delete your Password and any associated alternative authentication methods? NOTE: this will not remove Passkeys.">
                             Delete Alternative Credentials
                         </button>
                     </div>
diff --git a/unix_integration/resolver/src/resolver.rs b/unix_integration/resolver/src/resolver.rs
index d892086d8..756878530 100644
--- a/unix_integration/resolver/src/resolver.rs
+++ b/unix_integration/resolver/src/resolver.rs
@@ -228,6 +228,8 @@ impl Resolver {
             debug!("get_cached_usertoken {:?}", err);
         })?;
 
+        drop(dbtxn);
+
         match r {
             Some((ut, ex)) => {
                 // Are we expired?
@@ -276,6 +278,8 @@ impl Resolver {
         let mut dbtxn = self.db.write().await;
         let r = dbtxn.get_group(grp_id).map_err(|_| ())?;
 
+        drop(dbtxn);
+
         match r {
             Some((ut, ex)) => {
                 // Are we expired?

From 43b7f805351ef41fcfff4abea07acc5044f9e70e Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 6 Feb 2025 08:50:45 +1000
Subject: [PATCH 75/87] Correctly return that uuid2spn changed on domain rename
 (#3402)

Due to a missing equality check in value, when a domain
rename occured, the uuid2spn index differential function
did not correctly detect that the domain name had updated
which meant that the uuid2spn index was not updated. Only
this index was affected, and a manual reindex would
resolve.
---
 server/lib/src/plugins/spn.rs | 53 +++++++++++++++++++++++++++++------
 server/lib/src/value.rs       |  3 +-
 2 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/server/lib/src/plugins/spn.rs b/server/lib/src/plugins/spn.rs
index 6a6e759d6..1ba210991 100644
--- a/server/lib/src/plugins/spn.rs
+++ b/server/lib/src/plugins/spn.rs
@@ -208,10 +208,7 @@ impl Spn {
         // All we do is purge spn, and allow the plugin to recreate. Neat! It's also all still
         // within the transaction, just in case!
         qs.internal_modify(
-            &filter!(f_or!([
-                f_eq(Attribute::Class, EntryClass::Group.into()),
-                f_eq(Attribute::Class, EntryClass::Account.into()),
-            ])),
+            &filter!(f_pres(Attribute::Spn)),
             &modlist!([m_purge(Attribute::Spn)]),
         )
     }
@@ -332,12 +329,40 @@ mod tests {
     async fn test_spn_regen_domain_rename(server: &QueryServer) {
         let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
 
-        let ex1 = Value::new_spn_str("admin", "example.com");
-        let ex2 = Value::new_spn_str("admin", "new.example.com");
+        let ex1 = Value::new_spn_str("a_testperson1", "example.com");
+        let ex2 = Value::new_spn_str("a_testperson1", "new.example.com");
+
+        let t_uuid = Uuid::new_v4();
+        let g_uuid = Uuid::new_v4();
+
+        assert!(server_txn
+            .internal_create(vec![
+                entry_init!(
+                    (Attribute::Class, EntryClass::Object.to_value()),
+                    (Attribute::Class, EntryClass::Account.to_value()),
+                    (Attribute::Class, EntryClass::Person.to_value()),
+                    (Attribute::Name, Value::new_iname("a_testperson1")),
+                    (Attribute::Uuid, Value::Uuid(t_uuid)),
+                    (Attribute::Description, Value::new_utf8s("testperson1")),
+                    (Attribute::DisplayName, Value::new_utf8s("testperson1"))
+                ),
+                entry_init!(
+                    (Attribute::Class, EntryClass::Object.to_value()),
+                    (Attribute::Class, EntryClass::Group.to_value()),
+                    (Attribute::Name, Value::new_iname("testgroup")),
+                    (Attribute::Uuid, Value::Uuid(g_uuid)),
+                    (Attribute::Member, Value::Refer(t_uuid))
+                ),
+            ])
+            .is_ok());
+
+        assert!(server_txn.commit().is_ok());
+        let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
+
         // get the current domain name
         // check the spn on admin is admin@<initial domain>
         let e_pre = server_txn
-            .internal_search_uuid(UUID_ADMIN)
+            .internal_search_uuid(t_uuid)
             .expect("must not fail");
 
         let e_pre_spn = e_pre.get_ava_single(Attribute::Spn).expect("must not fail");
@@ -350,9 +375,12 @@ mod tests {
             .danger_domain_rename("new.example.com")
             .expect("should not fail!");
 
+        assert!(server_txn.commit().is_ok());
+        let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
+
         // check the spn on admin is admin@<new domain>
         let e_post = server_txn
-            .internal_search_uuid(UUID_ADMIN)
+            .internal_search_uuid(t_uuid)
             .expect("must not fail");
 
         let e_post_spn = e_post
@@ -362,6 +390,13 @@ mod tests {
         debug!("{:?}", ex2);
         assert_eq!(e_post_spn, ex2);
 
-        server_txn.commit().expect("Must not fail");
+        // Assert that the uuid2spn index updated.
+        let testuser_spn = server_txn
+            .uuid_to_spn(t_uuid)
+            .expect("Must be able to retrieve the spn")
+            .expect("Value must not be none");
+        assert_eq!(testuser_spn, ex2);
+
+        assert!(server_txn.commit().is_ok());
     }
 }
diff --git a/server/lib/src/value.rs b/server/lib/src/value.rs
index 08f6148de..0bab23b8a 100644
--- a/server/lib/src/value.rs
+++ b/server/lib/src/value.rs
@@ -1311,13 +1311,14 @@ impl PartialEq for Value {
             | (Value::Iname(a), Value::Iname(b))
             | (Value::Cred(a, _), Value::Cred(b, _))
             | (Value::SshKey(a, _), Value::SshKey(b, _))
-            | (Value::Spn(a, _), Value::Spn(b, _))
             | (Value::Nsuniqueid(a), Value::Nsuniqueid(b))
             | (Value::EmailAddress(a, _), Value::EmailAddress(b, _))
             | (Value::PhoneNumber(a, _), Value::PhoneNumber(b, _))
             | (Value::OauthScope(a), Value::OauthScope(b))
             | (Value::PublicBinary(a, _), Value::PublicBinary(b, _))
             | (Value::RestrictedString(a), Value::RestrictedString(b)) => a.eq(b),
+            // Spn - need to check both name and domain.
+            (Value::Spn(a, c), Value::Spn(b, d)) => a.eq(b) && c.eq(d),
             // Uuid, Refer
             (Value::Uuid(a), Value::Uuid(b)) | (Value::Refer(a), Value::Refer(b)) => a.eq(b),
             // Bool

From ad3cf8828f7167c83910941094fdd5acd519349d Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Thu, 6 Feb 2025 10:33:59 +1000
Subject: [PATCH 76/87] 20250205 3369 firefox pin (#3403)

Improve error message when passkey is missing PIN

Firefox still doesn't support setting a PIN on new devices. Because
of this we need a way to return a better error message for devices
that don't have UV configured.
---
 proto/src/internal/credupdate.rs              |  1 +
 server/core/src/https/views/reset.rs          |  3 +
 .../templates/credentials_update_partial.html |  5 +-
 server/lib/src/idm/credupdatesession.rs       | 63 +++++++++++++------
 tools/cli/src/cli/lib.rs                      |  4 +-
 tools/cli/src/cli/person.rs                   |  5 ++
 6 files changed, 59 insertions(+), 22 deletions(-)

diff --git a/proto/src/internal/credupdate.rs b/proto/src/internal/credupdate.rs
index 7a0201bc5..5a7fa66d6 100644
--- a/proto/src/internal/credupdate.rs
+++ b/proto/src/internal/credupdate.rs
@@ -160,6 +160,7 @@ pub enum CURegWarning {
     AttestedResidentKeyRequired,
     Unsatisfiable,
     WebauthnAttestationUnsatisfiable,
+    WebauthnUserVerificationRequired,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, ToSchema)]
diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs
index 2caa70cbe..1d00e206b 100644
--- a/server/core/src/https/views/reset.rs
+++ b/server/core/src/https/views/reset.rs
@@ -73,6 +73,7 @@ struct CredStatusView {
 #[template(path = "credentials_update_partial.html")]
 struct CredResetPartialView {
     ext_cred_portal: CUExtPortal,
+    can_commit: bool,
     warnings: Vec<CURegWarning>,
     attested_passkeys_state: CUCredState,
     passkeys_state: CUCredState,
@@ -899,6 +900,7 @@ pub(crate) async fn view_reset_get(
 fn get_cu_partial(cu_status: CUStatus) -> CredResetPartialView {
     let CUStatus {
         ext_cred_portal,
+        can_commit,
         warnings,
         passkeys_state,
         attested_passkeys_state,
@@ -913,6 +915,7 @@ fn get_cu_partial(cu_status: CUStatus) -> CredResetPartialView {
 
     CredResetPartialView {
         ext_cred_portal,
+        can_commit,
         warnings,
         attested_passkeys_state,
         passkeys_state,
diff --git a/server/core/templates/credentials_update_partial.html b/server/core/templates/credentials_update_partial.html
index 5e62ff4a4..277f47583 100644
--- a/server/core/templates/credentials_update_partial.html
+++ b/server/core/templates/credentials_update_partial.html
@@ -49,6 +49,9 @@
                 (% when CURegWarning::Unsatisfiable %)
                 An account policy conflict has occurred and you will not be able
                 to save your credentials.
+                (% when CURegWarning::WebauthnUserVerificationRequired %)
+                The passkey you attempted to register did not provide user verification. Please
+                ensure that you have a PIN or alternative configured on your authenticator.
                 (% endmatch %)
 
                 (% if is_danger %)
@@ -158,7 +161,7 @@
                                 type="submit"
                                 hx-post="/ui/api/cu_commit"
                                 hx-boost="false"
-                                (% if !warnings.is_empty() %)disabled(% endif
+                                (% if !can_commit %)disabled(% endif
                                 %)>Save Changes</button>
                         </span>
                     </div>
diff --git a/server/lib/src/idm/credupdatesession.rs b/server/lib/src/idm/credupdatesession.rs
index 6e949d207..227f438d5 100644
--- a/server/lib/src/idm/credupdatesession.rs
+++ b/server/lib/src/idm/credupdatesession.rs
@@ -203,6 +203,7 @@ impl CredentialUpdateSession {
     // Vec of the issues with the current session so that UI's can highlight properly how to proceed.
     fn can_commit(&self) -> (bool, Vec<CredentialUpdateSessionStatusWarnings>) {
         let mut warnings = Vec::with_capacity(0);
+        let mut can_proceed = true;
 
         let cred_type_min = self.resolved_account_policy.credential_policy();
 
@@ -219,6 +220,7 @@ impl CredentialUpdateSession {
                     // parts.
                     .unwrap_or(false)
                 {
+                    can_proceed = false;
                     warnings.push(CredentialUpdateSessionStatusWarnings::MfaRequired);
                 }
             }
@@ -226,12 +228,14 @@ impl CredentialUpdateSession {
                 // NOTE: Technically this is unreachable, but we keep it for correctness.
                 // Primary can't be set at all.
                 if self.primary.is_some() {
+                    can_proceed = false;
                     warnings.push(CredentialUpdateSessionStatusWarnings::PasskeyRequired);
                 }
             }
             CredentialType::AttestedPasskey => {
                 // Also unreachable - during these sessions, there will be no values present here.
                 if !self.passkeys.is_empty() || self.primary.is_some() {
+                    can_proceed = false;
                     warnings.push(CredentialUpdateSessionStatusWarnings::AttestedPasskeyRequired);
                 }
             }
@@ -241,12 +245,14 @@ impl CredentialUpdateSession {
                     || !self.passkeys.is_empty()
                     || self.primary.is_some()
                 {
+                    can_proceed = false;
                     warnings
                         .push(CredentialUpdateSessionStatusWarnings::AttestedResidentKeyRequired);
                 }
             }
             CredentialType::Invalid => {
                 // special case, must always deny all changes.
+                can_proceed = false;
                 warnings.push(CredentialUpdateSessionStatusWarnings::Unsatisfiable)
             }
         }
@@ -258,7 +264,7 @@ impl CredentialUpdateSession {
             }
         }
 
-        (warnings.is_empty(), warnings)
+        (can_proceed, warnings)
     }
 }
 
@@ -296,6 +302,7 @@ pub enum CredentialUpdateSessionStatusWarnings {
     AttestedResidentKeyRequired,
     Unsatisfiable,
     WebauthnAttestationUnsatisfiable,
+    WebauthnUserVerificationRequired,
 }
 
 impl Display for CredentialUpdateSessionStatusWarnings {
@@ -319,6 +326,9 @@ impl From<CredentialUpdateSessionStatusWarnings> for CURegWarning {
             CredentialUpdateSessionStatusWarnings::WebauthnAttestationUnsatisfiable => {
                 CURegWarning::WebauthnAttestationUnsatisfiable
             }
+            CredentialUpdateSessionStatusWarnings::WebauthnUserVerificationRequired => {
+                CURegWarning::WebauthnUserVerificationRequired
+            }
         }
     }
 }
@@ -350,6 +360,13 @@ pub struct CredentialUpdateSessionStatus {
 }
 
 impl CredentialUpdateSessionStatus {
+    /// Append a single warning to this session status, which will only be displayed to the
+    /// user once. This is different to other warnings that are derived from the state of the
+    /// session as a whole.
+    pub fn append_ephemeral_warning(&mut self, warning: CredentialUpdateSessionStatusWarnings) {
+        self.warnings.push(warning)
+    }
+
     pub fn can_commit(&self) -> bool {
         self.can_commit
     }
@@ -2172,30 +2189,36 @@ impl IdmServerCredUpdateTransaction<'_> {
 
         match &session.mfaregstate {
             MfaRegState::Passkey(_ccr, pk_reg) => {
-                let result = self
-                    .webauthn
-                    .finish_passkey_registration(reg, pk_reg)
-                    .map_err(|e| {
-                        error!(eclass=?e, emsg=%e, "Unable to complete passkey registration");
-                        match e {
-                            WebauthnError::UserNotVerified => {
-                                OperationError::CU0003WebauthnUserNotVerified
-                            }
-                            _ => OperationError::CU0002WebauthnRegistrationError,
-                        }
-                    });
+                let reg_result = self.webauthn.finish_passkey_registration(reg, pk_reg);
 
-                // The reg is done. Clean up state before returning errors.
+                // Clean up state before returning results.
                 session.mfaregstate = MfaRegState::None;
 
-                let passkey = result?;
+                match reg_result {
+                    Ok(passkey) => {
+                        let pk_id = Uuid::new_v4();
+                        session.passkeys.insert(pk_id, (label, passkey));
 
-                let pk_id = Uuid::new_v4();
-                session.passkeys.insert(pk_id, (label, passkey));
-
-                Ok(session.deref().into())
+                        let cu_status: CredentialUpdateSessionStatus = session.deref().into();
+                        Ok(cu_status)
+                    }
+                    Err(WebauthnError::UserNotVerified) => {
+                        let mut cu_status: CredentialUpdateSessionStatus = session.deref().into();
+                        cu_status.append_ephemeral_warning(
+                            CredentialUpdateSessionStatusWarnings::WebauthnUserVerificationRequired,
+                        );
+                        Ok(cu_status)
+                    }
+                    Err(err) => {
+                        error!(eclass=?err, emsg=%err, "Unable to complete passkey registration");
+                        Err(OperationError::CU0002WebauthnRegistrationError)
+                    }
+                }
+            }
+            invalid_state => {
+                warn!(?invalid_state);
+                Err(OperationError::InvalidRequestState)
             }
-            _ => Err(OperationError::InvalidRequestState),
         }
     }
 
diff --git a/tools/cli/src/cli/lib.rs b/tools/cli/src/cli/lib.rs
index 9c2721b4c..d1dc531b1 100644
--- a/tools/cli/src/cli/lib.rs
+++ b/tools/cli/src/cli/lib.rs
@@ -74,7 +74,9 @@ pub(crate) fn handle_group_account_policy_error(response: ClientError, _output_m
     use kanidm_proto::internal::OperationError::SchemaViolation;
     use kanidm_proto::internal::SchemaError::AttributeNotValidForClass;
 
-    if let ClientError::Http(_status, Some(SchemaViolation(AttributeNotValidForClass(att))), opid) = response {
+    if let ClientError::Http(_status, Some(SchemaViolation(AttributeNotValidForClass(att))), opid) =
+        response
+    {
         error!("OperationId: {:?}", opid);
         error!("Cannot update account-policy attribute {att}. Is account-policy enabled on this group?");
     } else {
diff --git a/tools/cli/src/cli/person.rs b/tools/cli/src/cli/person.rs
index 2469fb85b..1d0a44f8d 100644
--- a/tools/cli/src/cli/person.rs
+++ b/tools/cli/src/cli/person.rs
@@ -1282,6 +1282,11 @@ fn display_warnings(warnings: &[CURegWarning]) {
             CURegWarning::Unsatisfiable => {
                 println!("Account policy is unsatisfiable. Contact your administrator.");
             }
+            CURegWarning::WebauthnUserVerificationRequired => {
+                println!(
+                    "The passkey you attempted to register did not provide user verification, please ensure a PIN or equivalent is set."
+                );
+            }
         }
     }
 }

From 0ce1bbeddc86563a9eb9922f1cdea3f09152f443 Mon Sep 17 00:00:00 2001
From: Wei Jian Gan <weijiangan@outlook.com>
Date: Sat, 8 Feb 2025 09:54:41 +0800
Subject: [PATCH 77/87] SSH Keys in Credentials Update (#3027)

---
 Cargo.lock                                    |   2 +
 server/core/Cargo.toml                        |   2 +
 server/core/src/https/views/mod.rs            |   8 +
 server/core/src/https/views/reset.rs          | 161 ++++++++++++++++++
 server/core/static/style.css                  |   7 +
 ...tial_update_add_ssh_publickey_partial.html |  31 ++++
 .../templates/credentials_update_partial.html |  65 ++++++-
 server/core/templates/navbar.html             |   4 +-
 8 files changed, 271 insertions(+), 9 deletions(-)
 create mode 100644 server/core/templates/credential_update_add_ssh_publickey_partial.html

diff --git a/Cargo.lock b/Cargo.lock
index 2bd45e759..6a8c1430b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3175,6 +3175,8 @@ dependencies = [
  "serde_json",
  "serde_with",
  "sketching",
+ "sshkey-attest",
+ "sshkeys",
  "tempfile",
  "time",
  "tokio",
diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml
index 3b7e6200c..094eec8bb 100644
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@@ -52,6 +52,8 @@ serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 serde_with = { workspace = true }
 sketching = { workspace = true }
+sshkeys = { workspace = true }
+sshkey-attest = { workspace = true }
 time = { workspace = true, features = ["serde", "std", "local-offset"] }
 tokio = { workspace = true, features = ["net", "sync", "io-util", "macros"] }
 tokio-openssl = { workspace = true }
diff --git a/server/core/src/https/views/mod.rs b/server/core/src/https/views/mod.rs
index cefb475d6..1c95a2709 100644
--- a/server/core/src/https/views/mod.rs
+++ b/server/core/src/https/views/mod.rs
@@ -103,6 +103,10 @@ pub fn view_router() -> Router<ServerState> {
         .route("/reset/change_password", post(reset::view_new_pwd))
         .route("/reset/add_passkey", post(reset::view_new_passkey))
         .route("/reset/set_unixcred", post(reset::view_set_unixcred))
+        .route(
+            "/reset/add_ssh_publickey",
+            post(reset::view_add_ssh_publickey),
+        )
         .route("/api/delete_alt_creds", post(reset::remove_alt_creds))
         .route("/api/delete_unixcred", post(reset::remove_unixcred))
         .route("/api/add_totp", post(reset::add_totp))
@@ -110,6 +114,10 @@ pub fn view_router() -> Router<ServerState> {
         .route("/api/remove_passkey", post(reset::remove_passkey))
         .route("/api/finish_passkey", post(reset::finish_passkey))
         .route("/api/cancel_mfareg", post(reset::cancel_mfareg))
+        .route(
+            "/api/remove_ssh_publickey",
+            post(reset::remove_ssh_publickey),
+        )
         .route("/api/cu_cancel", post(reset::cancel_cred_update))
         .route("/api/cu_commit", post(reset::commit))
         .layer(HxRequestGuardLayer::new("/ui"));
diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs
index 1d00e206b..36cea8ffb 100644
--- a/server/core/src/https/views/reset.rs
+++ b/server/core/src/https/views/reset.rs
@@ -14,11 +14,15 @@ use qrcode::render::svg;
 use qrcode::QrCode;
 use serde::{Deserialize, Serialize};
 use serde_with::skip_serializing_none;
+use std::collections::BTreeMap;
 use std::fmt;
 use std::fmt::{Display, Formatter};
 use std::str::FromStr;
 use uuid::Uuid;
 
+pub use sshkey_attest::proto::PublicKey as SshPublicKey;
+pub use sshkeys::KeyType;
+
 use kanidm_proto::internal::{
     CUCredState, CUExtPortal, CURegState, CURegWarning, CURequest, CUSessionToken, CUStatus,
     CredentialDetail, OperationError, PasskeyDetail, PasswordFeedback, TotpAlgo, UserAuthToken,
@@ -69,6 +73,12 @@ struct CredStatusView {
     credentials_update_partial: CredResetPartialView,
 }
 
+struct SshKey {
+    key_type: KeyType,
+    key: String,
+    comment: Option<String>,
+}
+
 #[derive(Template)]
 #[template(path = "credentials_update_partial.html")]
 struct CredResetPartialView {
@@ -83,6 +93,8 @@ struct CredResetPartialView {
     primary: Option<CredentialDetail>,
     unixcred_state: CUCredState,
     unixcred: Option<CredentialDetail>,
+    sshkeys_state: CUCredState,
+    sshkeys: BTreeMap<String, SshKey>,
 }
 
 #[skip_serializing_none]
@@ -104,6 +116,13 @@ struct SetUnixCredPartial {
     check_res: PwdCheckResult,
 }
 
+#[derive(Template)]
+#[template(path = "credential_update_add_ssh_publickey_partial.html")]
+struct AddSshPublicKeyPartial {
+    title_error: Option<String>,
+    key_error: Option<String>,
+}
+
 #[derive(Serialize, Deserialize, Debug)]
 enum PwdCheckResult {
     Success,
@@ -120,6 +139,17 @@ pub(crate) struct NewPassword {
     new_password_check: String,
 }
 
+#[derive(Deserialize, Debug)]
+pub(crate) struct NewPublicKey {
+    title: String,
+    key: String,
+}
+
+#[derive(Deserialize, Debug)]
+pub(crate) struct PublicKeyRemoveData {
+    name: String,
+}
+
 #[derive(Deserialize, Debug)]
 pub(crate) struct NewTotp {
     name: String,
@@ -341,6 +371,30 @@ pub(crate) async fn remove_unixcred(
     Ok(get_cu_partial_response(cu_status))
 }
 
+pub(crate) async fn remove_ssh_publickey(
+    State(state): State<ServerState>,
+    Extension(kopid): Extension<KOpId>,
+    HxRequest(_hx_request): HxRequest,
+    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
+    jar: CookieJar,
+    Form(publickey): Form<PublicKeyRemoveData>,
+) -> axum::response::Result<Response> {
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
+
+    let cu_status = state
+        .qe_r_ref
+        .handle_idmcredentialupdate(
+            cu_session_token,
+            CURequest::SshPublicKeyRemove(publickey.name),
+            kopid.eventid,
+        )
+        .map_err(|op_err| HtmxError::new(&kopid, op_err, domain_info))
+        .await?;
+
+    Ok(get_cu_partial_response(cu_status))
+}
+
 pub(crate) async fn remove_totp(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
@@ -805,6 +859,95 @@ pub(crate) async fn view_set_unixcred(
         .into_response())
 }
 
+struct AddSshPublicKeyError {
+    key: Option<String>,
+    title: Option<String>,
+}
+
+pub(crate) async fn view_add_ssh_publickey(
+    State(state): State<ServerState>,
+    Extension(kopid): Extension<KOpId>,
+    HxRequest(_hx_request): HxRequest,
+    VerifiedClientInformation(_client_auth_info): VerifiedClientInformation,
+    DomainInfo(domain_info): DomainInfo,
+    jar: CookieJar,
+    opt_form: Option<Form<NewPublicKey>>,
+) -> axum::response::Result<Response> {
+    let cu_session_token: CUSessionToken = get_cu_session(&jar).await?;
+
+    let new_key = match opt_form {
+        None => {
+            return Ok((AddSshPublicKeyPartial {
+                title_error: None,
+                key_error: None,
+            },)
+                .into_response());
+        }
+        Some(Form(new_key)) => new_key,
+    };
+
+    let (
+        AddSshPublicKeyError {
+            key: key_error,
+            title: title_error,
+        },
+        status,
+    ) = {
+        let publickey = match SshPublicKey::from_string(&new_key.key) {
+            Err(_) => {
+                return Ok((AddSshPublicKeyPartial {
+                    title_error: None,
+                    key_error: Some("Key cannot be parsed".to_string()),
+                },)
+                    .into_response());
+            }
+            Ok(publickey) => publickey,
+        };
+        let res = state
+            .qe_r_ref
+            .handle_idmcredentialupdate(
+                cu_session_token,
+                CURequest::SshPublicKey(new_key.title, publickey),
+                kopid.eventid,
+            )
+            .await;
+        match res {
+            Ok(cu_status) => return Ok(get_cu_partial_response(cu_status)),
+            Err(e @ (OperationError::InvalidLabel | OperationError::DuplicateLabel)) => (
+                AddSshPublicKeyError {
+                    title: Some(e.to_string()),
+                    key: None,
+                },
+                StatusCode::UNPROCESSABLE_ENTITY,
+            ),
+            Err(e @ OperationError::DuplicateKey) => (
+                AddSshPublicKeyError {
+                    key: Some(e.to_string()),
+                    title: None,
+                },
+                StatusCode::UNPROCESSABLE_ENTITY,
+            ),
+            Err(operr) => {
+                return Err(ErrorResponse::from(HtmxError::new(
+                    &kopid,
+                    operr,
+                    domain_info,
+                )))
+            }
+        }
+    };
+
+    Ok((
+        status,
+        HxPushUrl(Uri::from_static("/ui/reset/add_ssh_publickey")),
+        AddSshPublicKeyPartial {
+            title_error,
+            key_error,
+        },
+    )
+        .into_response())
+}
+
 pub(crate) async fn view_reset_get(
     State(state): State<ServerState>,
     Extension(kopid): Extension<KOpId>,
@@ -910,9 +1053,25 @@ fn get_cu_partial(cu_status: CUStatus) -> CredResetPartialView {
         primary,
         unixcred_state,
         unixcred,
+        sshkeys_state,
+        sshkeys,
         ..
     } = cu_status;
 
+    let sshkeyss: BTreeMap<String, SshKey> = sshkeys
+        .iter()
+        .map(|(k, v)| {
+            (
+                k.clone(),
+                SshKey {
+                    key_type: v.clone().key_type,
+                    key: v.fingerprint().hash,
+                    comment: v.comment.clone(),
+                },
+            )
+        })
+        .collect();
+
     CredResetPartialView {
         ext_cred_portal,
         can_commit,
@@ -925,6 +1084,8 @@ fn get_cu_partial(cu_status: CUStatus) -> CredResetPartialView {
         primary,
         unixcred_state,
         unixcred,
+        sshkeys_state,
+        sshkeys: sshkeyss,
     }
 }
 
diff --git a/server/core/static/style.css b/server/core/static/style.css
index fe4c1c0b4..345edecb4 100644
--- a/server/core/static/style.css
+++ b/server/core/static/style.css
@@ -190,3 +190,10 @@ footer {
   width: var(--icon-size);
   height: var(--icon-size);
 }
+
+.ssh-list-icon {
+  --icon-size: 32px;
+  width: var(--icon-size);
+  height: var(--icon-size);
+  transform: rotate(35deg);
+}
diff --git a/server/core/templates/credential_update_add_ssh_publickey_partial.html b/server/core/templates/credential_update_add_ssh_publickey_partial.html
new file mode 100644
index 000000000..141e19554
--- /dev/null
+++ b/server/core/templates/credential_update_add_ssh_publickey_partial.html
@@ -0,0 +1,31 @@
+<hr>
+<div class="d-flex flex-column row-gap-4">
+    <h4>Add new SSH Key</h4>
+    <form class="row-gap-3 d-flex flex-column needs-validation"
+        hx-target="#credentialUpdateDynamicSection"
+        hx-post="/ui/reset/add_ssh_publickey">
+        <div>
+            <label for="key-title" class="form-label">Title</label>
+            <input type="text" class="form-control(% if let Some(_) = title_error %) is-invalid(% endif %)" id="key-title" name="title" aria-describedby="title-validation-feedback">
+            <div id="title-validation-feedback" class="invalid-feedback">
+                (% if let Some(title_error) = title_error %)(( title_error ))(% endif %)
+            </div>
+        </div>
+        <div>
+            <label for="key-content" class="form-label">Key</label>
+            <textarea class="form-control(% if let Some(_) = key_error %) is-invalid(% endif %)" id="key-content" rows="5" name="key"
+                aria-describedby="key-validation-feedback"
+                placeholder="Begins with 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519', 'sk-ecdsa-sha2-nistp256@openssh.com', or 'sk-ssh-ed25519@openssh.com'"
+            ></textarea>
+            <div id="key-validation-feedback" class="invalid-feedback">
+                (% if let Some(key_error) = key_error %)(( key_error ))(% endif %)
+            </div>
+        </div>        
+
+        <div class="column-gap-2 d-flex justify-content-end mt-2" hx-target="#credentialUpdateDynamicSection">
+            <button type="button" class="btn btn-danger" hx-get=((Urls::CredReset)) hx-target="body">Cancel</button>
+            <button type="submit" class="btn btn-primary">Submit</button>
+        </div>
+    </form>
+</div>
+
diff --git a/server/core/templates/credentials_update_partial.html b/server/core/templates/credentials_update_partial.html
index 277f47583..cb842e29d 100644
--- a/server/core/templates/credentials_update_partial.html
+++ b/server/core/templates/credentials_update_partial.html
@@ -85,12 +85,14 @@
             (% when CUCredState::Modifiable %)
             (% include "credentials_update_passkeys.html" %)
             <!-- Here we are modifiable so we can render the button to add passkeys  -->
-            <button type="button" class="btn btn-primary"
-                hx-post="/ui/reset/add_passkey"
-                hx-vals='{"class": "Any"}'
-                hx-target="#credentialUpdateDynamicSection">
-                Add Passkey
-            </button>
+            <div class="mt-3">
+                <button type="button" class="btn btn-primary"
+                    hx-post="/ui/reset/add_passkey"
+                    hx-vals='{"class": "Any"}'
+                    hx-target="#credentialUpdateDynamicSection">
+                    Add Passkey
+                </button>
+            </div>
 
             (% when CUCredState::DeleteOnly %)
             (% if passkeys.len() > 0 %)
@@ -134,6 +136,55 @@
             (% when CUCredState::PolicyDeny %)
             (% endmatch %)
 
+            (% match sshkeys_state %)
+            (% when CUCredState::Modifiable %)
+            <hr class="my-4" />
+            <h4>SSH Keys</h4>
+            (% if sshkeys.len() > 0 %)
+            <p>This is a list of SSH keys associated with your account.</p>
+            <ul class="list-group">
+                (% for (keyname, sshkey) in sshkeys %)
+                <li class="list-group-item d-flex column-gap-3 py-3">
+                    <div>
+                        <img class="ssh-list-icon" src="/pkg/img/icons/key.svg" alt="" />
+                    </div>
+                    <div class="d-flex flex-column row-gap-2 flex-grow-1">
+                        <div class="d-flex justify-content-between">
+                            <div class="fw-bold column-gap-2">
+                                (( keyname ))<span class="badge rounded-pill text-bg-dark ms-2">(( sshkey.key_type.short_name ))</span>
+                            </div>
+                            <button class="btn btn-tiny btn-danger"
+                                hx-post="/ui/api/remove_ssh_publickey"
+                                hx-vals='{"name": "(( keyname ))"}'
+                                hx-target="#credentialUpdateDynamicSection">
+                                Remove
+                            </button>
+                        </div>
+                        <div><span class="font-monospace text-break">SHA256:(( sshkey.key ))</span></div>
+                        (% if let Some(comment) = sshkey.comment %)
+                            <div class="rounded bg-body-tertiary border border-light-subtle text-body-secondary px-2 py-1 align-self-stretch">Comment: (( comment ))</div>
+                        (% endif %)
+                    </div>
+                </li>
+                (% endfor %)
+            </ul>
+            (% else %)
+            <p>There are no SSH keys associated with your account.</p>
+            (% endif %)
+            <div class="mt-3">
+                <button class="btn btn-primary" type="button" 
+                    hx-post="/ui/reset/add_ssh_publickey"
+                    hx-target="#credentialUpdateDynamicSection">
+                    Add SSH Key
+                </button>
+            </div>
+            
+            (% when CUCredState::DeleteOnly %)
+            (% when CUCredState::AccessDeny %)
+            (% when CUCredState::PolicyDeny %)
+            (% endmatch %)
+
+
             <hr class="my-4" />
             <div id="cred-update-commit-bar" class="toast bs-emphasis-color bs-secondary-bg">
                 <div class="toast-body">
@@ -148,7 +199,7 @@
                             </svg>
                             <b>Careful</b> - Unsaved changes will be lost</div>
                     </span>
-                    <div class="mt-2 pt-2 border-top">
+                    <div class="mt-3 d-flex column-gap-2">
                         <button class="btn btn-danger"
                             hx-post="/ui/api/cu_cancel"
                             hx-boost="false"
diff --git a/server/core/templates/navbar.html b/server/core/templates/navbar.html
index 4c665cf95..2f04c1abe 100644
--- a/server/core/templates/navbar.html
+++ b/server/core/templates/navbar.html
@@ -21,7 +21,7 @@
         </button>
 
         <div class="collapse navbar-collapse" id="navbarCollapse">
-            <ul class="navbar-nav me-auto mb-2 mb-md-0">
+            <ul class="navbar-nav">
                 <li>
                     <a class="nav-link" href=((Urls::Apps))>
                         <span data-feather="file"></span>Applications</a>
@@ -31,7 +31,7 @@
                         <span data-feather="file"></span>Profile</a>
                 </li>
             </ul>
-            <ul class="navbar-nav me-auto mb-2 mb-md-0 ms-md-auto">
+            <ul class="navbar-nav ms-md-auto">
                 <li>
                     <a class="nav-link" href="#" data-bs-toggle="modal"
                         data-bs-target="#signoutModal">Sign out</a>

From 7a9bb9eac2d2946d9cdba1500eec72a0d06ed026 Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Sat, 8 Feb 2025 17:37:28 +1100
Subject: [PATCH 78/87] Feat: Allowing spn query with non-spn structured data
 in LDAP (#3400)

* Added Botch for fixing spn query

* Got Invalid filter working. spn can now be searched on

* Addressed review comments

* Resolved Invalid filter correctly for no index

* Cleaned comments and added tests (still 1 failing)

* Added comments and fixed unit test

* Formatting

* Made Clippy Happy
---
 book/src/integrations/ldap.md |  4 +-
 server/lib/src/be/mod.rs      | 44 ++++++++++++++++++
 server/lib/src/entry.rs       |  1 +
 server/lib/src/filter.rs      | 39 ++++++++++++++--
 server/lib/src/idm/ldap.rs    | 88 +++++++++++++++++++++++++++++++++--
 server/lib/src/lib.rs         |  4 +-
 6 files changed, 170 insertions(+), 10 deletions(-)

diff --git a/book/src/integrations/ldap.md b/book/src/integrations/ldap.md
index da28e67ed..adb629434 100644
--- a/book/src/integrations/ldap.md
+++ b/book/src/integrations/ldap.md
@@ -145,7 +145,8 @@ with a dn of `dn=token` and provide the api token in the password.
 > [!NOTE]
 >
 > The `dn=token` keyword is guaranteed to not be used by any other entry, which is why it was chosen
-> as the keyword to initiate api token binds.
+> as the keyword to initiate api token binds. Additionally it is not required, leaving the field empty
+> will fall back to the service-account if a "password" is provided
 
 ```bash
 ldapwhoami -H ldaps://URL -x -D "dn=token" -w "TOKEN"
@@ -234,6 +235,7 @@ ldapwhoami ... -x -D '22a65b6c-80c8-4e1a-9b76-3f3afdff8400'
 ldapwhoami ... -x -D 'spn=test1@idm.example.com,dc=idm,dc=example,dc=com'
 ldapwhoami ... -x -D 'name=test1,dc=idm,dc=example,dc=com'
 ```
+<sub>in fact, the key of the bind isn't used at all so `googoogaaga=test1` is entirely valid</sub> ;)
 
 ## Troubleshooting
 
diff --git a/server/lib/src/be/mod.rs b/server/lib/src/be/mod.rs
index dfc23a2e5..954f8a9a5 100644
--- a/server/lib/src/be/mod.rs
+++ b/server/lib/src/be/mod.rs
@@ -571,6 +571,10 @@ pub trait BackendTransaction {
                 filter_error!("Requested a top level or isolated AndNot, returning empty");
                 (IdList::Indexed(IDLBitRange::new()), FilterPlan::Invalid)
             }
+            FilterResolved::Invalid(_) => {
+                // Indexed since it is always false and we don't want to influence filter testing
+                (IdList::Indexed(IDLBitRange::new()), FilterPlan::Invalid)
+            }
         })
     }
 
@@ -2376,6 +2380,46 @@ mod tests {
         });
     }
 
+    #[test]
+    fn test_be_search_with_invalid() {
+        run_test!(|be: &mut BackendWriteTransaction| {
+            trace!("Simple Search");
+
+            let mut e: Entry<EntryInit, EntryNew> = Entry::new();
+            e.add_ava(Attribute::UserId, Value::from("bagel"));
+            e.add_ava(
+                Attribute::Uuid,
+                Value::from("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
+            );
+            let e = e.into_sealed_new();
+
+            let single_result = be.create(&CID_ZERO, vec![e]);
+            assert!(single_result.is_ok());
+
+            // Test Search with or condition including invalid attribute
+            let filt = filter_resolved!(f_or(vec![
+                f_eq(Attribute::UserId, PartialValue::new_utf8s("bagel")),
+                f_invalid(Attribute::UserId)
+            ]));
+
+            let lims = Limits::unlimited();
+
+            let r = be.search(&lims, &filt);
+            assert!(r.expect("Search failed!").len() == 1);
+
+            // Test Search with or condition including invalid attribute
+            let filt = filter_resolved!(f_and(vec![
+                f_eq(Attribute::UserId, PartialValue::new_utf8s("bagel")),
+                f_invalid(Attribute::UserId)
+            ]));
+
+            let lims = Limits::unlimited();
+
+            let r = be.search(&lims, &filt);
+            assert!(r.expect("Search failed!").len() == 0);
+        });
+    }
+
     #[test]
     fn test_be_simple_modify() {
         run_test!(|be: &mut BackendWriteTransaction| {
diff --git a/server/lib/src/entry.rs b/server/lib/src/entry.rs
index 5ad112a07..88efd32b8 100644
--- a/server/lib/src/entry.rs
+++ b/server/lib/src/entry.rs
@@ -2912,6 +2912,7 @@ impl<VALID, STATE> Entry<VALID, STATE> {
                 false
             }
             FilterResolved::AndNot(f, _) => !self.entry_match_no_index_inner(f),
+            FilterResolved::Invalid(_) => false,
         }
     }
 
diff --git a/server/lib/src/filter.rs b/server/lib/src/filter.rs
index cfb09de53..b9062e463 100644
--- a/server/lib/src/filter.rs
+++ b/server/lib/src/filter.rs
@@ -83,6 +83,10 @@ pub fn f_self() -> FC {
     FC::SelfUuid
 }
 
+pub fn f_invalid(a: Attribute) -> FC {
+    FC::Invalid(a)
+}
+
 pub fn f_id(uuid: &str) -> FC {
     let uf = Uuid::parse_str(uuid)
         .ok()
@@ -117,6 +121,7 @@ pub enum FC {
     Inclusion(Vec<FC>),
     AndNot(Box<FC>),
     SelfUuid,
+    Invalid(Attribute),
     // Not(Box<FC>),
 }
 
@@ -135,6 +140,7 @@ enum FilterComp {
     Inclusion(Vec<FilterComp>),
     AndNot(Box<FilterComp>),
     SelfUuid,
+    Invalid(Attribute),
     // Does this mean we can add a true not to the type now?
     // Not(Box<FilterComp>),
 }
@@ -196,12 +202,15 @@ impl fmt::Debug for FilterComp {
             FilterComp::SelfUuid => {
                 write!(f, "uuid eq self")
             }
+            FilterComp::Invalid(attr) => {
+                write!(f, "invalid ( {:?} )", attr)
+            }
         }
     }
 }
 
 /// This is the fully resolved internal representation. Note the lack of Not and selfUUID
-/// because these are resolved into And(Pres(class), AndNot(term)) and Eq(uuid, ...).
+/// because these are resolved into And(Pres(class), AndNot(term)) and Eq(uuid, ...) respectively.
 /// Importantly, we make this accessible to Entry so that it can then match on filters
 /// internally.
 ///
@@ -221,6 +230,7 @@ pub enum FilterResolved {
     LessThan(Attribute, PartialValue, Option<NonZeroU8>),
     Or(Vec<FilterResolved>, Option<NonZeroU8>),
     And(Vec<FilterResolved>, Option<NonZeroU8>),
+    Invalid(Attribute),
     // All terms must have 1 or more items, or the inclusion is false!
     Inclusion(Vec<FilterResolved>, Option<NonZeroU8>),
     AndNot(Box<FilterResolved>, Option<NonZeroU8>),
@@ -310,6 +320,9 @@ impl fmt::Debug for FilterResolved {
             FilterResolved::AndNot(inner, idx) => {
                 write!(f, "not (s{} {:?})", idx.unwrap_or(NonZeroU8::MAX), inner)
             }
+            FilterResolved::Invalid(attr) => {
+                write!(f, "{} inv", attr)
+            }
         }
     }
 }
@@ -777,6 +790,7 @@ impl FilterComp {
             FC::Inclusion(v) => FilterComp::Inclusion(v.into_iter().map(FilterComp::new).collect()),
             FC::AndNot(b) => FilterComp::AndNot(Box::new(FilterComp::new(*b))),
             FC::SelfUuid => FilterComp::SelfUuid,
+            FC::Invalid(a) => FilterComp::Invalid(a),
         }
     }
 
@@ -804,7 +818,8 @@ impl FilterComp {
             | FilterComp::Stw(attr, _)
             | FilterComp::Enw(attr, _)
             | FilterComp::Pres(attr)
-            | FilterComp::LessThan(attr, _) => {
+            | FilterComp::LessThan(attr, _)
+            | FilterComp::Invalid(attr) => {
                 r_set.insert(attr.clone());
             }
             FilterComp::Or(vs) => vs.iter().for_each(|f| f.get_attr_set(r_set)),
@@ -952,6 +967,11 @@ impl FilterComp {
                 // Pretty hard to mess this one up ;)
                 Ok(FilterComp::SelfUuid)
             }
+            FilterComp::Invalid(attr) => {
+                // FilterComp may be invalid but Invalid is still a valid value.
+                // we continue the evaluation so OR queries can still succeed
+                Ok(FilterComp::Invalid(attr.clone()))
+            }
         }
     }
 
@@ -1097,8 +1117,13 @@ impl FilterComp {
             }
             LdapFilter::Equality(a, v) => {
                 let a = ldap_attr_filter_map(a);
-                let v = qs.clone_partialvalue(&a, v)?;
-                FilterComp::Eq(a, v)
+                let pv = qs.clone_partialvalue(&a, v);
+
+                match pv {
+                    Ok(pv) => FilterComp::Eq(a, pv),
+                    Err(_) if a == Attribute::Spn => FilterComp::Invalid(a),
+                    Err(err) => return Err(err),
+                }
             }
             LdapFilter::Present(a) => FilterComp::Pres(ldap_attr_filter_map(a)),
             LdapFilter::Substring(
@@ -1267,6 +1292,7 @@ impl FilterResolved {
                 FilterResolved::Eq(a, v, idx)
             }
             FilterComp::SelfUuid => panic!("Not possible to resolve SelfUuid in from_invalid!"),
+            FilterComp::Invalid(attr) => FilterResolved::Invalid(attr),
             FilterComp::Cnt(a, v) => {
                 let idx = idxmeta.contains(&(&a, &IndexType::SubString));
                 let idx = NonZeroU8::new(idx as u8);
@@ -1340,6 +1366,7 @@ impl FilterResolved {
             | FilterComp::Stw(..)
             | FilterComp::Enw(..)
             | FilterComp::Pres(_)
+            | FilterComp::Invalid(_)
             | FilterComp::LessThan(..) => true,
         }
     }
@@ -1435,6 +1462,7 @@ impl FilterResolved {
                 FilterResolved::resolve_idx((*f).clone(), ev, idxmeta)
                     .map(|fi| FilterResolved::AndNot(Box::new(fi), None))
             }
+            FilterComp::Invalid(attr) => Some(FilterResolved::Invalid(attr)),
         }
     }
 
@@ -1493,6 +1521,7 @@ impl FilterResolved {
                 FilterResolved::resolve_no_idx((*f).clone(), ev)
                     .map(|fi| FilterResolved::AndNot(Box::new(fi), None))
             }
+            FilterComp::Invalid(attr) => Some(FilterResolved::Invalid(attr)),
         }
     }
 
@@ -1632,6 +1661,8 @@ impl FilterResolved {
             | FilterResolved::And(_, sf)
             | FilterResolved::Inclusion(_, sf)
             | FilterResolved::AndNot(_, sf) => *sf,
+            // We hard code 1 because there is no slope for an invlid filter
+            FilterResolved::Invalid(_) => NonZeroU8::new(1),
         }
     }
 }
diff --git a/server/lib/src/idm/ldap.rs b/server/lib/src/idm/ldap.rs
index f71562b72..63956762f 100644
--- a/server/lib/src/idm/ldap.rs
+++ b/server/lib/src/idm/ldap.rs
@@ -205,9 +205,9 @@ impl LdapServer {
             // Map the Some(a,v) to ...?
 
             let ext_filter = match (&sr.scope, req_dn) {
-                // OneLevel and Child searches are veerrrryyy similar for us because child
+                // OneLevel and Child searches are **very** similar for us because child
                 // is a "subtree search excluding base". Because we don't have a tree structure at
-                // all, this is the same as a onelevel (ald children of base excludeing base).
+                // all, this is the same as a one level (all children of base excluding base).
                 (LdapSearchScope::Children, Some(_r)) | (LdapSearchScope::OneLevel, Some(_r)) => {
                     return Ok(vec![sr.gen_success()])
                 }
@@ -239,7 +239,7 @@ impl LdapServer {
             let mut all_attrs = false;
             let mut all_op_attrs = false;
 
-            // TODO #67: limit the number of attributes here!
+            // TODO #3406: limit the number of attributes here!
             if sr.attrs.is_empty() {
                 // If [], then "all" attrs
                 all_attrs = true;
@@ -1158,6 +1158,88 @@ mod tests {
         assert_eq!(r1.len(), r2.len());
     }
 
+    #[idm_test]
+    async fn test_ldap_spn_search(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
+        let ldaps = LdapServer::new(idms).await.expect("failed to start ldap");
+
+        let usr_uuid = Uuid::new_v4();
+        let usr_name = "panko";
+
+        // Setup person, group and application
+        {
+            let e1: Entry<EntryInit, EntryNew> = entry_init!(
+                (Attribute::Class, EntryClass::Object.to_value()),
+                (Attribute::Class, EntryClass::Account.to_value()),
+                (Attribute::Class, EntryClass::Person.to_value()),
+                (Attribute::Name, Value::new_iname(usr_name)),
+                (Attribute::Uuid, Value::Uuid(usr_uuid)),
+                (Attribute::DisplayName, Value::new_utf8s(usr_name))
+            );
+
+            let ct = duration_from_epoch_now();
+            let mut server_txn = idms.proxy_write(ct).await.unwrap();
+            assert!(server_txn
+                .qs_write
+                .internal_create(vec![e1])
+                .and_then(|_| server_txn.commit())
+                .is_ok());
+        }
+
+        // Setup the anonymous login
+        let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
+
+        // Searching a malformed spn shouldn't cause the query to fail
+        let sr = SearchRequest {
+            msgid: 1,
+            base: format!("dc=example,dc=com"),
+            scope: LdapSearchScope::Subtree,
+            filter: LdapFilter::Or(vec![
+                LdapFilter::Equality(Attribute::Name.to_string(), usr_name.to_string()),
+                LdapFilter::Equality(Attribute::Spn.to_string(), usr_name.to_string()),
+            ]),
+            attrs: vec!["*".to_string()],
+        };
+
+        let result = ldaps
+            .do_search(idms, &sr, &anon_t, Source::Internal)
+            .await
+            .map(|r| {
+                r.into_iter()
+                    .filter(|r| matches!(r.op, LdapOp::SearchResultEntry(_)))
+                    .collect::<Vec<_>>()
+            })
+            .unwrap();
+
+        assert!(!result.is_empty());
+
+        let sr = SearchRequest {
+            msgid: 1,
+            base: format!("dc=example,dc=com"),
+            scope: LdapSearchScope::Subtree,
+            filter: LdapFilter::And(vec![
+                LdapFilter::Equality(Attribute::Name.to_string(), usr_name.to_string()),
+                LdapFilter::Equality(Attribute::Spn.to_string(), usr_name.to_string()),
+            ]),
+            attrs: vec!["*".to_string()],
+        };
+
+        let empty_result = ldaps
+            .do_search(idms, &sr, &anon_t, Source::Internal)
+            .await
+            .map(|r| {
+                r.into_iter()
+                    .filter(|r| matches!(r.op, LdapOp::SearchResultEntry(_)))
+                    .collect::<Vec<_>>()
+            })
+            .unwrap();
+
+        assert!(empty_result.is_empty());
+    }
+
     #[idm_test]
     async fn test_ldap_application_bind(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
         let ldaps = LdapServer::new(idms).await.expect("failed to start ldap");
diff --git a/server/lib/src/lib.rs b/server/lib/src/lib.rs
index f52c5c11b..562042536 100644
--- a/server/lib/src/lib.rs
+++ b/server/lib/src/lib.rs
@@ -89,8 +89,8 @@ pub mod prelude {
     };
     pub use crate::event::{CreateEvent, DeleteEvent, ExistsEvent, ModifyEvent, SearchEvent};
     pub use crate::filter::{
-        f_and, f_andnot, f_eq, f_id, f_inc, f_lt, f_or, f_pres, f_self, f_spn_name, f_sub, Filter,
-        FilterInvalid, FilterValid, FC,
+        f_and, f_andnot, f_eq, f_id, f_inc, f_invalid, f_lt, f_or, f_pres, f_self, f_spn_name,
+        f_sub, Filter, FilterInvalid, FilterValid, FC,
     };
     pub use crate::idm::server::{IdmServer, IdmServerAudit, IdmServerDelayed};
     pub use crate::idm::{ClientAuthInfo, ClientCertInfo};

From f68906bf1bcc4e0fd69bee43325cf878a50c3b91 Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Sun, 9 Feb 2025 01:19:52 +0000
Subject: [PATCH 79/87] chore: Remove empty scopemaps (#3170)

---
 server/core/src/https/v1_oauth2.rs | 1 +
 server/lib/src/valueset/oauth.rs   | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/core/src/https/v1_oauth2.rs b/server/core/src/https/v1_oauth2.rs
index d3966a7ad..f399539bc 100644
--- a/server/core/src/https/v1_oauth2.rs
+++ b/server/core/src/https/v1_oauth2.rs
@@ -200,6 +200,7 @@ pub(crate) async fn oauth2_id_scopemap_post(
     Json(scopes): Json<Vec<String>>,
 ) -> Result<Json<()>, WebError> {
     let filter = oauth2_id(&rs_name);
+
     state
         .qe_w_ref
         .handle_oauth2_scopemap_update(client_auth_info, group, scopes, filter, kopid.eventid)
diff --git a/server/lib/src/valueset/oauth.rs b/server/lib/src/valueset/oauth.rs
index 7b1ed8d75..0b6ec0f2d 100644
--- a/server/lib/src/valueset/oauth.rs
+++ b/server/lib/src/valueset/oauth.rs
@@ -279,6 +279,7 @@ impl ValueSetT for ValueSetOauthScopeMap {
         match value {
             Value::OauthScopeMap(u, m) => {
                 match self.map.entry(u) {
+                    // We are going to assume that a vacant entry will not be set to empty.
                     BTreeEntry::Vacant(e) => {
                         e.insert(m);
                         Ok(true)
@@ -289,7 +290,12 @@ impl ValueSetT for ValueSetOauthScopeMap {
                     // associated map state. So by always replacing on a present, we are true to
                     // the intent of the api.
                     BTreeEntry::Occupied(mut e) => {
-                        e.insert(m);
+                        if m.is_empty() {
+                            e.remove();
+                        } else {
+                            e.insert(m);
+                        }
+
                         Ok(true)
                     }
                 }

From 1f5ce2617d85445802b4c7a6797d8bac8d3b337b Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sun, 9 Feb 2025 12:49:54 +1000
Subject: [PATCH 80/87] Resolve kanidm-unix auth-test bug (#3405)

* Resolve kanidm-unix auth-test bug

When reworking the unix daemon, we missed changing the auth-test
tool to handle the new challenge-response flow correctly which
would cause the session to disconnect.

* Cleanup
---
 tools/cli/src/cli/person.rs                   |   2 +-
 tools/cli/src/cli/session.rs                  |   2 +-
 unix_integration/common/src/client.rs         |  97 +++++++------
 .../resolver/src/bin/kanidm-unix.rs           | 128 +++++++++---------
 .../src/bin/kanidm_ssh_authorizedkeys.rs      |  38 ++++--
 5 files changed, 149 insertions(+), 118 deletions(-)

diff --git a/tools/cli/src/cli/person.rs b/tools/cli/src/cli/person.rs
index 1d0a44f8d..ce14fdf5b 100644
--- a/tools/cli/src/cli/person.rs
+++ b/tools/cli/src/cli/person.rs
@@ -162,7 +162,7 @@ impl PersonOpt {
                 }
                 PersonPosix::SetPassword(aopt) => {
                     let client = aopt.copt.to_client(OpType::Write).await;
-                    let password = match password_prompt("Enter new posix (sudo) password: ") {
+                    let password = match password_prompt("Enter new posix (sudo) password") {
                         Some(v) => v,
                         None => {
                             println!("Passwords do not match");
diff --git a/tools/cli/src/cli/session.rs b/tools/cli/src/cli/session.rs
index fb96b7b10..d5d1378ae 100644
--- a/tools/cli/src/cli/session.rs
+++ b/tools/cli/src/cli/session.rs
@@ -254,7 +254,7 @@ async fn do_password(
             password.to_owned()
         }
         None => dialoguer::Password::new()
-            .with_prompt("Enter password: ")
+            .with_prompt("Enter password")
             .interact()
             .unwrap_or_else(|e| {
                 error!("Failed to create password prompt -- {:?}", e);
diff --git a/unix_integration/common/src/client.rs b/unix_integration/common/src/client.rs
index 7dfca0170..85414a623 100644
--- a/unix_integration/common/src/client.rs
+++ b/unix_integration/common/src/client.rs
@@ -29,11 +29,11 @@ impl Decoder for ClientCodec {
     }
 }
 
-impl Encoder<ClientRequest> for ClientCodec {
+impl Encoder<&ClientRequest> for ClientCodec {
     type Error = IoError;
 
-    fn encode(&mut self, msg: ClientRequest, dst: &mut BytesMut) -> Result<(), Self::Error> {
-        let data = serde_json::to_vec(&msg).map_err(|e| {
+    fn encode(&mut self, msg: &ClientRequest, dst: &mut BytesMut) -> Result<(), Self::Error> {
+        let data = serde_json::to_vec(msg).map_err(|e| {
             error!("socket encoding error -> {:?}", e);
             IoError::new(ErrorKind::Other, "JSON encode error")
         })?;
@@ -49,48 +49,63 @@ impl ClientCodec {
     }
 }
 
-async fn call_daemon_inner(
-    path: &str,
-    req: ClientRequest,
-) -> Result<ClientResponse, Box<dyn Error>> {
-    trace!(?path, ?req);
-    let stream = UnixStream::connect(path).await?;
-    trace!("connected");
+pub struct DaemonClient {
+    req_stream: Framed<UnixStream, ClientCodec>,
+    default_timeout: u64,
+}
 
-    let mut reqs = Framed::new(stream, ClientCodec::new());
+impl DaemonClient {
+    pub async fn new(path: &str, default_timeout: u64) -> Result<Self, Box<dyn Error>> {
+        trace!(?path);
+        let stream = UnixStream::connect(path).await.inspect_err(|e| {
+            error!(
+                "Unix socket stream setup error while connecting to {} -> {:?}",
+                path, e
+            );
+        })?;
 
-    reqs.send(req).await?;
-    reqs.flush().await?;
-    trace!("flushed, waiting ...");
+        let req_stream = Framed::new(stream, ClientCodec::new());
 
-    match reqs.next().await {
-        Some(Ok(res)) => {
-            debug!("Response -> {:?}", res);
-            Ok(res)
+        trace!("connected");
+
+        Ok(DaemonClient {
+            req_stream,
+            default_timeout,
+        })
+    }
+
+    async fn call_inner(&mut self, req: &ClientRequest) -> Result<ClientResponse, Box<dyn Error>> {
+        self.req_stream.send(req).await?;
+        self.req_stream.flush().await?;
+        trace!("flushed, waiting ...");
+        match self.req_stream.next().await {
+            Some(Ok(res)) => {
+                debug!("Response -> {:?}", res);
+                Ok(res)
+            }
+            _ => {
+                error!("Error making request to kanidm_unixd");
+                Err(Box::new(IoError::new(ErrorKind::Other, "oh no!")))
+            }
         }
-        _ => {
-            error!("Error making request to kanidm_unixd");
-            Err(Box::new(IoError::new(ErrorKind::Other, "oh no!")))
-        }
-    }
-}
-
-/// Makes a call to kanidm_unixd via a unix socket at `path`
-pub async fn call_daemon(
-    path: &str,
-    req: ClientRequest,
-    timeout: u64,
-) -> Result<ClientResponse, Box<dyn Error>> {
-    let sleep = time::sleep(Duration::from_secs(timeout));
-    tokio::pin!(sleep);
-
-    tokio::select! {
-        _ = &mut sleep => {
-            error!(?timeout, "Timed out making request to kanidm_unixd");
-            Err(Box::new(IoError::new(ErrorKind::Other, "timeout")))
-        }
-        res = call_daemon_inner(path, req) => {
-            res
+    }
+
+    pub async fn call(
+        &mut self,
+        req: &ClientRequest,
+        timeout: Option<u64>,
+    ) -> Result<ClientResponse, Box<dyn Error>> {
+        let sleep = time::sleep(Duration::from_secs(timeout.unwrap_or(self.default_timeout)));
+        tokio::pin!(sleep);
+
+        tokio::select! {
+            _ = &mut sleep => {
+                error!(?timeout, "Timed out making request to kanidm_unixd");
+                Err(Box::new(IoError::new(ErrorKind::Other, "timeout")))
+            }
+            res = self.call_inner(req) => {
+                res
+            }
         }
     }
 }
diff --git a/unix_integration/resolver/src/bin/kanidm-unix.rs b/unix_integration/resolver/src/bin/kanidm-unix.rs
index 9c377149b..b27424769 100644
--- a/unix_integration/resolver/src/bin/kanidm-unix.rs
+++ b/unix_integration/resolver/src/bin/kanidm-unix.rs
@@ -16,17 +16,55 @@ extern crate tracing;
 use std::process::ExitCode;
 
 use clap::Parser;
-use kanidm_unix_common::client::call_daemon;
+use kanidm_unix_common::client::DaemonClient;
 use kanidm_unix_common::constants::DEFAULT_CONFIG_PATH;
 use kanidm_unix_common::unix_config::KanidmUnixdConfig;
 use kanidm_unix_common::unix_proto::{
     ClientRequest, ClientResponse, PamAuthRequest, PamAuthResponse, PamServiceInfo,
 };
-// use std::io;
 use std::path::PathBuf;
 
 include!("../opt/tool.rs");
 
+macro_rules! setup_client {
+    () => {{
+        let Ok(cfg) =
+            KanidmUnixdConfig::new().read_options_from_optional_config(DEFAULT_CONFIG_PATH)
+        else {
+            error!("Failed to parse {}", DEFAULT_CONFIG_PATH);
+            return ExitCode::FAILURE;
+        };
+
+        debug!("Connecting to resolver ...");
+
+        debug!(
+            "Using kanidm_unixd socket path: {:?}",
+            cfg.sock_path.as_str()
+        );
+
+        // see if the kanidm_unixd socket exists and quit if not
+        if !PathBuf::from(&cfg.sock_path).exists() {
+            error!(
+                "Failed to find unix socket at {}, quitting!",
+                cfg.sock_path.as_str()
+            );
+            return ExitCode::FAILURE;
+        }
+
+        match DaemonClient::new(cfg.sock_path.as_str(), cfg.unix_sock_timeout).await {
+            Ok(dc) => dc,
+            Err(err) => {
+                error!(
+                    "Failed to connect to resolver at {}-> {:?}",
+                    cfg.sock_path.as_str(),
+                    err
+                );
+                return ExitCode::FAILURE;
+            }
+        }
+    }};
+}
+
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> ExitCode {
     let opt = KanidmUnixParser::parse();
@@ -54,12 +92,7 @@ async fn main() -> ExitCode {
         } => {
             debug!("Starting PAM auth tester tool ...");
 
-            let Ok(cfg) =
-                KanidmUnixdConfig::new().read_options_from_optional_config(DEFAULT_CONFIG_PATH)
-            else {
-                error!("Failed to parse {}", DEFAULT_CONFIG_PATH);
-                return ExitCode::FAILURE;
-            };
+            let mut daemon_client = setup_client!();
 
             info!("Sending request for user {}", &account_id);
 
@@ -72,7 +105,7 @@ async fn main() -> ExitCode {
                 },
             };
             loop {
-                match call_daemon(cfg.sock_path.as_str(), req, cfg.unix_sock_timeout).await {
+                match daemon_client.call(&req, None).await {
                     Ok(r) => match r {
                         ClientResponse::PamAuthenticateStepResponse(PamAuthResponse::Success) => {
                             println!("auth success!");
@@ -90,7 +123,7 @@ async fn main() -> ExitCode {
                         ClientResponse::PamAuthenticateStepResponse(PamAuthResponse::Password) => {
                             // Prompt for and get the password
                             let cred = match dialoguer::Password::new()
-                                .with_prompt("Enter Unix password: ")
+                                .with_prompt("Enter Unix password")
                                 .interact()
                             {
                                 Ok(p) => p,
@@ -133,7 +166,7 @@ async fn main() -> ExitCode {
 
             let sereq = ClientRequest::PamAccountAllowed(account_id);
 
-            match call_daemon(cfg.sock_path.as_str(), sereq, cfg.unix_sock_timeout).await {
+            match daemon_client.call(&sereq, None).await {
                 Ok(r) => match r {
                     ClientResponse::PamStatus(Some(true)) => {
                         println!("account success!");
@@ -158,15 +191,7 @@ async fn main() -> ExitCode {
         KanidmUnixOpt::CacheClear { debug: _, really } => {
             debug!("Starting cache clear tool ...");
 
-            let cfg = match KanidmUnixdConfig::new()
-                .read_options_from_optional_config(DEFAULT_CONFIG_PATH)
-            {
-                Ok(c) => c,
-                Err(_e) => {
-                    error!("Failed to parse {}", DEFAULT_CONFIG_PATH);
-                    return ExitCode::FAILURE;
-                }
-            };
+            let mut daemon_client = setup_client!();
 
             if !really {
                 error!("Are you sure you want to proceed? If so use --really");
@@ -175,7 +200,7 @@ async fn main() -> ExitCode {
 
             let req = ClientRequest::ClearCache;
 
-            match call_daemon(cfg.sock_path.as_str(), req, cfg.unix_sock_timeout).await {
+            match daemon_client.call(&req, None).await {
                 Ok(r) => match r {
                     ClientResponse::Ok => info!("success"),
                     _ => {
@@ -192,19 +217,11 @@ async fn main() -> ExitCode {
         KanidmUnixOpt::CacheInvalidate { debug: _ } => {
             debug!("Starting cache invalidate tool ...");
 
-            let cfg = match KanidmUnixdConfig::new()
-                .read_options_from_optional_config(DEFAULT_CONFIG_PATH)
-            {
-                Ok(c) => c,
-                Err(_e) => {
-                    error!("Failed to parse {}", DEFAULT_CONFIG_PATH);
-                    return ExitCode::FAILURE;
-                }
-            };
+            let mut daemon_client = setup_client!();
 
             let req = ClientRequest::InvalidateCache;
 
-            match call_daemon(cfg.sock_path.as_str(), req, cfg.unix_sock_timeout).await {
+            match daemon_client.call(&req, None).await {
                 Ok(r) => match r {
                     ClientResponse::Ok => info!("success"),
                     _ => {
@@ -221,43 +238,26 @@ async fn main() -> ExitCode {
         KanidmUnixOpt::Status { debug: _ } => {
             trace!("Starting cache status tool ...");
 
-            let cfg = match KanidmUnixdConfig::new()
-                .read_options_from_optional_config(DEFAULT_CONFIG_PATH)
-            {
-                Ok(c) => c,
-                Err(_e) => {
-                    error!("Failed to parse {}", DEFAULT_CONFIG_PATH);
-                    return ExitCode::FAILURE;
-                }
-            };
-
+            let mut daemon_client = setup_client!();
             let req = ClientRequest::Status;
 
-            let spath = PathBuf::from(cfg.sock_path.as_str());
-            if !spath.exists() {
-                error!(
-                    "kanidm_unixd socket {} does not exist - is the service running?",
-                    cfg.sock_path
-                )
-            } else {
-                match call_daemon(cfg.sock_path.as_str(), req, cfg.unix_sock_timeout).await {
-                    Ok(r) => match r {
-                        ClientResponse::ProviderStatus(results) => {
-                            for provider in results {
-                                println!(
-                                    "{}: {}",
-                                    provider.name,
-                                    if provider.online { "online" } else { "offline" }
-                                );
-                            }
+            match daemon_client.call(&req, None).await {
+                Ok(r) => match r {
+                    ClientResponse::ProviderStatus(results) => {
+                        for provider in results {
+                            println!(
+                                "{}: {}",
+                                provider.name,
+                                if provider.online { "online" } else { "offline" }
+                            );
                         }
-                        _ => {
-                            error!("Error: unexpected response -> {:?}", r);
-                        }
-                    },
-                    Err(e) => {
-                        error!("Error -> {:?}", e);
                     }
+                    _ => {
+                        error!("Error: unexpected response -> {:?}", r);
+                    }
+                },
+                Err(e) => {
+                    error!("Error -> {:?}", e);
                 }
             }
             ExitCode::SUCCESS
diff --git a/unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs b/unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs
index 6adea63ce..e20ff3178 100644
--- a/unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs
+++ b/unix_integration/resolver/src/bin/kanidm_ssh_authorizedkeys.rs
@@ -17,7 +17,7 @@ use std::path::PathBuf;
 use std::process::ExitCode;
 
 use clap::Parser;
-use kanidm_unix_common::client::call_daemon;
+use kanidm_unix_common::client::DaemonClient;
 use kanidm_unix_common::constants::DEFAULT_CONFIG_PATH;
 use kanidm_unix_common::unix_config::KanidmUnixdConfig;
 use kanidm_unix_common::unix_proto::{ClientRequest, ClientResponse};
@@ -66,21 +66,37 @@ async fn main() -> ExitCode {
         );
         return ExitCode::FAILURE;
     }
+
+    let mut daemon_client =
+        match DaemonClient::new(cfg.sock_path.as_str(), cfg.unix_sock_timeout).await {
+            Ok(dc) => dc,
+            Err(err) => {
+                error!(
+                    "Failed to connect to resolver at {}-> {:?}",
+                    cfg.sock_path.as_str(),
+                    err
+                );
+                return ExitCode::FAILURE;
+            }
+        };
+
     // safe because we've already thrown an error if it's not there
     let req = ClientRequest::SshKey(opt.account_id.unwrap_or("".to_string()));
 
-    match call_daemon(cfg.sock_path.as_str(), req, cfg.unix_sock_timeout).await {
-        Ok(r) => match r {
-            ClientResponse::SshKeys(sk) => sk.iter().for_each(|k| {
+    match daemon_client.call(&req, None).await {
+        Ok(ClientResponse::SshKeys(sk)) => {
+            sk.iter().for_each(|k| {
                 println!("{}", k);
-            }),
-            _ => {
-                error!("Error calling kanidm_unixd: unexpected response -> {:?}", r);
-            }
-        },
+            });
+            ExitCode::SUCCESS
+        }
+        Ok(r) => {
+            error!("Error calling kanidm_unixd: unexpected response -> {:?}", r);
+            ExitCode::FAILURE
+        }
         Err(e) => {
             error!("Error calling kanidm_unixd -> {:?}", e);
+            ExitCode::FAILURE
         }
-    };
-    ExitCode::SUCCESS
+    }
 }

From b15ff89b39f79bafc200be2838fe39b3f983430c Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Sun, 9 Feb 2025 18:57:15 +1000
Subject: [PATCH 81/87] 20250206 freebsd ports (#3404)

* Remove unneeded files
* Ensure we config client config for freebsd
* Improve shell handling
* Use freebsd compat nss
---
 Cargo.lock                                    |    4 +-
 Cargo.toml                                    |    2 +
 libs/profiles/container_generic.toml          |    1 +
 libs/profiles/developer.toml                  |    1 +
 libs/profiles/release_freebsd.toml            |    1 +
 libs/profiles/release_linux.toml              |    1 +
 libs/profiles/src/lib.rs                      |    5 +
 platform/freebsd/client/Makefile.crates       |  624 --------
 platform/freebsd/client/distinfo              | 1251 -----------------
 .../client/files/kanidm_unixd_tasks.in        |    2 +-
 proto/Cargo.toml                              |    3 +
 proto/build.rs                                |    3 +
 proto/src/constants.rs                        |    2 +-
 unix_integration/common/src/constants.rs      |    6 +
 unix_integration/resolver/src/resolver.rs     |   78 +-
 15 files changed, 86 insertions(+), 1898 deletions(-)
 delete mode 100644 platform/freebsd/client/Makefile.crates
 delete mode 100644 platform/freebsd/client/distinfo
 create mode 100644 proto/build.rs

diff --git a/Cargo.lock b/Cargo.lock
index 6a8c1430b..dd52cc794 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3024,6 +3024,7 @@ dependencies = [
  "base64 0.22.1",
  "clap",
  "enum-iterator",
+ "kanidm_build_profiles",
  "num_enum",
  "scim_proto",
  "serde",
@@ -3405,8 +3406,7 @@ dependencies = [
 [[package]]
 name = "libnss"
 version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c4bc0291fc787d67c56e9ed79b80780e53bfb9be173177f301ee666cec1021b"
+source = "git+https://github.com/Firstyear/libnss-rs.git?branch=20250207-freebsd#763da4beaadc1e475b89ed876de31a5e393f6d30"
 dependencies = [
  "lazy_static",
  "libc",
diff --git a/Cargo.toml b/Cargo.toml
index d6c49b15b..e0467c81f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -120,6 +120,8 @@ codegen-units = 256
 
 # kanidm-hsm-crypto = { path = "../hsm-crypto" }
 
+libnss = { git = "https://github.com/Firstyear/libnss-rs.git", branch = "20250207-freebsd" }
+
 [workspace.dependencies]
 kanidmd_core = { path = "./server/core", version = "=1.5.0-dev" }
 kanidmd_lib = { path = "./server/lib", version = "=1.5.0-dev" }
diff --git a/libs/profiles/container_generic.toml b/libs/profiles/container_generic.toml
index 614d93bff..74eafeca7 100644
--- a/libs/profiles/container_generic.toml
+++ b/libs/profiles/container_generic.toml
@@ -3,5 +3,6 @@
 server_admin_bind_path = "/data/kanidmd.sock"
 server_ui_pkg_path = "/hpkg"
 server_config_path = "/data/server.toml"
+client_config_path = "/data/config"
 resolver_config_path = "/data/unixd"
 resolver_unix_shell_path = "/bin/false"
diff --git a/libs/profiles/developer.toml b/libs/profiles/developer.toml
index 42539e20f..8ef9cd876 100644
--- a/libs/profiles/developer.toml
+++ b/libs/profiles/developer.toml
@@ -3,5 +3,6 @@ cpu_flags = "native"
 server_admin_bind_path = "/tmp/kanidmd.sock"
 server_ui_pkg_path = "../core/static"
 server_config_path = "../../examples/insecure_server.toml"
+client_config_path = "/etc/kanidm/config"
 resolver_config_path = "/tmp/unixd"
 resolver_unix_shell_path = "/bin/bash"
diff --git a/libs/profiles/release_freebsd.toml b/libs/profiles/release_freebsd.toml
index 305da3d1c..70dfa197f 100644
--- a/libs/profiles/release_freebsd.toml
+++ b/libs/profiles/release_freebsd.toml
@@ -3,5 +3,6 @@
 server_admin_bind_path = "/var/run/kanidmd/sock"
 server_ui_pkg_path = "/usr/local/share/kanidm/ui/hpkg"
 server_config_path = "/usr/local/etc/kanidm/server.toml"
+client_config_path = "/usr/local/etc/kanidm/config"
 resolver_config_path = "/usr/local/etc/kanidm/unixd"
 resolver_unix_shell_path = "/bin/sh"
diff --git a/libs/profiles/release_linux.toml b/libs/profiles/release_linux.toml
index 1b12a2309..ac23c63ca 100644
--- a/libs/profiles/release_linux.toml
+++ b/libs/profiles/release_linux.toml
@@ -3,5 +3,6 @@
 server_admin_bind_path = "/var/run/kanidmd/sock"
 server_ui_pkg_path = "/usr/share/kanidm/ui/hpkg"
 server_config_path = "/etc/kanidm/server.toml"
+client_config_path = "/etc/kanidm/config"
 resolver_config_path = "/etc/kanidm/unixd"
 resolver_unix_shell_path = "/bin/bash"
diff --git a/libs/profiles/src/lib.rs b/libs/profiles/src/lib.rs
index 784987130..a0714eff3 100644
--- a/libs/profiles/src/lib.rs
+++ b/libs/profiles/src/lib.rs
@@ -59,6 +59,7 @@ struct ProfileConfig {
     server_admin_bind_path: String,
     server_config_path: String,
     server_ui_pkg_path: String,
+    client_config_path: String,
     resolver_config_path: String,
     resolver_unix_shell_path: String,
 }
@@ -139,6 +140,10 @@ pub fn apply_profile() {
         "cargo:rustc-env=KANIDM_SERVER_CONFIG_PATH={}",
         profile_cfg.server_config_path
     );
+    println!(
+        "cargo:rustc-env=KANIDM_CLIENT_CONFIG_PATH={}",
+        profile_cfg.client_config_path
+    );
     println!(
         "cargo:rustc-env=KANIDM_RESOLVER_CONFIG_PATH={}",
         profile_cfg.resolver_config_path
diff --git a/platform/freebsd/client/Makefile.crates b/platform/freebsd/client/Makefile.crates
deleted file mode 100644
index 461710e09..000000000
--- a/platform/freebsd/client/Makefile.crates
+++ /dev/null
@@ -1,624 +0,0 @@
-CARGO_CRATES=	addr2line-0.24.2 \
-		adler2-2.0.0 \
-		ahash-0.8.11 \
-		aho-corasick-1.1.3 \
-		allocator-api2-0.2.21 \
-		android-tzdata-0.1.1 \
-		android_system_properties-0.1.5 \
-		anstream-0.6.18 \
-		anstyle-1.0.10 \
-		anstyle-parse-0.2.6 \
-		anstyle-query-1.1.2 \
-		anstyle-wincon-3.0.6 \
-		anyhow-1.0.95 \
-		arc-swap-1.7.1 \
-		argon2-0.5.3 \
-		askama-0.12.1 \
-		askama_axum-0.4.0 \
-		askama_derive-0.12.5 \
-		askama_escape-0.10.3 \
-		askama_parser-0.2.1 \
-		asn1-rs-0.6.2 \
-		asn1-rs-derive-0.5.1 \
-		asn1-rs-impl-0.2.0 \
-		assert_cmd-2.0.16 \
-		async-compression-0.4.18 \
-		async-stream-0.3.6 \
-		async-stream-impl-0.3.6 \
-		async-trait-0.1.83 \
-		atomic-waker-1.1.2 \
-		authenticator-0.4.1 \
-		autocfg-1.4.0 \
-		axum-0.6.20 \
-		axum-0.7.9 \
-		axum-core-0.3.4 \
-		axum-core-0.4.5 \
-		axum-extra-0.9.6 \
-		axum-htmx-0.5.0 \
-		axum-macros-0.4.2 \
-		axum-server-0.7.1 \
-		backtrace-0.3.74 \
-		base32-0.5.1 \
-		base64-0.13.1 \
-		base64-0.21.7 \
-		base64-0.22.1 \
-		base64ct-1.6.0 \
-		base64urlsafedata-0.5.1 \
-		basic-toml-0.1.9 \
-		bindgen-0.66.1 \
-		bindgen-0.70.1 \
-		bit-set-0.5.3 \
-		bit-set-0.8.0 \
-		bit-vec-0.6.3 \
-		bit-vec-0.8.0 \
-		bitfield-0.13.2 \
-		bitflags-1.3.2 \
-		bitflags-2.6.0 \
-		blake2-0.10.6 \
-		block-buffer-0.10.4 \
-		borrow-or-share-0.2.2 \
-		bstr-1.11.1 \
-		bumpalo-3.16.0 \
-		bytecount-0.6.8 \
-		bytemuck-1.21.0 \
-		byteorder-1.5.0 \
-		bytes-1.9.0 \
-		cc-1.2.5 \
-		cexpr-0.6.0 \
-		cfg-if-1.0.0 \
-		cfg_aliases-0.2.1 \
-		checked_int_cast-1.0.0 \
-		chrono-0.4.39 \
-		clang-sys-1.8.1 \
-		clap-4.5.23 \
-		clap_builder-4.5.23 \
-		clap_complete-4.5.40 \
-		clap_derive-4.5.18 \
-		clap_lex-0.7.4 \
-		clru-0.6.2 \
-		color_quant-1.1.0 \
-		colorchoice-1.0.3 \
-		compact_jwt-0.4.3 \
-		concread-0.5.3 \
-		console-0.15.10 \
-		const-oid-0.9.6 \
-		cookie-0.16.2 \
-		cookie-0.18.1 \
-		cookie_store-0.21.1 \
-		core-foundation-0.9.4 \
-		core-foundation-0.10.0 \
-		core-foundation-sys-0.8.7 \
-		cpufeatures-0.2.16 \
-		crc32fast-1.4.2 \
-		cron-0.12.1 \
-		crossbeam-0.8.4 \
-		crossbeam-channel-0.5.14 \
-		crossbeam-deque-0.8.6 \
-		crossbeam-epoch-0.9.18 \
-		crossbeam-queue-0.3.12 \
-		crossbeam-utils-0.8.21 \
-		crypto-common-0.1.6 \
-		csv-1.3.1 \
-		csv-core-0.1.11 \
-		darling-0.14.4 \
-		darling-0.20.10 \
-		darling_core-0.14.4 \
-		darling_core-0.20.10 \
-		darling_macro-0.14.4 \
-		darling_macro-0.20.10 \
-		data-encoding-2.6.0 \
-		der-0.7.9 \
-		der-parser-9.0.0 \
-		der_derive-0.7.3 \
-		deranged-0.3.11 \
-		derive_builder-0.12.0 \
-		derive_builder_core-0.12.0 \
-		derive_builder_macro-0.12.0 \
-		devd-rs-0.3.6 \
-		dhat-0.3.3 \
-		dialoguer-0.10.4 \
-		difflib-0.4.0 \
-		digest-0.10.7 \
-		dirs-4.0.0 \
-		dirs-sys-0.3.7 \
-		displaydoc-0.2.5 \
-		doc-comment-0.3.3 \
-		document-features-0.2.10 \
-		dunce-1.0.5 \
-		dyn-clone-1.0.17 \
-		either-1.13.0 \
-		email_address-0.2.9 \
-		encode_unicode-1.0.0 \
-		encoding_rs-0.8.35 \
-		enum-iterator-2.1.0 \
-		enum-iterator-derive-1.4.0 \
-		enumflags2-0.7.10 \
-		enumflags2_derive-0.7.10 \
-		equivalent-1.0.1 \
-		errno-0.3.10 \
-		escargot-0.5.13 \
-		fallible-iterator-0.2.0 \
-		fallible-streaming-iterator-0.1.9 \
-		fancy-regex-0.11.0 \
-		fancy-regex-0.14.0 \
-		fantoccini-0.21.3 \
-		faster-hex-0.9.0 \
-		fastrand-2.3.0 \
-		fernet-0.2.2 \
-		file-id-0.1.0 \
-		filetime-0.2.25 \
-		fixedbitset-0.4.2 \
-		flagset-0.4.6 \
-		flate2-1.0.35 \
-		fluent-uri-0.3.2 \
-		fnv-1.0.7 \
-		foldhash-0.1.4 \
-		foreign-types-0.3.2 \
-		foreign-types-shared-0.1.1 \
-		form_urlencoded-1.2.1 \
-		fraction-0.15.3 \
-		fs4-0.8.4 \
-		fsevent-sys-4.1.0 \
-		futures-0.3.31 \
-		futures-channel-0.3.31 \
-		futures-core-0.3.31 \
-		futures-executor-0.3.31 \
-		futures-io-0.3.31 \
-		futures-macro-0.3.31 \
-		futures-sink-0.3.31 \
-		futures-task-0.3.31 \
-		futures-util-0.3.31 \
-		generic-array-0.14.7 \
-		gethostname-0.5.0 \
-		getrandom-0.2.15 \
-		gif-0.13.1 \
-		gimli-0.31.1 \
-		gix-0.64.0 \
-		gix-actor-0.31.5 \
-		gix-chunk-0.4.10 \
-		gix-commitgraph-0.24.3 \
-		gix-config-0.38.0 \
-		gix-config-value-0.14.10 \
-		gix-date-0.8.7 \
-		gix-diff-0.44.1 \
-		gix-discover-0.33.0 \
-		gix-features-0.38.2 \
-		gix-fs-0.11.3 \
-		gix-glob-0.16.5 \
-		gix-hash-0.14.2 \
-		gix-hashtable-0.5.2 \
-		gix-lock-14.0.0 \
-		gix-macros-0.1.5 \
-		gix-object-0.42.3 \
-		gix-odb-0.61.1 \
-		gix-pack-0.51.1 \
-		gix-path-0.10.13 \
-		gix-quote-0.4.14 \
-		gix-ref-0.45.0 \
-		gix-refspec-0.23.1 \
-		gix-revision-0.27.2 \
-		gix-revwalk-0.13.2 \
-		gix-sec-0.10.10 \
-		gix-tempfile-14.0.2 \
-		gix-trace-0.1.11 \
-		gix-traverse-0.39.2 \
-		gix-url-0.27.5 \
-		gix-utils-0.1.13 \
-		gix-validate-0.8.5 \
-		glob-0.3.1 \
-		h2-0.3.26 \
-		h2-0.4.7 \
-		half-1.8.3 \
-		hashbrown-0.12.3 \
-		hashbrown-0.14.5 \
-		hashbrown-0.15.2 \
-		hashlink-0.8.4 \
-		heck-0.5.0 \
-		hex-0.4.3 \
-		home-0.5.11 \
-		hostname-validator-1.1.1 \
-		http-0.2.12 \
-		http-1.2.0 \
-		http-body-0.4.6 \
-		http-body-1.0.1 \
-		http-body-util-0.1.2 \
-		http-range-header-0.4.2 \
-		httparse-1.9.5 \
-		httpdate-1.0.3 \
-		humansize-2.1.3 \
-		hyper-0.14.32 \
-		hyper-1.5.2 \
-		hyper-rustls-0.24.2 \
-		hyper-rustls-0.27.5 \
-		hyper-timeout-0.4.1 \
-		hyper-tls-0.6.0 \
-		hyper-util-0.1.10 \
-		iana-time-zone-0.1.61 \
-		iana-time-zone-haiku-0.1.2 \
-		icu_collections-1.5.0 \
-		icu_locid-1.5.0 \
-		icu_locid_transform-1.5.0 \
-		icu_locid_transform_data-1.5.0 \
-		icu_normalizer-1.5.0 \
-		icu_normalizer_data-1.5.0 \
-		icu_properties-1.5.1 \
-		icu_properties_data-1.5.0 \
-		icu_provider-1.5.0 \
-		icu_provider_macros-1.5.0 \
-		ident_case-1.0.1 \
-		idlset-0.2.5 \
-		idna-1.0.3 \
-		idna_adapter-1.2.0 \
-		image-0.23.14 \
-		image-0.24.9 \
-		indexmap-1.9.3 \
-		indexmap-2.7.0 \
-		inotify-0.9.6 \
-		inotify-sys-0.1.5 \
-		ipnet-2.10.1 \
-		is_terminal_polyfill-1.70.1 \
-		itertools-0.10.5 \
-		itertools-0.13.0 \
-		itoa-1.0.14 \
-		jpeg-decoder-0.3.1 \
-		js-sys-0.3.76 \
-		jsonschema-0.28.0 \
-		kanidm-hsm-crypto-0.2.0 \
-		kqueue-1.0.8 \
-		kqueue-sys-1.0.4 \
-		lazy_static-1.5.0 \
-		lazycell-1.3.0 \
-		lber-0.4.2 \
-		ldap3_client-0.5.2 \
-		ldap3_proto-0.5.2 \
-		libc-0.2.169 \
-		libloading-0.8.6 \
-		libm-0.2.11 \
-		libmimalloc-sys-0.1.39 \
-		libnss-0.8.0 \
-		libredox-0.1.3 \
-		libsqlite3-sys-0.25.2 \
-		libudev-0.2.0 \
-		libudev-sys-0.1.4 \
-		linux-raw-sys-0.4.14 \
-		litemap-0.7.4 \
-		litrs-0.4.1 \
-		lock_api-0.4.12 \
-		lodepng-3.10.7 \
-		log-0.4.22 \
-		lru-0.12.5 \
-		malloced-1.3.1 \
-		matchers-0.1.0 \
-		matchit-0.7.3 \
-		mathru-0.13.0 \
-		memchr-2.7.4 \
-		memmap2-0.9.5 \
-		memoffset-0.8.0 \
-		mimalloc-0.1.43 \
-		mime-0.3.17 \
-		mime_guess-2.0.5 \
-		minimal-lexical-0.2.1 \
-		miniz_oxide-0.8.2 \
-		mintex-0.1.3 \
-		mio-0.8.11 \
-		mio-1.0.3 \
-		multer-3.1.0 \
-		native-tls-0.2.12 \
-		nix-0.29.0 \
-		nom-7.1.3 \
-		nonempty-0.8.1 \
-		notify-6.1.1 \
-		notify-debouncer-full-0.1.0 \
-		nu-ansi-term-0.46.0 \
-		num-0.4.3 \
-		num-bigint-0.4.6 \
-		num-cmp-0.1.0 \
-		num-complex-0.4.6 \
-		num-conv-0.1.0 \
-		num-derive-0.3.3 \
-		num-integer-0.1.46 \
-		num-iter-0.1.45 \
-		num-rational-0.3.2 \
-		num-rational-0.4.2 \
-		num-traits-0.2.19 \
-		num_enum-0.5.11 \
-		num_enum_derive-0.5.11 \
-		num_threads-0.1.7 \
-		oauth2-4.4.2 \
-		object-0.36.5 \
-		oid-0.2.1 \
-		oid-registry-0.7.1 \
-		once_cell-1.20.2 \
-		openssl-0.10.68 \
-		openssl-macros-0.1.1 \
-		openssl-probe-0.1.5 \
-		openssl-sys-0.9.104 \
-		opentelemetry-0.20.0 \
-		opentelemetry-http-0.9.0 \
-		opentelemetry-otlp-0.13.0 \
-		opentelemetry-proto-0.3.0 \
-		opentelemetry-semantic-conventions-0.12.0 \
-		opentelemetry_api-0.20.0 \
-		opentelemetry_sdk-0.20.0 \
-		ordered-float-3.9.2 \
-		outref-0.5.1 \
-		overload-0.1.1 \
-		parking_lot-0.12.3 \
-		parking_lot_core-0.9.10 \
-		password-hash-0.5.0 \
-		paste-1.0.15 \
-		peeking_take_while-0.1.2 \
-		peg-0.8.4 \
-		peg-macros-0.8.4 \
-		peg-runtime-0.8.3 \
-		pem-rfc7468-0.7.0 \
-		percent-encoding-2.3.1 \
-		petgraph-0.6.5 \
-		picky-asn1-0.8.0 \
-		picky-asn1-der-0.4.1 \
-		picky-asn1-x509-0.12.0 \
-		pin-project-1.1.7 \
-		pin-project-internal-1.1.7 \
-		pin-project-lite-0.2.15 \
-		pin-utils-0.1.0 \
-		pkg-config-0.3.31 \
-		powerfmt-0.2.0 \
-		ppv-lite86-0.2.20 \
-		prctl-1.0.0 \
-		predicates-3.1.3 \
-		predicates-core-1.0.9 \
-		predicates-tree-1.0.12 \
-		prettyplease-0.2.25 \
-		proc-macro-crate-1.3.1 \
-		proc-macro-error-1.0.4 \
-		proc-macro-error-attr-1.0.4 \
-		proc-macro2-1.0.92 \
-		prodash-28.0.0 \
-		prost-0.11.9 \
-		prost-derive-0.11.9 \
-		psl-types-2.0.11 \
-		publicsuffix-2.3.0 \
-		qrcode-0.12.0 \
-		quick-error-2.0.1 \
-		quinn-0.11.6 \
-		quinn-proto-0.11.9 \
-		quinn-udp-0.5.9 \
-		quote-1.0.38 \
-		rand-0.8.5 \
-		rand_chacha-0.3.1 \
-		rand_core-0.6.4 \
-		redox_syscall-0.5.8 \
-		redox_users-0.4.6 \
-		ref-cast-1.0.23 \
-		ref-cast-impl-1.0.23 \
-		reference-counted-singleton-0.1.5 \
-		referencing-0.28.0 \
-		regex-1.11.1 \
-		regex-automata-0.1.10 \
-		regex-automata-0.4.9 \
-		regex-syntax-0.6.29 \
-		regex-syntax-0.8.5 \
-		reqwest-0.11.27 \
-		reqwest-0.12.11 \
-		rgb-0.8.50 \
-		ring-0.17.8 \
-		rpassword-5.0.1 \
-		runloop-0.1.0 \
-		rusqlite-0.28.0 \
-		rust-embed-8.5.0 \
-		rust-embed-impl-8.5.0 \
-		rust-embed-utils-8.5.0 \
-		rustc-demangle-0.1.24 \
-		rustc-hash-1.1.0 \
-		rustc-hash-2.1.0 \
-		rusticata-macros-4.1.0 \
-		rustix-0.38.42 \
-		rustls-0.21.12 \
-		rustls-0.23.20 \
-		rustls-native-certs-0.8.1 \
-		rustls-pemfile-1.0.4 \
-		rustls-pemfile-2.2.0 \
-		rustls-pki-types-1.10.1 \
-		rustls-webpki-0.101.7 \
-		rustls-webpki-0.102.8 \
-		rustversion-1.0.18 \
-		ryu-1.0.18 \
-		same-file-1.0.6 \
-		schannel-0.1.27 \
-		scopeguard-1.2.0 \
-		sct-0.7.1 \
-		sd-notify-0.4.3 \
-		security-framework-2.11.1 \
-		security-framework-3.1.0 \
-		security-framework-sys-2.13.0 \
-		selinux-0.4.6 \
-		selinux-sys-0.6.13 \
-		semver-1.0.24 \
-		serde-1.0.217 \
-		serde_bytes-0.11.15 \
-		serde_cbor-0.11.2 \
-		serde_cbor_2-0.12.0-dev \
-		serde_derive-1.0.217 \
-		serde_json-1.0.134 \
-		serde_path_to_error-0.1.16 \
-		serde_urlencoded-0.7.1 \
-		serde_with-3.12.0 \
-		serde_with_macros-3.12.0 \
-		sha-crypt-0.5.0 \
-		sha1_smol-1.0.1 \
-		sha2-0.10.8 \
-		sharded-slab-0.1.7 \
-		shell-words-1.1.0 \
-		shellexpand-2.1.2 \
-		shlex-1.3.0 \
-		signal-hook-registry-1.4.2 \
-		slab-0.4.9 \
-		smallvec-1.13.2 \
-		smartstring-1.0.1 \
-		smolset-1.3.1 \
-		socket2-0.5.8 \
-		spin-0.9.8 \
-		spki-0.7.3 \
-		sptr-0.3.2 \
-		sshkey-attest-0.5.0 \
-		sshkeys-0.3.3 \
-		stable_deref_trait-1.2.0 \
-		static_assertions-1.1.0 \
-		strsim-0.10.0 \
-		strsim-0.11.1 \
-		subtle-2.6.1 \
-		svg-0.13.1 \
-		syn-1.0.109 \
-		syn-2.0.93 \
-		sync_wrapper-0.1.2 \
-		sync_wrapper-1.0.2 \
-		synstructure-0.13.1 \
-		system-configuration-0.5.1 \
-		system-configuration-sys-0.5.0 \
-		target-lexicon-0.12.16 \
-		tempfile-3.14.0 \
-		termtree-0.5.1 \
-		thiserror-1.0.69 \
-		thiserror-2.0.8 \
-		thiserror-impl-1.0.69 \
-		thiserror-impl-2.0.8 \
-		thousands-0.2.0 \
-		thread_local-1.1.8 \
-		time-0.3.37 \
-		time-core-0.1.2 \
-		time-macros-0.2.19 \
-		tinystr-0.7.6 \
-		tinyvec-1.8.1 \
-		tinyvec_macros-0.1.1 \
-		tls_codec-0.4.1 \
-		tls_codec_derive-0.4.1 \
-		tokio-1.42.0 \
-		tokio-io-timeout-1.2.0 \
-		tokio-macros-2.4.0 \
-		tokio-native-tls-0.3.1 \
-		tokio-openssl-0.6.5 \
-		tokio-rustls-0.24.1 \
-		tokio-rustls-0.26.1 \
-		tokio-stream-0.1.17 \
-		tokio-util-0.7.13 \
-		toml-0.5.11 \
-		toml_datetime-0.6.8 \
-		toml_edit-0.19.15 \
-		tonic-0.9.2 \
-		tower-0.4.13 \
-		tower-0.5.2 \
-		tower-http-0.6.2 \
-		tower-layer-0.3.3 \
-		tower-service-0.3.3 \
-		tracing-0.1.41 \
-		tracing-attributes-0.1.28 \
-		tracing-core-0.1.33 \
-		tracing-forest-0.1.6 \
-		tracing-log-0.1.4 \
-		tracing-log-0.2.0 \
-		tracing-opentelemetry-0.21.0 \
-		tracing-subscriber-0.3.19 \
-		try-lock-0.2.5 \
-		tss-esapi-8.0.0-alpha \
-		tss-esapi-sys-0.5.0 \
-		typenum-1.17.0 \
-		unicase-2.8.0 \
-		unicode-bom-2.0.3 \
-		unicode-ident-1.0.14 \
-		unicode-normalization-0.1.24 \
-		unicode-segmentation-1.12.0 \
-		unicode-width-0.2.0 \
-		untrusted-0.9.0 \
-		url-2.5.4 \
-		urlencoding-2.1.3 \
-		utf16_iter-1.0.5 \
-		utf8_iter-1.0.4 \
-		utf8parse-0.2.2 \
-		utoipa-4.2.3 \
-		utoipa-gen-4.3.1 \
-		utoipa-swagger-ui-6.0.0 \
-		uuid-1.11.0 \
-		uuid-simd-0.8.0 \
-		valuable-0.1.0 \
-		vcpkg-0.2.15 \
-		version_check-0.9.5 \
-		vsimd-0.8.0 \
-		wait-timeout-0.2.0 \
-		walkdir-2.5.0 \
-		want-0.3.1 \
-		wasi-0.11.0+wasi-snapshot-preview1 \
-		wasite-0.1.0 \
-		wasm-bindgen-0.2.99 \
-		wasm-bindgen-backend-0.2.99 \
-		wasm-bindgen-futures-0.4.49 \
-		wasm-bindgen-macro-0.2.99 \
-		wasm-bindgen-macro-support-0.2.99 \
-		wasm-bindgen-shared-0.2.99 \
-		web-sys-0.3.76 \
-		web-time-1.1.0 \
-		webauthn-attestation-ca-0.5.1 \
-		webauthn-authenticator-rs-0.5.1 \
-		webauthn-rs-0.5.1 \
-		webauthn-rs-core-0.5.1 \
-		webauthn-rs-proto-0.5.1 \
-		webdriver-0.50.0 \
-		webpki-roots-0.25.4 \
-		webpki-roots-0.26.7 \
-		weezl-0.1.8 \
-		which-4.4.2 \
-		whoami-1.5.2 \
-		winapi-0.3.9 \
-		winapi-i686-pc-windows-gnu-0.4.0 \
-		winapi-util-0.1.9 \
-		winapi-x86_64-pc-windows-gnu-0.4.0 \
-		windows-0.41.0 \
-		windows-core-0.52.0 \
-		windows-registry-0.2.0 \
-		windows-result-0.2.0 \
-		windows-strings-0.1.0 \
-		windows-sys-0.48.0 \
-		windows-sys-0.52.0 \
-		windows-sys-0.59.0 \
-		windows-targets-0.48.5 \
-		windows-targets-0.52.6 \
-		windows_aarch64_gnullvm-0.41.0 \
-		windows_aarch64_gnullvm-0.48.5 \
-		windows_aarch64_gnullvm-0.52.6 \
-		windows_aarch64_msvc-0.41.0 \
-		windows_aarch64_msvc-0.48.5 \
-		windows_aarch64_msvc-0.52.6 \
-		windows_i686_gnu-0.41.0 \
-		windows_i686_gnu-0.48.5 \
-		windows_i686_gnu-0.52.6 \
-		windows_i686_gnullvm-0.52.6 \
-		windows_i686_msvc-0.41.0 \
-		windows_i686_msvc-0.48.5 \
-		windows_i686_msvc-0.52.6 \
-		windows_x86_64_gnu-0.41.0 \
-		windows_x86_64_gnu-0.48.5 \
-		windows_x86_64_gnu-0.52.6 \
-		windows_x86_64_gnullvm-0.41.0 \
-		windows_x86_64_gnullvm-0.48.5 \
-		windows_x86_64_gnullvm-0.52.6 \
-		windows_x86_64_msvc-0.41.0 \
-		windows_x86_64_msvc-0.48.5 \
-		windows_x86_64_msvc-0.52.6 \
-		winnow-0.5.40 \
-		winnow-0.6.20 \
-		winreg-0.50.0 \
-		write16-1.0.0 \
-		writeable-0.5.5 \
-		x509-cert-0.2.5 \
-		x509-parser-0.16.0 \
-		yoke-0.7.5 \
-		yoke-derive-0.7.5 \
-		zerocopy-0.7.35 \
-		zerocopy-derive-0.7.35 \
-		zerofrom-0.1.5 \
-		zerofrom-derive-0.1.5 \
-		zeroize-1.8.1 \
-		zeroize_derive-1.4.2 \
-		zerovec-0.10.4 \
-		zerovec-derive-0.10.3 \
-		zip-0.6.6 \
-		zxcvbn-2.2.2
diff --git a/platform/freebsd/client/distinfo b/platform/freebsd/client/distinfo
deleted file mode 100644
index 504decd07..000000000
--- a/platform/freebsd/client/distinfo
+++ /dev/null
@@ -1,1251 +0,0 @@
-TIMESTAMP = 1735779262
-SHA256 (rust/crates/addr2line-0.24.2.crate) = dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1
-SIZE (rust/crates/addr2line-0.24.2.crate) = 39015
-SHA256 (rust/crates/adler2-2.0.0.crate) = 512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627
-SIZE (rust/crates/adler2-2.0.0.crate) = 13529
-SHA256 (rust/crates/ahash-0.8.11.crate) = e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011
-SIZE (rust/crates/ahash-0.8.11.crate) = 43607
-SHA256 (rust/crates/aho-corasick-1.1.3.crate) = 8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916
-SIZE (rust/crates/aho-corasick-1.1.3.crate) = 183311
-SHA256 (rust/crates/allocator-api2-0.2.21.crate) = 683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923
-SIZE (rust/crates/allocator-api2-0.2.21.crate) = 63622
-SHA256 (rust/crates/android-tzdata-0.1.1.crate) = e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0
-SIZE (rust/crates/android-tzdata-0.1.1.crate) = 7674
-SHA256 (rust/crates/android_system_properties-0.1.5.crate) = 819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311
-SIZE (rust/crates/android_system_properties-0.1.5.crate) = 5243
-SHA256 (rust/crates/anstream-0.6.18.crate) = 8acc5369981196006228e28809f761875c0327210a891e941f4c683b3a99529b
-SIZE (rust/crates/anstream-0.6.18.crate) = 29681
-SHA256 (rust/crates/anstyle-1.0.10.crate) = 55cc3b69f167a1ef2e161439aa98aed94e6028e5f9a59be9a6ffb47aef1651f9
-SIZE (rust/crates/anstyle-1.0.10.crate) = 15725
-SHA256 (rust/crates/anstyle-parse-0.2.6.crate) = 3b2d16507662817a6a20a9ea92df6652ee4f94f914589377d69f3b21bc5798a9
-SIZE (rust/crates/anstyle-parse-0.2.6.crate) = 22343
-SHA256 (rust/crates/anstyle-query-1.1.2.crate) = 79947af37f4177cfead1110013d678905c37501914fba0efea834c3fe9a8d60c
-SIZE (rust/crates/anstyle-query-1.1.2.crate) = 9969
-SHA256 (rust/crates/anstyle-wincon-3.0.6.crate) = 2109dbce0e72be3ec00bed26e6a7479ca384ad226efdd66db8fa2e3a38c83125
-SIZE (rust/crates/anstyle-wincon-3.0.6.crate) = 12271
-SHA256 (rust/crates/anyhow-1.0.95.crate) = 34ac096ce696dc2fcabef30516bb13c0a68a11d30131d3df6f04711467681b04
-SIZE (rust/crates/anyhow-1.0.95.crate) = 52155
-SHA256 (rust/crates/arc-swap-1.7.1.crate) = 69f7f8c3906b62b754cd5326047894316021dcfe5a194c8ea52bdd94934a3457
-SIZE (rust/crates/arc-swap-1.7.1.crate) = 68512
-SHA256 (rust/crates/argon2-0.5.3.crate) = 3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072
-SIZE (rust/crates/argon2-0.5.3.crate) = 28795
-SHA256 (rust/crates/askama-0.12.1.crate) = b79091df18a97caea757e28cd2d5fda49c6cd4bd01ddffd7ff01ace0c0ad2c28
-SIZE (rust/crates/askama-0.12.1.crate) = 16976
-SHA256 (rust/crates/askama_axum-0.4.0.crate) = a41603f7cdbf5ac4af60760f17253eb6adf6ec5b6f14a7ed830cf687d375f163
-SIZE (rust/crates/askama_axum-0.4.0.crate) = 6649
-SHA256 (rust/crates/askama_derive-0.12.5.crate) = 19fe8d6cb13c4714962c072ea496f3392015f0989b1a2847bb4b2d9effd71d83
-SIZE (rust/crates/askama_derive-0.12.5.crate) = 31218
-SHA256 (rust/crates/askama_escape-0.10.3.crate) = 619743e34b5ba4e9703bba34deac3427c72507c7159f5fd030aea8cac0cfe341
-SIZE (rust/crates/askama_escape-0.10.3.crate) = 8875
-SHA256 (rust/crates/askama_parser-0.2.1.crate) = acb1161c6b64d1c3d83108213c2a2533a342ac225aabd0bda218278c2ddb00c0
-SIZE (rust/crates/askama_parser-0.2.1.crate) = 20707
-SHA256 (rust/crates/asn1-rs-0.6.2.crate) = 5493c3bedbacf7fd7382c6346bbd66687d12bbaad3a89a2d2c303ee6cf20b048
-SIZE (rust/crates/asn1-rs-0.6.2.crate) = 90647
-SHA256 (rust/crates/asn1-rs-derive-0.5.1.crate) = 965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490
-SIZE (rust/crates/asn1-rs-derive-0.5.1.crate) = 9692
-SHA256 (rust/crates/asn1-rs-impl-0.2.0.crate) = 7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7
-SIZE (rust/crates/asn1-rs-impl-0.2.0.crate) = 2261
-SHA256 (rust/crates/assert_cmd-2.0.16.crate) = dc1835b7f27878de8525dc71410b5a31cdcc5f230aed5ba5df968e09c201b23d
-SIZE (rust/crates/assert_cmd-2.0.16.crate) = 26554
-SHA256 (rust/crates/async-compression-0.4.18.crate) = df895a515f70646414f4b45c0b79082783b80552b373a68283012928df56f522
-SIZE (rust/crates/async-compression-0.4.18.crate) = 111919
-SHA256 (rust/crates/async-stream-0.3.6.crate) = 0b5a71a6f37880a80d1d7f19efd781e4b5de42c88f0722cc13bcb6cc2cfe8476
-SIZE (rust/crates/async-stream-0.3.6.crate) = 13823
-SHA256 (rust/crates/async-stream-impl-0.3.6.crate) = c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d
-SIZE (rust/crates/async-stream-impl-0.3.6.crate) = 4312
-SHA256 (rust/crates/async-trait-0.1.83.crate) = 721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd
-SIZE (rust/crates/async-trait-0.1.83.crate) = 29054
-SHA256 (rust/crates/atomic-waker-1.1.2.crate) = 1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0
-SIZE (rust/crates/atomic-waker-1.1.2.crate) = 12422
-SHA256 (rust/crates/authenticator-0.4.1.crate) = 82d71e457dc518a15eecc90d3b0660dee4b51623b34ac4262c9326e0d7e0f8e2
-SIZE (rust/crates/authenticator-0.4.1.crate) = 198210
-SHA256 (rust/crates/autocfg-1.4.0.crate) = ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26
-SIZE (rust/crates/autocfg-1.4.0.crate) = 17712
-SHA256 (rust/crates/axum-0.6.20.crate) = 3b829e4e32b91e643de6eafe82b1d90675f5874230191a4ffbc1b336dec4d6bf
-SIZE (rust/crates/axum-0.6.20.crate) = 146227
-SHA256 (rust/crates/axum-0.7.9.crate) = edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f
-SIZE (rust/crates/axum-0.7.9.crate) = 155272
-SHA256 (rust/crates/axum-core-0.3.4.crate) = 759fa577a247914fd3f7f76d62972792636412fbfd634cd452f6a385a74d2d2c
-SIZE (rust/crates/axum-core-0.3.4.crate) = 21088
-SHA256 (rust/crates/axum-core-0.4.5.crate) = 09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199
-SIZE (rust/crates/axum-core-0.4.5.crate) = 22183
-SHA256 (rust/crates/axum-extra-0.9.6.crate) = c794b30c904f0a1c2fb7740f7df7f7972dfaa14ef6f57cb6178dc63e5dca2f04
-SIZE (rust/crates/axum-extra-0.9.6.crate) = 47663
-SHA256 (rust/crates/axum-htmx-0.5.0.crate) = 40f7051fdc094b6e5ea06cab9bca4b198c54dee4472a9419155f0ff19f19901e
-SIZE (rust/crates/axum-htmx-0.5.0.crate) = 15894
-SHA256 (rust/crates/axum-macros-0.4.2.crate) = 57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce
-SIZE (rust/crates/axum-macros-0.4.2.crate) = 39245
-SHA256 (rust/crates/axum-server-0.7.1.crate) = 56bac90848f6a9393ac03c63c640925c4b7c8ca21654de40d53f55964667c7d8
-SIZE (rust/crates/axum-server-0.7.1.crate) = 41684
-SHA256 (rust/crates/backtrace-0.3.74.crate) = 8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a
-SIZE (rust/crates/backtrace-0.3.74.crate) = 88516
-SHA256 (rust/crates/base32-0.5.1.crate) = 022dfe9eb35f19ebbcb51e0b40a5ab759f46ad60cadf7297e0bd085afb50e076
-SIZE (rust/crates/base32-0.5.1.crate) = 9238
-SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8
-SIZE (rust/crates/base64-0.13.1.crate) = 61002
-SHA256 (rust/crates/base64-0.21.7.crate) = 9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567
-SIZE (rust/crates/base64-0.21.7.crate) = 82576
-SHA256 (rust/crates/base64-0.22.1.crate) = 72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6
-SIZE (rust/crates/base64-0.22.1.crate) = 81597
-SHA256 (rust/crates/base64ct-1.6.0.crate) = 8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b
-SIZE (rust/crates/base64ct-1.6.0.crate) = 28870
-SHA256 (rust/crates/base64urlsafedata-0.5.1.crate) = 72f0ad38ce7fbed55985ad5b2197f05cff8324ee6eb6638304e78f0108fae56c
-SIZE (rust/crates/base64urlsafedata-0.5.1.crate) = 5683
-SHA256 (rust/crates/basic-toml-0.1.9.crate) = 823388e228f614e9558c6804262db37960ec8821856535f5c3f59913140558f8
-SIZE (rust/crates/basic-toml-0.1.9.crate) = 50234
-SHA256 (rust/crates/bindgen-0.66.1.crate) = f2b84e06fc203107bfbad243f4aba2af864eb7db3b1cf46ea0a023b0b433d2a7
-SIZE (rust/crates/bindgen-0.66.1.crate) = 218860
-SHA256 (rust/crates/bindgen-0.70.1.crate) = f49d8fed880d473ea71efb9bf597651e77201bdd4893efe54c9e5d65ae04ce6f
-SIZE (rust/crates/bindgen-0.70.1.crate) = 226363
-SHA256 (rust/crates/bit-set-0.5.3.crate) = 0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1
-SIZE (rust/crates/bit-set-0.5.3.crate) = 14470
-SHA256 (rust/crates/bit-set-0.8.0.crate) = 08807e080ed7f9d5433fa9b275196cfc35414f66a0c79d864dc51a0d825231a3
-SIZE (rust/crates/bit-set-0.8.0.crate) = 16289
-SHA256 (rust/crates/bit-vec-0.6.3.crate) = 349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb
-SIZE (rust/crates/bit-vec-0.6.3.crate) = 19927
-SHA256 (rust/crates/bit-vec-0.8.0.crate) = 5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7
-SIZE (rust/crates/bit-vec-0.8.0.crate) = 24132
-SHA256 (rust/crates/bitfield-0.13.2.crate) = 46afbd2983a5d5a7bd740ccb198caf5b82f45c40c09c0eed36052d91cb92e719
-SIZE (rust/crates/bitfield-0.13.2.crate) = 16479
-SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a
-SIZE (rust/crates/bitflags-1.3.2.crate) = 23021
-SHA256 (rust/crates/bitflags-2.6.0.crate) = b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de
-SIZE (rust/crates/bitflags-2.6.0.crate) = 45357
-SHA256 (rust/crates/blake2-0.10.6.crate) = 46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe
-SIZE (rust/crates/blake2-0.10.6.crate) = 47234
-SHA256 (rust/crates/block-buffer-0.10.4.crate) = 3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71
-SIZE (rust/crates/block-buffer-0.10.4.crate) = 10538
-SHA256 (rust/crates/borrow-or-share-0.2.2.crate) = 3eeab4423108c5d7c744f4d234de88d18d636100093ae04caf4825134b9c3a32
-SIZE (rust/crates/borrow-or-share-0.2.2.crate) = 4871
-SHA256 (rust/crates/bstr-1.11.1.crate) = 786a307d683a5bf92e6fd5fd69a7eb613751668d1d8d67d802846dfe367c62c8
-SIZE (rust/crates/bstr-1.11.1.crate) = 351485
-SHA256 (rust/crates/bumpalo-3.16.0.crate) = 79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c
-SIZE (rust/crates/bumpalo-3.16.0.crate) = 85677
-SHA256 (rust/crates/bytecount-0.6.8.crate) = 5ce89b21cab1437276d2650d57e971f9d548a2d9037cc231abdc0562b97498ce
-SIZE (rust/crates/bytecount-0.6.8.crate) = 14694
-SHA256 (rust/crates/bytemuck-1.21.0.crate) = ef657dfab802224e671f5818e9a4935f9b1957ed18e58292690cc39e7a4092a3
-SIZE (rust/crates/bytemuck-1.21.0.crate) = 51553
-SHA256 (rust/crates/byteorder-1.5.0.crate) = 1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b
-SIZE (rust/crates/byteorder-1.5.0.crate) = 23288
-SHA256 (rust/crates/bytes-1.9.0.crate) = 325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b
-SIZE (rust/crates/bytes-1.9.0.crate) = 67320
-SHA256 (rust/crates/cc-1.2.5.crate) = c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e
-SIZE (rust/crates/cc-1.2.5.crate) = 99839
-SHA256 (rust/crates/cexpr-0.6.0.crate) = 6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766
-SIZE (rust/crates/cexpr-0.6.0.crate) = 17966
-SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd
-SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934
-SHA256 (rust/crates/cfg_aliases-0.2.1.crate) = 613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724
-SIZE (rust/crates/cfg_aliases-0.2.1.crate) = 6355
-SHA256 (rust/crates/checked_int_cast-1.0.0.crate) = 17cc5e6b5ab06331c33589842070416baa137e8b0eb912b008cfd4a78ada7919
-SIZE (rust/crates/checked_int_cast-1.0.0.crate) = 2669
-SHA256 (rust/crates/chrono-0.4.39.crate) = 7e36cc9d416881d2e24f9a963be5fb1cd90966419ac844274161d10488b3e825
-SIZE (rust/crates/chrono-0.4.39.crate) = 222248
-SHA256 (rust/crates/clang-sys-1.8.1.crate) = 0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4
-SIZE (rust/crates/clang-sys-1.8.1.crate) = 44009
-SHA256 (rust/crates/clap-4.5.23.crate) = 3135e7ec2ef7b10c6ed8950f0f792ed96ee093fa088608f1c76e569722700c84
-SIZE (rust/crates/clap-4.5.23.crate) = 56460
-SHA256 (rust/crates/clap_builder-4.5.23.crate) = 30582fc632330df2bd26877bde0c1f4470d57c582bbc070376afcd04d8cb4838
-SIZE (rust/crates/clap_builder-4.5.23.crate) = 164180
-SHA256 (rust/crates/clap_complete-4.5.40.crate) = ac2e663e3e3bed2d32d065a8404024dad306e699a04263ec59919529f803aee9
-SIZE (rust/crates/clap_complete-4.5.40.crate) = 47827
-SHA256 (rust/crates/clap_derive-4.5.18.crate) = 4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab
-SIZE (rust/crates/clap_derive-4.5.18.crate) = 30131
-SHA256 (rust/crates/clap_lex-0.7.4.crate) = f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6
-SIZE (rust/crates/clap_lex-0.7.4.crate) = 12858
-SHA256 (rust/crates/clru-0.6.2.crate) = cbd0f76e066e64fdc5631e3bb46381254deab9ef1158292f27c8c57e3bf3fe59
-SIZE (rust/crates/clru-0.6.2.crate) = 16497
-SHA256 (rust/crates/color_quant-1.1.0.crate) = 3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b
-SIZE (rust/crates/color_quant-1.1.0.crate) = 6649
-SHA256 (rust/crates/colorchoice-1.0.3.crate) = 5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990
-SIZE (rust/crates/colorchoice-1.0.3.crate) = 7923
-SHA256 (rust/crates/compact_jwt-0.4.3.crate) = 12bbab6445446e8d0b07468a01d0bfdae15879de5c440c5e47ae4ae0e18a1fba
-SIZE (rust/crates/compact_jwt-0.4.3.crate) = 61901
-SHA256 (rust/crates/concread-0.5.3.crate) = cba00cef522c2597dfbb0a8d1b0ac8ac2b99714f50cc354cda71da63164da0be
-SIZE (rust/crates/concread-0.5.3.crate) = 877996
-SHA256 (rust/crates/console-0.15.10.crate) = ea3c6ecd8059b57859df5c69830340ed3c41d30e3da0c1cbed90a96ac853041b
-SIZE (rust/crates/console-0.15.10.crate) = 36449
-SHA256 (rust/crates/const-oid-0.9.6.crate) = c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8
-SIZE (rust/crates/const-oid-0.9.6.crate) = 45382
-SHA256 (rust/crates/cookie-0.16.2.crate) = e859cd57d0710d9e06c381b550c06e76992472a8c6d527aecd2fc673dcc231fb
-SIZE (rust/crates/cookie-0.16.2.crate) = 34632
-SHA256 (rust/crates/cookie-0.18.1.crate) = 4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747
-SIZE (rust/crates/cookie-0.18.1.crate) = 43551
-SHA256 (rust/crates/cookie_store-0.21.1.crate) = 2eac901828f88a5241ee0600950ab981148a18f2f756900ffba1b125ca6a3ef9
-SIZE (rust/crates/cookie_store-0.21.1.crate) = 34692
-SHA256 (rust/crates/core-foundation-0.9.4.crate) = 91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f
-SIZE (rust/crates/core-foundation-0.9.4.crate) = 27743
-SHA256 (rust/crates/core-foundation-0.10.0.crate) = b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63
-SIZE (rust/crates/core-foundation-0.10.0.crate) = 27023
-SHA256 (rust/crates/core-foundation-sys-0.8.7.crate) = 773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b
-SIZE (rust/crates/core-foundation-sys-0.8.7.crate) = 37712
-SHA256 (rust/crates/cpufeatures-0.2.16.crate) = 16b80225097f2e5ae4e7179dd2266824648f3e2f49d9134d584b76389d31c4c3
-SIZE (rust/crates/cpufeatures-0.2.16.crate) = 13405
-SHA256 (rust/crates/crc32fast-1.4.2.crate) = a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3
-SIZE (rust/crates/crc32fast-1.4.2.crate) = 38491
-SHA256 (rust/crates/cron-0.12.1.crate) = 6f8c3e73077b4b4a6ab1ea5047c37c57aee77657bc8ecd6f29b0af082d0b0c07
-SIZE (rust/crates/cron-0.12.1.crate) = 18702
-SHA256 (rust/crates/crossbeam-0.8.4.crate) = 1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8
-SIZE (rust/crates/crossbeam-0.8.4.crate) = 10500
-SHA256 (rust/crates/crossbeam-channel-0.5.14.crate) = 06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471
-SIZE (rust/crates/crossbeam-channel-0.5.14.crate) = 92728
-SHA256 (rust/crates/crossbeam-deque-0.8.6.crate) = 9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51
-SIZE (rust/crates/crossbeam-deque-0.8.6.crate) = 22471
-SHA256 (rust/crates/crossbeam-epoch-0.9.18.crate) = 5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e
-SIZE (rust/crates/crossbeam-epoch-0.9.18.crate) = 46875
-SHA256 (rust/crates/crossbeam-queue-0.3.12.crate) = 0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115
-SIZE (rust/crates/crossbeam-queue-0.3.12.crate) = 16270
-SHA256 (rust/crates/crossbeam-utils-0.8.21.crate) = d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28
-SIZE (rust/crates/crossbeam-utils-0.8.21.crate) = 42691
-SHA256 (rust/crates/crypto-common-0.1.6.crate) = 1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3
-SIZE (rust/crates/crypto-common-0.1.6.crate) = 8760
-SHA256 (rust/crates/csv-1.3.1.crate) = acdc4883a9c96732e4733212c01447ebd805833b7275a73ca3ee080fd77afdaf
-SIZE (rust/crates/csv-1.3.1.crate) = 888542
-SHA256 (rust/crates/csv-core-0.1.11.crate) = 5efa2b3d7902f4b634a20cae3c9c4e6209dc4779feb6863329607560143efa70
-SIZE (rust/crates/csv-core-0.1.11.crate) = 25852
-SHA256 (rust/crates/darling-0.14.4.crate) = 7b750cb3417fd1b327431a470f388520309479ab0bf5e323505daf0290cd3850
-SIZE (rust/crates/darling-0.14.4.crate) = 25168
-SHA256 (rust/crates/darling-0.20.10.crate) = 6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989
-SIZE (rust/crates/darling-0.20.10.crate) = 32031
-SHA256 (rust/crates/darling_core-0.14.4.crate) = 109c1ca6e6b7f82cc233a97004ea8ed7ca123a9af07a8230878fcfda9b158bf0
-SIZE (rust/crates/darling_core-0.14.4.crate) = 57485
-SHA256 (rust/crates/darling_core-0.20.10.crate) = 95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5
-SIZE (rust/crates/darling_core-0.20.10.crate) = 65015
-SHA256 (rust/crates/darling_macro-0.14.4.crate) = a4aab4dbc9f7611d8b55048a3a16d2d010c2c8334e46304b40ac1cc14bf3b48e
-SIZE (rust/crates/darling_macro-0.14.4.crate) = 1896
-SHA256 (rust/crates/darling_macro-0.20.10.crate) = d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806
-SIZE (rust/crates/darling_macro-0.20.10.crate) = 1874
-SHA256 (rust/crates/data-encoding-2.6.0.crate) = e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2
-SIZE (rust/crates/data-encoding-2.6.0.crate) = 20769
-SHA256 (rust/crates/der-0.7.9.crate) = f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0
-SIZE (rust/crates/der-0.7.9.crate) = 85173
-SHA256 (rust/crates/der-parser-9.0.0.crate) = 5cd0a5c643689626bec213c4d8bd4d96acc8ffdb4ad4bb6bc16abf27d5f4b553
-SIZE (rust/crates/der-parser-9.0.0.crate) = 63191
-SHA256 (rust/crates/der_derive-0.7.3.crate) = 8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18
-SIZE (rust/crates/der_derive-0.7.3.crate) = 24657
-SHA256 (rust/crates/deranged-0.3.11.crate) = b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4
-SIZE (rust/crates/deranged-0.3.11.crate) = 18043
-SHA256 (rust/crates/derive_builder-0.12.0.crate) = 8d67778784b508018359cbc8696edb3db78160bab2c2a28ba7f56ef6932997f8
-SIZE (rust/crates/derive_builder-0.12.0.crate) = 35456
-SHA256 (rust/crates/derive_builder_core-0.12.0.crate) = c11bdc11a0c47bc7d37d582b5285da6849c96681023680b906673c5707af7b0f
-SIZE (rust/crates/derive_builder_core-0.12.0.crate) = 31438
-SHA256 (rust/crates/derive_builder_macro-0.12.0.crate) = ebcda35c7a396850a55ffeac740804b40ffec779b98fffbb1738f4033f0ee79e
-SIZE (rust/crates/derive_builder_macro-0.12.0.crate) = 6288
-SHA256 (rust/crates/devd-rs-0.3.6.crate) = 9313f104b590510b46fc01c0a324fc76505c13871454d3c48490468d04c8d395
-SIZE (rust/crates/devd-rs-0.3.6.crate) = 6987
-SHA256 (rust/crates/dhat-0.3.3.crate) = 98cd11d84628e233de0ce467de10b8633f4ddaecafadefc86e13b84b8739b827
-SIZE (rust/crates/dhat-0.3.3.crate) = 32008
-SHA256 (rust/crates/dialoguer-0.10.4.crate) = 59c6f2989294b9a498d3ad5491a79c6deb604617378e1cdc4bfc1c1361fe2f87
-SIZE (rust/crates/dialoguer-0.10.4.crate) = 29928
-SHA256 (rust/crates/difflib-0.4.0.crate) = 6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8
-SIZE (rust/crates/difflib-0.4.0.crate) = 7638
-SHA256 (rust/crates/digest-0.10.7.crate) = 9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292
-SIZE (rust/crates/digest-0.10.7.crate) = 19557
-SHA256 (rust/crates/dirs-4.0.0.crate) = ca3aa72a6f96ea37bbc5aa912f6788242832f75369bdfdadcb0e38423f100059
-SIZE (rust/crates/dirs-4.0.0.crate) = 12503
-SHA256 (rust/crates/dirs-sys-0.3.7.crate) = 1b1d1d91c932ef41c0f2663aa8b0ca0342d444d842c06914aa0a7e352d0bada6
-SIZE (rust/crates/dirs-sys-0.3.7.crate) = 10597
-SHA256 (rust/crates/displaydoc-0.2.5.crate) = 97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0
-SIZE (rust/crates/displaydoc-0.2.5.crate) = 24219
-SHA256 (rust/crates/doc-comment-0.3.3.crate) = fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10
-SIZE (rust/crates/doc-comment-0.3.3.crate) = 4123
-SHA256 (rust/crates/document-features-0.2.10.crate) = cb6969eaabd2421f8a2775cfd2471a2b634372b4a25d41e3bd647b79912850a0
-SIZE (rust/crates/document-features-0.2.10.crate) = 14005
-SHA256 (rust/crates/dunce-1.0.5.crate) = 92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813
-SIZE (rust/crates/dunce-1.0.5.crate) = 8244
-SHA256 (rust/crates/dyn-clone-1.0.17.crate) = 0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125
-SIZE (rust/crates/dyn-clone-1.0.17.crate) = 11848
-SHA256 (rust/crates/either-1.13.0.crate) = 60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0
-SIZE (rust/crates/either-1.13.0.crate) = 19169
-SHA256 (rust/crates/email_address-0.2.9.crate) = e079f19b08ca6239f47f8ba8509c11cf3ea30095831f7fed61441475edd8c449
-SIZE (rust/crates/email_address-0.2.9.crate) = 21579
-SHA256 (rust/crates/encode_unicode-1.0.0.crate) = 34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0
-SIZE (rust/crates/encode_unicode-1.0.0.crate) = 56986
-SHA256 (rust/crates/encoding_rs-0.8.35.crate) = 75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3
-SIZE (rust/crates/encoding_rs-0.8.35.crate) = 1381050
-SHA256 (rust/crates/enum-iterator-2.1.0.crate) = c280b9e6b3ae19e152d8e31cf47f18389781e119d4013a2a2bb0180e5facc635
-SIZE (rust/crates/enum-iterator-2.1.0.crate) = 7668
-SHA256 (rust/crates/enum-iterator-derive-1.4.0.crate) = a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b
-SIZE (rust/crates/enum-iterator-derive-1.4.0.crate) = 5516
-SHA256 (rust/crates/enumflags2-0.7.10.crate) = d232db7f5956f3f14313dc2f87985c58bd2c695ce124c8cdd984e08e15ac133d
-SIZE (rust/crates/enumflags2-0.7.10.crate) = 16622
-SHA256 (rust/crates/enumflags2_derive-0.7.10.crate) = de0d48a183585823424a4ce1aa132d174a6a81bd540895822eb4c8373a8e49e8
-SIZE (rust/crates/enumflags2_derive-0.7.10.crate) = 8104
-SHA256 (rust/crates/equivalent-1.0.1.crate) = 5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5
-SIZE (rust/crates/equivalent-1.0.1.crate) = 6615
-SHA256 (rust/crates/errno-0.3.10.crate) = 33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d
-SIZE (rust/crates/errno-0.3.10.crate) = 11824
-SHA256 (rust/crates/escargot-0.5.13.crate) = 05a3ac187a16b5382fef8c69fd1bad123c67b7cf3932240a2d43dcdd32cded88
-SIZE (rust/crates/escargot-0.5.13.crate) = 20849
-SHA256 (rust/crates/fallible-iterator-0.2.0.crate) = 4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7
-SIZE (rust/crates/fallible-iterator-0.2.0.crate) = 18509
-SHA256 (rust/crates/fallible-streaming-iterator-0.1.9.crate) = 7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a
-SIZE (rust/crates/fallible-streaming-iterator-0.1.9.crate) = 9249
-SHA256 (rust/crates/fancy-regex-0.11.0.crate) = b95f7c0680e4142284cf8b22c14a476e87d61b004a3a0861872b32ef7ead40a2
-SIZE (rust/crates/fancy-regex-0.11.0.crate) = 82918
-SHA256 (rust/crates/fancy-regex-0.14.0.crate) = 6e24cb5a94bcae1e5408b0effca5cd7172ea3c5755049c5f3af4cd283a165298
-SIZE (rust/crates/fancy-regex-0.14.0.crate) = 86969
-SHA256 (rust/crates/fantoccini-0.21.3.crate) = 8e681009c468d99de858e7757b0cfd5f16311ca999b13ccf543c87da3c04c2c5
-SIZE (rust/crates/fantoccini-0.21.3.crate) = 80146
-SHA256 (rust/crates/faster-hex-0.9.0.crate) = a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183
-SIZE (rust/crates/faster-hex-0.9.0.crate) = 13053
-SHA256 (rust/crates/fastrand-2.3.0.crate) = 37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be
-SIZE (rust/crates/fastrand-2.3.0.crate) = 15076
-SHA256 (rust/crates/fernet-0.2.2.crate) = c66b725fe9483b9ee72ccaec072b15eb8ad95a3ae63a8c798d5748883b72fd33
-SIZE (rust/crates/fernet-0.2.2.crate) = 13494
-SHA256 (rust/crates/file-id-0.1.0.crate) = e13be71e6ca82e91bc0cb862bebaac0b2d1924a5a1d970c822b2f98b63fda8c3
-SIZE (rust/crates/file-id-0.1.0.crate) = 2094
-SHA256 (rust/crates/filetime-0.2.25.crate) = 35c0522e981e68cbfa8c3f978441a5f34b30b96e146b33cd3359176b50fe8586
-SIZE (rust/crates/filetime-0.2.25.crate) = 14940
-SHA256 (rust/crates/fixedbitset-0.4.2.crate) = 0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80
-SIZE (rust/crates/fixedbitset-0.4.2.crate) = 15954
-SHA256 (rust/crates/flagset-0.4.6.crate) = b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec
-SIZE (rust/crates/flagset-0.4.6.crate) = 13623
-SHA256 (rust/crates/flate2-1.0.35.crate) = c936bfdafb507ebbf50b8074c54fa31c5be9a1e7e5f467dd659697041407d07c
-SIZE (rust/crates/flate2-1.0.35.crate) = 109188
-SHA256 (rust/crates/fluent-uri-0.3.2.crate) = 1918b65d96df47d3591bed19c5cca17e3fa5d0707318e4b5ef2eae01764df7e5
-SIZE (rust/crates/fluent-uri-0.3.2.crate) = 43604
-SHA256 (rust/crates/fnv-1.0.7.crate) = 3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1
-SIZE (rust/crates/fnv-1.0.7.crate) = 11266
-SHA256 (rust/crates/foldhash-0.1.4.crate) = a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f
-SIZE (rust/crates/foldhash-0.1.4.crate) = 13764
-SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1
-SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504
-SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b
-SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672
-SHA256 (rust/crates/form_urlencoded-1.2.1.crate) = e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456
-SIZE (rust/crates/form_urlencoded-1.2.1.crate) = 8969
-SHA256 (rust/crates/fraction-0.15.3.crate) = 0f158e3ff0a1b334408dc9fb811cd99b446986f4d8b741bb08f9df1604085ae7
-SIZE (rust/crates/fraction-0.15.3.crate) = 95223
-SHA256 (rust/crates/fs4-0.8.4.crate) = f7e180ac76c23b45e767bd7ae9579bc0bb458618c4bc71835926e098e61d15f8
-SIZE (rust/crates/fs4-0.8.4.crate) = 18620
-SHA256 (rust/crates/fsevent-sys-4.1.0.crate) = 76ee7a02da4d231650c7cea31349b889be2f45ddb3ef3032d2ec8185f6313fd2
-SIZE (rust/crates/fsevent-sys-4.1.0.crate) = 4620
-SHA256 (rust/crates/futures-0.3.31.crate) = 65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876
-SIZE (rust/crates/futures-0.3.31.crate) = 54953
-SHA256 (rust/crates/futures-channel-0.3.31.crate) = 2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10
-SIZE (rust/crates/futures-channel-0.3.31.crate) = 31971
-SHA256 (rust/crates/futures-core-0.3.31.crate) = 05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e
-SIZE (rust/crates/futures-core-0.3.31.crate) = 14318
-SHA256 (rust/crates/futures-executor-0.3.31.crate) = 1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f
-SIZE (rust/crates/futures-executor-0.3.31.crate) = 17965
-SHA256 (rust/crates/futures-io-0.3.31.crate) = 9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6
-SIZE (rust/crates/futures-io-0.3.31.crate) = 9047
-SHA256 (rust/crates/futures-macro-0.3.31.crate) = 162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650
-SIZE (rust/crates/futures-macro-0.3.31.crate) = 11341
-SHA256 (rust/crates/futures-sink-0.3.31.crate) = e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7
-SIZE (rust/crates/futures-sink-0.3.31.crate) = 7958
-SHA256 (rust/crates/futures-task-0.3.31.crate) = f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988
-SIZE (rust/crates/futures-task-0.3.31.crate) = 11217
-SHA256 (rust/crates/futures-util-0.3.31.crate) = 9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81
-SIZE (rust/crates/futures-util-0.3.31.crate) = 162124
-SHA256 (rust/crates/generic-array-0.14.7.crate) = 85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a
-SIZE (rust/crates/generic-array-0.14.7.crate) = 15950
-SHA256 (rust/crates/gethostname-0.5.0.crate) = dc3655aa6818d65bc620d6911f05aa7b6aeb596291e1e9f79e52df85583d1e30
-SIZE (rust/crates/gethostname-0.5.0.crate) = 8772
-SHA256 (rust/crates/getrandom-0.2.15.crate) = c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7
-SIZE (rust/crates/getrandom-0.2.15.crate) = 37163
-SHA256 (rust/crates/gif-0.13.1.crate) = 3fb2d69b19215e18bb912fa30f7ce15846e301408695e44e0ef719f1da9e19f2
-SIZE (rust/crates/gif-0.13.1.crate) = 36408
-SHA256 (rust/crates/gimli-0.31.1.crate) = 07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f
-SIZE (rust/crates/gimli-0.31.1.crate) = 279515
-SHA256 (rust/crates/gix-0.64.0.crate) = d78414d29fcc82329080166077e0f7689f4016551fdb334d787c3d040fe2634f
-SIZE (rust/crates/gix-0.64.0.crate) = 273610
-SHA256 (rust/crates/gix-actor-0.31.5.crate) = a0e454357e34b833cc3a00b6efbbd3dd4d18b24b9fb0c023876ec2645e8aa3f2
-SIZE (rust/crates/gix-actor-0.31.5.crate) = 9335
-SHA256 (rust/crates/gix-chunk-0.4.10.crate) = c6ffbeb3a5c0b8b84c3fe4133a6f8c82fa962f4caefe8d0762eced025d3eb4f7
-SIZE (rust/crates/gix-chunk-0.4.10.crate) = 10131
-SHA256 (rust/crates/gix-commitgraph-0.24.3.crate) = 133b06f67f565836ec0c473e2116a60fb74f80b6435e21d88013ac0e3c60fc78
-SIZE (rust/crates/gix-commitgraph-0.24.3.crate) = 18242
-SHA256 (rust/crates/gix-config-0.38.0.crate) = 28f53fd03d1bf09ebcc2c8654f08969439c4556e644ca925f27cf033bc43e658
-SIZE (rust/crates/gix-config-0.38.0.crate) = 63374
-SHA256 (rust/crates/gix-config-value-0.14.10.crate) = 49aaeef5d98390a3bcf9dbc6440b520b793d1bf3ed99317dc407b02be995b28e
-SIZE (rust/crates/gix-config-value-0.14.10.crate) = 13604
-SHA256 (rust/crates/gix-date-0.8.7.crate) = 9eed6931f21491ee0aeb922751bd7ec97b4b2fe8fbfedcb678e2a2dce5f3b8c0
-SIZE (rust/crates/gix-date-0.8.7.crate) = 10349
-SHA256 (rust/crates/gix-diff-0.44.1.crate) = 1996d5c8a305b59709467d80617c9fde48d9d75fd1f4179ea970912630886c9d
-SIZE (rust/crates/gix-diff-0.44.1.crate) = 32197
-SHA256 (rust/crates/gix-discover-0.33.0.crate) = 67662731cec3cb31ba3ed2463809493f76d8e5d6c6d245de8b0560438c13450e
-SIZE (rust/crates/gix-discover-0.33.0.crate) = 16632
-SHA256 (rust/crates/gix-features-0.38.2.crate) = ac7045ac9fe5f9c727f38799d002a7ed3583cd777e3322a7c4b43e3cf437dc69
-SIZE (rust/crates/gix-features-0.38.2.crate) = 30604
-SHA256 (rust/crates/gix-fs-0.11.3.crate) = f2bfe6249cfea6d0c0e0990d5226a4cb36f030444ba9e35e0639275db8f98575
-SIZE (rust/crates/gix-fs-0.11.3.crate) = 14867
-SHA256 (rust/crates/gix-glob-0.16.5.crate) = 74908b4bbc0a0a40852737e5d7889f676f081e340d5451a16e5b4c50d592f111
-SIZE (rust/crates/gix-glob-0.16.5.crate) = 13425
-SHA256 (rust/crates/gix-hash-0.14.2.crate) = f93d7df7366121b5018f947a04d37f034717e113dcf9ccd85c34b58e57a74d5e
-SIZE (rust/crates/gix-hash-0.14.2.crate) = 12759
-SHA256 (rust/crates/gix-hashtable-0.5.2.crate) = 7ddf80e16f3c19ac06ce415a38b8591993d3f73aede049cb561becb5b3a8e242
-SIZE (rust/crates/gix-hashtable-0.5.2.crate) = 6421
-SHA256 (rust/crates/gix-lock-14.0.0.crate) = e3bc7fe297f1f4614774989c00ec8b1add59571dc9b024b4c00acb7dedd4e19d
-SIZE (rust/crates/gix-lock-14.0.0.crate) = 9795
-SHA256 (rust/crates/gix-macros-0.1.5.crate) = 999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17
-SIZE (rust/crates/gix-macros-0.1.5.crate) = 8627
-SHA256 (rust/crates/gix-object-0.42.3.crate) = 25da2f46b4e7c2fa7b413ce4dffb87f69eaf89c2057e386491f4c55cadbfe386
-SIZE (rust/crates/gix-object-0.42.3.crate) = 32497
-SHA256 (rust/crates/gix-odb-0.61.1.crate) = 20d384fe541d93d8a3bb7d5d5ef210780d6df4f50c4e684ccba32665a5e3bc9b
-SIZE (rust/crates/gix-odb-0.61.1.crate) = 54308
-SHA256 (rust/crates/gix-pack-0.51.1.crate) = 3e0594491fffe55df94ba1c111a6566b7f56b3f8d2e1efc750e77d572f5f5229
-SIZE (rust/crates/gix-pack-0.51.1.crate) = 96737
-SHA256 (rust/crates/gix-path-0.10.13.crate) = afc292ef1a51e340aeb0e720800338c805975724c1dfbd243185452efd8645b7
-SIZE (rust/crates/gix-path-0.10.13.crate) = 22831
-SHA256 (rust/crates/gix-quote-0.4.14.crate) = 64a1e282216ec2ab2816cd57e6ed88f8009e634aec47562883c05ac8a7009a63
-SIZE (rust/crates/gix-quote-0.4.14.crate) = 7828
-SHA256 (rust/crates/gix-ref-0.45.0.crate) = 636e96a0a5562715153fee098c217110c33a6f8218f08f4687ff99afde159bb5
-SIZE (rust/crates/gix-ref-0.45.0.crate) = 56670
-SHA256 (rust/crates/gix-refspec-0.23.1.crate) = 6868f8cd2e62555d1f7c78b784bece43ace40dd2a462daf3b588d5416e603f37
-SIZE (rust/crates/gix-refspec-0.23.1.crate) = 16175
-SHA256 (rust/crates/gix-revision-0.27.2.crate) = 01b13e43c2118c4b0537ddac7d0821ae0dfa90b7b8dbf20c711e153fb749adce
-SIZE (rust/crates/gix-revision-0.27.2.crate) = 19204
-SHA256 (rust/crates/gix-revwalk-0.13.2.crate) = 1b030ccaab71af141f537e0225f19b9e74f25fefdba0372246b844491cab43e0
-SIZE (rust/crates/gix-revwalk-0.13.2.crate) = 11854
-SHA256 (rust/crates/gix-sec-0.10.10.crate) = a8b876ef997a955397809a2ec398d6a45b7a55b4918f2446344330f778d14fd6
-SIZE (rust/crates/gix-sec-0.10.10.crate) = 10205
-SHA256 (rust/crates/gix-tempfile-14.0.2.crate) = 046b4927969fa816a150a0cda2e62c80016fe11fb3c3184e4dddf4e542f108aa
-SIZE (rust/crates/gix-tempfile-14.0.2.crate) = 17489
-SHA256 (rust/crates/gix-trace-0.1.11.crate) = 04bdde120c29f1fc23a24d3e115aeeea3d60d8e65bab92cc5f9d90d9302eb952
-SIZE (rust/crates/gix-trace-0.1.11.crate) = 10424
-SHA256 (rust/crates/gix-traverse-0.39.2.crate) = e499a18c511e71cf4a20413b743b9f5bcf64b3d9e81e9c3c6cd399eae55a8840
-SIZE (rust/crates/gix-traverse-0.39.2.crate) = 17291
-SHA256 (rust/crates/gix-url-0.27.5.crate) = fd280c5e84fb22e128ed2a053a0daeacb6379469be6a85e3d518a0636e160c89
-SIZE (rust/crates/gix-url-0.27.5.crate) = 14367
-SHA256 (rust/crates/gix-utils-0.1.13.crate) = ba427e3e9599508ed98a6ddf8ed05493db114564e338e41f6a996d2e4790335f
-SIZE (rust/crates/gix-utils-0.1.13.crate) = 10194
-SHA256 (rust/crates/gix-validate-0.8.5.crate) = 82c27dd34a49b1addf193c92070bcbf3beaf6e10f16a78544de6372e146a0acf
-SIZE (rust/crates/gix-validate-0.8.5.crate) = 10408
-SHA256 (rust/crates/glob-0.3.1.crate) = d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b
-SIZE (rust/crates/glob-0.3.1.crate) = 18880
-SHA256 (rust/crates/h2-0.3.26.crate) = 81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8
-SIZE (rust/crates/h2-0.3.26.crate) = 168315
-SHA256 (rust/crates/h2-0.4.7.crate) = ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e
-SIZE (rust/crates/h2-0.4.7.crate) = 174114
-SHA256 (rust/crates/half-1.8.3.crate) = 1b43ede17f21864e81be2fa654110bf1e793774238d86ef8555c37e6519c0403
-SIZE (rust/crates/half-1.8.3.crate) = 41624
-SHA256 (rust/crates/hashbrown-0.12.3.crate) = 8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888
-SIZE (rust/crates/hashbrown-0.12.3.crate) = 102968
-SHA256 (rust/crates/hashbrown-0.14.5.crate) = e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1
-SIZE (rust/crates/hashbrown-0.14.5.crate) = 141498
-SHA256 (rust/crates/hashbrown-0.15.2.crate) = bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289
-SIZE (rust/crates/hashbrown-0.15.2.crate) = 138478
-SHA256 (rust/crates/hashlink-0.8.4.crate) = e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7
-SIZE (rust/crates/hashlink-0.8.4.crate) = 26514
-SHA256 (rust/crates/heck-0.5.0.crate) = 2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea
-SIZE (rust/crates/heck-0.5.0.crate) = 11517
-SHA256 (rust/crates/hex-0.4.3.crate) = 7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70
-SIZE (rust/crates/hex-0.4.3.crate) = 13299
-SHA256 (rust/crates/home-0.5.11.crate) = 589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf
-SIZE (rust/crates/home-0.5.11.crate) = 9926
-SHA256 (rust/crates/hostname-validator-1.1.1.crate) = f558a64ac9af88b5ba400d99b579451af0d39c6d360980045b91aac966d705e2
-SIZE (rust/crates/hostname-validator-1.1.1.crate) = 2377
-SHA256 (rust/crates/http-0.2.12.crate) = 601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1
-SIZE (rust/crates/http-0.2.12.crate) = 101964
-SHA256 (rust/crates/http-1.2.0.crate) = f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea
-SIZE (rust/crates/http-1.2.0.crate) = 105932
-SHA256 (rust/crates/http-body-0.4.6.crate) = 7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2
-SIZE (rust/crates/http-body-0.4.6.crate) = 10773
-SHA256 (rust/crates/http-body-1.0.1.crate) = 1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184
-SIZE (rust/crates/http-body-1.0.1.crate) = 6125
-SHA256 (rust/crates/http-body-util-0.1.2.crate) = 793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f
-SIZE (rust/crates/http-body-util-0.1.2.crate) = 12821
-SHA256 (rust/crates/http-range-header-0.4.2.crate) = 9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c
-SIZE (rust/crates/http-range-header-0.4.2.crate) = 8545
-SHA256 (rust/crates/httparse-1.9.5.crate) = 7d71d3574edd2771538b901e6549113b4006ece66150fb69c0fb6d9a2adae946
-SIZE (rust/crates/httparse-1.9.5.crate) = 39029
-SHA256 (rust/crates/httpdate-1.0.3.crate) = df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9
-SIZE (rust/crates/httpdate-1.0.3.crate) = 10639
-SHA256 (rust/crates/humansize-2.1.3.crate) = 6cb51c9a029ddc91b07a787f1d86b53ccfa49b0e86688c946ebe8d3555685dd7
-SIZE (rust/crates/humansize-2.1.3.crate) = 11953
-SHA256 (rust/crates/hyper-0.14.32.crate) = 41dfc780fdec9373c01bae43289ea34c972e40ee3c9f6b3c8801a35f35586ce7
-SIZE (rust/crates/hyper-0.14.32.crate) = 199622
-SHA256 (rust/crates/hyper-1.5.2.crate) = 256fb8d4bd6413123cc9d91832d78325c48ff41677595be797d90f42969beae0
-SIZE (rust/crates/hyper-1.5.2.crate) = 152817
-SHA256 (rust/crates/hyper-rustls-0.24.2.crate) = ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590
-SIZE (rust/crates/hyper-rustls-0.24.2.crate) = 30195
-SHA256 (rust/crates/hyper-rustls-0.27.5.crate) = 2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2
-SIZE (rust/crates/hyper-rustls-0.27.5.crate) = 34660
-SHA256 (rust/crates/hyper-timeout-0.4.1.crate) = bbb958482e8c7be4bc3cf272a766a2b0bf1a6755e7a6ae777f017a31d11b13b1
-SIZE (rust/crates/hyper-timeout-0.4.1.crate) = 13805
-SHA256 (rust/crates/hyper-tls-0.6.0.crate) = 70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0
-SIZE (rust/crates/hyper-tls-0.6.0.crate) = 15052
-SHA256 (rust/crates/hyper-util-0.1.10.crate) = df2dcfbe0677734ab2f3ffa7fa7bfd4706bfdc1ef393f2ee30184aed67e631b4
-SIZE (rust/crates/hyper-util-0.1.10.crate) = 72887
-SHA256 (rust/crates/iana-time-zone-0.1.61.crate) = 235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220
-SIZE (rust/crates/iana-time-zone-0.1.61.crate) = 27685
-SHA256 (rust/crates/iana-time-zone-haiku-0.1.2.crate) = f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f
-SIZE (rust/crates/iana-time-zone-haiku-0.1.2.crate) = 7185
-SHA256 (rust/crates/icu_collections-1.5.0.crate) = db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526
-SIZE (rust/crates/icu_collections-1.5.0.crate) = 82762
-SHA256 (rust/crates/icu_locid-1.5.0.crate) = 13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637
-SIZE (rust/crates/icu_locid-1.5.0.crate) = 55131
-SHA256 (rust/crates/icu_locid_transform-1.5.0.crate) = 01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e
-SIZE (rust/crates/icu_locid_transform-1.5.0.crate) = 29094
-SHA256 (rust/crates/icu_locid_transform_data-1.5.0.crate) = fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e
-SIZE (rust/crates/icu_locid_transform_data-1.5.0.crate) = 44727
-SHA256 (rust/crates/icu_normalizer-1.5.0.crate) = 19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f
-SIZE (rust/crates/icu_normalizer-1.5.0.crate) = 53113
-SHA256 (rust/crates/icu_normalizer_data-1.5.0.crate) = f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516
-SIZE (rust/crates/icu_normalizer_data-1.5.0.crate) = 50561
-SHA256 (rust/crates/icu_properties-1.5.1.crate) = 93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5
-SIZE (rust/crates/icu_properties-1.5.1.crate) = 64479
-SHA256 (rust/crates/icu_properties_data-1.5.0.crate) = 67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569
-SIZE (rust/crates/icu_properties_data-1.5.0.crate) = 227993
-SHA256 (rust/crates/icu_provider-1.5.0.crate) = 6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9
-SIZE (rust/crates/icu_provider-1.5.0.crate) = 52722
-SHA256 (rust/crates/icu_provider_macros-1.5.0.crate) = 1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6
-SIZE (rust/crates/icu_provider_macros-1.5.0.crate) = 6436
-SHA256 (rust/crates/ident_case-1.0.1.crate) = b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39
-SIZE (rust/crates/ident_case-1.0.1.crate) = 3492
-SHA256 (rust/crates/idlset-0.2.5.crate) = ef858150272c6cce9db3710a171edf5d3e8844d38680d7657e9b1698efe8d97b
-SIZE (rust/crates/idlset-0.2.5.crate) = 106725
-SHA256 (rust/crates/idna-1.0.3.crate) = 686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e
-SIZE (rust/crates/idna-1.0.3.crate) = 142515
-SHA256 (rust/crates/idna_adapter-1.2.0.crate) = daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71
-SIZE (rust/crates/idna_adapter-1.2.0.crate) = 8206
-SHA256 (rust/crates/image-0.23.14.crate) = 24ffcb7e7244a9bf19d35bf2883b9c080c4ced3c07a9895572178cdb8f13f6a1
-SIZE (rust/crates/image-0.23.14.crate) = 226804
-SHA256 (rust/crates/image-0.24.9.crate) = 5690139d2f55868e080017335e4b94cb7414274c74f1669c84fb5feba2c9f69d
-SIZE (rust/crates/image-0.24.9.crate) = 9261055
-SHA256 (rust/crates/indexmap-1.9.3.crate) = bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99
-SIZE (rust/crates/indexmap-1.9.3.crate) = 54653
-SHA256 (rust/crates/indexmap-2.7.0.crate) = 62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f
-SIZE (rust/crates/indexmap-2.7.0.crate) = 85335
-SHA256 (rust/crates/inotify-0.9.6.crate) = f8069d3ec154eb856955c1c0fbffefbf5f3c40a104ec912d4797314c1801abff
-SIZE (rust/crates/inotify-0.9.6.crate) = 22971
-SHA256 (rust/crates/inotify-sys-0.1.5.crate) = e05c02b5e89bff3b946cedeca278abc628fe811e604f027c45a8aa3cf793d0eb
-SIZE (rust/crates/inotify-sys-0.1.5.crate) = 6965
-SHA256 (rust/crates/ipnet-2.10.1.crate) = ddc24109865250148c2e0f3d25d4f0f479571723792d3802153c60922a4fb708
-SIZE (rust/crates/ipnet-2.10.1.crate) = 28407
-SHA256 (rust/crates/is_terminal_polyfill-1.70.1.crate) = 7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf
-SIZE (rust/crates/is_terminal_polyfill-1.70.1.crate) = 7492
-SHA256 (rust/crates/itertools-0.10.5.crate) = b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473
-SIZE (rust/crates/itertools-0.10.5.crate) = 115354
-SHA256 (rust/crates/itertools-0.13.0.crate) = 413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186
-SIZE (rust/crates/itertools-0.13.0.crate) = 146261
-SHA256 (rust/crates/itoa-1.0.14.crate) = d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674
-SIZE (rust/crates/itoa-1.0.14.crate) = 11210
-SHA256 (rust/crates/jpeg-decoder-0.3.1.crate) = f5d4a7da358eff58addd2877a45865158f0d78c911d43a5784ceb7bbf52833b0
-SIZE (rust/crates/jpeg-decoder-0.3.1.crate) = 744364
-SHA256 (rust/crates/js-sys-0.3.76.crate) = 6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7
-SIZE (rust/crates/js-sys-0.3.76.crate) = 54420
-SHA256 (rust/crates/jsonschema-0.28.0.crate) = 74d8eb539cdb4222da29bb658cc9881aa2477b33fb1a74c5c31450395fc1a4b2
-SIZE (rust/crates/jsonschema-0.28.0.crate) = 99139
-SHA256 (rust/crates/kanidm-hsm-crypto-0.2.0.crate) = 10b3ed8e86cda3da4f274c677a3057d567bd7b715a0feb06a656e55cc75faf5e
-SIZE (rust/crates/kanidm-hsm-crypto-0.2.0.crate) = 29700
-SHA256 (rust/crates/kqueue-1.0.8.crate) = 7447f1ca1b7b563588a205fe93dea8df60fd981423a768bc1c0ded35ed147d0c
-SIZE (rust/crates/kqueue-1.0.8.crate) = 12642
-SHA256 (rust/crates/kqueue-sys-1.0.4.crate) = ed9625ffda8729b85e45cf04090035ac368927b8cebc34898e7c120f52e4838b
-SIZE (rust/crates/kqueue-sys-1.0.4.crate) = 7160
-SHA256 (rust/crates/lazy_static-1.5.0.crate) = bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe
-SIZE (rust/crates/lazy_static-1.5.0.crate) = 14025
-SHA256 (rust/crates/lazycell-1.3.0.crate) = 830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55
-SIZE (rust/crates/lazycell-1.3.0.crate) = 12502
-SHA256 (rust/crates/lber-0.4.2.crate) = 2df7f9fd9f64cf8f59e1a4a0753fe7d575a5b38d3d7ac5758dcee9357d83ef0a
-SIZE (rust/crates/lber-0.4.2.crate) = 8107
-SHA256 (rust/crates/ldap3_client-0.5.2.crate) = c6027fc899bda353fe645cdcab9de93b0d2fa4731c105ad449fed22c455b61ff
-SIZE (rust/crates/ldap3_client-0.5.2.crate) = 7678
-SHA256 (rust/crates/ldap3_proto-0.5.2.crate) = e9a047c1b49d3b4da70f52ac54310dcd879c9b7fef658615ff17f6212ae7411e
-SIZE (rust/crates/ldap3_proto-0.5.2.crate) = 43605
-SHA256 (rust/crates/libc-0.2.169.crate) = b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a
-SIZE (rust/crates/libc-0.2.169.crate) = 757901
-SHA256 (rust/crates/libloading-0.8.6.crate) = fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34
-SIZE (rust/crates/libloading-0.8.6.crate) = 28922
-SHA256 (rust/crates/libm-0.2.11.crate) = 8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa
-SIZE (rust/crates/libm-0.2.11.crate) = 111477
-SHA256 (rust/crates/libmimalloc-sys-0.1.39.crate) = 23aa6811d3bd4deb8a84dde645f943476d13b248d818edcf8ce0b2f37f036b44
-SIZE (rust/crates/libmimalloc-sys-0.1.39.crate) = 198523
-SHA256 (rust/crates/libnss-0.8.0.crate) = 3c4bc0291fc787d67c56e9ed79b80780e53bfb9be173177f301ee666cec1021b
-SIZE (rust/crates/libnss-0.8.0.crate) = 7015
-SHA256 (rust/crates/libredox-0.1.3.crate) = c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d
-SIZE (rust/crates/libredox-0.1.3.crate) = 6068
-SHA256 (rust/crates/libsqlite3-sys-0.25.2.crate) = 29f835d03d717946d28b1d1ed632eb6f0e24a299388ee623d0c23118d3e8a7fa
-SIZE (rust/crates/libsqlite3-sys-0.25.2.crate) = 4841525
-SHA256 (rust/crates/libudev-0.2.0.crate) = ea626d3bdf40a1c5aee3bcd4f40826970cae8d80a8fec934c82a63840094dcfe
-SIZE (rust/crates/libudev-0.2.0.crate) = 8833
-SHA256 (rust/crates/libudev-sys-0.1.4.crate) = 3c8469b4a23b962c1396b9b451dda50ef5b283e8dd309d69033475fa9b334324
-SIZE (rust/crates/libudev-sys-0.1.4.crate) = 6177
-SHA256 (rust/crates/linux-raw-sys-0.4.14.crate) = 78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89
-SIZE (rust/crates/linux-raw-sys-0.4.14.crate) = 1826665
-SHA256 (rust/crates/litemap-0.7.4.crate) = 4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104
-SIZE (rust/crates/litemap-0.7.4.crate) = 28257
-SHA256 (rust/crates/litrs-0.4.1.crate) = b4ce301924b7887e9d637144fdade93f9dfff9b60981d4ac161db09720d39aa5
-SIZE (rust/crates/litrs-0.4.1.crate) = 42603
-SHA256 (rust/crates/lock_api-0.4.12.crate) = 07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17
-SIZE (rust/crates/lock_api-0.4.12.crate) = 27591
-SHA256 (rust/crates/lodepng-3.10.7.crate) = 7b2dea7cda68e381418c985fd8f32a9c279a21ae8c715f2376adb20c27a0fad3
-SIZE (rust/crates/lodepng-3.10.7.crate) = 52706
-SHA256 (rust/crates/log-0.4.22.crate) = a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24
-SIZE (rust/crates/log-0.4.22.crate) = 44027
-SHA256 (rust/crates/lru-0.12.5.crate) = 234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38
-SIZE (rust/crates/lru-0.12.5.crate) = 16047
-SHA256 (rust/crates/malloced-1.3.1.crate) = 6dfebb2f9e0b39509c62eead6ec7ae0c0ed45bb61d12bbcf4e976c566c5400ec
-SIZE (rust/crates/malloced-1.3.1.crate) = 12129
-SHA256 (rust/crates/matchers-0.1.0.crate) = 8263075bb86c5a1b1427b5ae862e8889656f126e9f77c484496e8b47cf5c5558
-SIZE (rust/crates/matchers-0.1.0.crate) = 6948
-SHA256 (rust/crates/matchit-0.7.3.crate) = 0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94
-SIZE (rust/crates/matchit-0.7.3.crate) = 30372
-SHA256 (rust/crates/mathru-0.13.0.crate) = 9a42bf938e4c9a6ad581cf528d5606eb50c5458ac759ca23719291e2f6499bec
-SIZE (rust/crates/mathru-0.13.0.crate) = 494915
-SHA256 (rust/crates/memchr-2.7.4.crate) = 78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3
-SIZE (rust/crates/memchr-2.7.4.crate) = 96670
-SHA256 (rust/crates/memmap2-0.9.5.crate) = fd3f7eed9d3848f8b98834af67102b720745c4ec028fcd0aa0239277e7de374f
-SIZE (rust/crates/memmap2-0.9.5.crate) = 33280
-SHA256 (rust/crates/memoffset-0.8.0.crate) = d61c719bcfbcf5d62b3a09efa6088de8c54bc0bfcd3ea7ae39fcc186108b8de1
-SIZE (rust/crates/memoffset-0.8.0.crate) = 8912
-SHA256 (rust/crates/mimalloc-0.1.43.crate) = 68914350ae34959d83f732418d51e2427a794055d0b9529f48259ac07af65633
-SIZE (rust/crates/mimalloc-0.1.43.crate) = 4075
-SHA256 (rust/crates/mime-0.3.17.crate) = 6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a
-SIZE (rust/crates/mime-0.3.17.crate) = 15712
-SHA256 (rust/crates/mime_guess-2.0.5.crate) = f7c44f8e672c00fe5308fa235f821cb4198414e1c77935c1ab6948d3fd78550e
-SIZE (rust/crates/mime_guess-2.0.5.crate) = 27166
-SHA256 (rust/crates/minimal-lexical-0.2.1.crate) = 68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a
-SIZE (rust/crates/minimal-lexical-0.2.1.crate) = 94841
-SHA256 (rust/crates/miniz_oxide-0.8.2.crate) = 4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394
-SIZE (rust/crates/miniz_oxide-0.8.2.crate) = 59068
-SHA256 (rust/crates/mintex-0.1.3.crate) = 9bec4598fddb13cc7b528819e697852653252b760f1228b7642679bf2ff2cd07
-SIZE (rust/crates/mintex-0.1.3.crate) = 6769
-SHA256 (rust/crates/mio-0.8.11.crate) = a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c
-SIZE (rust/crates/mio-0.8.11.crate) = 102983
-SHA256 (rust/crates/mio-1.0.3.crate) = 2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd
-SIZE (rust/crates/mio-1.0.3.crate) = 103703
-SHA256 (rust/crates/multer-3.1.0.crate) = 83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b
-SIZE (rust/crates/multer-3.1.0.crate) = 25980
-SHA256 (rust/crates/native-tls-0.2.12.crate) = a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466
-SIZE (rust/crates/native-tls-0.2.12.crate) = 29517
-SHA256 (rust/crates/nix-0.29.0.crate) = 71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46
-SIZE (rust/crates/nix-0.29.0.crate) = 318248
-SHA256 (rust/crates/nom-7.1.3.crate) = d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a
-SIZE (rust/crates/nom-7.1.3.crate) = 117570
-SHA256 (rust/crates/nonempty-0.8.1.crate) = aeaf4ad7403de93e699c191202f017118df734d3850b01e13a3a8b2e6953d3c9
-SIZE (rust/crates/nonempty-0.8.1.crate) = 9782
-SHA256 (rust/crates/notify-6.1.1.crate) = 6205bd8bb1e454ad2e27422015fb5e4f2bcc7e08fa8f27058670d208324a4d2d
-SIZE (rust/crates/notify-6.1.1.crate) = 40117
-SHA256 (rust/crates/notify-debouncer-full-0.1.0.crate) = f4812c1eb49be776fb8df4961623bdc01ec9dfdc1abe8211ceb09150a2e64219
-SIZE (rust/crates/notify-debouncer-full-0.1.0.crate) = 13595
-SHA256 (rust/crates/nu-ansi-term-0.46.0.crate) = 77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84
-SIZE (rust/crates/nu-ansi-term-0.46.0.crate) = 24311
-SHA256 (rust/crates/num-0.4.3.crate) = 35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23
-SIZE (rust/crates/num-0.4.3.crate) = 9575
-SHA256 (rust/crates/num-bigint-0.4.6.crate) = a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9
-SIZE (rust/crates/num-bigint-0.4.6.crate) = 102801
-SHA256 (rust/crates/num-cmp-0.1.0.crate) = 63335b2e2c34fae2fb0aa2cecfd9f0832a1e24b3b32ecec612c3426d46dc8aaa
-SIZE (rust/crates/num-cmp-0.1.0.crate) = 15375
-SHA256 (rust/crates/num-complex-0.4.6.crate) = 73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495
-SIZE (rust/crates/num-complex-0.4.6.crate) = 30352
-SHA256 (rust/crates/num-conv-0.1.0.crate) = 51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9
-SIZE (rust/crates/num-conv-0.1.0.crate) = 7444
-SHA256 (rust/crates/num-derive-0.3.3.crate) = 876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d
-SIZE (rust/crates/num-derive-0.3.3.crate) = 14545
-SHA256 (rust/crates/num-integer-0.1.46.crate) = 7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f
-SIZE (rust/crates/num-integer-0.1.46.crate) = 22331
-SHA256 (rust/crates/num-iter-0.1.45.crate) = 1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf
-SIZE (rust/crates/num-iter-0.1.45.crate) = 10320
-SHA256 (rust/crates/num-rational-0.3.2.crate) = 12ac428b1cb17fce6f731001d307d351ec70a6d202fc2e60f7d4c5e42d8f4f07
-SIZE (rust/crates/num-rational-0.3.2.crate) = 26359
-SHA256 (rust/crates/num-rational-0.4.2.crate) = f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824
-SIZE (rust/crates/num-rational-0.4.2.crate) = 28159
-SHA256 (rust/crates/num-traits-0.2.19.crate) = 071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841
-SIZE (rust/crates/num-traits-0.2.19.crate) = 51631
-SHA256 (rust/crates/num_enum-0.5.11.crate) = 1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9
-SIZE (rust/crates/num_enum-0.5.11.crate) = 16772
-SHA256 (rust/crates/num_enum_derive-0.5.11.crate) = dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799
-SIZE (rust/crates/num_enum_derive-0.5.11.crate) = 15552
-SHA256 (rust/crates/num_threads-0.1.7.crate) = 5c7398b9c8b70908f6371f47ed36737907c87c52af34c268fed0bf0ceb92ead9
-SIZE (rust/crates/num_threads-0.1.7.crate) = 7455
-SHA256 (rust/crates/oauth2-4.4.2.crate) = c38841cdd844847e3e7c8d29cef9dcfed8877f8f56f9071f77843ecf3baf937f
-SIZE (rust/crates/oauth2-4.4.2.crate) = 74489
-SHA256 (rust/crates/object-0.36.5.crate) = aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e
-SIZE (rust/crates/object-0.36.5.crate) = 327435
-SHA256 (rust/crates/oid-0.2.1.crate) = 9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2
-SIZE (rust/crates/oid-0.2.1.crate) = 12533
-SHA256 (rust/crates/oid-registry-0.7.1.crate) = a8d8034d9489cdaf79228eb9f6a3b8d7bb32ba00d6645ebd48eef4077ceb5bd9
-SIZE (rust/crates/oid-registry-0.7.1.crate) = 15220
-SHA256 (rust/crates/once_cell-1.20.2.crate) = 1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775
-SIZE (rust/crates/once_cell-1.20.2.crate) = 33394
-SHA256 (rust/crates/openssl-0.10.68.crate) = 6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5
-SIZE (rust/crates/openssl-0.10.68.crate) = 276578
-SHA256 (rust/crates/openssl-macros-0.1.1.crate) = a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c
-SIZE (rust/crates/openssl-macros-0.1.1.crate) = 5601
-SHA256 (rust/crates/openssl-probe-0.1.5.crate) = ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf
-SIZE (rust/crates/openssl-probe-0.1.5.crate) = 7227
-SHA256 (rust/crates/openssl-sys-0.9.104.crate) = 45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741
-SIZE (rust/crates/openssl-sys-0.9.104.crate) = 72287
-SHA256 (rust/crates/opentelemetry-0.20.0.crate) = 9591d937bc0e6d2feb6f71a559540ab300ea49955229c347a517a28d27784c54
-SIZE (rust/crates/opentelemetry-0.20.0.crate) = 15313
-SHA256 (rust/crates/opentelemetry-http-0.9.0.crate) = c7594ec0e11d8e33faf03530a4c49af7064ebba81c1480e01be67d90b356508b
-SIZE (rust/crates/opentelemetry-http-0.9.0.crate) = 8772
-SHA256 (rust/crates/opentelemetry-otlp-0.13.0.crate) = 7e5e5a5c4135864099f3faafbe939eb4d7f9b80ebf68a8448da961b32a7c1275
-SIZE (rust/crates/opentelemetry-otlp-0.13.0.crate) = 30421
-SHA256 (rust/crates/opentelemetry-proto-0.3.0.crate) = b1e3f814aa9f8c905d0ee4bde026afd3b2577a97c10e1699912e3e44f0c4cbeb
-SIZE (rust/crates/opentelemetry-proto-0.3.0.crate) = 182707
-SHA256 (rust/crates/opentelemetry-semantic-conventions-0.12.0.crate) = 73c9f9340ad135068800e7f1b24e9e09ed9e7143f5bf8518ded3d3ec69789269
-SIZE (rust/crates/opentelemetry-semantic-conventions-0.12.0.crate) = 32096
-SHA256 (rust/crates/opentelemetry_api-0.20.0.crate) = 8a81f725323db1b1206ca3da8bb19874bbd3f57c3bcd59471bfb04525b265b9b
-SIZE (rust/crates/opentelemetry_api-0.20.0.crate) = 60100
-SHA256 (rust/crates/opentelemetry_sdk-0.20.0.crate) = fa8e705a0612d48139799fcbaba0d4a90f06277153e43dd2bdc16c6f0edd8026
-SIZE (rust/crates/opentelemetry_sdk-0.20.0.crate) = 103022
-SHA256 (rust/crates/ordered-float-3.9.2.crate) = f1e1c390732d15f1d48471625cd92d154e66db2c56645e29a9cd26f4699f72dc
-SIZE (rust/crates/ordered-float-3.9.2.crate) = 19788
-SHA256 (rust/crates/outref-0.5.1.crate) = 4030760ffd992bef45b0ae3f10ce1aba99e33464c90d14dd7c039884963ddc7a
-SIZE (rust/crates/outref-0.5.1.crate) = 3957
-SHA256 (rust/crates/overload-0.1.1.crate) = b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39
-SIZE (rust/crates/overload-0.1.1.crate) = 24439
-SHA256 (rust/crates/parking_lot-0.12.3.crate) = f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27
-SIZE (rust/crates/parking_lot-0.12.3.crate) = 41860
-SHA256 (rust/crates/parking_lot_core-0.9.10.crate) = 1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8
-SIZE (rust/crates/parking_lot_core-0.9.10.crate) = 32406
-SHA256 (rust/crates/password-hash-0.5.0.crate) = 346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166
-SIZE (rust/crates/password-hash-0.5.0.crate) = 26884
-SHA256 (rust/crates/paste-1.0.15.crate) = 57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a
-SIZE (rust/crates/paste-1.0.15.crate) = 18374
-SHA256 (rust/crates/peeking_take_while-0.1.2.crate) = 19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099
-SIZE (rust/crates/peeking_take_while-0.1.2.crate) = 6697
-SHA256 (rust/crates/peg-0.8.4.crate) = 295283b02df346d1ef66052a757869b2876ac29a6bb0ac3f5f7cd44aebe40e8f
-SIZE (rust/crates/peg-0.8.4.crate) = 19291
-SHA256 (rust/crates/peg-macros-0.8.4.crate) = bdad6a1d9cf116a059582ce415d5f5566aabcd4008646779dab7fdc2a9a9d426
-SIZE (rust/crates/peg-macros-0.8.4.crate) = 29722
-SHA256 (rust/crates/peg-runtime-0.8.3.crate) = e3aeb8f54c078314c2065ee649a7241f46b9d8e418e1a9581ba0546657d7aa3a
-SIZE (rust/crates/peg-runtime-0.8.3.crate) = 4159
-SHA256 (rust/crates/pem-rfc7468-0.7.0.crate) = 88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412
-SIZE (rust/crates/pem-rfc7468-0.7.0.crate) = 24159
-SHA256 (rust/crates/percent-encoding-2.3.1.crate) = e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e
-SIZE (rust/crates/percent-encoding-2.3.1.crate) = 10235
-SHA256 (rust/crates/petgraph-0.6.5.crate) = b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db
-SIZE (rust/crates/petgraph-0.6.5.crate) = 710970
-SHA256 (rust/crates/picky-asn1-0.8.0.crate) = 295eea0f33c16be21e2a98b908fdd4d73c04dd48c8480991b76dbcf0cb58b212
-SIZE (rust/crates/picky-asn1-0.8.0.crate) = 19901
-SHA256 (rust/crates/picky-asn1-der-0.4.1.crate) = 5df7873a9e36d42dadb393bea5e211fe83d793c172afad5fb4ec846ec582793f
-SIZE (rust/crates/picky-asn1-der-0.4.1.crate) = 20924
-SHA256 (rust/crates/picky-asn1-x509-0.12.0.crate) = 2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208
-SIZE (rust/crates/picky-asn1-x509-0.12.0.crate) = 98267
-SHA256 (rust/crates/pin-project-1.1.7.crate) = be57f64e946e500c8ee36ef6331845d40a93055567ec57e8fae13efd33759b95
-SIZE (rust/crates/pin-project-1.1.7.crate) = 55438
-SHA256 (rust/crates/pin-project-internal-1.1.7.crate) = 3c0f5fad0874fc7abcd4d750e76917eaebbecaa2c20bde22e1dbeeba8beb758c
-SIZE (rust/crates/pin-project-internal-1.1.7.crate) = 28549
-SHA256 (rust/crates/pin-project-lite-0.2.15.crate) = 915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff
-SIZE (rust/crates/pin-project-lite-0.2.15.crate) = 29683
-SHA256 (rust/crates/pin-utils-0.1.0.crate) = 8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184
-SIZE (rust/crates/pin-utils-0.1.0.crate) = 7580
-SHA256 (rust/crates/pkg-config-0.3.31.crate) = 953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2
-SIZE (rust/crates/pkg-config-0.3.31.crate) = 20880
-SHA256 (rust/crates/powerfmt-0.2.0.crate) = 439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391
-SIZE (rust/crates/powerfmt-0.2.0.crate) = 15165
-SHA256 (rust/crates/ppv-lite86-0.2.20.crate) = 77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04
-SIZE (rust/crates/ppv-lite86-0.2.20.crate) = 22478
-SHA256 (rust/crates/prctl-1.0.0.crate) = 059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52
-SIZE (rust/crates/prctl-1.0.0.crate) = 5084
-SHA256 (rust/crates/predicates-3.1.3.crate) = a5d19ee57562043d37e82899fade9a22ebab7be9cef5026b07fda9cdd4293573
-SIZE (rust/crates/predicates-3.1.3.crate) = 24063
-SHA256 (rust/crates/predicates-core-1.0.9.crate) = 727e462b119fe9c93fd0eb1429a5f7647394014cf3c04ab2c0350eeb09095ffa
-SIZE (rust/crates/predicates-core-1.0.9.crate) = 8618
-SHA256 (rust/crates/predicates-tree-1.0.12.crate) = 72dd2d6d381dfb73a193c7fca536518d7caee39fc8503f74e7dc0be0531b425c
-SIZE (rust/crates/predicates-tree-1.0.12.crate) = 8392
-SHA256 (rust/crates/prettyplease-0.2.25.crate) = 64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033
-SIZE (rust/crates/prettyplease-0.2.25.crate) = 58681
-SHA256 (rust/crates/proc-macro-crate-1.3.1.crate) = 7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919
-SIZE (rust/crates/proc-macro-crate-1.3.1.crate) = 9678
-SHA256 (rust/crates/proc-macro-error-1.0.4.crate) = da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c
-SIZE (rust/crates/proc-macro-error-1.0.4.crate) = 25293
-SHA256 (rust/crates/proc-macro-error-attr-1.0.4.crate) = a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869
-SIZE (rust/crates/proc-macro-error-attr-1.0.4.crate) = 7971
-SHA256 (rust/crates/proc-macro2-1.0.92.crate) = 37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0
-SIZE (rust/crates/proc-macro2-1.0.92.crate) = 52353
-SHA256 (rust/crates/prodash-28.0.0.crate) = 744a264d26b88a6a7e37cbad97953fa233b94d585236310bcbc88474b4092d79
-SIZE (rust/crates/prodash-28.0.0.crate) = 90695
-SHA256 (rust/crates/prost-0.11.9.crate) = 0b82eaa1d779e9a4bc1c3217db8ffbeabaae1dca241bf70183242128d48681cd
-SIZE (rust/crates/prost-0.11.9.crate) = 28958
-SHA256 (rust/crates/prost-derive-0.11.9.crate) = e5d2d8d10f3c6ded6da8b05b5fb3b8a5082514344d56c9f871412d29b4e075b4
-SIZE (rust/crates/prost-derive-0.11.9.crate) = 19513
-SHA256 (rust/crates/psl-types-2.0.11.crate) = 33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac
-SIZE (rust/crates/psl-types-2.0.11.crate) = 7959
-SHA256 (rust/crates/publicsuffix-2.3.0.crate) = 6f42ea446cab60335f76979ec15e12619a2165b5ae2c12166bef27d283a9fadf
-SIZE (rust/crates/publicsuffix-2.3.0.crate) = 87890
-SHA256 (rust/crates/qrcode-0.12.0.crate) = 16d2f1455f3630c6e5107b4f2b94e74d76dea80736de0981fd27644216cff57f
-SIZE (rust/crates/qrcode-0.12.0.crate) = 58072
-SHA256 (rust/crates/quick-error-2.0.1.crate) = a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3
-SIZE (rust/crates/quick-error-2.0.1.crate) = 14265
-SHA256 (rust/crates/quinn-0.11.6.crate) = 62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef
-SIZE (rust/crates/quinn-0.11.6.crate) = 78222
-SHA256 (rust/crates/quinn-proto-0.11.9.crate) = a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d
-SIZE (rust/crates/quinn-proto-0.11.9.crate) = 209286
-SHA256 (rust/crates/quinn-udp-0.5.9.crate) = 1c40286217b4ba3a71d644d752e6a0b71f13f1b6a2c5311acfcbe0c2418ed904
-SIZE (rust/crates/quinn-udp-0.5.9.crate) = 25342
-SHA256 (rust/crates/quote-1.0.38.crate) = 0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc
-SIZE (rust/crates/quote-1.0.38.crate) = 31252
-SHA256 (rust/crates/rand-0.8.5.crate) = 34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404
-SIZE (rust/crates/rand-0.8.5.crate) = 87113
-SHA256 (rust/crates/rand_chacha-0.3.1.crate) = e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88
-SIZE (rust/crates/rand_chacha-0.3.1.crate) = 15251
-SHA256 (rust/crates/rand_core-0.6.4.crate) = ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c
-SIZE (rust/crates/rand_core-0.6.4.crate) = 22666
-SHA256 (rust/crates/redox_syscall-0.5.8.crate) = 03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834
-SIZE (rust/crates/redox_syscall-0.5.8.crate) = 26319
-SHA256 (rust/crates/redox_users-0.4.6.crate) = ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43
-SIZE (rust/crates/redox_users-0.4.6.crate) = 15585
-SHA256 (rust/crates/ref-cast-1.0.23.crate) = ccf0a6f84d5f1d581da8b41b47ec8600871962f2a528115b542b362d4b744931
-SIZE (rust/crates/ref-cast-1.0.23.crate) = 12795
-SHA256 (rust/crates/ref-cast-impl-1.0.23.crate) = bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6
-SIZE (rust/crates/ref-cast-impl-1.0.23.crate) = 9360
-SHA256 (rust/crates/reference-counted-singleton-0.1.5.crate) = 5daffa8f5ca827e146485577fa9dba9bd9c6921e06e954ab8f6408c10f753086
-SIZE (rust/crates/reference-counted-singleton-0.1.5.crate) = 6309
-SHA256 (rust/crates/referencing-0.28.0.crate) = 093a875008827c0ae15c746189966e162faa05bf347719d06302c548ac63630f
-SIZE (rust/crates/referencing-0.28.0.crate) = 28820
-SHA256 (rust/crates/regex-1.11.1.crate) = b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191
-SIZE (rust/crates/regex-1.11.1.crate) = 254170
-SHA256 (rust/crates/regex-automata-0.1.10.crate) = 6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132
-SIZE (rust/crates/regex-automata-0.1.10.crate) = 114533
-SHA256 (rust/crates/regex-automata-0.4.9.crate) = 809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908
-SIZE (rust/crates/regex-automata-0.4.9.crate) = 618525
-SHA256 (rust/crates/regex-syntax-0.6.29.crate) = f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1
-SIZE (rust/crates/regex-syntax-0.6.29.crate) = 299752
-SHA256 (rust/crates/regex-syntax-0.8.5.crate) = 2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c
-SIZE (rust/crates/regex-syntax-0.8.5.crate) = 357541
-SHA256 (rust/crates/reqwest-0.11.27.crate) = dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62
-SIZE (rust/crates/reqwest-0.11.27.crate) = 163155
-SHA256 (rust/crates/reqwest-0.12.11.crate) = 7fe060fe50f524be480214aba758c71f99f90ee8c83c5a36b5e9e1d568eb4eb3
-SIZE (rust/crates/reqwest-0.12.11.crate) = 193279
-SHA256 (rust/crates/rgb-0.8.50.crate) = 57397d16646700483b67d2dd6511d79318f9d057fdbd21a4066aeac8b41d310a
-SIZE (rust/crates/rgb-0.8.50.crate) = 21980
-SHA256 (rust/crates/ring-0.17.8.crate) = c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d
-SIZE (rust/crates/ring-0.17.8.crate) = 4188554
-SHA256 (rust/crates/rpassword-5.0.1.crate) = ffc936cf8a7ea60c58f030fd36a612a48f440610214dc54bc36431f9ea0c3efb
-SIZE (rust/crates/rpassword-5.0.1.crate) = 11109
-SHA256 (rust/crates/runloop-0.1.0.crate) = 5d79b4b604167921892e84afbbaad9d5ad74e091bf6c511d9dbfb0593f09fabd
-SIZE (rust/crates/runloop-0.1.0.crate) = 8610
-SHA256 (rust/crates/rusqlite-0.28.0.crate) = 01e213bc3ecb39ac32e81e51ebe31fd888a940515173e3a18a35f8c6e896422a
-SIZE (rust/crates/rusqlite-0.28.0.crate) = 137504
-SHA256 (rust/crates/rust-embed-8.5.0.crate) = fa66af4a4fdd5e7ebc276f115e895611a34739a9c1c01028383d612d550953c0
-SIZE (rust/crates/rust-embed-8.5.0.crate) = 904054
-SHA256 (rust/crates/rust-embed-impl-8.5.0.crate) = 6125dbc8867951125eec87294137f4e9c2c96566e61bf72c45095a7c77761478
-SIZE (rust/crates/rust-embed-impl-8.5.0.crate) = 6004
-SHA256 (rust/crates/rust-embed-utils-8.5.0.crate) = 2e5347777e9aacb56039b0e1f28785929a8a3b709e87482e7442c72e7c12529d
-SIZE (rust/crates/rust-embed-utils-8.5.0.crate) = 3445
-SHA256 (rust/crates/rustc-demangle-0.1.24.crate) = 719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f
-SIZE (rust/crates/rustc-demangle-0.1.24.crate) = 29047
-SHA256 (rust/crates/rustc-hash-1.1.0.crate) = 08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2
-SIZE (rust/crates/rustc-hash-1.1.0.crate) = 9331
-SHA256 (rust/crates/rustc-hash-2.1.0.crate) = c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497
-SIZE (rust/crates/rustc-hash-2.1.0.crate) = 13316
-SHA256 (rust/crates/rusticata-macros-4.1.0.crate) = faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632
-SIZE (rust/crates/rusticata-macros-4.1.0.crate) = 11746
-SHA256 (rust/crates/rustix-0.38.42.crate) = f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85
-SIZE (rust/crates/rustix-0.38.42.crate) = 378683
-SHA256 (rust/crates/rustls-0.21.12.crate) = 3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e
-SIZE (rust/crates/rustls-0.21.12.crate) = 285674
-SHA256 (rust/crates/rustls-0.23.20.crate) = 5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b
-SIZE (rust/crates/rustls-0.23.20.crate) = 335933
-SHA256 (rust/crates/rustls-native-certs-0.8.1.crate) = 7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3
-SIZE (rust/crates/rustls-native-certs-0.8.1.crate) = 31129
-SHA256 (rust/crates/rustls-pemfile-1.0.4.crate) = 1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c
-SIZE (rust/crates/rustls-pemfile-1.0.4.crate) = 22092
-SHA256 (rust/crates/rustls-pemfile-2.2.0.crate) = dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50
-SIZE (rust/crates/rustls-pemfile-2.2.0.crate) = 25849
-SHA256 (rust/crates/rustls-pki-types-1.10.1.crate) = d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37
-SIZE (rust/crates/rustls-pki-types-1.10.1.crate) = 58944
-SHA256 (rust/crates/rustls-webpki-0.101.7.crate) = 8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765
-SIZE (rust/crates/rustls-webpki-0.101.7.crate) = 168808
-SHA256 (rust/crates/rustls-webpki-0.102.8.crate) = 64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9
-SIZE (rust/crates/rustls-webpki-0.102.8.crate) = 204327
-SHA256 (rust/crates/rustversion-1.0.18.crate) = 0e819f2bc632f285be6d7cd36e25940d45b2391dd6d9b939e79de557f7014248
-SIZE (rust/crates/rustversion-1.0.18.crate) = 17794
-SHA256 (rust/crates/ryu-1.0.18.crate) = f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f
-SIZE (rust/crates/ryu-1.0.18.crate) = 47713
-SHA256 (rust/crates/same-file-1.0.6.crate) = 93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502
-SIZE (rust/crates/same-file-1.0.6.crate) = 10183
-SHA256 (rust/crates/schannel-0.1.27.crate) = 1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d
-SIZE (rust/crates/schannel-0.1.27.crate) = 42772
-SHA256 (rust/crates/scopeguard-1.2.0.crate) = 94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49
-SIZE (rust/crates/scopeguard-1.2.0.crate) = 11619
-SHA256 (rust/crates/sct-0.7.1.crate) = da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414
-SIZE (rust/crates/sct-0.7.1.crate) = 27501
-SHA256 (rust/crates/sd-notify-0.4.3.crate) = 1be20c5f7f393ee700f8b2f28ea35812e4e212f40774b550cd2a93ea91684451
-SIZE (rust/crates/sd-notify-0.4.3.crate) = 11900
-SHA256 (rust/crates/security-framework-2.11.1.crate) = 897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02
-SIZE (rust/crates/security-framework-2.11.1.crate) = 80188
-SHA256 (rust/crates/security-framework-3.1.0.crate) = 81d3f8c9bfcc3cbb6b0179eb57042d75b1582bdc65c3cb95f3fa999509c03cbc
-SIZE (rust/crates/security-framework-3.1.0.crate) = 85399
-SHA256 (rust/crates/security-framework-sys-2.13.0.crate) = 1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5
-SIZE (rust/crates/security-framework-sys-2.13.0.crate) = 20496
-SHA256 (rust/crates/selinux-0.4.6.crate) = 0139b2436c81305eb6bda33af151851f75bd62783817b25f44daa371119c30b5
-SIZE (rust/crates/selinux-0.4.6.crate) = 37249
-SHA256 (rust/crates/selinux-sys-0.6.13.crate) = e5e6e2b8e07a8ff45c90f8e3611bf10c4da7a28d73a26f9ede04f927da234f52
-SIZE (rust/crates/selinux-sys-0.6.13.crate) = 9067
-SHA256 (rust/crates/semver-1.0.24.crate) = 3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba
-SIZE (rust/crates/semver-1.0.24.crate) = 31267
-SHA256 (rust/crates/serde-1.0.217.crate) = 02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70
-SIZE (rust/crates/serde-1.0.217.crate) = 79019
-SHA256 (rust/crates/serde_bytes-0.11.15.crate) = 387cc504cb06bb40a96c8e04e951fe01854cf6bc921053c954e4a606d9675c6a
-SIZE (rust/crates/serde_bytes-0.11.15.crate) = 12191
-SHA256 (rust/crates/serde_cbor-0.11.2.crate) = 2bef2ebfde456fb76bbcf9f59315333decc4fda0b2b44b420243c11e0f5ec1f5
-SIZE (rust/crates/serde_cbor-0.11.2.crate) = 44570
-SHA256 (rust/crates/serde_cbor_2-0.12.0-dev.crate) = b46d75f449e01f1eddbe9b00f432d616fbbd899b809c837d0fbc380496a0dd55
-SIZE (rust/crates/serde_cbor_2-0.12.0-dev.crate) = 44766
-SHA256 (rust/crates/serde_derive-1.0.217.crate) = 5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0
-SIZE (rust/crates/serde_derive-1.0.217.crate) = 57749
-SHA256 (rust/crates/serde_json-1.0.134.crate) = d00f4175c42ee48b15416f6193a959ba3a0d67fc699a0db9ad12df9f83991c7d
-SIZE (rust/crates/serde_json-1.0.134.crate) = 154351
-SHA256 (rust/crates/serde_path_to_error-0.1.16.crate) = af99884400da37c88f5e9146b7f1fd0fbcae8f6eec4e9da38b67d05486f814a6
-SIZE (rust/crates/serde_path_to_error-0.1.16.crate) = 16657
-SHA256 (rust/crates/serde_urlencoded-0.7.1.crate) = d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd
-SIZE (rust/crates/serde_urlencoded-0.7.1.crate) = 12822
-SHA256 (rust/crates/serde_with-3.12.0.crate) = d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa
-SIZE (rust/crates/serde_with-3.12.0.crate) = 148666
-SHA256 (rust/crates/serde_with_macros-3.12.0.crate) = 8d00caa5193a3c8362ac2b73be6b9e768aa5a4b2f721d8f4b339600c3cb51f8e
-SIZE (rust/crates/serde_with_macros-3.12.0.crate) = 32089
-SHA256 (rust/crates/sha-crypt-0.5.0.crate) = 88e79009728d8311d42d754f2f319a975f9e38f156fd5e422d2451486c78b286
-SIZE (rust/crates/sha-crypt-0.5.0.crate) = 14603
-SHA256 (rust/crates/sha1_smol-1.0.1.crate) = bbfa15b3dddfee50a0fff136974b3e1bde555604ba463834a7eb7deb6417705d
-SIZE (rust/crates/sha1_smol-1.0.1.crate) = 9809
-SHA256 (rust/crates/sha2-0.10.8.crate) = 793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8
-SIZE (rust/crates/sha2-0.10.8.crate) = 26357
-SHA256 (rust/crates/sharded-slab-0.1.7.crate) = f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6
-SIZE (rust/crates/sharded-slab-0.1.7.crate) = 58227
-SHA256 (rust/crates/shell-words-1.1.0.crate) = 24188a676b6ae68c3b2cb3a01be17fbf7240ce009799bb56d5b1409051e78fde
-SIZE (rust/crates/shell-words-1.1.0.crate) = 9871
-SHA256 (rust/crates/shellexpand-2.1.2.crate) = 7ccc8076840c4da029af4f87e4e8daeb0fca6b87bbb02e10cb60b791450e11e4
-SIZE (rust/crates/shellexpand-2.1.2.crate) = 16884
-SHA256 (rust/crates/shlex-1.3.0.crate) = 0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64
-SIZE (rust/crates/shlex-1.3.0.crate) = 18713
-SHA256 (rust/crates/signal-hook-registry-1.4.2.crate) = a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1
-SIZE (rust/crates/signal-hook-registry-1.4.2.crate) = 18064
-SHA256 (rust/crates/slab-0.4.9.crate) = 8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67
-SIZE (rust/crates/slab-0.4.9.crate) = 17108
-SHA256 (rust/crates/smallvec-1.13.2.crate) = 3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67
-SIZE (rust/crates/smallvec-1.13.2.crate) = 35216
-SHA256 (rust/crates/smartstring-1.0.1.crate) = 3fb72c633efbaa2dd666986505016c32c3044395ceaf881518399d2f4127ee29
-SIZE (rust/crates/smartstring-1.0.1.crate) = 29555
-SHA256 (rust/crates/smolset-1.3.1.crate) = a8d372e8fe15dc5229e7d6c65f5810849385e79e24f9d9d64263e132879c7be0
-SIZE (rust/crates/smolset-1.3.1.crate) = 7321
-SHA256 (rust/crates/socket2-0.5.8.crate) = c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8
-SIZE (rust/crates/socket2-0.5.8.crate) = 56309
-SHA256 (rust/crates/spin-0.9.8.crate) = 6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67
-SIZE (rust/crates/spin-0.9.8.crate) = 38958
-SHA256 (rust/crates/spki-0.7.3.crate) = d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d
-SIZE (rust/crates/spki-0.7.3.crate) = 16409
-SHA256 (rust/crates/sptr-0.3.2.crate) = 3b9b39299b249ad65f3b7e96443bad61c02ca5cd3589f46cb6d610a0fd6c0d6a
-SIZE (rust/crates/sptr-0.3.2.crate) = 14598
-SHA256 (rust/crates/sshkey-attest-0.5.0.crate) = 34285eaade87ba166c4f17c0ae1e35d52659507db81888beae277e962b9e5a02
-SIZE (rust/crates/sshkey-attest-0.5.0.crate) = 10028
-SHA256 (rust/crates/sshkeys-0.3.3.crate) = 45287473d24bf7ad9ebad1aff097ad0424c16cd9430549170c3a67c5b05705bd
-SIZE (rust/crates/sshkeys-0.3.3.crate) = 32125
-SHA256 (rust/crates/stable_deref_trait-1.2.0.crate) = a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3
-SIZE (rust/crates/stable_deref_trait-1.2.0.crate) = 8054
-SHA256 (rust/crates/static_assertions-1.1.0.crate) = a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f
-SIZE (rust/crates/static_assertions-1.1.0.crate) = 18480
-SHA256 (rust/crates/strsim-0.10.0.crate) = 73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623
-SIZE (rust/crates/strsim-0.10.0.crate) = 11355
-SHA256 (rust/crates/strsim-0.11.1.crate) = 7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f
-SIZE (rust/crates/strsim-0.11.1.crate) = 14266
-SHA256 (rust/crates/subtle-2.6.1.crate) = 13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292
-SIZE (rust/crates/subtle-2.6.1.crate) = 14562
-SHA256 (rust/crates/svg-0.13.1.crate) = 02d815ad337e8449d2374d4248448645edfe74e699343dd5719139d93fa87112
-SIZE (rust/crates/svg-0.13.1.crate) = 17320
-SHA256 (rust/crates/syn-1.0.109.crate) = 72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237
-SIZE (rust/crates/syn-1.0.109.crate) = 237611
-SHA256 (rust/crates/syn-2.0.93.crate) = 9c786062daee0d6db1132800e623df74274a0a87322d8e183338e01b3d98d058
-SIZE (rust/crates/syn-2.0.93.crate) = 293925
-SHA256 (rust/crates/sync_wrapper-0.1.2.crate) = 2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160
-SIZE (rust/crates/sync_wrapper-0.1.2.crate) = 6933
-SHA256 (rust/crates/sync_wrapper-1.0.2.crate) = 0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263
-SIZE (rust/crates/sync_wrapper-1.0.2.crate) = 6958
-SHA256 (rust/crates/synstructure-0.13.1.crate) = c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971
-SIZE (rust/crates/synstructure-0.13.1.crate) = 18327
-SHA256 (rust/crates/system-configuration-0.5.1.crate) = ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7
-SIZE (rust/crates/system-configuration-0.5.1.crate) = 12618
-SHA256 (rust/crates/system-configuration-sys-0.5.0.crate) = a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9
-SIZE (rust/crates/system-configuration-sys-0.5.0.crate) = 6730
-SHA256 (rust/crates/target-lexicon-0.12.16.crate) = 61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1
-SIZE (rust/crates/target-lexicon-0.12.16.crate) = 26488
-SHA256 (rust/crates/tempfile-3.14.0.crate) = 28cce251fcbc87fac86a866eeb0d6c2d536fc16d06f184bb61aeae11aa4cee0c
-SIZE (rust/crates/tempfile-3.14.0.crate) = 35065
-SHA256 (rust/crates/termtree-0.5.1.crate) = 8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683
-SIZE (rust/crates/termtree-0.5.1.crate) = 8498
-SHA256 (rust/crates/thiserror-1.0.69.crate) = b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52
-SIZE (rust/crates/thiserror-1.0.69.crate) = 22198
-SHA256 (rust/crates/thiserror-2.0.8.crate) = 08f5383f3e0071702bf93ab5ee99b52d26936be9dedd9413067cbdcddcb6141a
-SIZE (rust/crates/thiserror-2.0.8.crate) = 28536
-SHA256 (rust/crates/thiserror-impl-1.0.69.crate) = 4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1
-SIZE (rust/crates/thiserror-impl-1.0.69.crate) = 18365
-SHA256 (rust/crates/thiserror-impl-2.0.8.crate) = f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943
-SIZE (rust/crates/thiserror-impl-2.0.8.crate) = 21014
-SHA256 (rust/crates/thousands-0.2.0.crate) = 3bf63baf9f5039dadc247375c29eb13706706cfde997d0330d05aa63a77d8820
-SIZE (rust/crates/thousands-0.2.0.crate) = 11060
-SHA256 (rust/crates/thread_local-1.1.8.crate) = 8b9ef9bad013ada3808854ceac7b46812a6465ba368859a37e2100283d2d719c
-SIZE (rust/crates/thread_local-1.1.8.crate) = 13962
-SHA256 (rust/crates/time-0.3.37.crate) = 35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21
-SIZE (rust/crates/time-0.3.37.crate) = 123257
-SHA256 (rust/crates/time-core-0.1.2.crate) = ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3
-SIZE (rust/crates/time-core-0.1.2.crate) = 7191
-SHA256 (rust/crates/time-macros-0.2.19.crate) = 2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de
-SIZE (rust/crates/time-macros-0.2.19.crate) = 24268
-SHA256 (rust/crates/tinystr-0.7.6.crate) = 9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f
-SIZE (rust/crates/tinystr-0.7.6.crate) = 16971
-SHA256 (rust/crates/tinyvec-1.8.1.crate) = 022db8904dfa342efe721985167e9fcd16c29b226db4397ed752a761cfce81e8
-SIZE (rust/crates/tinyvec-1.8.1.crate) = 47269
-SHA256 (rust/crates/tinyvec_macros-0.1.1.crate) = 1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20
-SIZE (rust/crates/tinyvec_macros-0.1.1.crate) = 5865
-SHA256 (rust/crates/tls_codec-0.4.1.crate) = b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a
-SIZE (rust/crates/tls_codec-0.4.1.crate) = 23077
-SHA256 (rust/crates/tls_codec_derive-0.4.1.crate) = 8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c
-SIZE (rust/crates/tls_codec_derive-0.4.1.crate) = 18463
-SHA256 (rust/crates/tokio-1.42.0.crate) = 5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551
-SIZE (rust/crates/tokio-1.42.0.crate) = 806998
-SHA256 (rust/crates/tokio-io-timeout-1.2.0.crate) = 30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf
-SIZE (rust/crates/tokio-io-timeout-1.2.0.crate) = 8993
-SHA256 (rust/crates/tokio-macros-2.4.0.crate) = 693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752
-SIZE (rust/crates/tokio-macros-2.4.0.crate) = 12501
-SHA256 (rust/crates/tokio-native-tls-0.3.1.crate) = bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2
-SIZE (rust/crates/tokio-native-tls-0.3.1.crate) = 20676
-SHA256 (rust/crates/tokio-openssl-0.6.5.crate) = 59df6849caa43bb7567f9a36f863c447d95a11d5903c9cc334ba32576a27eadd
-SIZE (rust/crates/tokio-openssl-0.6.5.crate) = 11977
-SHA256 (rust/crates/tokio-rustls-0.24.1.crate) = c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081
-SIZE (rust/crates/tokio-rustls-0.24.1.crate) = 33049
-SHA256 (rust/crates/tokio-rustls-0.26.1.crate) = 5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37
-SIZE (rust/crates/tokio-rustls-0.26.1.crate) = 31214
-SHA256 (rust/crates/tokio-stream-0.1.17.crate) = eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047
-SIZE (rust/crates/tokio-stream-0.1.17.crate) = 38477
-SHA256 (rust/crates/tokio-util-0.7.13.crate) = d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078
-SIZE (rust/crates/tokio-util-0.7.13.crate) = 115191
-SHA256 (rust/crates/toml-0.5.11.crate) = f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234
-SIZE (rust/crates/toml-0.5.11.crate) = 54910
-SHA256 (rust/crates/toml_datetime-0.6.8.crate) = 0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41
-SIZE (rust/crates/toml_datetime-0.6.8.crate) = 12028
-SHA256 (rust/crates/toml_edit-0.19.15.crate) = 1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421
-SIZE (rust/crates/toml_edit-0.19.15.crate) = 95324
-SHA256 (rust/crates/tonic-0.9.2.crate) = 3082666a3a6433f7f511c7192923fa1fe07c69332d3c6a2e6bb040b569199d5a
-SIZE (rust/crates/tonic-0.9.2.crate) = 92598
-SHA256 (rust/crates/tower-0.4.13.crate) = b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c
-SIZE (rust/crates/tower-0.4.13.crate) = 106906
-SHA256 (rust/crates/tower-0.5.2.crate) = d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9
-SIZE (rust/crates/tower-0.5.2.crate) = 109417
-SHA256 (rust/crates/tower-http-0.6.2.crate) = 403fa3b783d4b626a8ad51d766ab03cb6d2dbfc46b1c5d4448395e6628dc9697
-SIZE (rust/crates/tower-http-0.6.2.crate) = 129672
-SHA256 (rust/crates/tower-layer-0.3.3.crate) = 121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e
-SIZE (rust/crates/tower-layer-0.3.3.crate) = 6180
-SHA256 (rust/crates/tower-service-0.3.3.crate) = 8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3
-SIZE (rust/crates/tower-service-0.3.3.crate) = 6950
-SHA256 (rust/crates/tracing-0.1.41.crate) = 784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0
-SIZE (rust/crates/tracing-0.1.41.crate) = 82448
-SHA256 (rust/crates/tracing-attributes-0.1.28.crate) = 395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d
-SIZE (rust/crates/tracing-attributes-0.1.28.crate) = 33280
-SHA256 (rust/crates/tracing-core-0.1.33.crate) = e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c
-SIZE (rust/crates/tracing-core-0.1.33.crate) = 63434
-SHA256 (rust/crates/tracing-forest-0.1.6.crate) = ee40835db14ddd1e3ba414292272eddde9dad04d3d4b65509656414d1c42592f
-SIZE (rust/crates/tracing-forest-0.1.6.crate) = 28565
-SHA256 (rust/crates/tracing-log-0.1.4.crate) = f751112709b4e791d8ce53e32c4ed2d353565a795ce84da2285393f41557bdf2
-SIZE (rust/crates/tracing-log-0.1.4.crate) = 20640
-SHA256 (rust/crates/tracing-log-0.2.0.crate) = ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3
-SIZE (rust/crates/tracing-log-0.2.0.crate) = 17561
-SHA256 (rust/crates/tracing-opentelemetry-0.21.0.crate) = 75327c6b667828ddc28f5e3f169036cb793c3f588d83bf0f262a7f062ffed3c8
-SIZE (rust/crates/tracing-opentelemetry-0.21.0.crate) = 131576
-SHA256 (rust/crates/tracing-subscriber-0.3.19.crate) = e8189decb5ac0fa7bc8b96b7cb9b2701d60d48805aca84a238004d665fcc4008
-SIZE (rust/crates/tracing-subscriber-0.3.19.crate) = 198345
-SHA256 (rust/crates/try-lock-0.2.5.crate) = e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b
-SIZE (rust/crates/try-lock-0.2.5.crate) = 4314
-SHA256 (rust/crates/tss-esapi-8.0.0-alpha.crate) = 3c1617a46161846de3a3d3e407cd30cb345599bc5e440c3907a59b34b75a2731
-SIZE (rust/crates/tss-esapi-8.0.0-alpha.crate) = 290448
-SHA256 (rust/crates/tss-esapi-sys-0.5.0.crate) = 535cd192581c2ec4d5f82e670b1d3fbba6a23ccce8c85de387642051d7cad5b5
-SIZE (rust/crates/tss-esapi-sys-0.5.0.crate) = 167811
-SHA256 (rust/crates/typenum-1.17.0.crate) = 42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825
-SIZE (rust/crates/typenum-1.17.0.crate) = 42849
-SHA256 (rust/crates/unicase-2.8.0.crate) = 7e51b68083f157f853b6379db119d1c1be0e6e4dec98101079dec41f6f5cf6df
-SIZE (rust/crates/unicase-2.8.0.crate) = 23843
-SHA256 (rust/crates/unicode-bom-2.0.3.crate) = 7eec5d1121208364f6793f7d2e222bf75a915c19557537745b195b253dd64217
-SIZE (rust/crates/unicode-bom-2.0.3.crate) = 10773
-SHA256 (rust/crates/unicode-ident-1.0.14.crate) = adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83
-SIZE (rust/crates/unicode-ident-1.0.14.crate) = 47547
-SHA256 (rust/crates/unicode-normalization-0.1.24.crate) = 5033c97c4262335cded6d6fc3e5c18ab755e1a3dc96376350f3d8e9f009ad956
-SIZE (rust/crates/unicode-normalization-0.1.24.crate) = 126536
-SHA256 (rust/crates/unicode-segmentation-1.12.0.crate) = f6ccf251212114b54433ec949fd6a7841275f9ada20dddd2f29e9ceea4501493
-SIZE (rust/crates/unicode-segmentation-1.12.0.crate) = 106323
-SHA256 (rust/crates/unicode-width-0.2.0.crate) = 1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd
-SIZE (rust/crates/unicode-width-0.2.0.crate) = 271509
-SHA256 (rust/crates/untrusted-0.9.0.crate) = 8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1
-SIZE (rust/crates/untrusted-0.9.0.crate) = 14447
-SHA256 (rust/crates/url-2.5.4.crate) = 32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60
-SIZE (rust/crates/url-2.5.4.crate) = 81097
-SHA256 (rust/crates/urlencoding-2.1.3.crate) = daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da
-SIZE (rust/crates/urlencoding-2.1.3.crate) = 6538
-SHA256 (rust/crates/utf16_iter-1.0.5.crate) = c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246
-SIZE (rust/crates/utf16_iter-1.0.5.crate) = 9736
-SHA256 (rust/crates/utf8_iter-1.0.4.crate) = b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be
-SIZE (rust/crates/utf8_iter-1.0.4.crate) = 10437
-SHA256 (rust/crates/utf8parse-0.2.2.crate) = 06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821
-SIZE (rust/crates/utf8parse-0.2.2.crate) = 13499
-SHA256 (rust/crates/utoipa-4.2.3.crate) = c5afb1a60e207dca502682537fefcfd9921e71d0b83e9576060f09abc6efab23
-SIZE (rust/crates/utoipa-4.2.3.crate) = 54759
-SHA256 (rust/crates/utoipa-gen-4.3.1.crate) = 20c24e8ab68ff9ee746aad22d39b5535601e6416d1b0feeabf78be986a5c4392
-SIZE (rust/crates/utoipa-gen-4.3.1.crate) = 142985
-SHA256 (rust/crates/utoipa-swagger-ui-6.0.0.crate) = 0b39868d43c011961e04b41623e050aedf2cc93652562ff7935ce0f819aaf2da
-SIZE (rust/crates/utoipa-swagger-ui-6.0.0.crate) = 4372387
-SHA256 (rust/crates/uuid-1.11.0.crate) = f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a
-SIZE (rust/crates/uuid-1.11.0.crate) = 47683
-SHA256 (rust/crates/uuid-simd-0.8.0.crate) = 23b082222b4f6619906941c17eb2297fff4c2fb96cb60164170522942a200bd8
-SIZE (rust/crates/uuid-simd-0.8.0.crate) = 6959
-SHA256 (rust/crates/valuable-0.1.0.crate) = 830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d
-SIZE (rust/crates/valuable-0.1.0.crate) = 27718
-SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426
-SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735
-SHA256 (rust/crates/version_check-0.9.5.crate) = 0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a
-SIZE (rust/crates/version_check-0.9.5.crate) = 15554
-SHA256 (rust/crates/vsimd-0.8.0.crate) = 5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64
-SIZE (rust/crates/vsimd-0.8.0.crate) = 21377
-SHA256 (rust/crates/wait-timeout-0.2.0.crate) = 9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6
-SIZE (rust/crates/wait-timeout-0.2.0.crate) = 12441
-SHA256 (rust/crates/walkdir-2.5.0.crate) = 29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b
-SIZE (rust/crates/walkdir-2.5.0.crate) = 23951
-SHA256 (rust/crates/want-0.3.1.crate) = bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e
-SIZE (rust/crates/want-0.3.1.crate) = 6398
-SHA256 (rust/crates/wasi-0.11.0+wasi-snapshot-preview1.crate) = 9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423
-SIZE (rust/crates/wasi-0.11.0+wasi-snapshot-preview1.crate) = 28131
-SHA256 (rust/crates/wasite-0.1.0.crate) = b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b
-SIZE (rust/crates/wasite-0.1.0.crate) = 2346
-SHA256 (rust/crates/wasm-bindgen-0.2.99.crate) = a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396
-SIZE (rust/crates/wasm-bindgen-0.2.99.crate) = 46136
-SHA256 (rust/crates/wasm-bindgen-backend-0.2.99.crate) = 5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79
-SIZE (rust/crates/wasm-bindgen-backend-0.2.99.crate) = 30928
-SHA256 (rust/crates/wasm-bindgen-futures-0.4.49.crate) = 38176d9b44ea84e9184eff0bc34cc167ed044f816accfe5922e54d84cf48eca2
-SIZE (rust/crates/wasm-bindgen-futures-0.4.49.crate) = 14838
-SHA256 (rust/crates/wasm-bindgen-macro-0.2.99.crate) = 2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe
-SIZE (rust/crates/wasm-bindgen-macro-0.2.99.crate) = 7011
-SHA256 (rust/crates/wasm-bindgen-macro-support-0.2.99.crate) = 30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2
-SIZE (rust/crates/wasm-bindgen-macro-support-0.2.99.crate) = 22800
-SHA256 (rust/crates/wasm-bindgen-shared-0.2.99.crate) = 943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6
-SIZE (rust/crates/wasm-bindgen-shared-0.2.99.crate) = 7773
-SHA256 (rust/crates/web-sys-0.3.76.crate) = 04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc
-SIZE (rust/crates/web-sys-0.3.76.crate) = 635842
-SHA256 (rust/crates/web-time-1.1.0.crate) = 5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb
-SIZE (rust/crates/web-time-1.1.0.crate) = 18026
-SHA256 (rust/crates/webauthn-attestation-ca-0.5.1.crate) = 29e77e8859ecb93b00e4a8e56ae45f8a8dd69b1539e3d32cf4cce1db9a3a0b99
-SIZE (rust/crates/webauthn-attestation-ca-0.5.1.crate) = 3903
-SHA256 (rust/crates/webauthn-authenticator-rs-0.5.1.crate) = 1bc2f8b61965979d9dd561dc8288a89e01ecf224179b40d5d496141225b540b4
-SIZE (rust/crates/webauthn-authenticator-rs-0.5.1.crate) = 207382
-SHA256 (rust/crates/webauthn-rs-0.5.1.crate) = 8b44347ee0d66f222043663a6aaf5ec78022b9b11c3a9ed488c21f2bd5680856
-SIZE (rust/crates/webauthn-rs-0.5.1.crate) = 20150
-SHA256 (rust/crates/webauthn-rs-core-0.5.1.crate) = 2ef48f07ed8f3dfe304d6c48e85317feba0439675f31a13063b2936c9b4eaf0d
-SIZE (rust/crates/webauthn-rs-core-0.5.1.crate) = 123169
-SHA256 (rust/crates/webauthn-rs-proto-0.5.1.crate) = 14e1367f70e7dc7b83afc971ce8a54d578f4fdf488ea093021180e073744a69f
-SIZE (rust/crates/webauthn-rs-proto-0.5.1.crate) = 13873
-SHA256 (rust/crates/webdriver-0.50.0.crate) = 144ab979b12d36d65065635e646549925de229954de2eb3b47459b432a42db71
-SIZE (rust/crates/webdriver-0.50.0.crate) = 32046
-SHA256 (rust/crates/webpki-roots-0.25.4.crate) = 5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1
-SIZE (rust/crates/webpki-roots-0.25.4.crate) = 253559
-SHA256 (rust/crates/webpki-roots-0.26.7.crate) = 5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e
-SIZE (rust/crates/webpki-roots-0.26.7.crate) = 249392
-SHA256 (rust/crates/weezl-0.1.8.crate) = 53a85b86a771b1c87058196170769dd264f66c0782acf1ae6cc51bfd64b39082
-SIZE (rust/crates/weezl-0.1.8.crate) = 42175
-SHA256 (rust/crates/which-4.4.2.crate) = 87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7
-SIZE (rust/crates/which-4.4.2.crate) = 15953
-SHA256 (rust/crates/whoami-1.5.2.crate) = 372d5b87f58ec45c384ba03563b03544dc5fadc3983e434b286913f5b4a9bb6d
-SIZE (rust/crates/whoami-1.5.2.crate) = 24204
-SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419
-SIZE (rust/crates/winapi-0.3.9.crate) = 1200382
-SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6
-SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815
-SHA256 (rust/crates/winapi-util-0.1.9.crate) = cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb
-SIZE (rust/crates/winapi-util-0.1.9.crate) = 12464
-SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f
-SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998
-SHA256 (rust/crates/windows-0.41.0.crate) = 5a3ed69de2c1f8d0524a8a3417a80a85dd316a071745fbfdf5eb028b310058ab
-SIZE (rust/crates/windows-0.41.0.crate) = 11980400
-SHA256 (rust/crates/windows-core-0.52.0.crate) = 33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9
-SIZE (rust/crates/windows-core-0.52.0.crate) = 42154
-SHA256 (rust/crates/windows-registry-0.2.0.crate) = e400001bb720a623c1c69032f8e3e4cf09984deec740f007dd2b03ec864804b0
-SIZE (rust/crates/windows-registry-0.2.0.crate) = 10470
-SHA256 (rust/crates/windows-result-0.2.0.crate) = 1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e
-SIZE (rust/crates/windows-result-0.2.0.crate) = 12756
-SHA256 (rust/crates/windows-strings-0.1.0.crate) = 4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10
-SIZE (rust/crates/windows-strings-0.1.0.crate) = 13832
-SHA256 (rust/crates/windows-sys-0.48.0.crate) = 677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9
-SIZE (rust/crates/windows-sys-0.48.0.crate) = 2628884
-SHA256 (rust/crates/windows-sys-0.52.0.crate) = 282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d
-SIZE (rust/crates/windows-sys-0.52.0.crate) = 2576877
-SHA256 (rust/crates/windows-sys-0.59.0.crate) = 1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b
-SIZE (rust/crates/windows-sys-0.59.0.crate) = 2387323
-SHA256 (rust/crates/windows-targets-0.48.5.crate) = 9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c
-SIZE (rust/crates/windows-targets-0.48.5.crate) = 6904
-SHA256 (rust/crates/windows-targets-0.52.6.crate) = 9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973
-SIZE (rust/crates/windows-targets-0.52.6.crate) = 6403
-SHA256 (rust/crates/windows_aarch64_gnullvm-0.41.0.crate) = 163d2761774f2278ecb4e6719e80b2b5e92e5a2be73a7bcd3ef624dd5e3091fd
-SIZE (rust/crates/windows_aarch64_gnullvm-0.41.0.crate) = 357917
-SHA256 (rust/crates/windows_aarch64_gnullvm-0.48.5.crate) = 2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8
-SIZE (rust/crates/windows_aarch64_gnullvm-0.48.5.crate) = 418492
-SHA256 (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3
-SIZE (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 435718
-SHA256 (rust/crates/windows_aarch64_msvc-0.41.0.crate) = ef005ff2bceb00d3b84166a359cc19084f9459754fd3fe5a504dee3dddcd0a0c
-SIZE (rust/crates/windows_aarch64_msvc-0.41.0.crate) = 659427
-SHA256 (rust/crates/windows_aarch64_msvc-0.48.5.crate) = dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc
-SIZE (rust/crates/windows_aarch64_msvc-0.48.5.crate) = 798483
-SHA256 (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469
-SIZE (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 832615
-SHA256 (rust/crates/windows_i686_gnu-0.41.0.crate) = 02b4df2d51e32f03f8b4b228e487828c03bcb36d97b216fc5463bcea5bb1440b
-SIZE (rust/crates/windows_i686_gnu-0.41.0.crate) = 728572
-SHA256 (rust/crates/windows_i686_gnu-0.48.5.crate) = a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e
-SIZE (rust/crates/windows_i686_gnu-0.48.5.crate) = 844891
-SHA256 (rust/crates/windows_i686_gnu-0.52.6.crate) = 8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b
-SIZE (rust/crates/windows_i686_gnu-0.52.6.crate) = 880402
-SHA256 (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66
-SIZE (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 475940
-SHA256 (rust/crates/windows_i686_msvc-0.41.0.crate) = 568a966834571f2f3267f07dd72b4d8507381f25e53d056808483b2637385ef7
-SIZE (rust/crates/windows_i686_msvc-0.41.0.crate) = 717481
-SHA256 (rust/crates/windows_i686_msvc-0.48.5.crate) = 8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406
-SIZE (rust/crates/windows_i686_msvc-0.48.5.crate) = 864300
-SHA256 (rust/crates/windows_i686_msvc-0.52.6.crate) = 240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66
-SIZE (rust/crates/windows_i686_msvc-0.52.6.crate) = 901163
-SHA256 (rust/crates/windows_x86_64_gnu-0.41.0.crate) = fc395dac1adf444e276d096d933ae7961361c8cda3245cffef7a9b3a70a8f994
-SIZE (rust/crates/windows_x86_64_gnu-0.41.0.crate) = 692491
-SHA256 (rust/crates/windows_x86_64_gnu-0.48.5.crate) = 53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e
-SIZE (rust/crates/windows_x86_64_gnu-0.48.5.crate) = 801619
-SHA256 (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78
-SIZE (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 836363
-SHA256 (rust/crates/windows_x86_64_gnullvm-0.41.0.crate) = 90e8ec22b715d5b436e1d59c8adad6c744dc20cd984710121d5836b4e8dbb5e0
-SIZE (rust/crates/windows_x86_64_gnullvm-0.41.0.crate) = 357903
-SHA256 (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc
-SIZE (rust/crates/windows_x86_64_gnullvm-0.48.5.crate) = 418486
-SHA256 (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d
-SIZE (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 435707
-SHA256 (rust/crates/windows_x86_64_msvc-0.41.0.crate) = 8b9761f0216b669019df1512f6e25e5ee779bf61c5cdc43c7293858e7efd7926
-SIZE (rust/crates/windows_x86_64_msvc-0.41.0.crate) = 659379
-SHA256 (rust/crates/windows_x86_64_msvc-0.48.5.crate) = ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538
-SIZE (rust/crates/windows_x86_64_msvc-0.48.5.crate) = 798412
-SHA256 (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec
-SIZE (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 832564
-SHA256 (rust/crates/winnow-0.5.40.crate) = f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876
-SIZE (rust/crates/winnow-0.5.40.crate) = 159316
-SHA256 (rust/crates/winnow-0.6.20.crate) = 36c1fec1a2bb5866f07c25f68c26e565c4c200aebb96d7e55710c19d3e8ac49b
-SIZE (rust/crates/winnow-0.6.20.crate) = 163617
-SHA256 (rust/crates/winreg-0.50.0.crate) = 524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1
-SIZE (rust/crates/winreg-0.50.0.crate) = 29703
-SHA256 (rust/crates/write16-1.0.0.crate) = d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936
-SIZE (rust/crates/write16-1.0.0.crate) = 7218
-SHA256 (rust/crates/writeable-0.5.5.crate) = 1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51
-SIZE (rust/crates/writeable-0.5.5.crate) = 22354
-SHA256 (rust/crates/x509-cert-0.2.5.crate) = 1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94
-SIZE (rust/crates/x509-cert-0.2.5.crate) = 99819
-SHA256 (rust/crates/x509-parser-0.16.0.crate) = fcbc162f30700d6f3f82a24bf7cc62ffe7caea42c0b2cba8bf7f3ae50cf51f69
-SIZE (rust/crates/x509-parser-0.16.0.crate) = 92925
-SHA256 (rust/crates/yoke-0.7.5.crate) = 120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40
-SIZE (rust/crates/yoke-0.7.5.crate) = 29673
-SHA256 (rust/crates/yoke-derive-0.7.5.crate) = 2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154
-SIZE (rust/crates/yoke-derive-0.7.5.crate) = 7525
-SHA256 (rust/crates/zerocopy-0.7.35.crate) = 1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0
-SIZE (rust/crates/zerocopy-0.7.35.crate) = 152645
-SHA256 (rust/crates/zerocopy-derive-0.7.35.crate) = fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e
-SIZE (rust/crates/zerocopy-derive-0.7.35.crate) = 37829
-SHA256 (rust/crates/zerofrom-0.1.5.crate) = cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e
-SIZE (rust/crates/zerofrom-0.1.5.crate) = 5091
-SHA256 (rust/crates/zerofrom-derive-0.1.5.crate) = 595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808
-SIZE (rust/crates/zerofrom-derive-0.1.5.crate) = 8285
-SHA256 (rust/crates/zeroize-1.8.1.crate) = ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde
-SIZE (rust/crates/zeroize-1.8.1.crate) = 20029
-SHA256 (rust/crates/zeroize_derive-1.4.2.crate) = ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69
-SIZE (rust/crates/zeroize_derive-1.4.2.crate) = 11141
-SHA256 (rust/crates/zerovec-0.10.4.crate) = aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079
-SIZE (rust/crates/zerovec-0.10.4.crate) = 126398
-SHA256 (rust/crates/zerovec-derive-0.10.3.crate) = 6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6
-SIZE (rust/crates/zerovec-derive-0.10.3.crate) = 19438
-SHA256 (rust/crates/zip-0.6.6.crate) = 760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261
-SIZE (rust/crates/zip-0.6.6.crate) = 65789
-SHA256 (rust/crates/zxcvbn-2.2.2.crate) = 103fa851fff70ea29af380e87c25c48ff7faac5c530c70bd0e65366d4e0c94e4
-SIZE (rust/crates/zxcvbn-2.2.2.crate) = 423636
-SHA256 (kanidm-kanidm-g20250201-5eb9a4430f4beab41aed7d5d77414ceea6b2eb1c_GH0.tar.gz) = 4fe80989fe900ad05cb73c076a298e70804231c16f3b02df2b71f2dcbc9f0ead
-SIZE (kanidm-kanidm-g20250201-5eb9a4430f4beab41aed7d5d77414ceea6b2eb1c_GH0.tar.gz) = 8594529
diff --git a/platform/freebsd/client/files/kanidm_unixd_tasks.in b/platform/freebsd/client/files/kanidm_unixd_tasks.in
index 1ed3000e7..ed2a2e330 100644
--- a/platform/freebsd/client/files/kanidm_unixd_tasks.in
+++ b/platform/freebsd/client/files/kanidm_unixd_tasks.in
@@ -21,7 +21,7 @@ load_rc_config $name
 
 pidfile="/var/run/kanidm-unixd-tasks.pid"
 command=/usr/sbin/daemon
-command_args="-u _kanidm_unixd -p /var/run/kanidm-unixd-tasks.pid -T kanidm_unixd_tasks /usr/local/libexec/${name}"
+command_args="-u root -p /var/run/kanidm-unixd-tasks.pid -T kanidm_unixd_tasks /usr/local/libexec/${name}"
 procname=/usr/local/libexec/${name}
 
 run_rc_command "$1"
diff --git a/proto/Cargo.toml b/proto/Cargo.toml
index 5cb55ce3d..c9f140fcb 100644
--- a/proto/Cargo.toml
+++ b/proto/Cargo.toml
@@ -42,3 +42,6 @@ sshkeys = { workspace = true }
 [dev-dependencies]
 enum-iterator = { workspace = true }
 serde_urlencoded = { workspace = true }
+
+[build-dependencies]
+kanidm_build_profiles = { workspace = true }
diff --git a/proto/build.rs b/proto/build.rs
new file mode 100644
index 000000000..5a19158c1
--- /dev/null
+++ b/proto/build.rs
@@ -0,0 +1,3 @@
+fn main() {
+    profiles::apply_profile();
+}
diff --git a/proto/src/constants.rs b/proto/src/constants.rs
index 4409c0153..9575a0a41 100644
--- a/proto/src/constants.rs
+++ b/proto/src/constants.rs
@@ -30,7 +30,7 @@ pub const VALID_IMAGE_UPLOAD_CONTENT_TYPES: [&str; 5] = [
 pub const APPLICATION_JSON: &str = "application/json";
 
 /// The "system" path for Kanidm client config
-pub const DEFAULT_CLIENT_CONFIG_PATH: &str = "/etc/kanidm/config";
+pub const DEFAULT_CLIENT_CONFIG_PATH: &str = env!("KANIDM_CLIENT_CONFIG_PATH");
 /// The user-owned path for Kanidm client config
 pub const DEFAULT_CLIENT_CONFIG_PATH_HOME: &str = "~/.config/kanidm";
 
diff --git a/unix_integration/common/src/constants.rs b/unix_integration/common/src/constants.rs
index 7f5ec9f3f..5a298fb26 100644
--- a/unix_integration/common/src/constants.rs
+++ b/unix_integration/common/src/constants.rs
@@ -17,3 +17,9 @@ pub const DEFAULT_GID_ATTR_MAP: UidAttr = UidAttr::Spn;
 pub const DEFAULT_SELINUX: bool = true;
 pub const DEFAULT_TPM_TCTI_NAME: &str = "device:/dev/tpmrm0";
 pub const DEFAULT_HSM_PIN_PATH: &str = "/var/lib/kanidm-unixd/hsm-pin";
+
+#[cfg(all(target_family = "unix", not(target_os = "freebsd")))]
+pub const DEFAULT_SHELL_SEARCH_PATHS: &[&str] = &["/bin"];
+
+#[cfg(all(target_family = "unix", target_os = "freebsd"))]
+pub const DEFAULT_SHELL_SEARCH_PATHS: &[&str] = &["/bin", "/usr/local/bin"];
diff --git a/unix_integration/resolver/src/resolver.rs b/unix_integration/resolver/src/resolver.rs
index 756878530..3eb8531cd 100644
--- a/unix_integration/resolver/src/resolver.rs
+++ b/unix_integration/resolver/src/resolver.rs
@@ -31,6 +31,7 @@ use crate::idprovider::system::{
     Shadow, SystemAuthResult, SystemProvider, SystemProviderAuthInit, SystemProviderSession,
 };
 use crate::unix_config::{HomeAttr, UidAttr};
+use kanidm_unix_common::constants::DEFAULT_SHELL_SEARCH_PATHS;
 use kanidm_unix_common::unix_passwd::{EtcGroup, EtcShadow, EtcUser};
 use kanidm_unix_common::unix_proto::{
     HomeDirectoryInfo, NssGroup, NssUser, PamAuthRequest, PamAuthResponse, PamServiceInfo,
@@ -331,26 +332,65 @@ impl Resolver {
             })?;
 
         // Check if requested `shell` exists on the system, else use `default_shell`
-        let requested_shell_exists: bool = token
-            .shell
-            .as_ref()
-            .map(|shell| {
-                let exists = Path::new(shell).canonicalize()
-                    .map_err(|err|{
-                        debug!("Failed to canonicalize path, using base path. Tried: {} Error: {:?}", shell, err);
-                    }).unwrap_or(Path::new(shell).to_path_buf()).exists();
-                if !exists {
-                    warn!(
-                        "Configured shell for {} is not present on this system - {}. Check `/etc/shells` for valid shell options.", token.name,
-                        shell
-                    )
+        let maybe_shell = token.shell.as_ref().map(PathBuf::from);
+
+        let requested_shell_exists = if let Some(shell_path) = maybe_shell.as_ref() {
+            // Does the shell path as configured exist?
+            let mut exists = shell_path
+                .canonicalize()
+                .map_err(|err| {
+                    debug!(
+                        "Failed to canonicalize path, using base path. Tried: {} Error: {:?}",
+                        shell_path.to_string_lossy(),
+                        err
+                    );
+                })
+                .unwrap_or(Path::new(shell_path).to_path_buf())
+                .exists();
+
+            if !exists {
+                // Does the shell binary exist in a search path that is configured?
+                if let Some(shell_binary_name) = shell_path.file_name() {
+                    for search_path in DEFAULT_SHELL_SEARCH_PATHS {
+                        //
+                        let shell_path = Path::new(search_path).join(shell_binary_name);
+                        if shell_path.exists() {
+                            // Okay, the binary name exists but in an alternate path. This can
+                            // commonly occur with freebsd where the shell may be installed
+                            // in /usr/local/bin instead of /bin.
+                            //
+                            // This could also occur if the user configured the shell as "zsh"
+                            // rather than an absolute path.
+                            let Some(shell_path_utf8) = shell_path.to_str().map(String::from)
+                            else {
+                                warn!("Configured shell \"{}\" for {} was found but the complete path is not valid utf-8 and can not be used.",
+                                        shell_binary_name.to_string_lossy(), token.name);
+                                continue;
+                            };
+
+                            // Update the path
+                            token.shell = Some(shell_path_utf8);
+                            // We exist
+                            exists = true;
+                            // No need to loop any more
+                            break;
+                        }
+                    }
                 }
-                exists
-            })
-            .unwrap_or_else(|| {
-                info!("User has not specified a shell, using default");
-                false
-            });
+            }
+
+            if !exists {
+                warn!(
+                        "Configured shell \"{}\" for {} is not present on this system. Check `/etc/shells` for valid shell options.",
+                        shell_path.to_string_lossy(), token.name
+                    )
+            }
+
+            exists
+        } else {
+            info!("User has not specified a shell, using default");
+            false
+        };
 
         if !requested_shell_exists {
             token.shell = Some(self.default_shell.clone())

From c89f0c011ed578c22ec3880cf35d63b9c5945f40 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Sun, 9 Feb 2025 21:06:01 +1100
Subject: [PATCH 82/87] 20250209 pre release (#3409)

* fix: removing unused dependencies (assert_cmd, gethostname)
* chore: Release Notes
---
 Cargo.lock                                    | 382 ++++++++----------
 Cargo.toml                                    |   9 +-
 README.md                                     |   4 +-
 RELEASE_NOTES.md                              | 157 ++++---
 book/src/developers/release_checklist.md      |  40 +-
 libs/crypto/Cargo.toml                        |   4 +
 libs/file_permissions/Cargo.toml              |   3 -
 libs/profiles/Cargo.toml                      |   4 +
 libs/sketching/Cargo.toml                     |   1 -
 libs/users/Cargo.toml                         |  14 +-
 server/core/Cargo.toml                        |   8 +-
 server/daemon/Cargo.toml                      |  11 +-
 server/daemon/src/main.rs                     |   2 +-
 server/lib/Cargo.toml                         |   8 +-
 server/testkit/Cargo.toml                     |   8 +-
 server/testkit/examples/enumerating_access.rs |   3 +-
 tools/cli/Cargo.toml                          |   5 +-
 tools/device_flow/Cargo.toml                  |  13 +-
 tools/iam_migrations/freeipa/Cargo.toml       |   3 +
 tools/iam_migrations/ldap/Cargo.toml          |   3 +
 tools/orca/Cargo.toml                         |   2 +
 unix_integration/common/Cargo.toml            |   3 +
 unix_integration/nss_kanidm/Cargo.toml        |  23 +-
 unix_integration/pam_kanidm/Cargo.toml        |  33 +-
 unix_integration/resolver/Cargo.toml          |  11 +-
 25 files changed, 406 insertions(+), 348 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index dd52cc794..2cd5e62e7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -24,7 +24,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011"
 dependencies = [
  "cfg-if",
- "getrandom",
+ "getrandom 0.2.15",
  "once_cell",
  "serde",
  "version_check",
@@ -173,7 +173,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "serde",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -215,7 +215,7 @@ checksum = "965c2d33e53cb6b267e148a4cb0760bc01f4904c1cd4bb4002a085bb016d1490"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
  "synstructure",
 ]
 
@@ -227,23 +227,7 @@ checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
-]
-
-[[package]]
-name = "assert_cmd"
-version = "2.0.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc1835b7f27878de8525dc71410b5a31cdcc5f230aed5ba5df968e09c201b23d"
-dependencies = [
- "anstyle",
- "bstr",
- "doc-comment",
- "libc",
- "predicates",
- "predicates-core",
- "predicates-tree",
- "wait-timeout",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -278,18 +262,18 @@ checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
 name = "async-trait"
-version = "0.1.85"
+version = "0.1.86"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f934833b4b7233644e5848f235df3f57ed8c80f1528a26c3dfa13d2147fa056"
+checksum = "644dd749086bf3771a2fbc5f256fdb982d53f011c7d5d560304eafeecebce79d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -345,7 +329,7 @@ dependencies = [
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-util",
  "itoa",
  "matchit",
@@ -436,7 +420,7 @@ checksum = "57d123550fa8d071b7255cb0cc04dc302baa6c8c4a79f55701552684d8399bce"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -450,7 +434,7 @@ dependencies = [
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-util",
  "pin-project-lite",
  "tokio",
@@ -542,7 +526,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.96",
+ "syn 2.0.98",
  "which",
 ]
 
@@ -563,7 +547,7 @@ dependencies = [
  "regex",
  "rustc-hash 1.1.0",
  "shlex",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -651,9 +635,9 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.16.0"
+version = "3.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
+checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf"
 
 [[package]]
 name = "bytecount"
@@ -675,15 +659,15 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.9.0"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
+checksum = "f61dac84819c6588b558454b194026eb1f09c293b9036ae9b159e74e73ab6cf9"
 
 [[package]]
 name = "cc"
-version = "1.2.10"
+version = "1.2.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13208fcbb66eaeffe09b99fffbe1af420f00a7b35aa99ad683dfc1aa76145229"
+checksum = "c7777341816418c02e033934a09f20dc0ccaf65a5201ef8a450ae0105a573fda"
 dependencies = [
  "shlex",
 ]
@@ -743,9 +727,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.27"
+version = "4.5.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "769b0145982b4b48713e01ec42d61614425f27b7058bda7180a3a41f30104796"
+checksum = "3e77c3243bd94243c03672cb5154667347c457ca271254724f9f393aee1c05ff"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -765,23 +749,23 @@ dependencies = [
 
 [[package]]
 name = "clap_complete"
-version = "4.5.42"
+version = "4.5.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33a7e468e750fa4b6be660e8b5651ad47372e8fb114030b594c2d75d48c5ffd0"
+checksum = "375f9d8255adeeedd51053574fd8d4ba875ea5fa558e86617b07f09f1680c8b6"
 dependencies = [
  "clap",
 ]
 
 [[package]]
 name = "clap_derive"
-version = "4.5.24"
+version = "4.5.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "54b755194d6389280185988721fffba69495eed5ee9feeee9a599b53db80318c"
+checksum = "bf4ced95c6f4a675af3da73304b9ac4ed991640c36374e4b46795c49e17cf1ed"
 dependencies = [
  "heck",
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -948,13 +932,13 @@ dependencies = [
 
 [[package]]
 name = "cron"
-version = "0.12.1"
+version = "0.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f8c3e73077b4b4a6ab1ea5047c37c57aee77657bc8ecd6f29b0af082d0b0c07"
+checksum = "5877d3fbf742507b66bc2a1945106bd30dd8504019d596901ddd012a4dd01740"
 dependencies = [
  "chrono",
- "nom",
  "once_cell",
+ "winnow 0.6.26",
 ]
 
 [[package]]
@@ -1062,7 +1046,6 @@ dependencies = [
  "prctl",
  "reqwest 0.12.12",
  "sd-notify",
- "serde",
  "serde_json",
  "sketching",
  "tokio",
@@ -1116,7 +1099,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "strsim 0.11.1",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -1138,7 +1121,7 @@ checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806"
 dependencies = [
  "darling_core 0.20.10",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -1182,7 +1165,7 @@ checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -1254,22 +1237,17 @@ dependencies = [
 
 [[package]]
 name = "dialoguer"
-version = "0.10.4"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "59c6f2989294b9a498d3ad5491a79c6deb604617378e1cdc4bfc1c1361fe2f87"
+checksum = "658bce805d770f407bc62102fca7c2c64ceef2fbcb2b8bd19d2765ce093980de"
 dependencies = [
  "console",
  "shell-words",
  "tempfile",
+ "thiserror 1.0.69",
  "zeroize",
 ]
 
-[[package]]
-name = "difflib"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8"
-
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -1309,15 +1287,9 @@ checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
-[[package]]
-name = "doc-comment"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
-
 [[package]]
 name = "document-features"
 version = "0.2.10"
@@ -1335,9 +1307,9 @@ checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
 
 [[package]]
 name = "dyn-clone"
-version = "1.0.17"
+version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125"
+checksum = "feeef44e73baff3a26d371801df019877a9866a8c493d315ab00177843314f35"
 
 [[package]]
 name = "either"
@@ -1386,7 +1358,7 @@ checksum = "a1ab991c1362ac86c61ab6f556cff143daa22e5a15e4e189df818b2fd19fe65b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -1406,7 +1378,7 @@ checksum = "fc4caf64a58d7a6d65ab00639b046ff54399a39f5f2554728895ace4b297cd79"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -1482,7 +1454,7 @@ dependencies = [
  "futures-util",
  "http 1.2.0",
  "http-body-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-tls",
  "hyper-util",
  "mime",
@@ -1515,7 +1487,7 @@ checksum = "c66b725fe9483b9ee72ccaec072b15eb8ad95a3ae63a8c798d5748883b72fd33"
 dependencies = [
  "base64 0.22.1",
  "byteorder",
- "getrandom",
+ "getrandom 0.2.15",
  "openssl",
  "zeroize",
 ]
@@ -1622,9 +1594,9 @@ dependencies = [
 
 [[package]]
 name = "fs4"
-version = "0.8.4"
+version = "0.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f7e180ac76c23b45e767bd7ae9579bc0bb458618c4bc71835926e098e61d15f8"
+checksum = "c29c30684418547d476f0b48e84f4821639119c483b1eccd566c8cd0cd05f521"
 dependencies = [
  "rustix",
  "windows-sys 0.52.0",
@@ -1695,7 +1667,7 @@ checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -1738,16 +1710,6 @@ dependencies = [
  "version_check",
 ]
 
-[[package]]
-name = "gethostname"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc3655aa6818d65bc620d6911f05aa7b6aeb596291e1e9f79e52df85583d1e30"
-dependencies = [
- "rustix",
- "windows-targets 0.52.6",
-]
-
 [[package]]
 name = "getrandom"
 version = "0.2.15"
@@ -1757,10 +1719,22 @@ dependencies = [
  "cfg-if",
  "js-sys",
  "libc",
- "wasi",
+ "wasi 0.11.0+wasi-snapshot-preview1",
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "getrandom"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.13.3+wasi-0.2.2",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "gif"
 version = "0.13.1"
@@ -1827,7 +1801,7 @@ dependencies = [
  "gix-utils",
  "itoa",
  "thiserror 1.0.69",
- "winnow 0.6.24",
+ "winnow 0.6.26",
 ]
 
 [[package]]
@@ -1871,7 +1845,7 @@ dependencies = [
  "smallvec",
  "thiserror 1.0.69",
  "unicode-bom",
- "winnow 0.6.24",
+ "winnow 0.6.26",
 ]
 
 [[package]]
@@ -2009,7 +1983,7 @@ checksum = "999ce923619f88194171a67fb3e6d613653b8d4d6078b529b15a765da0edcc17"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -2028,7 +2002,7 @@ dependencies = [
  "itoa",
  "smallvec",
  "thiserror 1.0.69",
- "winnow 0.6.24",
+ "winnow 0.6.26",
 ]
 
 [[package]]
@@ -2111,7 +2085,7 @@ dependencies = [
  "gix-validate",
  "memmap2",
  "thiserror 1.0.69",
- "winnow 0.6.24",
+ "winnow 0.6.26",
 ]
 
 [[package]]
@@ -2417,9 +2391,9 @@ checksum = "9171a2ea8a68358193d15dd5d70c1c10a2afc3e7e4c5bc92bc9f025cebd7359c"
 
 [[package]]
 name = "httparse"
-version = "1.9.5"
+version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d71d3574edd2771538b901e6549113b4006ece66150fb69c0fb6d9a2adae946"
+checksum = "f2d708df4e7140240a16cd6ab0ab65c972d7433ab77819ea693fde9c43811e2a"
 
 [[package]]
 name = "httpdate"
@@ -2462,9 +2436,9 @@ dependencies = [
 
 [[package]]
 name = "hyper"
-version = "1.5.2"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "256fb8d4bd6413123cc9d91832d78325c48ff41677595be797d90f42969beae0"
+checksum = "cc2b571658e38e0c01b1fdca3bbbe93c00d3d71693ff2770043f8c29bc7d6f80"
 dependencies = [
  "bytes",
  "futures-channel",
@@ -2489,7 +2463,7 @@ checksum = "2d191583f3da1305256f22463b9bb0471acad48a4e534a5218b9963e9c1f59b2"
 dependencies = [
  "futures-util",
  "http 1.2.0",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-util",
  "rustls",
  "rustls-native-certs",
@@ -2506,7 +2480,7 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0"
 dependencies = [
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-util",
  "pin-project-lite",
  "tokio",
@@ -2521,7 +2495,7 @@ checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
 dependencies = [
  "bytes",
  "http-body-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-util",
  "native-tls",
  "tokio",
@@ -2540,7 +2514,7 @@ dependencies = [
  "futures-util",
  "http 1.2.0",
  "http-body 1.0.1",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "pin-project-lite",
  "socket2",
  "tokio",
@@ -2686,7 +2660,7 @@ checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -2851,9 +2825,9 @@ dependencies = [
 
 [[package]]
 name = "jsonschema"
-version = "0.28.3"
+version = "0.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b8f66fe41fa46a5c83ed1c717b7e0b4635988f427083108c8cf0a882cc13441"
+checksum = "3c59cb1733c34377b6067a0419befd7f25073c5249ec3b0614a482bf499e1df5"
 dependencies = [
  "ahash",
  "base64 0.22.1",
@@ -2956,7 +2930,7 @@ version = "1.5.0-dev"
 dependencies = [
  "compact_jwt",
  "http 1.2.0",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "kanidm_lib_file_permissions",
  "kanidm_proto",
  "reqwest 0.12.12",
@@ -2977,14 +2951,12 @@ name = "kanidm_device_flow"
 version = "1.5.0-dev"
 dependencies = [
  "anyhow",
- "base64 0.22.1",
  "kanidm_proto",
  "oauth2 5.0.0",
  "reqwest 0.12.12",
  "sketching",
  "tokio",
  "tracing",
- "url",
 ]
 
 [[package]]
@@ -3013,7 +2985,6 @@ name = "kanidm_lib_file_permissions"
 version = "1.5.0-dev"
 dependencies = [
  "kanidm_utils_users",
- "whoami",
 ]
 
 [[package]]
@@ -3158,7 +3129,7 @@ dependencies = [
  "filetime",
  "futures",
  "futures-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-util",
  "kanidm_build_profiles",
  "kanidm_lib_crypto",
@@ -3254,14 +3225,13 @@ version = "1.5.0-dev"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
 name = "kanidmd_testkit"
 version = "1.5.0-dev"
 dependencies = [
- "assert_cmd",
  "compact_jwt",
  "escargot",
  "fantoccini",
@@ -3618,7 +3588,7 @@ checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c"
 dependencies = [
  "libc",
  "log",
- "wasi",
+ "wasi 0.11.0+wasi-snapshot-preview1",
  "windows-sys 0.48.0",
 ]
 
@@ -3629,7 +3599,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
  "libc",
- "wasi",
+ "wasi 0.11.0+wasi-snapshot-preview1",
  "windows-sys 0.52.0",
 ]
 
@@ -3739,7 +3709,6 @@ dependencies = [
  "lazy_static",
  "libc",
  "libnss",
- "paste",
 ]
 
 [[package]]
@@ -3897,7 +3866,7 @@ checksum = "c38841cdd844847e3e7c8d29cef9dcfed8877f8f56f9071f77843ecf3baf937f"
 dependencies = [
  "base64 0.13.1",
  "chrono",
- "getrandom",
+ "getrandom 0.2.15",
  "http 0.2.12",
  "rand",
  "reqwest 0.11.27",
@@ -3917,7 +3886,7 @@ checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d"
 dependencies = [
  "base64 0.22.1",
  "chrono",
- "getrandom",
+ "getrandom 0.2.15",
  "http 1.2.0",
  "rand",
  "reqwest 0.12.12",
@@ -3958,9 +3927,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.20.2"
+version = "1.20.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
+checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
 
 [[package]]
 name = "openssl"
@@ -3985,7 +3954,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -4237,7 +4206,6 @@ dependencies = [
  "fixedbitset",
  "indexmap 2.7.1",
  "serde",
- "serde_derive",
 ]
 
 [[package]]
@@ -4277,22 +4245,22 @@ dependencies = [
 
 [[package]]
 name = "pin-project"
-version = "1.1.8"
+version = "1.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e2ec53ad785f4d35dac0adea7f7dc6f1bb277ad84a680c7afefeae05d1f5916"
+checksum = "dfe2e71e1471fe07709406bf725f710b02927c9c54b2b5b2ec0e8087d97c327d"
 dependencies = [
  "pin-project-internal",
 ]
 
 [[package]]
 name = "pin-project-internal"
-version = "1.1.8"
+version = "1.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d56a66c0c55993aa927429d0f8a0abfd74f084e4d9c192cffed01e418d83eefb"
+checksum = "f6e859e6e5bd50440ab63c47e3ebabc90f26251f7c73c3d3e837b74a1cc3fa67"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -4338,33 +4306,6 @@ dependencies = [
  "nix",
 ]
 
-[[package]]
-name = "predicates"
-version = "3.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5d19ee57562043d37e82899fade9a22ebab7be9cef5026b07fda9cdd4293573"
-dependencies = [
- "anstyle",
- "difflib",
- "predicates-core",
-]
-
-[[package]]
-name = "predicates-core"
-version = "1.0.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "727e462b119fe9c93fd0eb1429a5f7647394014cf3c04ab2c0350eeb09095ffa"
-
-[[package]]
-name = "predicates-tree"
-version = "1.0.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72dd2d6d381dfb73a193c7fca536518d7caee39fc8503f74e7dc0be0531b425c"
-dependencies = [
- "predicates-core",
- "termtree",
-]
-
 [[package]]
 name = "prettyplease"
 version = "0.2.29"
@@ -4372,7 +4313,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6924ced06e1f7dfe3fa48d57b9f74f55d8915f5036121bef647ef4b204895fac"
 dependencies = [
  "proc-macro2",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -4444,7 +4385,7 @@ dependencies = [
  "itertools 0.13.0",
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -4489,7 +4430,7 @@ dependencies = [
  "pin-project-lite",
  "quinn-proto",
  "quinn-udp",
- "rustc-hash 2.1.0",
+ "rustc-hash 2.1.1",
  "rustls",
  "socket2",
  "thiserror 2.0.11",
@@ -4504,10 +4445,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d"
 dependencies = [
  "bytes",
- "getrandom",
+ "getrandom 0.2.15",
  "rand",
  "ring",
- "rustc-hash 2.1.0",
+ "rustc-hash 2.1.1",
  "rustls",
  "rustls-pki-types",
  "slab",
@@ -4567,7 +4508,7 @@ version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
 dependencies = [
- "getrandom",
+ "getrandom 0.2.15",
 ]
 
 [[package]]
@@ -4585,7 +4526,7 @@ version = "0.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43"
 dependencies = [
- "getrandom",
+ "getrandom 0.2.15",
  "libredox",
  "thiserror 1.0.69",
 ]
@@ -4607,7 +4548,7 @@ checksum = "bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -4618,13 +4559,14 @@ checksum = "5daffa8f5ca827e146485577fa9dba9bd9c6921e06e954ab8f6408c10f753086"
 
 [[package]]
 name = "referencing"
-version = "0.28.3"
+version = "0.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0dcb5ab28989ad7c91eb1b9531a37a1a137cc69a0499aee4117cae4a107c464"
+checksum = "6ce52678d53e5ee37e4af0a9036ca834d0cd34b33c82457c6b06a24f8d783344"
 dependencies = [
  "ahash",
  "fluent-uri",
  "once_cell",
+ "parking_lot",
  "percent-encoding",
  "serde_json",
 ]
@@ -4727,7 +4669,7 @@ dependencies = [
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-rustls",
  "hyper-util",
  "ipnet",
@@ -4777,7 +4719,7 @@ checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
 dependencies = [
  "cc",
  "cfg-if",
- "getrandom",
+ "getrandom 0.2.15",
  "libc",
  "spin",
  "untrusted",
@@ -4834,7 +4776,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "rust-embed-utils",
- "syn 2.0.96",
+ "syn 2.0.98",
  "walkdir",
 ]
 
@@ -4862,9 +4804,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
 
 [[package]]
 name = "rustc-hash"
-version = "2.1.0"
+version = "2.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7fb8039b3032c191086b10f11f319a6e99e1e82889c5cc6046f515c9db1d497"
+checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
 
 [[package]]
 name = "rusticata-macros"
@@ -4890,9 +4832,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.21"
+version = "0.23.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8"
+checksum = "9fb9263ab4eb695e42321db096e3b8fbd715a59b154d5c88d82db2175b681ba7"
 dependencies = [
  "once_cell",
  "ring",
@@ -4925,9 +4867,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-pki-types"
-version = "1.10.1"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37"
+checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
 dependencies = [
  "web-time",
 ]
@@ -4951,9 +4893,9 @@ checksum = "f7c45b9784283f1b2e7fb61b42047c2fd678ef0960d4f6f1eba131594cc369d4"
 
 [[package]]
 name = "ryu"
-version = "1.0.18"
+version = "1.0.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
+checksum = "6ea1a2d0a644769cc99faa24c3ad26b379b786fe7c36fd3c546254801650e6dd"
 
 [[package]]
 name = "same-file"
@@ -5119,14 +5061,14 @@ checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
 name = "serde_json"
-version = "1.0.137"
+version = "1.0.138"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "930cfb6e6abf99298aaad7d29abbef7a9999a9a8806a40088f55f0dcec03146b"
+checksum = "d434192e7da787e94a6ea7e9670b26a036d0ca41e0b7efb2676dd32bae872949"
 dependencies = [
  "itoa",
  "memchr",
@@ -5183,7 +5125,7 @@ dependencies = [
  "darling 0.20.10",
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5258,7 +5200,6 @@ dependencies = [
 name = "sketching"
 version = "1.5.0-dev"
 dependencies = [
- "gethostname",
  "num_enum",
  "opentelemetry",
  "opentelemetry-otlp",
@@ -5422,9 +5363,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.96"
+version = "2.0.98"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5d0adab1ae378d7f53bdebc67a39f1f151407ef230f0ce2883572f5d8985c80"
+checksum = "36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -5454,7 +5395,7 @@ checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5486,31 +5427,25 @@ checksum = "61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1"
 
 [[package]]
 name = "tempfile"
-version = "3.15.0"
+version = "3.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a8a559c81686f576e8cd0290cd2a24a2a9ad80c98b3478856500fcbd7acd704"
+checksum = "38c246215d7d24f48ae091a2902398798e05d978b24315d6efbc00ede9a8bb91"
 dependencies = [
  "cfg-if",
  "fastrand",
- "getrandom",
+ "getrandom 0.3.1",
  "once_cell",
  "rustix",
  "windows-sys 0.59.0",
 ]
 
-[[package]]
-name = "termtree"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683"
-
 [[package]]
 name = "testkit-macros"
 version = "0.1.0"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5539,7 +5474,7 @@ checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5550,7 +5485,7 @@ checksum = "26afc1baea8a989337eeb52b6e72a039780ce45c3edfcc9c5b9d112feeb173c2"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5645,7 +5580,7 @@ checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5674,7 +5609,7 @@ checksum = "6e06d43f1345a3bcd39f6a56dbb7dcab2ba47e68e8ac134855e7e2bdbaf8cab8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -5774,7 +5709,7 @@ dependencies = [
  "http 1.2.0",
  "http-body 1.0.1",
  "http-body-util",
- "hyper 1.5.2",
+ "hyper 1.6.0",
  "hyper-timeout",
  "hyper-util",
  "percent-encoding",
@@ -5886,7 +5821,7 @@ checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -6022,9 +5957,9 @@ checksum = "7eec5d1121208364f6793f7d2e222bf75a915c19557537745b195b253dd64217"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.15"
+version = "1.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243"
+checksum = "a210d160f08b701c8721ba1c726c11662f877ea6b7094007e1ca9a1041945034"
 
 [[package]]
 name = "unicode-normalization"
@@ -6111,7 +6046,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "regex",
- "syn 2.0.96",
+ "syn 2.0.98",
  "url",
  "uuid",
 ]
@@ -6134,11 +6069,11 @@ dependencies = [
 
 [[package]]
 name = "uuid"
-version = "1.12.1"
+version = "1.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b3758f5e68192bb96cc8f9b7e2c2cfdabb435499a28499a42f8f984092adad4b"
+checksum = "ced87ca4be083373936a67f8de945faa23b6b42384bd5b64434850802c6dccd0"
 dependencies = [
- "getrandom",
+ "getrandom 0.3.1",
  "serde",
 ]
 
@@ -6177,15 +6112,6 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64"
 
-[[package]]
-name = "wait-timeout"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f200f5b12eb75f8c1ed65abd4b2db8a6e1b138a20de009dacee265a2498f3f6"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "walkdir"
 version = "2.5.0"
@@ -6211,6 +6137,15 @@ version = "0.11.0+wasi-snapshot-preview1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
+[[package]]
+name = "wasi"
+version = "0.13.3+wasi-0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2"
+dependencies = [
+ "wit-bindgen-rt",
+]
+
 [[package]]
 name = "wasite"
 version = "0.1.0"
@@ -6239,7 +6174,7 @@ dependencies = [
  "log",
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
  "wasm-bindgen-shared",
 ]
 
@@ -6274,7 +6209,7 @@ checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -6431,9 +6366,9 @@ dependencies = [
 
 [[package]]
 name = "webpki-roots"
-version = "0.26.7"
+version = "0.26.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e"
+checksum = "2210b291f7ea53617fbafcc4939f10914214ec15aace5ba62293a668f322c5c9"
 dependencies = [
  "rustls-pki-types",
 ]
@@ -6753,9 +6688,9 @@ dependencies = [
 
 [[package]]
 name = "winnow"
-version = "0.6.24"
+version = "0.6.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8d71a593cc5c42ad7876e2c1fda56f314f3754c084128833e64f1345ff8a03a"
+checksum = "1e90edd2ac1aa278a5c4599b1d89cf03074b610800f866d4026dc199d7929a28"
 dependencies = [
  "memchr",
 ]
@@ -6770,6 +6705,15 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "wit-bindgen-rt"
+version = "0.33.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
+dependencies = [
+ "bitflags 2.8.0",
+]
+
 [[package]]
 name = "write16"
 version = "1.0.0"
@@ -6831,7 +6775,7 @@ checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
  "synstructure",
 ]
 
@@ -6853,7 +6797,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -6873,7 +6817,7 @@ checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
  "synstructure",
 ]
 
@@ -6894,7 +6838,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
@@ -6916,7 +6860,7 @@ checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.96",
+ "syn 2.0.98",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index e0467c81f..b07522519 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,7 +4,7 @@ authors = [
     "William Brown <william@blackhats.net.au>",
     "James Hodgkinson <james@terminaloutcomes.com>",
 ]
-rust-version = "1.79"
+rust-version = "1.80"
 edition = "2021"
 license = "MPL-2.0"
 homepage = "https://github.com/kanidm/kanidm/"
@@ -165,15 +165,15 @@ clap_complete = "^4.5.42"
 chrono = "^0.4.39"
 compact_jwt = { version = "^0.4.2", default-features = false }
 concread = "^0.5.3"
-cron = "0.12.1"
+cron = "0.15.0"
 crossbeam = "0.8.4"
 csv = "1.3.1"
-dialoguer = "0.10.4"
+dialoguer = "0.11.0"
 dhat = "0.3.3"
 dyn-clone = "^1.0.17"
 fernet = "^0.2.1"
 filetime = "^0.2.24"
-fs4 = "^0.8.3"
+fs4 = "^0.12.0"
 futures = "^0.3.31"
 futures-util = { version = "^0.3.30", features = ["sink"] }
 gix = { version = "0.64.0", default-features = false }
@@ -225,7 +225,6 @@ opentelemetry-semantic-conventions = "0.27.0"
 tracing-opentelemetry = "0.28.0"
 tracing-core = "0.1.33"
 
-paste = "^1.0.14"
 peg = "0.8"
 pkg-config = "^0.3.31"
 prctl = "1.0.0"
diff --git a/README.md b/README.md
index 26cad6e11..544344fa5 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,6 @@
 # Kanidm - Simple and Secure Identity Management
 
-<p align="center">
-  <img src="https://raw.githubusercontent.com/kanidm/kanidm/master/artwork/logo-small.png" width="20%" height="auto" />
-</p>
+![Kanidm Logo](artwork/logo-small.png)
 
 ## About
 
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 3da725c29..363572fbe 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,42 +1,93 @@
-<p align="center">
-  <img src="https://raw.githubusercontent.com/kanidm/kanidm/master/artwork/logo-small.png" width="20%" height="auto" />
-</p>
+# Kanidm Release Notes
 
-# Getting Started
+![Kanidm Logo](artwork/logo-small.png)
+
+## Getting Started
 
 To get started, see the [kanidm book]
 
-# Feedback
+## Feedback
 
 We value your feedback! First, please see our [code of conduct]. If you have questions please join
 our [gitter community channel] so that we can help. If you find a bug or issue, we'd love you to
 report it to our [issue tracker].
 
-# Release Notes
+## Release Notes
 
-## 2024-11-01 - Kanidm 1.4.0
+### 2025-02-09 - Kanidm 1.5.0
 
 This is the latest stable release of the Kanidm Identity Management project. Every release is the
 combined effort of our community and we appreciate their invaluable contributions, comments,
 questions, feedback and support.
 
 You should review our
-[support documentation](https://github.com/kanidm/kanidm/blob/master/book/src/support.md) as this
+[support documentation] as this
 may have important effects on your distribution or upgrades in future.
 
 Before upgrading you should review
-[our upgrade documentation](https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes)
+[our upgrade documentation]
 
-### 1.4.0 Important Changes
+#### 1.5.0 Important Changes
+
+- There has been a lot of tweaks to how cookies are handled in this release, if you're having issues with the login flow please clear all cookies as an initial troubleshooting step.
+
+#### 1.5.0 Release Highlights
+
+- Many updates to the UI!
+  - SSH Keys in Credentials Update (#3027)
+  - Improved error message when PassKey is missing PIN (mainly for Firefox) (#3403)
+  - Fix the password reset form and possible resolver issue (#3398)
+  - Fixed unrecoverable error page doesn't include logo or domain name (#3352)
+  - Add support for prefers-color-scheme using Bootstrap classes. Dark mode! (#3327)
+  - Automatically trigger passkeys on login view (#3307)
+- Two new operating systems!
+  - Initial OpenBSD support (#3381)
+  - FreeBSD client (#3333)
+- Many SCIM-related improvements
+  - SCIM access control (#3359)
+  - SCIM put (#3151)
+- OAuth2 Things
+  - Allow OAuth2 with empty `state` parameter (#3396)
+  - Allow POST on oauth userinfo (#3395)
+  - Add OAuth2 `response_mode=fragment` (#3335)
+  - Add CORS headers to jwks and userinfo (#3283)
+- Allowing SPN query with non-SPN structured data in LDAP (#3400)
+- Correctly return that uuid2spn changed on domain rename (#3402)
+- RADIUS startup fixing (#3388)
+- Repaired systemd reload notifications (#3355)
+- Add `ssh_publickeys` as a claim for OAuth2 (#3346)
+- Allow modification of password minimum length (#3345)
+- PAM on Debian, enable use_first_pass by default (#3326)
+- Allow opt-in of easter eggs (#3308)
+- Allow reseting account policy values to defaults (#3306)
+- Ignore system users for UPG synthesiseation (#3297)
+- Allow group managers to modify entry-managed-by (#3272)
+
+And many more!
+
+### 2024-11-01 - Kanidm 1.4.0
+
+This is the latest stable release of the Kanidm Identity Management project. Every release is the
+combined effort of our community and we appreciate their invaluable contributions, comments,
+questions, feedback and support.
+
+You should review our
+[support documentation] as this
+may have important effects on your distribution or upgrades in future.
+
+Before upgrading you should review
+[our upgrade documentation]
+
+#### 1.4.0 Important Changes
 
 - The web user interface has been rewritten and now supports theming. You will notice that your
 domain displayname is included in a number of locations on upgrade, and that you can set
 your own domain and OAuth2 client icons.
 - OAuth2 strict redirect uri is now required. Ensure you have read
-[our upgrade documentation](https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes).
+[our upgrade documentation].
 and taken the needed steps before upgrading.
 
-### 1.4.0 Release Highlights
+#### 1.4.0 Release Highlights
 
 - Improve handling of client timeouts when the server is under high load
 - Resolve a minor issue preventing some credential updates from saving
@@ -65,20 +116,20 @@ and taken the needed steps before upgrading.
 - Rewrite the entire web frontend to be simpler and faster, allowing more features to be added
   in the future. Greatly improves user experience as the pages are now very fast to load!
 
-## 2024-08-07 - Kanidm 1.3.0
+### 2024-08-07 - Kanidm 1.3.0
 
 This is the latest stable release of the Kanidm Identity Management project. Every release is the
 combined effort of our community and we appreciate their invaluable contributions, comments,
 questions, feedback and support.
 
 You should review our
-[support documentation](https://github.com/kanidm/kanidm/blob/master/book/src/support.md) as this
+[support documentation] as this
 may have important effects on your distribution or upgrades in future.
 
 Before upgrading you should review
-[our upgrade documentation](https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes)
+[our upgrade documentation]
 
-### 1.3.0 Important Changes
+#### 1.3.0 Important Changes
 
 - New GID number constraints are now enforced in this version. To upgrade from 1.2.0 all accounts
   and groups must adhere to these rules. See [our upgrade documentation]. about tools to help you
@@ -89,7 +140,7 @@ Before upgrading you should review
   by PassKeys which give a better user experience.
 - Kanidm now supports FreeBSD and Illumos in addition to Linux
 
-### 1.3.0 Release Highlights
+#### 1.3.0 Release Highlights
 
 - TOTP update user interface improvements
 - Improved error messages when a load balancer is failing
@@ -112,24 +163,24 @@ Before upgrading you should review
 - Strict redirect URI enforcement in OAuth2
 - Substring indexing for improved search performance
 
-## 2024-05-01 - Kanidm 1.2.0
+### 2024-05-01 - Kanidm 1.2.0
 
 This is the first stable release of the Kanidm Identity Management project. We want to thank every
 one in our community who has supported to the project to this point with their invaluable
 contributions, comments, questions, feedback and support.
 
 Importantly this release makes a number of changes to our project's support processes. You should
-review our [support documentation](https://github.com/kanidm/kanidm/blob/master/book/src/support.md)
+review our [support documentation]
 as this may have important effects on your distribution or upgrades in future.
 
-### 1.2.0 Important Changes
+#### 1.2.0 Important Changes
 
 - On upgrade all OAuth2 sessions and user sessions will be reset due to changes in cryptographic key
   handling. This does not affect api tokens.
 - There is a maximum limit of 48 interactive sessions for persons where older sessions are
   automatically removed.
 
-### 1.2.0 Release Highlights
+#### 1.2.0 Release Highlights
 
 - The book now contains a list of supported RFCs and standards
 - Add code challenge methods to OIDC discovery
@@ -154,7 +205,7 @@ as this may have important effects on your distribution or upgrades in future.
 - Migrate cryptographic key handling to an object model with future HSM support
 - Limit maximum active sessions on an account to 48
 
-## 2024-02-07 - Kanidm 1.1.0-rc.16
+### 2024-02-07 - Kanidm 1.1.0-rc.16
 
 This is the sixteenth pre-release of the Kanidm Identity Management project. Pre-releases are to
 help get feedback and ideas from the community on how we can continue to make this project better.
@@ -163,7 +214,7 @@ This is the final release candidate before we publish a release version. We beli
 server interfaces are stable and reliable enough for people to depend on, and to develop external
 tools to interact with Kanidm.
 
-### 1.1.0-rc.16 Release Highlights
+#### 1.1.0-rc.16 Release Highlights
 
 - Replication for two node environments is now supported
 - Account policy supports password minimum length
@@ -182,7 +233,7 @@ tools to interact with Kanidm.
 - Support RFC6749 Client Credentials Grant
 - Support custom claim maps in OIDC
 
-## 2023-10-31 - Kanidm 1.1.0-beta14
+### 2023-10-31 - Kanidm 1.1.0-beta14
 
 This is the fourteenth pre-release of the Kanidm Identity Management project. Pre-releases are to
 help get feedback and ideas from the community on how we can continue to make this project better.
@@ -191,7 +242,7 @@ At this point we believe we are on the final stretch to making something we cons
 ready". After this we will start to ship release candidates as our focus will now be changing to
 finish our production components and the stability of the API's for longer term support.
 
-### 1.1.0-beta14 Release Highlights
+#### 1.1.0-beta14 Release Highlights
 
 - Replication is in Beta! Please test carefully!
 - Web UI WASM has been split up, significantly improving the responsiveness.
@@ -205,7 +256,7 @@ finish our production components and the stability of the API's for longer term
 - Removed a lot of uses of `unwrap` and `expect` to improve reliability.
 - Account policy framework is now in place.
 
-## 2023-05-01 - Kanidm 1.1.0-beta13
+### 2023-05-01 - Kanidm 1.1.0-beta13
 
 This is the thirteenth pre-release of the Kanidm Identity Management project. Pre-releases are to
 help get feedback and ideas from the community on how we can continue to make this project better.
@@ -214,7 +265,7 @@ At this point we believe we are on the final stretch to making something we cons
 ready". After this we will start to ship release candidates as our focus will now be changing to
 finish our production components and the stability of the API's for longer term support.
 
-### 1.1.0-beta13 Release Highlights
+#### 1.1.0-beta13 Release Highlights
 
 - Replication foundations
   - Full implementation of replication refresh
@@ -255,7 +306,7 @@ finish our production components and the stability of the API's for longer term
 - Improve create-reset-token user experience
 - Improve self-healing for some reference issues
 
-## 2023-05-01 - Kanidm 1.1.0-alpha12
+### 2023-05-01 - Kanidm 1.1.0-alpha12
 
 This is the twelfth alpha series release of the Kanidm Identity Management project. Alpha releases
 are to help get feedback and ideas from the community on how we can continue to make this project
@@ -266,7 +317,7 @@ done so yet is we haven't decided if we want to commit to the current API layout
 There are still things we want to change there. Otherwise the server is stable and reliable for
 production usage.
 
-### Release Highlights
+#### 1.1.0-alpha12 Release Highlights
 
 - Allow full server content replication in testing (yes we're finally working on replication!)
 - Improve OAuth2 to allow scoped members to see RS they can access for UI flows
@@ -286,7 +337,7 @@ production usage.
 - Add exclusive process lock to daemon
 - Allow dns/rdns in ldap search contexts
 
-## 2023-02-01 - Kanidm 1.1.0-alpha11
+### 2023-02-01 - Kanidm 1.1.0-alpha11
 
 This is the eleventh alpha series release of the Kanidm Identity Management project. Alpha releases
 are to help get feedback and ideas from the community on how we can continue to make this project
@@ -296,7 +347,7 @@ The project is shaping up very nicely, and a beta will be coming soon! The main
 done so yet is we haven't decided if we want to commit to the current API layout and freeze it yet.
 There are still things we want to change there. Otherwise the server is stable and reliable.
 
-### Release Highlights
+#### 1.1.0-alpha11 Release Highlights
 
 - Support /etc/skel home dir templates in kanidm-unixd
 - Improve warning messages for openssl when a cryptographic routine is not supported
@@ -317,7 +368,7 @@ There are still things we want to change there. Otherwise the server is stable a
 - Improve the access control module to evaluate access in a clearer way
 - Allow synced users to correct modify their local sessions
 
-## 2022-11-01 - Kanidm 1.1.0-alpha10
+### 2022-11-01 - Kanidm 1.1.0-alpha10
 
 This is the tenth alpha series release of the Kanidm Identity Management project. Alpha releases are
 to help get feedback and ideas from the community on how we can continue to make this project better
@@ -325,12 +376,12 @@ for a future supported release.
 
 The project is shaping up very nicely, and a beta will be coming soon!
 
-### Upgrade Note
+#### 1.1.0-alpha10 Upgrade Note
 
 This version will _require_ TLS on all servers, even if behind a load balancer or TLS terminating
 proxy. You should be ready for this change when you upgrade to the latest version.
 
-### Release Highlights
+#### 1.1.0-alpha10 Release Highlights
 
 - Management and tracking of authenticated sessions
 - Make upgrade migrations more robust when upgrading over multiple versions
@@ -352,7 +403,7 @@ proxy. You should be ready for this change when you upgrade to the latest versio
 - Cleanup of expired authentication sessions
 - Improved administration of password badlists
 
-## 2022-08-02 - Kanidm 1.1.0-alpha9
+### 2022-08-02 - Kanidm 1.1.0-alpha9
 
 This is the ninth alpha series release of the Kanidm Identity Management project. Alpha releases are
 to help get feedback and ideas from the community on how we can continue to make this project better
@@ -360,7 +411,7 @@ for a future supported release.
 
 The project is shaping up very nicely, and a beta will be coming soon!
 
-### Release Highlights
+#### 1.1.0-alpha9 Release Highlights
 
 - Inclusion of a Python3 API library
 - Improve orca usability
@@ -376,13 +427,13 @@ The project is shaping up very nicely, and a beta will be coming soon!
 - CTAP2+ support in Webauthn via CLI
 - Radius supports EAP TLS identities in addition to EAP PEAP
 
-## 2022-05-01 - Kanidm 1.1.0-alpha8
+### 2022-05-01 - Kanidm 1.1.0-alpha8
 
 This is the eighth alpha series release of the Kanidm Identity Management project. Alpha releases
 are to help get feedback and ideas from the community on how we can continue to make this project
 better for a future supported release.
 
-### Release Highlights
+#### 1.1.0-alpha8 Release Highlights
 
 - Foundations for cryptographic trusted device authentication
 - Foundations for new user onboarding and credential reset
@@ -398,13 +449,13 @@ better for a future supported release.
 - Highlight that the WebUI is in alpha to prevent confusion
 - Remove sync only client paths
 
-## 2022-01-01 - Kanidm 1.1.0-alpha7
+### 2022-01-01 - Kanidm 1.1.0-alpha7
 
 This is the seventh alpha series release of the Kanidm Identity Management project. Alpha releases
 are to help get feedback and ideas from the community on how we can continue to make this project
 better for a future supported release.
 
-### Release Highlights
+#### 1.1.0-alpha7 Release Highlights
 
 - OAuth2 scope to group mappings
 - Webauthn subdomain support
@@ -415,7 +466,7 @@ better for a future supported release.
 - Addition of email address attributes
 - Web UI improvements for OAuth2
 
-## 2021-10-01 - Kanidm 1.1.0-alpha6
+### 2021-10-01 - Kanidm 1.1.0-alpha6
 
 This is the sixth alpha series release of the Kanidm Identity Management project. Alpha releases are
 to help get feedback and ideas from the community on how we can continue to make this project better
@@ -424,7 +475,7 @@ for a future supported release.
 It's also a special release as Kanidm has just turned 3 years old! Thank you all for helping to
 bring the project this far! 🎉 🦀
 
-### Release Highlights
+#### 1.1.0-alpha6 Release Highlights
 
 - Support backup codes as MFA in case of lost TOTP/Webauthn
 - Dynamic menus on CLI for usernames when multiple sessions exist
@@ -444,13 +495,13 @@ bring the project this far! 🎉 🦀
 - Improvements to performance with high cache sizes
 - Session tokens persist over a session restart
 
-## 2021-07-07 - Kanidm 1.1.0-alpha5
+### 2021-07-07 - Kanidm 1.1.0-alpha5
 
 This is the fifth alpha series release of the Kanidm Identity Management project. Alpha releases are
 to help get feedback and ideas from the community on how we can continue to make this project better
 for a future supported release.
 
-### Release Highlights
+#### 1.1.0-alpha5 Release Highlights
 
 - Fix a major defect in how backup/restore worked
 - Improve query performance by caching partial queries
@@ -465,13 +516,13 @@ for a future supported release.
 - Statistical analysis of indexes to improve query optimisation
 - Handle broken TOTP authenticator apps
 
-## 2021-04-01 - Kanidm 1.1.0-alpha4
+### 2021-04-01 - Kanidm 1.1.0-alpha4
 
 This is the fourth alpha series release of the Kanidm Identity Management project. Alpha releases
 are to help get feedback and ideas from the community on how we can continue to make this project
 better for a future supported release.
 
-### Release Highlights
+#### 1.1.0-alpha4 Release Highlights
 
 - Performance Improvements
 - TOTP CLI enrollment
@@ -485,13 +536,13 @@ better for a future supported release.
 - Badlist checked at login to determine account compromise
 - Minor Fixes for attribute display
 
-## 2021-01-01 - Kanidm 1.1.0-alpha3
+### 2021-01-01 - Kanidm 1.1.0-alpha3
 
 This is the third alpha series release of the Kanidm Identity Management project. Alpha releases are
 to help get feedback and ideas from the community on how we can continue to make this project better
 for a future supported release.
 
-### Release Highlights
+#### 1.1.0-alpha3 Release Highlights
 
 - Account "valid from" and "expiry" times.
 - Rate limiting and softlocking of account credentials to prevent bruteforcing.
@@ -499,13 +550,13 @@ for a future supported release.
 - Rewrite of json authentication protocol components.
 - Unixd will cache "non-existent" items to improve nss/pam latency.
 
-## 2020-10-01 - Kanidm 1.1.0-alpha2
+### 2020-10-01 - Kanidm 1.1.0-alpha2
 
 This is the second alpha series release of the Kanidm Identity Management project. Alpha releases
 are to help get feedback and ideas from the community on how we can continue to make this project
 better for a future supported release.
 
-### Release Highlights
+#### 1.1.0-alpha2 Release Highlights
 
 - SIMD key lookups in container builds for datastructures
 - Server and Client hardening warnings for running users and file permissions
@@ -517,7 +568,7 @@ better for a future supported release.
 - Reduction in memory footprint during searches
 - Change authentication from cookies to auth-bearer tokens
 
-## 2020-07-01 - Kanidm 1.1.0-alpha1
+### 2020-07-01 - Kanidm 1.1.0-alpha1
 
 This is the first alpha series release of the Kanidm Identity Management project. Alpha releases are
 to help get feedback and ideas from the community on how we can continue to make this project better
@@ -536,7 +587,7 @@ people. I would especially like to thank:
 - Samuel Cabrero (scabrero)
 - Jim McDonough
 
-### Release Highlights
+#### 1.1.0-alpha1 Release Highlights
 
 - A working identity management server, including database
 - RADIUS authentication and docker images
@@ -552,3 +603,5 @@ people. I would especially like to thank:
 [gitter community channel]: https://gitter.im/kanidm/community
 [code of conduct]: https://github.com/kanidm/kanidm/blob/master/CODE_OF_CONDUCT.md
 [kanidm book]: https://kanidm.github.io/kanidm/stable/
+[our upgrade documentation]: https://github.com/kanidm/kanidm/blob/master/book/src/server_updates.md#general-update-notes
+[support documentation]: https://github.com/kanidm/kanidm/blob/master/book/src/support.md
diff --git a/book/src/developers/release_checklist.md b/book/src/developers/release_checklist.md
index 534910a39..7a45fc97b 100644
--- a/book/src/developers/release_checklist.md
+++ b/book/src/developers/release_checklist.md
@@ -3,57 +3,58 @@
 ## Pre-Reqs
 
 ```bash
-cargo install cargo-audit
-cargo install cargo-outdated
-cargo install cargo-udeps
-cargo install cargo-machete
+cargo install  --force \
+      cargo-audit \
+      cargo-outdated \
+      cargo-udeps \
+      cargo-machete
 ```
 
 ## Pre Release Check List
 
 ### Start a release
 
-- [ ] git checkout -b YYYYMMDD-pre-release
+- [ ] `git checkout -b "$(date +%Y%m%d)-pre-release"`
 
 ### Cargo Tasks
 
 - [ ] Update MSRV if applicable
-- [ ] cargo update
+- [ ] `cargo update`
 - [ ] `RUSTC_BOOTSTRAP=1 cargo udeps`
-- [ ] `cargo machete`
-- [ ] cargo outdated -R
-- [ ] cargo audit
-- [ ] cargo test
+- [ ] `cargo machete --with-metadata`
+- [ ] `cargo outdated -R`
+- [ ] `cargo audit`
+- [ ] `cargo test`
 
 - [ ] setup a local instance and run orca (TBD)
 - [ ] store a copy an an example db (TBD)
 
 ### Code Changes
 
-- [ ] upgrade crypto policy values if required
+- [ ] upgrade crypto policy values if required (see `libs/crypto/src/lib.rs` -> `CryptoPolicy`)
 - [ ] check for breaking db entry changes.
 
 ### Administration
 
 - [ ] Update `RELEASE_NOTES.md`
 - [ ] Update `README.md`
-- [ ] cargo test
-- [ ] git commit -a -m "Release Notes"
-- [ ] git push origin YYYYMMDD-pre-release
+- [ ] `cargo test`
+- [ ] `git commit -a -m 'chore: Release Notes'`
+- [ ] `git push origin "$(date +%Y%m%d)-pre-release"`
 - [ ] Merge PR
 
 ### Git Management
 
-- [ ] git checkout master
-- [ ] git pull
+- [ ] `git checkout master`
+- [ ] `git pull`
 - [ ] git checkout -b 1.x.0 (Note no v to prevent ref conflict)
 - [ ] update version to set pre tag in ./Cargo.toml
-- [ ] git commit -m "Release 1.x.0-pre"
-- [ ] git tag v1.x.0-pre
+- [ ] `git commit -m "Release $(cargo metadata --format-version 1 | jq '.packages[] | select(.name=="kanidm_proto") | .version')-pre"`
+- [ ] `git tag v$(cargo metadata --format-version 1 | jq '.packages[] | select(.name=="kanidm_proto") | .version')-pre`
 
 - [ ] Final inspect of the branch
 
-- [ ] git push origin 1.x.0 --tags
+- [ ] `git push origin "$(cargo metadata --format-version 1 | jq '.packages[] | select(.name=="kanidm_proto") | .version')" --tags`
 
 - [ ] github -> Ensure release branch is protected
 
@@ -106,4 +107,3 @@ cargo install cargo-machete
 ### Distro
 
 - [ ] vendor and release to build.opensuse.org
-
diff --git a/libs/crypto/Cargo.toml b/libs/crypto/Cargo.toml
index 53532f9ad..854f127a9 100644
--- a/libs/crypto/Cargo.toml
+++ b/libs/crypto/Cargo.toml
@@ -35,3 +35,7 @@ x509-cert = { workspace = true, features = ["pem"] }
 
 [dev-dependencies]
 sketching = { workspace = true }
+
+
+[package.metadata.cargo-machete]
+ignored = ["openssl-sys"]
diff --git a/libs/file_permissions/Cargo.toml b/libs/file_permissions/Cargo.toml
index ef08b2602..372943922 100644
--- a/libs/file_permissions/Cargo.toml
+++ b/libs/file_permissions/Cargo.toml
@@ -16,8 +16,5 @@ doctest = false
 
 [dependencies]
 
-[target.'cfg(target_family = "windows")'.dependencies]
-whoami = { workspace = true }
-
 [target.'cfg(not(target_family = "windows"))'.dependencies]
 kanidm_utils_users = { workspace = true }
diff --git a/libs/profiles/Cargo.toml b/libs/profiles/Cargo.toml
index 038b582c4..7f2b630ee 100644
--- a/libs/profiles/Cargo.toml
+++ b/libs/profiles/Cargo.toml
@@ -28,3 +28,7 @@ toml = { workspace = true }
 [build-dependencies]
 base64 = { workspace = true }
 gix = { workspace = true, default-features = false }
+
+
+[package.metadata.cargo-machete]
+ignored = ["gix"]
diff --git a/libs/sketching/Cargo.toml b/libs/sketching/Cargo.toml
index 71d997ccd..85b0a1046 100644
--- a/libs/sketching/Cargo.toml
+++ b/libs/sketching/Cargo.toml
@@ -17,7 +17,6 @@ test = false
 doctest = false
 
 [dependencies]
-gethostname = "0.5.0"
 num_enum = { workspace = true }
 opentelemetry = { workspace = true, features = ["metrics"] }
 opentelemetry-otlp = { workspace = true, default-features = false, features = [
diff --git a/libs/users/Cargo.toml b/libs/users/Cargo.toml
index ea6e65f5e..0dd9444d0 100644
--- a/libs/users/Cargo.toml
+++ b/libs/users/Cargo.toml
@@ -1,13 +1,13 @@
 [package]
 name = "kanidm_utils_users"
 description = "Kanidm utility crate"
-version.workspace = true
-authors.workspace = true
-rust-version.workspace = true
-edition.workspace = true
-license.workspace = true
-homepage.workspace = true
-repository.workspace = true
+version = { workspace = true }
+authors = { workspace = true }
+rust-version = { workspace = true }
+edition = { workspace = true }
+license = { workspace = true }
+homepage = { workspace = true }
+repository = { workspace = true }
 
 [lib]
 test = true
diff --git a/server/core/Cargo.toml b/server/core/Cargo.toml
index 094eec8bb..1c753cb44 100644
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@@ -45,7 +45,6 @@ ldap3_proto = { workspace = true }
 libc = { workspace = true }
 openssl = { workspace = true }
 opentelemetry = { workspace = true, features = ["logs"] }
-# opentelemetry_api = { workspace = true, features = ["logs"] }
 qrcode = { workspace = true, features = ["svg"] }
 regex = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
@@ -94,3 +93,10 @@ kanidmd_lib = { workspace = true, features = ["test"] }
 
 [build-dependencies]
 kanidm_build_profiles = { workspace = true }
+
+
+[package.metadata.cargo-machete]
+ignored = [
+    "opentelemetry",         # feature gated
+    "kanidm_build_profiles",
+]
diff --git a/server/daemon/Cargo.toml b/server/daemon/Cargo.toml
index 7895b1d09..24d710441 100644
--- a/server/daemon/Cargo.toml
+++ b/server/daemon/Cargo.toml
@@ -37,11 +37,11 @@ reqwest = { workspace = true }
 tokio = { workspace = true, features = ["rt-multi-thread", "macros", "signal"] }
 tokio-util = { workspace = true, features = ["codec"] }
 tracing = { workspace = true }
-serde_json.workspace = true
+serde_json = { workspace = true }
 
 [target.'cfg(target_os = "linux")'.dependencies]
-sd-notify.workspace = true
-prctl.workspace = true
+sd-notify = { workspace = true }
+prctl = { workspace = true }
 
 [target.'cfg(target_family = "windows")'.dependencies]
 whoami = { workspace = true }
@@ -53,7 +53,10 @@ kanidm_utils_users = { workspace = true }
 mimalloc = { workspace = true }
 
 [build-dependencies]
-serde = { workspace = true, features = ["derive"] }
 clap = { workspace = true, features = ["derive"] }
 clap_complete = { workspace = true }
 kanidm_build_profiles = { workspace = true }
+
+
+[package.metadata.cargo-machete]
+ignored = ["clap_complete", "kanidm_build_profiles"]
diff --git a/server/daemon/src/main.rs b/server/daemon/src/main.rs
index 8bec36da5..92ac418df 100644
--- a/server/daemon/src/main.rs
+++ b/server/daemon/src/main.rs
@@ -20,7 +20,7 @@ static ALLOC: dhat::Alloc = dhat::Alloc;
 
 use std::fs::{metadata, File};
 // This works on both unix and windows.
-use fs4::FileExt;
+use fs4::fs_std::FileExt;
 use kanidm_proto::messages::ConsoleOutputMode;
 use sketching::otel::TracingPipelineGuard;
 use std::io::Read;
diff --git a/server/lib/Cargo.toml b/server/lib/Cargo.toml
index 7e6a0de55..aad01fb19 100644
--- a/server/lib/Cargo.toml
+++ b/server/lib/Cargo.toml
@@ -79,7 +79,7 @@ webauthn-rs = { workspace = true, features = [
 webauthn-rs-core = { workspace = true }
 zxcvbn = { workspace = true }
 serde_with = { workspace = true, features = ["time_0_3", "base64"] }
-hex.workspace = true
+hex = { workspace = true }
 lodepng = { workspace = true }
 image = { workspace = true, default-features = false, features = [
     "gif",
@@ -113,3 +113,9 @@ mimalloc = { workspace = true }
 hashbrown = { workspace = true }
 kanidm_build_profiles = { workspace = true }
 regex = { workspace = true }
+
+[package.metadata.cargo-machete]
+ignored = [
+    "openssl-sys", # see note above
+    "whoami",      # used in windows
+]
diff --git a/server/testkit/Cargo.toml b/server/testkit/Cargo.toml
index 1c0563c21..acc107b23 100644
--- a/server/testkit/Cargo.toml
+++ b/server/testkit/Cargo.toml
@@ -49,7 +49,6 @@ url = { workspace = true, features = ["serde"] }
 kanidm_build_profiles = { workspace = true }
 
 [dev-dependencies]
-assert_cmd = "2.0.16"
 compact_jwt = { workspace = true }
 escargot = "0.5.13"
 # used for webdriver testing
@@ -59,11 +58,14 @@ oauth2_ext = { workspace = true, default-features = false, features = [
     "reqwest",
 ] }
 openssl = { workspace = true }
-petgraph = { version = "0.7.1", features = ["serde", "serde-1"] }
+petgraph = { version = "0.7.1", features = ["serde"] }
 serde_json = { workspace = true }
 time = { workspace = true }
 tokio-openssl = { workspace = true }
 kanidm_lib_crypto = { workspace = true }
 uuid = { workspace = true }
 webauthn-authenticator-rs = { workspace = true }
-jsonschema = "0.28.3"
+jsonschema = "0.29.0"
+
+[package.metadata.cargo-machete]
+ignored = ["escargot", "futures", "kanidm_build_profiles"]
diff --git a/server/testkit/examples/enumerating_access.rs b/server/testkit/examples/enumerating_access.rs
index c6290059b..56c4dce68 100644
--- a/server/testkit/examples/enumerating_access.rs
+++ b/server/testkit/examples/enumerating_access.rs
@@ -3,14 +3,13 @@
 //! - @yaleman
 //!
 
-use std::collections::{BTreeMap, BTreeSet};
-// use kanidm_client::KanidmClient;
 use kanidmd_lib::constants::entries::Attribute;
 use kanidmd_lib::constants::groups::{idm_builtin_admin_groups, idm_builtin_non_admin_groups};
 use kanidmd_lib::prelude::{builtin_accounts, EntryInitNew};
 use petgraph::graphmap::{AllEdges, GraphMap, NodeTrait};
 use petgraph::Directed;
 use serde::{Deserialize, Serialize};
+use std::collections::{BTreeMap, BTreeSet};
 use uuid::Uuid;
 
 #[derive(Clone, Deserialize, Serialize)]
diff --git a/tools/cli/Cargo.toml b/tools/cli/Cargo.toml
index 5d5ee7778..219a8ed82 100644
--- a/tools/cli/Cargo.toml
+++ b/tools/cli/Cargo.toml
@@ -58,7 +58,7 @@ tokio = { workspace = true, features = ["rt", "macros", "fs", "signal"] }
 url = { workspace = true, features = ["serde"] }
 uuid = { workspace = true }
 zxcvbn = { workspace = true }
-lazy_static.workspace = true
+lazy_static = { workspace = true }
 regex = { workspace = true }
 
 [dev-dependencies]
@@ -119,3 +119,6 @@ assets = [
     ],
 ]
 maintainer-scripts = "debian/"
+
+[package.metadata.cargo-machete]
+ignored = ["clap_complete", "kanidm_build_profiles"]
diff --git a/tools/device_flow/Cargo.toml b/tools/device_flow/Cargo.toml
index 24417cd7f..1ac671ba8 100644
--- a/tools/device_flow/Cargo.toml
+++ b/tools/device_flow/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "kanidm_device_flow"
-description = "Kanidm Device Flow Client"
+description = "Kanidm Device Flow Example Client"
 documentation = "https://kanidm.github.io/kanidm/stable/"
 version = { workspace = true }
 authors = { workspace = true }
@@ -18,15 +18,12 @@ doctest = false
 [features]
 
 [dependencies]
-kanidm_proto = { workspace = true }
 anyhow = { workspace = true }
+kanidm_proto = { workspace = true }
 oauth2 = "5.0.0"
-reqwest = { version = "0.12.12", default-features = false, features = [
+reqwest = { workspace = true, default-features = false, features = [
     "rustls-tls",
 ] }
-
-tokio = { workspace = true, features = ["full"] }
-url = { workspace = true }
-tracing = { workspace = true }
 sketching = { workspace = true }
-base64.workspace = true
+tokio = { workspace = true, features = ["full"] }
+tracing = { workspace = true }
diff --git a/tools/iam_migrations/freeipa/Cargo.toml b/tools/iam_migrations/freeipa/Cargo.toml
index 1a89b86a7..6eee6a97a 100644
--- a/tools/iam_migrations/freeipa/Cargo.toml
+++ b/tools/iam_migrations/freeipa/Cargo.toml
@@ -39,3 +39,6 @@ kanidm_utils_users = { workspace = true }
 [build-dependencies]
 clap = { workspace = true, features = ["derive"] }
 clap_complete = { workspace = true }
+
+[package.metadata.cargo-machete]
+ignored = ["clap_complete"]
diff --git a/tools/iam_migrations/ldap/Cargo.toml b/tools/iam_migrations/ldap/Cargo.toml
index ac89a4e4e..e8d240d03 100644
--- a/tools/iam_migrations/ldap/Cargo.toml
+++ b/tools/iam_migrations/ldap/Cargo.toml
@@ -42,3 +42,6 @@ clap_complete = { workspace = true }
 
 [dev-dependencies]
 sketching = { workspace = true }
+
+[package.metadata.cargo-machete]
+ignored = ["clap_complete"]
diff --git a/tools/orca/Cargo.toml b/tools/orca/Cargo.toml
index bfd42f8be..08aa6dfbc 100644
--- a/tools/orca/Cargo.toml
+++ b/tools/orca/Cargo.toml
@@ -42,3 +42,5 @@ mimalloc = { workspace = true }
 [build-dependencies]
 kanidm_build_profiles = { workspace = true }
 
+[package.metadata.cargo-machete]
+ignored = ["kanidm_build_profiles"]
diff --git a/unix_integration/common/Cargo.toml b/unix_integration/common/Cargo.toml
index ceab00183..f25ca7a43 100644
--- a/unix_integration/common/Cargo.toml
+++ b/unix_integration/common/Cargo.toml
@@ -37,3 +37,6 @@ tracing = { workspace = true }
 
 [build-dependencies]
 kanidm_build_profiles = { workspace = true }
+
+[package.metadata.cargo-machete]
+ignored = ["kanidm_build_profiles"]
diff --git a/unix_integration/nss_kanidm/Cargo.toml b/unix_integration/nss_kanidm/Cargo.toml
index 17a7a89c9..4d84cfe1e 100644
--- a/unix_integration/nss_kanidm/Cargo.toml
+++ b/unix_integration/nss_kanidm/Cargo.toml
@@ -12,8 +12,8 @@ repository = { workspace = true }
 
 [lib]
 name = "nss_kanidm"
-crate-type = [ "cdylib" ]
-path =  "src/lib.rs"
+crate-type = ["cdylib"]
+path = "src/lib.rs"
 
 [dependencies]
 kanidm_unix_common = { workspace = true }
@@ -21,7 +21,6 @@ kanidm_unix_common = { workspace = true }
 [target.'cfg(not(target_family = "windows"))'.dependencies]
 libnss = { workspace = true }
 libc = { workspace = true }
-paste = { workspace = true }
 lazy_static = { workspace = true }
 
 [target."cfg(target_os = \"freebsd\")".build-dependencies]
@@ -37,15 +36,27 @@ depends = ""
 section = "network"
 priority = "optional"
 assets = [
-	# Empty on purpose
+    # Empty on purpose
 ]
 
 [package.metadata.deb.variants.aarch64-unknown-linux-gnu]
 merge-assets.append = [
-    [ "target/release/libnss_kanidm.so", "usr/lib/aarch64-linux-gnu/libnss_kanidm.so.2", "644"],
+    [
+        "target/release/libnss_kanidm.so",
+        "usr/lib/aarch64-linux-gnu/libnss_kanidm.so.2",
+        "644",
+    ],
 ]
 
 [package.metadata.deb.variants.x86_64-unknown-linux-gnu]
 merge-assets.append = [
-    [ "target/release/libnss_kanidm.so", "usr/lib/x86_64-linux-gnu/libnss_kanidm.so.2", "644"],
+    [
+        "target/release/libnss_kanidm.so",
+        "usr/lib/x86_64-linux-gnu/libnss_kanidm.so.2",
+        "644",
+    ],
 ]
+
+
+[package.metadata.cargo-machete]
+ignored = ["cc", "lazy_static"]
diff --git a/unix_integration/pam_kanidm/Cargo.toml b/unix_integration/pam_kanidm/Cargo.toml
index 56f6ae3c9..fab00724f 100644
--- a/unix_integration/pam_kanidm/Cargo.toml
+++ b/unix_integration/pam_kanidm/Cargo.toml
@@ -13,8 +13,8 @@ repository = { workspace = true }
 
 [lib]
 name = "pam_kanidm"
-crate-type = [ "cdylib" ]
-path =  "src/lib.rs"
+crate-type = ["cdylib"]
+path = "src/lib.rs"
 
 [dependencies]
 kanidm_unix_common = { workspace = true }
@@ -37,17 +37,36 @@ section = "network"
 priority = "optional"
 maintainer-scripts = "debian/"
 assets = [
-	# Empty on purpose
+    # Empty on purpose
 ]
 
 [package.metadata.deb.variants.aarch64-unknown-linux-gnu]
 merge-assets.append = [
-    [ "target/release/libpam_kanidm.so", "usr/lib/aarch64-linux-gnu/security/pam_kanidm.so", "644"],
-    [ "debian/kanidm.pam", "usr/share/pam-configs/kanidm", "644"],
+    [
+        "target/release/libpam_kanidm.so",
+        "usr/lib/aarch64-linux-gnu/security/pam_kanidm.so",
+        "644",
+    ],
+    [
+        "debian/kanidm.pam",
+        "usr/share/pam-configs/kanidm",
+        "644",
+    ],
 ]
 
 [package.metadata.deb.variants.x86_64-unknown-linux-gnu]
 merge-assets.append = [
-    [ "target/release/libpam_kanidm.so", "usr/lib/x86_64-linux-gnu/security/pam_kanidm.so", "644"],
-    [ "debian/kanidm.pam", "usr/share/pam-configs/kanidm", "644"],
+    [
+        "target/release/libpam_kanidm.so",
+        "usr/lib/x86_64-linux-gnu/security/pam_kanidm.so",
+        "644",
+    ],
+    [
+        "debian/kanidm.pam",
+        "usr/share/pam-configs/kanidm",
+        "644",
+    ],
 ]
+
+[package.metadata.cargo-machete]
+ignored = ["pkg-config"]
diff --git a/unix_integration/resolver/Cargo.toml b/unix_integration/resolver/Cargo.toml
index df2d6d01c..8718d9c53 100644
--- a/unix_integration/resolver/Cargo.toml
+++ b/unix_integration/resolver/Cargo.toml
@@ -52,7 +52,7 @@ test = true
 doctest = false
 
 [dependencies]
-async-trait.workspace = true
+async-trait = { workspace = true }
 bytes = { workspace = true }
 clap = { workspace = true, features = ["derive", "env"] }
 dialoguer = { workspace = true }
@@ -89,8 +89,8 @@ uuid = { workspace = true }
 walkdir = { workspace = true }
 
 [target.'cfg(target_os = "linux")'.dependencies]
-sd-notify.workspace = true
-prctl.workspace = true
+sd-notify = { workspace = true }
+prctl = { workspace = true }
 
 [target.'cfg(not(target_family = "windows"))'.dependencies]
 kanidm_utils_users = { workspace = true }
@@ -135,6 +135,9 @@ assets = [
 ]
 maintainer-scripts = "debian/"
 systemd-units = [
-	{ unit-name = "kanidm-unixd", enable = true}, 
+	{ unit-name = "kanidm-unixd", enable = true},
 	{ unit-name = "kanidm-unixd-tasks", enable = true},
 ]
+
+[package.metadata.cargo-machete]
+ignored = ["kanidm_build_profiles", "clap_complete"]

From b96fe49b992371f349de16964319bbbd1d62706c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 07:19:22 +1000
Subject: [PATCH 83/87] Bump the all group in /pykanidm with 7 updates (#3412)

Bumps the all group in /pykanidm with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.11.11` | `3.11.12` |
| [ruff](https://github.com/astral-sh/ruff) | `0.9.4` | `0.9.5` |
| [mypy](https://github.com/python/mypy) | `1.14.1` | `1.15.0` |
| [coverage](https://github.com/nedbat/coveragepy) | `7.6.10` | `7.6.11` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.6.1` | `9.6.3` |
| [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) | `0.27.0` | `0.28.0` |
| [mkdocstrings-python](https://github.com/mkdocstrings/python) | `1.13.0` | `1.14.6` |


Updates `aiohttp` from 3.11.11 to 3.11.12
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.11.11...v3.11.12)

Updates `ruff` from 0.9.4 to 0.9.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.9.4...0.9.5)

Updates `mypy` from 1.14.1 to 1.15.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/python/mypy/compare/v1.14.1...v1.15.0)

Updates `coverage` from 7.6.10 to 7.6.11
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.6.10...7.6.11)

Updates `mkdocs-material` from 9.6.1 to 9.6.3
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.1...9.6.3)

Updates `mkdocstrings` from 0.27.0 to 0.28.0
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.27.0...0.28.0)

Updates `mkdocstrings-python` from 1.13.0 to 1.14.6
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/python/compare/1.13.0...1.14.6)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mypy
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: coverage
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocs-material
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: mkdocstrings
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: mkdocstrings-python
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pykanidm/poetry.lock    | 522 ++++++++++++++++------------------------
 pykanidm/pyproject.toml |   4 +-
 2 files changed, 215 insertions(+), 311 deletions(-)

diff --git a/pykanidm/poetry.lock b/pykanidm/poetry.lock
index 4cb00acb0..8eb054104 100644
--- a/pykanidm/poetry.lock
+++ b/pykanidm/poetry.lock
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.0.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand.
 
 [[package]]
 name = "aiohappyeyeballs"
@@ -6,7 +6,6 @@ version = "2.4.0"
 description = "Happy Eyeballs for asyncio"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "aiohappyeyeballs-2.4.0-py3-none-any.whl", hash = "sha256:7ce92076e249169a13c2f49320d1967425eaf1f407522d707d59cac7628d62bd"},
     {file = "aiohappyeyeballs-2.4.0.tar.gz", hash = "sha256:55a1714f084e63d49639800f95716da97a1f173d46a16dfcfda0016abb93b6b2"},
@@ -14,88 +13,92 @@ files = [
 
 [[package]]
 name = "aiohttp"
-version = "3.11.11"
+version = "3.11.12"
 description = "Async http client/server framework (asyncio)"
 optional = false
 python-versions = ">=3.9"
-groups = ["main", "dev"]
 files = [
-    {file = "aiohttp-3.11.11-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a60804bff28662cbcf340a4d61598891f12eea3a66af48ecfdc975ceec21e3c8"},
-    {file = "aiohttp-3.11.11-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:4b4fa1cb5f270fb3eab079536b764ad740bb749ce69a94d4ec30ceee1b5940d5"},
-    {file = "aiohttp-3.11.11-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:731468f555656767cda219ab42e033355fe48c85fbe3ba83a349631541715ba2"},
-    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cb23d8bb86282b342481cad4370ea0853a39e4a32a0042bb52ca6bdde132df43"},
-    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f047569d655f81cb70ea5be942ee5d4421b6219c3f05d131f64088c73bb0917f"},
-    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:dd7659baae9ccf94ae5fe8bfaa2c7bc2e94d24611528395ce88d009107e00c6d"},
-    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:af01e42ad87ae24932138f154105e88da13ce7d202a6de93fafdafb2883a00ef"},
-    {file = "aiohttp-3.11.11-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5854be2f3e5a729800bac57a8d76af464e160f19676ab6aea74bde18ad19d438"},
-    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:6526e5fb4e14f4bbf30411216780c9967c20c5a55f2f51d3abd6de68320cc2f3"},
-    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:85992ee30a31835fc482468637b3e5bd085fa8fe9392ba0bdcbdc1ef5e9e3c55"},
-    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:88a12ad8ccf325a8a5ed80e6d7c3bdc247d66175afedbe104ee2aaca72960d8e"},
-    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:0a6d3fbf2232e3a08c41eca81ae4f1dff3d8f1a30bae415ebe0af2d2458b8a33"},
-    {file = "aiohttp-3.11.11-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:84a585799c58b795573c7fa9b84c455adf3e1d72f19a2bf498b54a95ae0d194c"},
-    {file = "aiohttp-3.11.11-cp310-cp310-win32.whl", hash = "sha256:bfde76a8f430cf5c5584553adf9926534352251d379dcb266ad2b93c54a29745"},
-    {file = "aiohttp-3.11.11-cp310-cp310-win_amd64.whl", hash = "sha256:0fd82b8e9c383af11d2b26f27a478640b6b83d669440c0a71481f7c865a51da9"},
-    {file = "aiohttp-3.11.11-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:ba74ec819177af1ef7f59063c6d35a214a8fde6f987f7661f4f0eecc468a8f76"},
-    {file = "aiohttp-3.11.11-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:4af57160800b7a815f3fe0eba9b46bf28aafc195555f1824555fa2cfab6c1538"},
-    {file = "aiohttp-3.11.11-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ffa336210cf9cd8ed117011085817d00abe4c08f99968deef0013ea283547204"},
-    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:81b8fe282183e4a3c7a1b72f5ade1094ed1c6345a8f153506d114af5bf8accd9"},
-    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3af41686ccec6a0f2bdc66686dc0f403c41ac2089f80e2214a0f82d001052c03"},
-    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:70d1f9dde0e5dd9e292a6d4d00058737052b01f3532f69c0c65818dac26dc287"},
-    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:249cc6912405917344192b9f9ea5cd5b139d49e0d2f5c7f70bdfaf6b4dbf3a2e"},
-    {file = "aiohttp-3.11.11-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0eb98d90b6690827dcc84c246811feeb4e1eea683c0eac6caed7549be9c84665"},
-    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ec82bf1fda6cecce7f7b915f9196601a1bd1a3079796b76d16ae4cce6d0ef89b"},
-    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:9fd46ce0845cfe28f108888b3ab17abff84ff695e01e73657eec3f96d72eef34"},
-    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:bd176afcf8f5d2aed50c3647d4925d0db0579d96f75a31e77cbaf67d8a87742d"},
-    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:ec2aa89305006fba9ffb98970db6c8221541be7bee4c1d027421d6f6df7d1ce2"},
-    {file = "aiohttp-3.11.11-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:92cde43018a2e17d48bb09c79e4d4cb0e236de5063ce897a5e40ac7cb4878773"},
-    {file = "aiohttp-3.11.11-cp311-cp311-win32.whl", hash = "sha256:aba807f9569455cba566882c8938f1a549f205ee43c27b126e5450dc9f83cc62"},
-    {file = "aiohttp-3.11.11-cp311-cp311-win_amd64.whl", hash = "sha256:ae545f31489548c87b0cced5755cfe5a5308d00407000e72c4fa30b19c3220ac"},
-    {file = "aiohttp-3.11.11-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:e595c591a48bbc295ebf47cb91aebf9bd32f3ff76749ecf282ea7f9f6bb73886"},
-    {file = "aiohttp-3.11.11-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:3ea1b59dc06396b0b424740a10a0a63974c725b1c64736ff788a3689d36c02d2"},
-    {file = "aiohttp-3.11.11-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:8811f3f098a78ffa16e0ea36dffd577eb031aea797cbdba81be039a4169e242c"},
-    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bd7227b87a355ce1f4bf83bfae4399b1f5bb42e0259cb9405824bd03d2f4336a"},
-    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d40f9da8cabbf295d3a9dae1295c69975b86d941bc20f0a087f0477fa0a66231"},
-    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ffb3dc385f6bb1568aa974fe65da84723210e5d9707e360e9ecb51f59406cd2e"},
-    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a8f5f7515f3552d899c61202d99dcb17d6e3b0de777900405611cd747cecd1b8"},
-    {file = "aiohttp-3.11.11-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3499c7ffbfd9c6a3d8d6a2b01c26639da7e43d47c7b4f788016226b1e711caa8"},
-    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8e2bf8029dbf0810c7bfbc3e594b51c4cc9101fbffb583a3923aea184724203c"},
-    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:b6212a60e5c482ef90f2d788835387070a88d52cf6241d3916733c9176d39eab"},
-    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:d119fafe7b634dbfa25a8c597718e69a930e4847f0b88e172744be24515140da"},
-    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:6fba278063559acc730abf49845d0e9a9e1ba74f85f0ee6efd5803f08b285853"},
-    {file = "aiohttp-3.11.11-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:92fc484e34b733704ad77210c7957679c5c3877bd1e6b6d74b185e9320cc716e"},
-    {file = "aiohttp-3.11.11-cp312-cp312-win32.whl", hash = "sha256:9f5b3c1ed63c8fa937a920b6c1bec78b74ee09593b3f5b979ab2ae5ef60d7600"},
-    {file = "aiohttp-3.11.11-cp312-cp312-win_amd64.whl", hash = "sha256:1e69966ea6ef0c14ee53ef7a3d68b564cc408121ea56c0caa2dc918c1b2f553d"},
-    {file = "aiohttp-3.11.11-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:541d823548ab69d13d23730a06f97460f4238ad2e5ed966aaf850d7c369782d9"},
-    {file = "aiohttp-3.11.11-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:929f3ed33743a49ab127c58c3e0a827de0664bfcda566108989a14068f820194"},
-    {file = "aiohttp-3.11.11-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:0882c2820fd0132240edbb4a51eb8ceb6eef8181db9ad5291ab3332e0d71df5f"},
-    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b63de12e44935d5aca7ed7ed98a255a11e5cb47f83a9fded7a5e41c40277d104"},
-    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:aa54f8ef31d23c506910c21163f22b124facb573bff73930735cf9fe38bf7dff"},
-    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a344d5dc18074e3872777b62f5f7d584ae4344cd6006c17ba12103759d407af3"},
-    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b7fb429ab1aafa1f48578eb315ca45bd46e9c37de11fe45c7f5f4138091e2f1"},
-    {file = "aiohttp-3.11.11-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c341c7d868750e31961d6d8e60ff040fb9d3d3a46d77fd85e1ab8e76c3e9a5c4"},
-    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:ed9ee95614a71e87f1a70bc81603f6c6760128b140bc4030abe6abaa988f1c3d"},
-    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:de8d38f1c2810fa2a4f1d995a2e9c70bb8737b18da04ac2afbf3971f65781d87"},
-    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:a9b7371665d4f00deb8f32208c7c5e652059b0fda41cf6dbcac6114a041f1cc2"},
-    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:620598717fce1b3bd14dd09947ea53e1ad510317c85dda2c9c65b622edc96b12"},
-    {file = "aiohttp-3.11.11-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:bf8d9bfee991d8acc72d060d53860f356e07a50f0e0d09a8dfedea1c554dd0d5"},
-    {file = "aiohttp-3.11.11-cp313-cp313-win32.whl", hash = "sha256:9d73ee3725b7a737ad86c2eac5c57a4a97793d9f442599bea5ec67ac9f4bdc3d"},
-    {file = "aiohttp-3.11.11-cp313-cp313-win_amd64.whl", hash = "sha256:c7a06301c2fb096bdb0bd25fe2011531c1453b9f2c163c8031600ec73af1cc99"},
-    {file = "aiohttp-3.11.11-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:3e23419d832d969f659c208557de4a123e30a10d26e1e14b73431d3c13444c2e"},
-    {file = "aiohttp-3.11.11-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:21fef42317cf02e05d3b09c028712e1d73a9606f02467fd803f7c1f39cc59add"},
-    {file = "aiohttp-3.11.11-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:1f21bb8d0235fc10c09ce1d11ffbd40fc50d3f08a89e4cf3a0c503dc2562247a"},
-    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1642eceeaa5ab6c9b6dfeaaa626ae314d808188ab23ae196a34c9d97efb68350"},
-    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2170816e34e10f2fd120f603e951630f8a112e1be3b60963a1f159f5699059a6"},
-    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8be8508d110d93061197fd2d6a74f7401f73b6d12f8822bbcd6d74f2b55d71b1"},
-    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4eed954b161e6b9b65f6be446ed448ed3921763cc432053ceb606f89d793927e"},
-    {file = "aiohttp-3.11.11-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d6c9af134da4bc9b3bd3e6a70072509f295d10ee60c697826225b60b9959acdd"},
-    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:44167fc6a763d534a6908bdb2592269b4bf30a03239bcb1654781adf5e49caf1"},
-    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:479b8c6ebd12aedfe64563b85920525d05d394b85f166b7873c8bde6da612f9c"},
-    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:10b4ff0ad793d98605958089fabfa350e8e62bd5d40aa65cdc69d6785859f94e"},
-    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:b540bd67cfb54e6f0865ceccd9979687210d7ed1a1cc8c01f8e67e2f1e883d28"},
-    {file = "aiohttp-3.11.11-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:1dac54e8ce2ed83b1f6b1a54005c87dfed139cf3f777fdc8afc76e7841101226"},
-    {file = "aiohttp-3.11.11-cp39-cp39-win32.whl", hash = "sha256:568c1236b2fde93b7720f95a890741854c1200fba4a3471ff48b2934d2d93fd3"},
-    {file = "aiohttp-3.11.11-cp39-cp39-win_amd64.whl", hash = "sha256:943a8b052e54dfd6439fd7989f67fc6a7f2138d0a2cf0a7de5f18aa4fe7eb3b1"},
-    {file = "aiohttp-3.11.11.tar.gz", hash = "sha256:bb49c7f1e6ebf3821a42d81d494f538107610c3a705987f53068546b0e90303e"},
+    {file = "aiohttp-3.11.12-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:aa8a8caca81c0a3e765f19c6953416c58e2f4cc1b84829af01dd1c771bb2f91f"},
+    {file = "aiohttp-3.11.12-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:84ede78acde96ca57f6cf8ccb8a13fbaf569f6011b9a52f870c662d4dc8cd854"},
+    {file = "aiohttp-3.11.12-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:584096938a001378484aa4ee54e05dc79c7b9dd933e271c744a97b3b6f644957"},
+    {file = "aiohttp-3.11.12-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:392432a2dde22b86f70dd4a0e9671a349446c93965f261dbaecfaf28813e5c42"},
+    {file = "aiohttp-3.11.12-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:88d385b8e7f3a870146bf5ea31786ef7463e99eb59e31db56e2315535d811f55"},
+    {file = "aiohttp-3.11.12-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b10a47e5390c4b30a0d58ee12581003be52eedd506862ab7f97da7a66805befb"},
+    {file = "aiohttp-3.11.12-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b5263dcede17b6b0c41ef0c3ccce847d82a7da98709e75cf7efde3e9e3b5cae"},
+    {file = "aiohttp-3.11.12-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:50c5c7b8aa5443304c55c262c5693b108c35a3b61ef961f1e782dd52a2f559c7"},
+    {file = "aiohttp-3.11.12-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:d1c031a7572f62f66f1257db37ddab4cb98bfaf9b9434a3b4840bf3560f5e788"},
+    {file = "aiohttp-3.11.12-cp310-cp310-musllinux_1_2_armv7l.whl", hash = "sha256:7e44eba534381dd2687be50cbd5f2daded21575242ecfdaf86bbeecbc38dae8e"},
+    {file = "aiohttp-3.11.12-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:145a73850926018ec1681e734cedcf2716d6a8697d90da11284043b745c286d5"},
+    {file = "aiohttp-3.11.12-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:2c311e2f63e42c1bf86361d11e2c4a59f25d9e7aabdbdf53dc38b885c5435cdb"},
+    {file = "aiohttp-3.11.12-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:ea756b5a7bac046d202a9a3889b9a92219f885481d78cd318db85b15cc0b7bcf"},
+    {file = "aiohttp-3.11.12-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:526c900397f3bbc2db9cb360ce9c35134c908961cdd0ac25b1ae6ffcaa2507ff"},
+    {file = "aiohttp-3.11.12-cp310-cp310-win32.whl", hash = "sha256:b8d3bb96c147b39c02d3db086899679f31958c5d81c494ef0fc9ef5bb1359b3d"},
+    {file = "aiohttp-3.11.12-cp310-cp310-win_amd64.whl", hash = "sha256:7fe3d65279bfbee8de0fb4f8c17fc4e893eed2dba21b2f680e930cc2b09075c5"},
+    {file = "aiohttp-3.11.12-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:87a2e00bf17da098d90d4145375f1d985a81605267e7f9377ff94e55c5d769eb"},
+    {file = "aiohttp-3.11.12-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b34508f1cd928ce915ed09682d11307ba4b37d0708d1f28e5774c07a7674cac9"},
+    {file = "aiohttp-3.11.12-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:936d8a4f0f7081327014742cd51d320296b56aa6d324461a13724ab05f4b2933"},
+    {file = "aiohttp-3.11.12-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2de1378f72def7dfb5dbd73d86c19eda0ea7b0a6873910cc37d57e80f10d64e1"},
+    {file = "aiohttp-3.11.12-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b9d45dbb3aaec05cf01525ee1a7ac72de46a8c425cb75c003acd29f76b1ffe94"},
+    {file = "aiohttp-3.11.12-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:930ffa1925393381e1e0a9b82137fa7b34c92a019b521cf9f41263976666a0d6"},
+    {file = "aiohttp-3.11.12-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8340def6737118f5429a5df4e88f440746b791f8f1c4ce4ad8a595f42c980bd5"},
+    {file = "aiohttp-3.11.12-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4016e383f91f2814e48ed61e6bda7d24c4d7f2402c75dd28f7e1027ae44ea204"},
+    {file = "aiohttp-3.11.12-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:3c0600bcc1adfaaac321422d615939ef300df81e165f6522ad096b73439c0f58"},
+    {file = "aiohttp-3.11.12-cp311-cp311-musllinux_1_2_armv7l.whl", hash = "sha256:0450ada317a65383b7cce9576096150fdb97396dcfe559109b403c7242faffef"},
+    {file = "aiohttp-3.11.12-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:850ff6155371fd802a280f8d369d4e15d69434651b844bde566ce97ee2277420"},
+    {file = "aiohttp-3.11.12-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:8fd12d0f989c6099e7b0f30dc6e0d1e05499f3337461f0b2b0dadea6c64b89df"},
+    {file = "aiohttp-3.11.12-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:76719dd521c20a58a6c256d058547b3a9595d1d885b830013366e27011ffe804"},
+    {file = "aiohttp-3.11.12-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:97fe431f2ed646a3b56142fc81d238abcbaff08548d6912acb0b19a0cadc146b"},
+    {file = "aiohttp-3.11.12-cp311-cp311-win32.whl", hash = "sha256:e10c440d142fa8b32cfdb194caf60ceeceb3e49807072e0dc3a8887ea80e8c16"},
+    {file = "aiohttp-3.11.12-cp311-cp311-win_amd64.whl", hash = "sha256:246067ba0cf5560cf42e775069c5d80a8989d14a7ded21af529a4e10e3e0f0e6"},
+    {file = "aiohttp-3.11.12-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:e392804a38353900c3fd8b7cacbea5132888f7129f8e241915e90b85f00e3250"},
+    {file = "aiohttp-3.11.12-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:8fa1510b96c08aaad49303ab11f8803787c99222288f310a62f493faf883ede1"},
+    {file = "aiohttp-3.11.12-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:dc065a4285307607df3f3686363e7f8bdd0d8ab35f12226362a847731516e42c"},
+    {file = "aiohttp-3.11.12-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cddb31f8474695cd61fc9455c644fc1606c164b93bff2490390d90464b4655df"},
+    {file = "aiohttp-3.11.12-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9dec0000d2d8621d8015c293e24589d46fa218637d820894cb7356c77eca3259"},
+    {file = "aiohttp-3.11.12-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e3552fe98e90fdf5918c04769f338a87fa4f00f3b28830ea9b78b1bdc6140e0d"},
+    {file = "aiohttp-3.11.12-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6dfe7f984f28a8ae94ff3a7953cd9678550dbd2a1f9bda5dd9c5ae627744c78e"},
+    {file = "aiohttp-3.11.12-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a481a574af914b6e84624412666cbfbe531a05667ca197804ecc19c97b8ab1b0"},
+    {file = "aiohttp-3.11.12-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:1987770fb4887560363b0e1a9b75aa303e447433c41284d3af2840a2f226d6e0"},
+    {file = "aiohttp-3.11.12-cp312-cp312-musllinux_1_2_armv7l.whl", hash = "sha256:a4ac6a0f0f6402854adca4e3259a623f5c82ec3f0c049374133bcb243132baf9"},
+    {file = "aiohttp-3.11.12-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:c96a43822f1f9f69cc5c3706af33239489a6294be486a0447fb71380070d4d5f"},
+    {file = "aiohttp-3.11.12-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:a5e69046f83c0d3cb8f0d5bd9b8838271b1bc898e01562a04398e160953e8eb9"},
+    {file = "aiohttp-3.11.12-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:68d54234c8d76d8ef74744f9f9fc6324f1508129e23da8883771cdbb5818cbef"},
+    {file = "aiohttp-3.11.12-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c9fd9dcf9c91affe71654ef77426f5cf8489305e1c66ed4816f5a21874b094b9"},
+    {file = "aiohttp-3.11.12-cp312-cp312-win32.whl", hash = "sha256:0ed49efcd0dc1611378beadbd97beb5d9ca8fe48579fc04a6ed0844072261b6a"},
+    {file = "aiohttp-3.11.12-cp312-cp312-win_amd64.whl", hash = "sha256:54775858c7f2f214476773ce785a19ee81d1294a6bedc5cc17225355aab74802"},
+    {file = "aiohttp-3.11.12-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:413ad794dccb19453e2b97c2375f2ca3cdf34dc50d18cc2693bd5aed7d16f4b9"},
+    {file = "aiohttp-3.11.12-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:4a93d28ed4b4b39e6f46fd240896c29b686b75e39cc6992692e3922ff6982b4c"},
+    {file = "aiohttp-3.11.12-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:d589264dbba3b16e8951b6f145d1e6b883094075283dafcab4cdd564a9e353a0"},
+    {file = "aiohttp-3.11.12-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e5148ca8955affdfeb864aca158ecae11030e952b25b3ae15d4e2b5ba299bad2"},
+    {file = "aiohttp-3.11.12-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:525410e0790aab036492eeea913858989c4cb070ff373ec3bc322d700bdf47c1"},
+    {file = "aiohttp-3.11.12-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9bd8695be2c80b665ae3f05cb584093a1e59c35ecb7d794d1edd96e8cc9201d7"},
+    {file = "aiohttp-3.11.12-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f0203433121484b32646a5f5ea93ae86f3d9559d7243f07e8c0eab5ff8e3f70e"},
+    {file = "aiohttp-3.11.12-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:40cd36749a1035c34ba8d8aaf221b91ca3d111532e5ccb5fa8c3703ab1b967ed"},
+    {file = "aiohttp-3.11.12-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:a7442662afebbf7b4c6d28cb7aab9e9ce3a5df055fc4116cc7228192ad6cb484"},
+    {file = "aiohttp-3.11.12-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:8a2fb742ef378284a50766e985804bd6adb5adb5aa781100b09befdbfa757b65"},
+    {file = "aiohttp-3.11.12-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:2cee3b117a8d13ab98b38d5b6bdcd040cfb4181068d05ce0c474ec9db5f3c5bb"},
+    {file = "aiohttp-3.11.12-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:f6a19bcab7fbd8f8649d6595624856635159a6527861b9cdc3447af288a00c00"},
+    {file = "aiohttp-3.11.12-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:e4cecdb52aaa9994fbed6b81d4568427b6002f0a91c322697a4bfcc2b2363f5a"},
+    {file = "aiohttp-3.11.12-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:30f546358dfa0953db92ba620101fefc81574f87b2346556b90b5f3ef16e55ce"},
+    {file = "aiohttp-3.11.12-cp313-cp313-win32.whl", hash = "sha256:ce1bb21fc7d753b5f8a5d5a4bae99566386b15e716ebdb410154c16c91494d7f"},
+    {file = "aiohttp-3.11.12-cp313-cp313-win_amd64.whl", hash = "sha256:f7914ab70d2ee8ab91c13e5402122edbc77821c66d2758abb53aabe87f013287"},
+    {file = "aiohttp-3.11.12-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:7c3623053b85b4296cd3925eeb725e386644fd5bc67250b3bb08b0f144803e7b"},
+    {file = "aiohttp-3.11.12-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:67453e603cea8e85ed566b2700efa1f6916aefbc0c9fcb2e86aaffc08ec38e78"},
+    {file = "aiohttp-3.11.12-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:6130459189e61baac5a88c10019b21e1f0c6d00ebc770e9ce269475650ff7f73"},
+    {file = "aiohttp-3.11.12-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9060addfa4ff753b09392efe41e6af06ea5dd257829199747b9f15bfad819460"},
+    {file = "aiohttp-3.11.12-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:34245498eeb9ae54c687a07ad7f160053911b5745e186afe2d0c0f2898a1ab8a"},
+    {file = "aiohttp-3.11.12-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8dc0fba9a74b471c45ca1a3cb6e6913ebfae416678d90529d188886278e7f3f6"},
+    {file = "aiohttp-3.11.12-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a478aa11b328983c4444dacb947d4513cb371cd323f3845e53caeda6be5589d5"},
+    {file = "aiohttp-3.11.12-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c160a04283c8c6f55b5bf6d4cad59bb9c5b9c9cd08903841b25f1f7109ef1259"},
+    {file = "aiohttp-3.11.12-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:edb69b9589324bdc40961cdf0657815df674f1743a8d5ad9ab56a99e4833cfdd"},
+    {file = "aiohttp-3.11.12-cp39-cp39-musllinux_1_2_armv7l.whl", hash = "sha256:4ee84c2a22a809c4f868153b178fe59e71423e1f3d6a8cd416134bb231fbf6d3"},
+    {file = "aiohttp-3.11.12-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:bf4480a5438f80e0f1539e15a7eb8b5f97a26fe087e9828e2c0ec2be119a9f72"},
+    {file = "aiohttp-3.11.12-cp39-cp39-musllinux_1_2_ppc64le.whl", hash = "sha256:e6b2732ef3bafc759f653a98881b5b9cdef0716d98f013d376ee8dfd7285abf1"},
+    {file = "aiohttp-3.11.12-cp39-cp39-musllinux_1_2_s390x.whl", hash = "sha256:f752e80606b132140883bb262a457c475d219d7163d996dc9072434ffb0784c4"},
+    {file = "aiohttp-3.11.12-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:ab3247d58b393bda5b1c8f31c9edece7162fc13265334217785518dd770792b8"},
+    {file = "aiohttp-3.11.12-cp39-cp39-win32.whl", hash = "sha256:0d5176f310a7fe6f65608213cc74f4228e4f4ce9fd10bcb2bb6da8fc66991462"},
+    {file = "aiohttp-3.11.12-cp39-cp39-win_amd64.whl", hash = "sha256:74bd573dde27e58c760d9ca8615c41a57e719bff315c9adb6f2a4281a28e8798"},
+    {file = "aiohttp-3.11.12.tar.gz", hash = "sha256:7603ca26d75b1b86160ce1bbe2787a0b706e592af5b2504e12caa88a217767b0"},
 ]
 
 [package.dependencies]
@@ -117,7 +120,6 @@ version = "1.3.1"
 description = "aiosignal: a list of registered asynchronous callbacks"
 optional = false
 python-versions = ">=3.7"
-groups = ["main", "dev"]
 files = [
     {file = "aiosignal-1.3.1-py3-none-any.whl", hash = "sha256:f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"},
     {file = "aiosignal-1.3.1.tar.gz", hash = "sha256:54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc"},
@@ -132,7 +134,6 @@ version = "0.7.0"
 description = "Reusable constraint types to use with typing.Annotated"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "annotated_types-0.7.0-py3-none-any.whl", hash = "sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53"},
     {file = "annotated_types-0.7.0.tar.gz", hash = "sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89"},
@@ -144,7 +145,6 @@ version = "3.2.4"
 description = "An abstract syntax tree for Python with inference support."
 optional = false
 python-versions = ">=3.8.0"
-groups = ["dev"]
 files = [
     {file = "astroid-3.2.4-py3-none-any.whl", hash = "sha256:413658a61eeca6202a59231abb473f932038fbcbf1666587f66d482083413a25"},
     {file = "astroid-3.2.4.tar.gz", hash = "sha256:0e14202810b30da1b735827f78f5157be2bbd4a7a59b7707ca0bfc2fb4c0063a"},
@@ -159,8 +159,6 @@ version = "4.0.3"
 description = "Timeout context manager for asyncio programs"
 optional = false
 python-versions = ">=3.7"
-groups = ["main", "dev"]
-markers = "python_version < \"3.11\""
 files = [
     {file = "async-timeout-4.0.3.tar.gz", hash = "sha256:4640d96be84d82d02ed59ea2b7105a0f7b33abe8703703cd0ab0bf87c427522f"},
     {file = "async_timeout-4.0.3-py3-none-any.whl", hash = "sha256:7405140ff1230c310e51dc27b3145b9092d659ce68ff733fb0cefe3ee42be028"},
@@ -172,7 +170,6 @@ version = "24.2.0"
 description = "Classes Without Boilerplate"
 optional = false
 python-versions = ">=3.7"
-groups = ["main", "dev"]
 files = [
     {file = "attrs-24.2.0-py3-none-any.whl", hash = "sha256:81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"},
     {file = "attrs-24.2.0.tar.gz", hash = "sha256:5cfb1b9148b5b086569baec03f20d7b6bf3bcacc9a42bebf87ffaaca362f6346"},
@@ -192,7 +189,6 @@ version = "1.4.1"
 description = "The ultimate Python library in building OAuth and OpenID Connect servers and clients."
 optional = false
 python-versions = ">=3.9"
-groups = ["main"]
 files = [
     {file = "Authlib-1.4.1-py2.py3-none-any.whl", hash = "sha256:edc29c3f6a3e72cd9e9f45fff67fc663a2c364022eb0371c003f22d5405915c1"},
     {file = "authlib-1.4.1.tar.gz", hash = "sha256:30ead9ea4993cdbab821dc6e01e818362f92da290c04c7f6a1940f86507a790d"},
@@ -207,7 +203,6 @@ version = "2.16.0"
 description = "Internationalization utilities"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "babel-2.16.0-py3-none-any.whl", hash = "sha256:368b5b98b37c06b7daf6696391c3240c938b37767d4584413e8438c5c435fa8b"},
     {file = "babel-2.16.0.tar.gz", hash = "sha256:d1f3554ca26605fe173f3de0c65f750f5a42f924499bf134de6423582298e316"},
@@ -222,7 +217,6 @@ version = "2024.8.30"
 description = "Python package for providing Mozilla's CA Bundle."
 optional = false
 python-versions = ">=3.6"
-groups = ["dev"]
 files = [
     {file = "certifi-2024.8.30-py3-none-any.whl", hash = "sha256:922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8"},
     {file = "certifi-2024.8.30.tar.gz", hash = "sha256:bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9"},
@@ -234,8 +228,6 @@ version = "1.17.1"
 description = "Foreign Function Interface for Python calling C code."
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
-markers = "platform_python_implementation != \"PyPy\""
 files = [
     {file = "cffi-1.17.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"},
     {file = "cffi-1.17.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67"},
@@ -315,7 +307,6 @@ version = "3.3.2"
 description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet."
 optional = false
 python-versions = ">=3.7.0"
-groups = ["dev"]
 files = [
     {file = "charset-normalizer-3.3.2.tar.gz", hash = "sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5"},
     {file = "charset_normalizer-3.3.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3"},
@@ -415,7 +406,6 @@ version = "8.1.7"
 description = "Composable command line interface toolkit"
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
 files = [
     {file = "click-8.1.7-py3-none-any.whl", hash = "sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28"},
     {file = "click-8.1.7.tar.gz", hash = "sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de"},
@@ -430,7 +420,6 @@ version = "0.4.6"
 description = "Cross-platform colored terminal text."
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
-groups = ["dev"]
 files = [
     {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
     {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
@@ -438,74 +427,68 @@ files = [
 
 [[package]]
 name = "coverage"
-version = "7.6.10"
+version = "7.6.11"
 description = "Code coverage measurement for Python"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
-    {file = "coverage-7.6.10-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:5c912978f7fbf47ef99cec50c4401340436d200d41d714c7a4766f377c5b7b78"},
-    {file = "coverage-7.6.10-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a01ec4af7dfeb96ff0078ad9a48810bb0cc8abcb0115180c6013a6b26237626c"},
-    {file = "coverage-7.6.10-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a3b204c11e2b2d883946fe1d97f89403aa1811df28ce0447439178cc7463448a"},
-    {file = "coverage-7.6.10-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:32ee6d8491fcfc82652a37109f69dee9a830e9379166cb73c16d8dc5c2915165"},
-    {file = "coverage-7.6.10-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:675cefc4c06e3b4c876b85bfb7c59c5e2218167bbd4da5075cbe3b5790a28988"},
-    {file = "coverage-7.6.10-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:f4f620668dbc6f5e909a0946a877310fb3d57aea8198bde792aae369ee1c23b5"},
-    {file = "coverage-7.6.10-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:4eea95ef275de7abaef630c9b2c002ffbc01918b726a39f5a4353916ec72d2f3"},
-    {file = "coverage-7.6.10-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:e2f0280519e42b0a17550072861e0bc8a80a0870de260f9796157d3fca2733c5"},
-    {file = "coverage-7.6.10-cp310-cp310-win32.whl", hash = "sha256:bc67deb76bc3717f22e765ab3e07ee9c7a5e26b9019ca19a3b063d9f4b874244"},
-    {file = "coverage-7.6.10-cp310-cp310-win_amd64.whl", hash = "sha256:0f460286cb94036455e703c66988851d970fdfd8acc2a1122ab7f4f904e4029e"},
-    {file = "coverage-7.6.10-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:ea3c8f04b3e4af80e17bab607c386a830ffc2fb88a5484e1df756478cf70d1d3"},
-    {file = "coverage-7.6.10-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:507a20fc863cae1d5720797761b42d2d87a04b3e5aeb682ef3b7332e90598f43"},
-    {file = "coverage-7.6.10-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d37a84878285b903c0fe21ac8794c6dab58150e9359f1aaebbeddd6412d53132"},
-    {file = "coverage-7.6.10-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a534738b47b0de1995f85f582d983d94031dffb48ab86c95bdf88dc62212142f"},
-    {file = "coverage-7.6.10-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0d7a2bf79378d8fb8afaa994f91bfd8215134f8631d27eba3e0e2c13546ce994"},
-    {file = "coverage-7.6.10-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:6713ba4b4ebc330f3def51df1d5d38fad60b66720948112f114968feb52d3f99"},
-    {file = "coverage-7.6.10-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:ab32947f481f7e8c763fa2c92fd9f44eeb143e7610c4ca9ecd6a36adab4081bd"},
-    {file = "coverage-7.6.10-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:7bbd8c8f1b115b892e34ba66a097b915d3871db7ce0e6b9901f462ff3a975377"},
-    {file = "coverage-7.6.10-cp311-cp311-win32.whl", hash = "sha256:299e91b274c5c9cdb64cbdf1b3e4a8fe538a7a86acdd08fae52301b28ba297f8"},
-    {file = "coverage-7.6.10-cp311-cp311-win_amd64.whl", hash = "sha256:489a01f94aa581dbd961f306e37d75d4ba16104bbfa2b0edb21d29b73be83609"},
-    {file = "coverage-7.6.10-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:27c6e64726b307782fa5cbe531e7647aee385a29b2107cd87ba7c0105a5d3853"},
-    {file = "coverage-7.6.10-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:c56e097019e72c373bae32d946ecf9858fda841e48d82df7e81c63ac25554078"},
-    {file = "coverage-7.6.10-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c7827a5bc7bdb197b9e066cdf650b2887597ad124dd99777332776f7b7c7d0d0"},
-    {file = "coverage-7.6.10-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:204a8238afe787323a8b47d8be4df89772d5c1e4651b9ffa808552bdf20e1d50"},
-    {file = "coverage-7.6.10-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e67926f51821b8e9deb6426ff3164870976fe414d033ad90ea75e7ed0c2e5022"},
-    {file = "coverage-7.6.10-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:e78b270eadb5702938c3dbe9367f878249b5ef9a2fcc5360ac7bff694310d17b"},
-    {file = "coverage-7.6.10-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:714f942b9c15c3a7a5fe6876ce30af831c2ad4ce902410b7466b662358c852c0"},
-    {file = "coverage-7.6.10-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:abb02e2f5a3187b2ac4cd46b8ced85a0858230b577ccb2c62c81482ca7d18852"},
-    {file = "coverage-7.6.10-cp312-cp312-win32.whl", hash = "sha256:55b201b97286cf61f5e76063f9e2a1d8d2972fc2fcfd2c1272530172fd28c359"},
-    {file = "coverage-7.6.10-cp312-cp312-win_amd64.whl", hash = "sha256:e4ae5ac5e0d1e4edfc9b4b57b4cbecd5bc266a6915c500f358817a8496739247"},
-    {file = "coverage-7.6.10-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:05fca8ba6a87aabdd2d30d0b6c838b50510b56cdcfc604d40760dae7153b73d9"},
-    {file = "coverage-7.6.10-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:9e80eba8801c386f72e0712a0453431259c45c3249f0009aff537a517b52942b"},
-    {file = "coverage-7.6.10-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a372c89c939d57abe09e08c0578c1d212e7a678135d53aa16eec4430adc5e690"},
-    {file = "coverage-7.6.10-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ec22b5e7fe7a0fa8509181c4aac1db48f3dd4d3a566131b313d1efc102892c18"},
-    {file = "coverage-7.6.10-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:26bcf5c4df41cad1b19c84af71c22cbc9ea9a547fc973f1f2cc9a290002c8b3c"},
-    {file = "coverage-7.6.10-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:4e4630c26b6084c9b3cb53b15bd488f30ceb50b73c35c5ad7871b869cb7365fd"},
-    {file = "coverage-7.6.10-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:2396e8116db77789f819d2bc8a7e200232b7a282c66e0ae2d2cd84581a89757e"},
-    {file = "coverage-7.6.10-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:79109c70cc0882e4d2d002fe69a24aa504dec0cc17169b3c7f41a1d341a73694"},
-    {file = "coverage-7.6.10-cp313-cp313-win32.whl", hash = "sha256:9e1747bab246d6ff2c4f28b4d186b205adced9f7bd9dc362051cc37c4a0c7bd6"},
-    {file = "coverage-7.6.10-cp313-cp313-win_amd64.whl", hash = "sha256:254f1a3b1eef5f7ed23ef265eaa89c65c8c5b6b257327c149db1ca9d4a35f25e"},
-    {file = "coverage-7.6.10-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:2ccf240eb719789cedbb9fd1338055de2761088202a9a0b73032857e53f612fe"},
-    {file = "coverage-7.6.10-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:0c807ca74d5a5e64427c8805de15b9ca140bba13572d6d74e262f46f50b13273"},
-    {file = "coverage-7.6.10-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2bcfa46d7709b5a7ffe089075799b902020b62e7ee56ebaed2f4bdac04c508d8"},
-    {file = "coverage-7.6.10-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4e0de1e902669dccbf80b0415fb6b43d27edca2fbd48c74da378923b05316098"},
-    {file = "coverage-7.6.10-cp313-cp313t-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3f7b444c42bbc533aaae6b5a2166fd1a797cdb5eb58ee51a92bee1eb94a1e1cb"},
-    {file = "coverage-7.6.10-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:b330368cb99ef72fcd2dc3ed260adf67b31499584dc8a20225e85bfe6f6cfed0"},
-    {file = "coverage-7.6.10-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:9a7cfb50515f87f7ed30bc882f68812fd98bc2852957df69f3003d22a2aa0abf"},
-    {file = "coverage-7.6.10-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:6f93531882a5f68c28090f901b1d135de61b56331bba82028489bc51bdd818d2"},
-    {file = "coverage-7.6.10-cp313-cp313t-win32.whl", hash = "sha256:89d76815a26197c858f53c7f6a656686ec392b25991f9e409bcef020cd532312"},
-    {file = "coverage-7.6.10-cp313-cp313t-win_amd64.whl", hash = "sha256:54a5f0f43950a36312155dae55c505a76cd7f2b12d26abeebbe7a0b36dbc868d"},
-    {file = "coverage-7.6.10-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:656c82b8a0ead8bba147de9a89bda95064874c91a3ed43a00e687f23cc19d53a"},
-    {file = "coverage-7.6.10-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:ccc2b70a7ed475c68ceb548bf69cec1e27305c1c2606a5eb7c3afff56a1b3b27"},
-    {file = "coverage-7.6.10-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a5e37dc41d57ceba70956fa2fc5b63c26dba863c946ace9705f8eca99daecdc4"},
-    {file = "coverage-7.6.10-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0aa9692b4fdd83a4647eeb7db46410ea1322b5ed94cd1715ef09d1d5922ba87f"},
-    {file = "coverage-7.6.10-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:aa744da1820678b475e4ba3dfd994c321c5b13381d1041fe9c608620e6676e25"},
-    {file = "coverage-7.6.10-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:c0b1818063dc9e9d838c09e3a473c1422f517889436dd980f5d721899e66f315"},
-    {file = "coverage-7.6.10-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:59af35558ba08b758aec4d56182b222976330ef8d2feacbb93964f576a7e7a90"},
-    {file = "coverage-7.6.10-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:7ed2f37cfce1ce101e6dffdfd1c99e729dd2ffc291d02d3e2d0af8b53d13840d"},
-    {file = "coverage-7.6.10-cp39-cp39-win32.whl", hash = "sha256:4bcc276261505d82f0ad426870c3b12cb177752834a633e737ec5ee79bbdff18"},
-    {file = "coverage-7.6.10-cp39-cp39-win_amd64.whl", hash = "sha256:457574f4599d2b00f7f637a0700a6422243b3565509457b2dbd3f50703e11f59"},
-    {file = "coverage-7.6.10-pp39.pp310-none-any.whl", hash = "sha256:fd34e7b3405f0cc7ab03d54a334c17a9e802897580d964bd8c2001f4b9fd488f"},
-    {file = "coverage-7.6.10.tar.gz", hash = "sha256:7fb105327c8f8f0682e29843e2ff96af9dcbe5bab8eeb4b398c6a33a16d80a23"},
+    {file = "coverage-7.6.11-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:eafea49da254a8289bed3fab960f808b322eda5577cb17a3733014928bbfbebd"},
+    {file = "coverage-7.6.11-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:5a3f7cbbcb4ad95067a6525f83a6fc78d9cbc1e70f8abaeeaeaa72ef34f48fc3"},
+    {file = "coverage-7.6.11-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:de6b079b39246a7da9a40cfa62d5766bd52b4b7a88cf5a82ec4c45bf6e152306"},
+    {file = "coverage-7.6.11-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:60d4ad09dfc8c36c4910685faafcb8044c84e4dae302e86c585b3e2e7778726c"},
+    {file = "coverage-7.6.11-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8e433b6e3a834a43dae2889adc125f3fa4c66668df420d8e49bc4ee817dd7a70"},
+    {file = "coverage-7.6.11-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:ac5d92e2cc121a13270697e4cb37e1eb4511ac01d23fe1b6c097facc3b46489e"},
+    {file = "coverage-7.6.11-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:5128f3ba694c0a1bde55fc480090392c336236c3e1a10dad40dc1ab17c7675ff"},
+    {file = "coverage-7.6.11-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:397489c611b76302dfa1d9ea079e138dddc4af80fc6819d5f5119ec8ca6c0e47"},
+    {file = "coverage-7.6.11-cp310-cp310-win32.whl", hash = "sha256:c7719a5e1dc93883a6b319bc0374ecd46fb6091ed659f3fbe281ab991634b9b0"},
+    {file = "coverage-7.6.11-cp310-cp310-win_amd64.whl", hash = "sha256:c27df03730059118b8a923cfc8b84b7e9976742560af528242f201880879c1da"},
+    {file = "coverage-7.6.11-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:532fe139691af134aa8b54ed60dd3c806aa81312d93693bd2883c7b61592c840"},
+    {file = "coverage-7.6.11-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:e0b0f272901a5172090c0802053fbc503cdc3fa2612720d2669a98a7384a7bec"},
+    {file = "coverage-7.6.11-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4bda710139ea646890d1c000feb533caff86904a0e0638f85e967c28cb8eec50"},
+    {file = "coverage-7.6.11-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a165b09e7d5f685bf659063334a9a7b1a2d57b531753d3e04bd442b3cfe5845b"},
+    {file = "coverage-7.6.11-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:ff136607689c1c87f43d24203b6d2055b42030f352d5176f9c8b204d4235ef27"},
+    {file = "coverage-7.6.11-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:050172741de03525290e67f0161ae5f7f387c88fca50d47fceb4724ceaa591d2"},
+    {file = "coverage-7.6.11-cp311-cp311-win32.whl", hash = "sha256:27700d859be68e4fb2e7bf774cf49933dcac6f81a9bc4c13bd41735b8d26a53b"},
+    {file = "coverage-7.6.11-cp311-cp311-win_amd64.whl", hash = "sha256:cd4839813b09ab1dd1be1bbc74f9a7787615f931f83952b6a9af1b2d3f708bf7"},
+    {file = "coverage-7.6.11-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:dbb1a822fd858d9853333a7c95d4e70dde9a79e65893138ce32c2ec6457d7a36"},
+    {file = "coverage-7.6.11-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:61c834cbb80946d6ebfddd9b393a4c46bec92fcc0fa069321fcb8049117f76ea"},
+    {file = "coverage-7.6.11-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a46d56e99a31d858d6912d31ffa4ede6a325c86af13139539beefca10a1234ce"},
+    {file = "coverage-7.6.11-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5b48db06f53d1864fea6dbd855e6d51d41c0f06c212c3004511c0bdc6847b297"},
+    {file = "coverage-7.6.11-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:b6ff5be3b1853e0862da9d349fe87f869f68e63a25f7c37ce1130b321140f963"},
+    {file = "coverage-7.6.11-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:be05bde21d5e6eefbc3a6de6b9bee2b47894b8945342e8663192809c4d1f08ce"},
+    {file = "coverage-7.6.11-cp312-cp312-win32.whl", hash = "sha256:e3b746fa0ffc5b6b8856529de487da8b9aeb4fb394bb58de6502ef45f3434f12"},
+    {file = "coverage-7.6.11-cp312-cp312-win_amd64.whl", hash = "sha256:ac476e6d0128fb7919b3fae726de72b28b5c9644cb4b579e4a523d693187c551"},
+    {file = "coverage-7.6.11-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:c86f4c7a6d1a54a24d804d9684d96e36a62d3ef7c0d7745ae2ea39e3e0293251"},
+    {file = "coverage-7.6.11-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:7eb0504bb307401fd08bc5163a351df301438b3beb88a4fa044681295bbefc67"},
+    {file = "coverage-7.6.11-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ca95d40900cf614e07f00cee8c2fad0371df03ca4d7a80161d84be2ec132b7a4"},
+    {file = "coverage-7.6.11-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:db4b1a69976b1b02acda15937538a1d3fe10b185f9d99920b17a740a0a102e06"},
+    {file = "coverage-7.6.11-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4cf96beb05d004e4c51cd846fcdf9eee9eb2681518524b66b2e7610507944c2f"},
+    {file = "coverage-7.6.11-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:08e5fb93576a6b054d3d326242af5ef93daaac9bb52bc25f12ccbc3fa94227cd"},
+    {file = "coverage-7.6.11-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:25575cd5a7d2acc46b42711e8aff826027c0e4f80fb38028a74f31ac22aae69d"},
+    {file = "coverage-7.6.11-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:8fa4fffd90ee92f62ff7404b4801b59e8ea8502e19c9bf2d3241ce745b52926c"},
+    {file = "coverage-7.6.11-cp313-cp313-win32.whl", hash = "sha256:0d03c9452d9d1ccfe5d3a5df0427705022a49b356ac212d529762eaea5ef97b4"},
+    {file = "coverage-7.6.11-cp313-cp313-win_amd64.whl", hash = "sha256:fd2fffc8ce8692ce540103dff26279d2af22d424516ddebe2d7e4d6dbb3816b2"},
+    {file = "coverage-7.6.11-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:5e7ac966ab110bd94ee844f2643f196d78fde1cd2450399116d3efdd706e19f5"},
+    {file = "coverage-7.6.11-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:6ba27a0375c5ef4d2a7712f829265102decd5ff78b96d342ac2fa555742c4f4f"},
+    {file = "coverage-7.6.11-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e2778be4f574b39ec9dcd9e5e13644f770351ee0990a0ecd27e364aba95af89b"},
+    {file = "coverage-7.6.11-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5edc16712187139ab635a2e644cc41fc239bc6d245b16124045743130455c652"},
+    {file = "coverage-7.6.11-cp313-cp313t-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:df6ff122a0a10a30121d9f0cb3fbd03a6fe05861e4ec47adb9f25e9245aabc19"},
+    {file = "coverage-7.6.11-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:ff562952f15eff27247a4c4b03e45ce8a82e3fb197de6a7c54080f9d4ba07845"},
+    {file = "coverage-7.6.11-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:4f21e3617f48d683f30cf2a6c8b739c838e600cb1454fe6b2eb486ac2bce8fbd"},
+    {file = "coverage-7.6.11-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:6d60577673ba48d8ae8e362e61fd4ad1a640293ffe8991d11c86f195479100b7"},
+    {file = "coverage-7.6.11-cp313-cp313t-win32.whl", hash = "sha256:13100f98497086b359bf56fc035a762c674de8ef526daa389ac8932cb9bff1e0"},
+    {file = "coverage-7.6.11-cp313-cp313t-win_amd64.whl", hash = "sha256:2c81e53782043b323bd34c7de711ed9b4673414eb517eaf35af92185b873839c"},
+    {file = "coverage-7.6.11-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:ff52b4e2ac0080c96e506819586c4b16cdbf46724bda90d308a7330a73cc8521"},
+    {file = "coverage-7.6.11-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:f4679fcc9eb9004fdd1b00231ef1ec7167168071bebc4d66327e28c1979b4449"},
+    {file = "coverage-7.6.11-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:90de4e9ca4489e823138bd13098af9ac8028cc029f33f60098b5c08c675c7bda"},
+    {file = "coverage-7.6.11-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c96a142057d83ee993eaf71629ca3fb952cda8afa9a70af4132950c2bd3deb9"},
+    {file = "coverage-7.6.11-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:476f29a258b9cd153f2be5bf5f119d670d2806363595263917bddc167d6e5cce"},
+    {file = "coverage-7.6.11-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:09d03f48d9025b8a6a116cddcb6c7b8ce80e4fb4c31dd2e124a7c377036ad58e"},
+    {file = "coverage-7.6.11-cp39-cp39-win32.whl", hash = "sha256:bb35ae9f134fbd9cf7302a9654d5a1e597c974202678082dcc569eb39a8cde03"},
+    {file = "coverage-7.6.11-cp39-cp39-win_amd64.whl", hash = "sha256:f382004fa4c93c01016d9226b9d696a08c53f6818b7ad59b4e96cb67e863353a"},
+    {file = "coverage-7.6.11-pp39.pp310-none-any.whl", hash = "sha256:adc2d941c0381edfcf3897f94b9f41b1e504902fab78a04b1677f2f72afead4b"},
+    {file = "coverage-7.6.11-py3-none-any.whl", hash = "sha256:f0f334ae844675420164175bf32b04e18a81fe57ad8eb7e0cfd4689d681ffed7"},
+    {file = "coverage-7.6.11.tar.gz", hash = "sha256:e642e6a46a04e992ebfdabed79e46f478ec60e2c528e1e1a074d63800eda4286"},
 ]
 
 [package.extras]
@@ -517,7 +500,6 @@ version = "43.0.1"
 description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
 optional = false
 python-versions = ">=3.7"
-groups = ["main"]
 files = [
     {file = "cryptography-43.0.1-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:8385d98f6a3bf8bb2d65a73e17ed87a3ba84f6991c155691c51112075f9ffc5d"},
     {file = "cryptography-43.0.1-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:27e613d7077ac613e399270253259d9d53872aaf657471473ebfc9a52935c062"},
@@ -567,7 +549,6 @@ version = "0.3.8"
 description = "serialize all of Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "dill-0.3.8-py3-none-any.whl", hash = "sha256:c36ca9ffb54365bdd2f8eb3eff7d2a21237f8452b57ace88b1ac615b7e815bd7"},
     {file = "dill-0.3.8.tar.gz", hash = "sha256:3ebe3c479ad625c4553aca177444d89b486b1d84982eeacded644afc0cf797ca"},
@@ -583,8 +564,6 @@ version = "1.2.2"
 description = "Backport of PEP 654 (exception groups)"
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
-markers = "python_version < \"3.11\""
 files = [
     {file = "exceptiongroup-1.2.2-py3-none-any.whl", hash = "sha256:3111b9d131c238bec2f8f516e123e14ba243563fb135d3fe885990585aa7795b"},
     {file = "exceptiongroup-1.2.2.tar.gz", hash = "sha256:47c2edf7c6738fafb49fd34290706d1a1a2f4d1c6df275526b62cbb4aa5393cc"},
@@ -599,7 +578,6 @@ version = "1.4.1"
 description = "A list-like structure which implements collections.abc.MutableSequence"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "frozenlist-1.4.1-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:f9aa1878d1083b276b0196f2dfbe00c9b7e752475ed3b682025ff20c1c1f51ac"},
     {file = "frozenlist-1.4.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:29acab3f66f0f24674b7dc4736477bcd4bc3ad4b896f5f45379a67bce8b96868"},
@@ -686,7 +664,6 @@ version = "2.1.3"
 description = "URL manipulation made simple."
 optional = false
 python-versions = "*"
-groups = ["dev"]
 files = [
     {file = "furl-2.1.3-py2.py3-none-any.whl", hash = "sha256:9ab425062c4217f9802508e45feb4a83e54324273ac4b202f1850363309666c0"},
     {file = "furl-2.1.3.tar.gz", hash = "sha256:5a6188fe2666c484a12159c18be97a1977a71d632ef5bb867ef15f54af39cc4e"},
@@ -702,7 +679,6 @@ version = "2.1.0"
 description = "Copy your docs directly to the gh-pages branch."
 optional = false
 python-versions = "*"
-groups = ["dev"]
 files = [
     {file = "ghp-import-2.1.0.tar.gz", hash = "sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343"},
     {file = "ghp_import-2.1.0-py3-none-any.whl", hash = "sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619"},
@@ -720,7 +696,6 @@ version = "1.2.0"
 description = "Signatures for entire Python programs. Extract the structure, the frame, the skeleton of your project, to generate API documentation or find breaking changes in your API."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "griffe-1.2.0-py3-none-any.whl", hash = "sha256:a8b2fcb1ecdc5a412e646b0b4375eb20a5d2eac3a11dd8c10c56967a4097663c"},
     {file = "griffe-1.2.0.tar.gz", hash = "sha256:1c9f6ef7455930f3f9b0c4145a961c90385d1e2cbc496f7796fbff560ec60d31"},
@@ -735,7 +710,6 @@ version = "3.8"
 description = "Internationalized Domain Names in Applications (IDNA)"
 optional = false
 python-versions = ">=3.6"
-groups = ["main", "dev"]
 files = [
     {file = "idna-3.8-py3-none-any.whl", hash = "sha256:050b4e5baadcd44d760cedbd2b8e639f2ff89bbc7a5730fcc662954303377aac"},
     {file = "idna-3.8.tar.gz", hash = "sha256:d838c2c0ed6fced7693d5e8ab8e734d5f8fda53a039c0164afb0b82e771e3603"},
@@ -747,8 +721,6 @@ version = "8.4.0"
 description = "Read metadata from Python packages"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
-markers = "python_version < \"3.10\""
 files = [
     {file = "importlib_metadata-8.4.0-py3-none-any.whl", hash = "sha256:66f342cc6ac9818fc6ff340576acd24d65ba0b3efabb2b4ac08b598965a4a2f1"},
     {file = "importlib_metadata-8.4.0.tar.gz", hash = "sha256:9a547d3bc3608b025f93d403fdd1aae741c24fbb8314df4b155675742ce303c5"},
@@ -768,7 +740,6 @@ version = "2.0.0"
 description = "brain-dead simple config-ini parsing"
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
 files = [
     {file = "iniconfig-2.0.0-py3-none-any.whl", hash = "sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374"},
     {file = "iniconfig-2.0.0.tar.gz", hash = "sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3"},
@@ -780,7 +751,6 @@ version = "5.13.2"
 description = "A Python utility / library to sort Python imports."
 optional = false
 python-versions = ">=3.8.0"
-groups = ["dev"]
 files = [
     {file = "isort-5.13.2-py3-none-any.whl", hash = "sha256:8ca5e72a8d85860d5a3fa69b8745237f2939afe12dbf656afbcb47fe72d947a6"},
     {file = "isort-5.13.2.tar.gz", hash = "sha256:48fdfcb9face5d58a4f6dde2e72a1fb8dcaf8ab26f95ab49fab84c2ddefb0109"},
@@ -795,7 +765,6 @@ version = "3.1.5"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
 files = [
     {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"},
     {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"},
@@ -813,7 +782,6 @@ version = "4.23.0"
 description = "An implementation of JSON Schema validation for Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "jsonschema-4.23.0-py3-none-any.whl", hash = "sha256:fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"},
     {file = "jsonschema-4.23.0.tar.gz", hash = "sha256:d71497fef26351a33265337fa77ffeb82423f3ea21283cd9467bb03999266bc4"},
@@ -835,7 +803,6 @@ version = "2023.12.1"
 description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "jsonschema_specifications-2023.12.1-py3-none-any.whl", hash = "sha256:87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"},
     {file = "jsonschema_specifications-2023.12.1.tar.gz", hash = "sha256:48a76787b3e70f5ed53f1160d2b81f586e4ca6d1548c5de7085d1682674764cc"},
@@ -850,7 +817,6 @@ version = "3.7"
 description = "Python implementation of John Gruber's Markdown."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "Markdown-3.7-py3-none-any.whl", hash = "sha256:7eb6df5690b81a1d7942992c97fad2938e956e79df20cbc6186e9c3a77b1c803"},
     {file = "markdown-3.7.tar.gz", hash = "sha256:2ae2471477cfd02dbbf038d5d9bc226d40def84b4fe2986e49b59b6b472bbed2"},
@@ -869,7 +835,6 @@ version = "2.1.5"
 description = "Safely add untrusted strings to HTML/XML markup."
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
 files = [
     {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"},
     {file = "MarkupSafe-2.1.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72b6be590cc35924b02c78ef34b467da4ba07e4e0f0454a2c5907f473fc50ce5"},
@@ -939,7 +904,6 @@ version = "0.7.0"
 description = "McCabe checker, plugin for flake8"
 optional = false
 python-versions = ">=3.6"
-groups = ["dev"]
 files = [
     {file = "mccabe-0.7.0-py2.py3-none-any.whl", hash = "sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e"},
     {file = "mccabe-0.7.0.tar.gz", hash = "sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325"},
@@ -951,7 +915,6 @@ version = "1.3.4"
 description = "A deep merge function for 🐍."
 optional = false
 python-versions = ">=3.6"
-groups = ["dev"]
 files = [
     {file = "mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307"},
     {file = "mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8"},
@@ -963,7 +926,6 @@ version = "1.6.1"
 description = "Project documentation with Markdown."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "mkdocs-1.6.1-py3-none-any.whl", hash = "sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e"},
     {file = "mkdocs-1.6.1.tar.gz", hash = "sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2"},
@@ -991,14 +953,13 @@ min-versions = ["babel (==2.9.0)", "click (==7.0)", "colorama (==0.4)", "ghp-imp
 
 [[package]]
 name = "mkdocs-autorefs"
-version = "1.2.0"
+version = "1.3.0"
 description = "Automatically link across pages in MkDocs."
 optional = false
-python-versions = ">=3.8"
-groups = ["dev"]
+python-versions = ">=3.9"
 files = [
-    {file = "mkdocs_autorefs-1.2.0-py3-none-any.whl", hash = "sha256:d588754ae89bd0ced0c70c06f58566a4ee43471eeeee5202427da7de9ef85a2f"},
-    {file = "mkdocs_autorefs-1.2.0.tar.gz", hash = "sha256:a86b93abff653521bda71cf3fc5596342b7a23982093915cb74273f67522190f"},
+    {file = "mkdocs_autorefs-1.3.0-py3-none-any.whl", hash = "sha256:d180f9778a04e78b7134e31418f238bba56f56d6a8af97873946ff661befffb3"},
+    {file = "mkdocs_autorefs-1.3.0.tar.gz", hash = "sha256:6867764c099ace9025d6ac24fd07b85a98335fbd30107ef01053697c8f46db61"},
 ]
 
 [package.dependencies]
@@ -1012,7 +973,6 @@ version = "0.2.0"
 description = "MkDocs extension that lists all dependencies according to a mkdocs.yml file"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "mkdocs_get_deps-0.2.0-py3-none-any.whl", hash = "sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134"},
     {file = "mkdocs_get_deps-0.2.0.tar.gz", hash = "sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c"},
@@ -1026,14 +986,13 @@ pyyaml = ">=5.1"
 
 [[package]]
 name = "mkdocs-material"
-version = "9.6.1"
+version = "9.6.3"
 description = "Documentation that simply works"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
-    {file = "mkdocs_material-9.6.1-py3-none-any.whl", hash = "sha256:c1742d410be29811a9b7e863cb25a578b9e255fe6f04c69f8c6838863a58e141"},
-    {file = "mkdocs_material-9.6.1.tar.gz", hash = "sha256:da37dba220d9fbfc5f1fc567fafc4028e3c3d7d828f2779ed09ab726ceca77dc"},
+    {file = "mkdocs_material-9.6.3-py3-none-any.whl", hash = "sha256:1125622067e26940806701219303b27c0933e04533560725d97ec26fd16a39cf"},
+    {file = "mkdocs_material-9.6.3.tar.gz", hash = "sha256:c87f7d1c39ce6326da5e10e232aed51bae46252e646755900f4b0fc9192fa832"},
 ]
 
 [package.dependencies]
@@ -1060,7 +1019,6 @@ version = "1.3.1"
 description = "Extension pack for Python Markdown and MkDocs Material."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "mkdocs_material_extensions-1.3.1-py3-none-any.whl", hash = "sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31"},
     {file = "mkdocs_material_extensions-1.3.1.tar.gz", hash = "sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443"},
@@ -1068,25 +1026,23 @@ files = [
 
 [[package]]
 name = "mkdocstrings"
-version = "0.27.0"
+version = "0.28.0"
 description = "Automatic documentation from sources, for MkDocs."
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
-    {file = "mkdocstrings-0.27.0-py3-none-any.whl", hash = "sha256:6ceaa7ea830770959b55a16203ac63da24badd71325b96af950e59fd37366332"},
-    {file = "mkdocstrings-0.27.0.tar.gz", hash = "sha256:16adca6d6b0a1f9e0c07ff0b02ced8e16f228a9d65a37c063ec4c14d7b76a657"},
+    {file = "mkdocstrings-0.28.0-py3-none-any.whl", hash = "sha256:84cf3dc910614781fe0fee46ce8006fde7df6cc7cca2e3f799895fb8a9170b39"},
+    {file = "mkdocstrings-0.28.0.tar.gz", hash = "sha256:df20afef1eafe36ba466ae20732509ecb74237653a585f5061937e54b553b4e0"},
 ]
 
 [package.dependencies]
-click = ">=7.0"
 importlib-metadata = {version = ">=4.6", markers = "python_version < \"3.10\""}
 Jinja2 = ">=2.11.1"
 Markdown = ">=3.6"
 MarkupSafe = ">=1.1"
 mkdocs = ">=1.4"
-mkdocs-autorefs = ">=1.2"
-platformdirs = ">=2.2"
+mkdocs-autorefs = ">=1.3"
+mkdocs-get-deps = ">=0.2"
 pymdown-extensions = ">=6.3"
 typing-extensions = {version = ">=4.1", markers = "python_version < \"3.10\""}
 
@@ -1097,20 +1053,20 @@ python-legacy = ["mkdocstrings-python-legacy (>=0.2.1)"]
 
 [[package]]
 name = "mkdocstrings-python"
-version = "1.13.0"
+version = "1.14.6"
 description = "A Python handler for mkdocstrings."
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
-    {file = "mkdocstrings_python-1.13.0-py3-none-any.whl", hash = "sha256:b88bbb207bab4086434743849f8e796788b373bd32e7bfefbf8560ac45d88f97"},
-    {file = "mkdocstrings_python-1.13.0.tar.gz", hash = "sha256:2dbd5757e8375b9720e81db16f52f1856bf59905428fd7ef88005d1370e2f64c"},
+    {file = "mkdocstrings_python-1.14.6-py3-none-any.whl", hash = "sha256:e0ca11b49ac0f23070afb566245f4ff80ea1700e03c9dbc143d70dbf1cae074e"},
+    {file = "mkdocstrings_python-1.14.6.tar.gz", hash = "sha256:3fb6589491614422d781dacca085c0c5a53a7063af37a2fea5864e24e378b03e"},
 ]
 
 [package.dependencies]
 griffe = ">=0.49"
 mkdocs-autorefs = ">=1.2"
-mkdocstrings = ">=0.26"
+mkdocstrings = ">=0.28"
+typing-extensions = {version = ">=4.0", markers = "python_version < \"3.11\""}
 
 [[package]]
 name = "multidict"
@@ -1118,7 +1074,6 @@ version = "6.0.5"
 description = "multidict implementation"
 optional = false
 python-versions = ">=3.7"
-groups = ["main", "dev"]
 files = [
     {file = "multidict-6.0.5-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:228b644ae063c10e7f324ab1ab6b548bdf6f8b47f3ec234fef1093bc2735e5f9"},
     {file = "multidict-6.0.5-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:896ebdcf62683551312c30e20614305f53125750803b614e9e6ce74a96232604"},
@@ -1214,50 +1169,43 @@ files = [
 
 [[package]]
 name = "mypy"
-version = "1.14.1"
+version = "1.15.0"
 description = "Optional static typing for Python"
 optional = false
-python-versions = ">=3.8"
-groups = ["dev"]
+python-versions = ">=3.9"
 files = [
-    {file = "mypy-1.14.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:52686e37cf13d559f668aa398dd7ddf1f92c5d613e4f8cb262be2fb4fedb0fcb"},
-    {file = "mypy-1.14.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:1fb545ca340537d4b45d3eecdb3def05e913299ca72c290326be19b3804b39c0"},
-    {file = "mypy-1.14.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:90716d8b2d1f4cd503309788e51366f07c56635a3309b0f6a32547eaaa36a64d"},
-    {file = "mypy-1.14.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:2ae753f5c9fef278bcf12e1a564351764f2a6da579d4a81347e1d5a15819997b"},
-    {file = "mypy-1.14.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:e0fe0f5feaafcb04505bcf439e991c6d8f1bf8b15f12b05feeed96e9e7bf1427"},
-    {file = "mypy-1.14.1-cp310-cp310-win_amd64.whl", hash = "sha256:7d54bd85b925e501c555a3227f3ec0cfc54ee8b6930bd6141ec872d1c572f81f"},
-    {file = "mypy-1.14.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:f995e511de847791c3b11ed90084a7a0aafdc074ab88c5a9711622fe4751138c"},
-    {file = "mypy-1.14.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:d64169ec3b8461311f8ce2fd2eb5d33e2d0f2c7b49116259c51d0d96edee48d1"},
-    {file = "mypy-1.14.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ba24549de7b89b6381b91fbc068d798192b1b5201987070319889e93038967a8"},
-    {file = "mypy-1.14.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:183cf0a45457d28ff9d758730cd0210419ac27d4d3f285beda038c9083363b1f"},
-    {file = "mypy-1.14.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:f2a0ecc86378f45347f586e4163d1769dd81c5a223d577fe351f26b179e148b1"},
-    {file = "mypy-1.14.1-cp311-cp311-win_amd64.whl", hash = "sha256:ad3301ebebec9e8ee7135d8e3109ca76c23752bac1e717bc84cd3836b4bf3eae"},
-    {file = "mypy-1.14.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:30ff5ef8519bbc2e18b3b54521ec319513a26f1bba19a7582e7b1f58a6e69f14"},
-    {file = "mypy-1.14.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:cb9f255c18052343c70234907e2e532bc7e55a62565d64536dbc7706a20b78b9"},
-    {file = "mypy-1.14.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8b4e3413e0bddea671012b063e27591b953d653209e7a4fa5e48759cda77ca11"},
-    {file = "mypy-1.14.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:553c293b1fbdebb6c3c4030589dab9fafb6dfa768995a453d8a5d3b23784af2e"},
-    {file = "mypy-1.14.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:fad79bfe3b65fe6a1efaed97b445c3d37f7be9fdc348bdb2d7cac75579607c89"},
-    {file = "mypy-1.14.1-cp312-cp312-win_amd64.whl", hash = "sha256:8fa2220e54d2946e94ab6dbb3ba0a992795bd68b16dc852db33028df2b00191b"},
-    {file = "mypy-1.14.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:92c3ed5afb06c3a8e188cb5da4984cab9ec9a77ba956ee419c68a388b4595255"},
-    {file = "mypy-1.14.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:dbec574648b3e25f43d23577309b16534431db4ddc09fda50841f1e34e64ed34"},
-    {file = "mypy-1.14.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8c6d94b16d62eb3e947281aa7347d78236688e21081f11de976376cf010eb31a"},
-    {file = "mypy-1.14.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d4b19b03fdf54f3c5b2fa474c56b4c13c9dbfb9a2db4370ede7ec11a2c5927d9"},
-    {file = "mypy-1.14.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:0c911fde686394753fff899c409fd4e16e9b294c24bfd5e1ea4675deae1ac6fd"},
-    {file = "mypy-1.14.1-cp313-cp313-win_amd64.whl", hash = "sha256:8b21525cb51671219f5307be85f7e646a153e5acc656e5cebf64bfa076c50107"},
-    {file = "mypy-1.14.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:7084fb8f1128c76cd9cf68fe5971b37072598e7c31b2f9f95586b65c741a9d31"},
-    {file = "mypy-1.14.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:8f845a00b4f420f693f870eaee5f3e2692fa84cc8514496114649cfa8fd5e2c6"},
-    {file = "mypy-1.14.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:44bf464499f0e3a2d14d58b54674dee25c031703b2ffc35064bd0df2e0fac319"},
-    {file = "mypy-1.14.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c99f27732c0b7dc847adb21c9d47ce57eb48fa33a17bc6d7d5c5e9f9e7ae5bac"},
-    {file = "mypy-1.14.1-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:bce23c7377b43602baa0bd22ea3265c49b9ff0b76eb315d6c34721af4cdf1d9b"},
-    {file = "mypy-1.14.1-cp38-cp38-win_amd64.whl", hash = "sha256:8edc07eeade7ebc771ff9cf6b211b9a7d93687ff892150cb5692e4f4272b0837"},
-    {file = "mypy-1.14.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3888a1816d69f7ab92092f785a462944b3ca16d7c470d564165fe703b0970c35"},
-    {file = "mypy-1.14.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:46c756a444117c43ee984bd055db99e498bc613a70bbbc120272bd13ca579fbc"},
-    {file = "mypy-1.14.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:27fc248022907e72abfd8e22ab1f10e903915ff69961174784a3900a8cba9ad9"},
-    {file = "mypy-1.14.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:499d6a72fb7e5de92218db961f1a66d5f11783f9ae549d214617edab5d4dbdbb"},
-    {file = "mypy-1.14.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:57961db9795eb566dc1d1b4e9139ebc4c6b0cb6e7254ecde69d1552bf7613f60"},
-    {file = "mypy-1.14.1-cp39-cp39-win_amd64.whl", hash = "sha256:07ba89fdcc9451f2ebb02853deb6aaaa3d2239a236669a63ab3801bbf923ef5c"},
-    {file = "mypy-1.14.1-py3-none-any.whl", hash = "sha256:b66a60cc4073aeb8ae00057f9c1f64d49e90f918fbcef9a977eb121da8b8f1d1"},
-    {file = "mypy-1.14.1.tar.gz", hash = "sha256:7ec88144fe9b510e8475ec2f5f251992690fcf89ccb4500b214b4226abcd32d6"},
+    {file = "mypy-1.15.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:979e4e1a006511dacf628e36fadfecbcc0160a8af6ca7dad2f5025529e082c13"},
+    {file = "mypy-1.15.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c4bb0e1bd29f7d34efcccd71cf733580191e9a264a2202b0239da95984c5b559"},
+    {file = "mypy-1.15.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:be68172e9fd9ad8fb876c6389f16d1c1b5f100ffa779f77b1fb2176fcc9ab95b"},
+    {file = "mypy-1.15.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c7be1e46525adfa0d97681432ee9fcd61a3964c2446795714699a998d193f1a3"},
+    {file = "mypy-1.15.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:2e2c2e6d3593f6451b18588848e66260ff62ccca522dd231cd4dd59b0160668b"},
+    {file = "mypy-1.15.0-cp310-cp310-win_amd64.whl", hash = "sha256:6983aae8b2f653e098edb77f893f7b6aca69f6cffb19b2cc7443f23cce5f4828"},
+    {file = "mypy-1.15.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:2922d42e16d6de288022e5ca321cd0618b238cfc5570e0263e5ba0a77dbef56f"},
+    {file = "mypy-1.15.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:2ee2d57e01a7c35de00f4634ba1bbf015185b219e4dc5909e281016df43f5ee5"},
+    {file = "mypy-1.15.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:973500e0774b85d9689715feeffcc980193086551110fd678ebe1f4342fb7c5e"},
+    {file = "mypy-1.15.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:5a95fb17c13e29d2d5195869262f8125dfdb5c134dc8d9a9d0aecf7525b10c2c"},
+    {file = "mypy-1.15.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:1905f494bfd7d85a23a88c5d97840888a7bd516545fc5aaedff0267e0bb54e2f"},
+    {file = "mypy-1.15.0-cp311-cp311-win_amd64.whl", hash = "sha256:c9817fa23833ff189db061e6d2eff49b2f3b6ed9856b4a0a73046e41932d744f"},
+    {file = "mypy-1.15.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:aea39e0583d05124836ea645f412e88a5c7d0fd77a6d694b60d9b6b2d9f184fd"},
+    {file = "mypy-1.15.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2f2147ab812b75e5b5499b01ade1f4a81489a147c01585cda36019102538615f"},
+    {file = "mypy-1.15.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ce436f4c6d218a070048ed6a44c0bbb10cd2cc5e272b29e7845f6a2f57ee4464"},
+    {file = "mypy-1.15.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8023ff13985661b50a5928fc7a5ca15f3d1affb41e5f0a9952cb68ef090b31ee"},
+    {file = "mypy-1.15.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:1124a18bc11a6a62887e3e137f37f53fbae476dc36c185d549d4f837a2a6a14e"},
+    {file = "mypy-1.15.0-cp312-cp312-win_amd64.whl", hash = "sha256:171a9ca9a40cd1843abeca0e405bc1940cd9b305eaeea2dda769ba096932bb22"},
+    {file = "mypy-1.15.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:93faf3fdb04768d44bf28693293f3904bbb555d076b781ad2530214ee53e3445"},
+    {file = "mypy-1.15.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:811aeccadfb730024c5d3e326b2fbe9249bb7413553f15499a4050f7c30e801d"},
+    {file = "mypy-1.15.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:98b7b9b9aedb65fe628c62a6dc57f6d5088ef2dfca37903a7d9ee374d03acca5"},
+    {file = "mypy-1.15.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c43a7682e24b4f576d93072216bf56eeff70d9140241f9edec0c104d0c515036"},
+    {file = "mypy-1.15.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:baefc32840a9f00babd83251560e0ae1573e2f9d1b067719479bfb0e987c6357"},
+    {file = "mypy-1.15.0-cp313-cp313-win_amd64.whl", hash = "sha256:b9378e2c00146c44793c98b8d5a61039a048e31f429fb0eb546d93f4b000bedf"},
+    {file = "mypy-1.15.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:e601a7fa172c2131bff456bb3ee08a88360760d0d2f8cbd7a75a65497e2df078"},
+    {file = "mypy-1.15.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:712e962a6357634fef20412699a3655c610110e01cdaa6180acec7fc9f8513ba"},
+    {file = "mypy-1.15.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f95579473af29ab73a10bada2f9722856792a36ec5af5399b653aa28360290a5"},
+    {file = "mypy-1.15.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8f8722560a14cde92fdb1e31597760dc35f9f5524cce17836c0d22841830fd5b"},
+    {file = "mypy-1.15.0-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:1fbb8da62dc352133d7d7ca90ed2fb0e9d42bb1a32724c287d3c76c58cbaa9c2"},
+    {file = "mypy-1.15.0-cp39-cp39-win_amd64.whl", hash = "sha256:d10d994b41fb3497719bbf866f227b3489048ea4bbbb5015357db306249f7980"},
+    {file = "mypy-1.15.0-py3-none-any.whl", hash = "sha256:5469affef548bd1895d86d3bf10ce2b44e33d86923c29e4d675b3e323437ea3e"},
+    {file = "mypy-1.15.0.tar.gz", hash = "sha256:404534629d51d3efea5c800ee7c42b72a6554d6c400e6a79eafe15d11341fd43"},
 ]
 
 [package.dependencies]
@@ -1278,7 +1226,6 @@ version = "1.0.0"
 description = "Type system extensions for programs checked with the mypy type checker."
 optional = false
 python-versions = ">=3.5"
-groups = ["dev"]
 files = [
     {file = "mypy_extensions-1.0.0-py3-none-any.whl", hash = "sha256:4392f6c0eb8a5668a69e23d168ffa70f0be9ccfd32b5cc2d26a34ae5b844552d"},
     {file = "mypy_extensions-1.0.0.tar.gz", hash = "sha256:75dbf8955dc00442a438fc4d0666508a9a97b6bd41aa2f0ffe9d2f2725af0782"},
@@ -1290,7 +1237,6 @@ version = "1.0.1"
 description = "Ordered Multivalue Dictionary"
 optional = false
 python-versions = "*"
-groups = ["dev"]
 files = [
     {file = "orderedmultidict-1.0.1-py2.py3-none-any.whl", hash = "sha256:43c839a17ee3cdd62234c47deca1a8508a3f2ca1d0678a3bf791c87cf84adbf3"},
     {file = "orderedmultidict-1.0.1.tar.gz", hash = "sha256:04070bbb5e87291cc9bfa51df413677faf2141c73c61d2a5f7b26bea3cd882ad"},
@@ -1305,7 +1251,6 @@ version = "24.1"
 description = "Core utilities for Python packages"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "packaging-24.1-py3-none-any.whl", hash = "sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124"},
     {file = "packaging-24.1.tar.gz", hash = "sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002"},
@@ -1317,7 +1262,6 @@ version = "0.5.7"
 description = "Divides large result sets into pages for easier browsing"
 optional = false
 python-versions = "*"
-groups = ["dev"]
 files = [
     {file = "paginate-0.5.7-py2.py3-none-any.whl", hash = "sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591"},
     {file = "paginate-0.5.7.tar.gz", hash = "sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945"},
@@ -1333,7 +1277,6 @@ version = "0.12.1"
 description = "Utility library for gitignore style pattern matching of file paths."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pathspec-0.12.1-py3-none-any.whl", hash = "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08"},
     {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"},
@@ -1345,7 +1288,6 @@ version = "4.3.2"
 description = "A small Python package for determining appropriate platform-specific dirs, e.g. a `user data dir`."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "platformdirs-4.3.2-py3-none-any.whl", hash = "sha256:eb1c8582560b34ed4ba105009a4badf7f6f85768b30126f351328507b2beb617"},
     {file = "platformdirs-4.3.2.tar.gz", hash = "sha256:9e5e27a08aa095dd127b9f2e764d74254f482fef22b0970773bfba79d091ab8c"},
@@ -1362,7 +1304,6 @@ version = "1.5.0"
 description = "plugin and hook calling mechanisms for python"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pluggy-1.5.0-py3-none-any.whl", hash = "sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669"},
     {file = "pluggy-1.5.0.tar.gz", hash = "sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1"},
@@ -1378,7 +1319,6 @@ version = "2.1.3"
 description = "HTTP traffic mocking and expectations made easy"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
     {file = "pook-2.1.3-py3-none-any.whl", hash = "sha256:f8e75e2e41b1f6da37d0bc6b77a0f4da33c4d4de382105046efd644fe5ca2f8e"},
     {file = "pook-2.1.3.tar.gz", hash = "sha256:441191c0f3d014b141ca71430a0c2bfa6d2369ac24703a3fdfbbf5a25146d8c0"},
@@ -1395,7 +1335,6 @@ version = "0.2.0"
 description = "Accelerated property cache"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "propcache-0.2.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58"},
     {file = "propcache-0.2.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:952e0d9d07609d9c5be361f33b0d6d650cd2bae393aabb11d9b719364521984b"},
@@ -1503,8 +1442,6 @@ version = "2.22"
 description = "C parser in Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["main"]
-markers = "platform_python_implementation != \"PyPy\""
 files = [
     {file = "pycparser-2.22-py3-none-any.whl", hash = "sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"},
     {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"},
@@ -1516,7 +1453,6 @@ version = "2.10.6"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "pydantic-2.10.6-py3-none-any.whl", hash = "sha256:427d664bf0b8a2b34ff5dd0f5a18df00591adcee7198fbd71981054cef37b584"},
     {file = "pydantic-2.10.6.tar.gz", hash = "sha256:ca5daa827cce33de7a42be142548b0096bf05a7e7b365aebfa5f8eeec7128236"},
@@ -1537,7 +1473,6 @@ version = "2.27.2"
 description = "Core functionality for Pydantic validation and serialization"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "pydantic_core-2.27.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:2d367ca20b2f14095a8f4fa1210f5a7b78b8a20009ecced6b12818f455b1e9fa"},
     {file = "pydantic_core-2.27.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:491a2b73db93fab69731eaee494f320faa4e093dbed776be1a829c2eb222c34c"},
@@ -1650,7 +1585,6 @@ version = "2.18.0"
 description = "Pygments is a syntax highlighting package written in Python."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pygments-2.18.0-py3-none-any.whl", hash = "sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"},
     {file = "pygments-2.18.0.tar.gz", hash = "sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199"},
@@ -1665,7 +1599,6 @@ version = "3.2.7"
 description = "python code static checker"
 optional = false
 python-versions = ">=3.8.0"
-groups = ["dev"]
 files = [
     {file = "pylint-3.2.7-py3-none-any.whl", hash = "sha256:02f4aedeac91be69fb3b4bea997ce580a4ac68ce58b89eaefeaf06749df73f4b"},
     {file = "pylint-3.2.7.tar.gz", hash = "sha256:1b7a721b575eaeaa7d39db076b6e7743c993ea44f57979127c517c6c572c803e"},
@@ -1696,7 +1629,6 @@ version = "0.8.2"
 description = "Utilities and helpers for writing Pylint plugins"
 optional = false
 python-versions = ">=3.7,<4.0"
-groups = ["dev"]
 files = [
     {file = "pylint_plugin_utils-0.8.2-py3-none-any.whl", hash = "sha256:ae11664737aa2effbf26f973a9e0b6779ab7106ec0adc5fe104b0907ca04e507"},
     {file = "pylint_plugin_utils-0.8.2.tar.gz", hash = "sha256:d3cebf68a38ba3fba23a873809155562571386d4c1b03e5b4c4cc26c3eee93e4"},
@@ -1711,7 +1643,6 @@ version = "0.3.5"
 description = "A Pylint plugin to help Pylint understand the Pydantic"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pylint_pydantic-0.3.5-py3-none-any.whl", hash = "sha256:e7a54f09843b000676633ed02d5985a4a61c8da2560a3b0d46082d2ff171c4a1"},
 ]
@@ -1727,7 +1658,6 @@ version = "10.9"
 description = "Extension pack for Python Markdown."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pymdown_extensions-10.9-py3-none-any.whl", hash = "sha256:d323f7e90d83c86113ee78f3fe62fc9dee5f56b54d912660703ea1816fed5626"},
     {file = "pymdown_extensions-10.9.tar.gz", hash = "sha256:6ff740bcd99ec4172a938970d42b96128bdc9d4b9bcad72494f29921dc69b753"},
@@ -1746,7 +1676,6 @@ version = "8.3.4"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pytest-8.3.4-py3-none-any.whl", hash = "sha256:50e16d954148559c9a74109af1eaf0c945ba2d8f30f0a3d3335edde19788b6f6"},
     {file = "pytest-8.3.4.tar.gz", hash = "sha256:965370d062bce11e73868e0335abac31b4d3de0e82f4007408d242b4f8610761"},
@@ -1769,7 +1698,6 @@ version = "1.1.0"
 description = "Pytest plugin for aiohttp support"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
     {file = "pytest_aiohttp-1.1.0-py3-none-any.whl", hash = "sha256:f39a11693a0dce08dd6c542d241e199dd8047a6e6596b2bcfa60d373f143456d"},
     {file = "pytest_aiohttp-1.1.0.tar.gz", hash = "sha256:147de8cb164f3fc9d7196967f109ab3c0b93ea3463ab50631e56438eab7b5adc"},
@@ -1789,7 +1717,6 @@ version = "0.25.3"
 description = "Pytest support for asyncio"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
     {file = "pytest_asyncio-0.25.3-py3-none-any.whl", hash = "sha256:9e89518e0f9bd08928f97a3482fdc4e244df17529460bc038291ccaf8f85c7c3"},
     {file = "pytest_asyncio-0.25.3.tar.gz", hash = "sha256:fc1da2cf9f125ada7e710b4ddad05518d4cee187ae9412e9ac9271003497f07a"},
@@ -1808,7 +1735,6 @@ version = "3.14.0"
 description = "Thin-wrapper around the mock package for easier use with pytest"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "pytest-mock-3.14.0.tar.gz", hash = "sha256:2719255a1efeceadbc056d6bf3df3d1c5015530fb40cf347c0f9afac88410bd0"},
     {file = "pytest_mock-3.14.0-py3-none-any.whl", hash = "sha256:0b72c38033392a5f4621342fe11e9219ac11ec9d375f8e2a0c164539e0d70f6f"},
@@ -1826,7 +1752,6 @@ version = "2.9.0.post0"
 description = "Extensions to the standard Python datetime module"
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
-groups = ["dev"]
 files = [
     {file = "python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3"},
     {file = "python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427"},
@@ -1841,7 +1766,6 @@ version = "6.0.2"
 description = "YAML parser and emitter for Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"},
     {file = "PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf"},
@@ -1904,7 +1828,6 @@ version = "0.1"
 description = "A custom YAML tag for referencing environment variables in YAML files. "
 optional = false
 python-versions = ">=3.6"
-groups = ["dev"]
 files = [
     {file = "pyyaml_env_tag-0.1-py3-none-any.whl", hash = "sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069"},
     {file = "pyyaml_env_tag-0.1.tar.gz", hash = "sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb"},
@@ -1919,7 +1842,6 @@ version = "0.35.1"
 description = "JSON Referencing + Python"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "referencing-0.35.1-py3-none-any.whl", hash = "sha256:eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"},
     {file = "referencing-0.35.1.tar.gz", hash = "sha256:25b42124a6c8b632a425174f24087783efb348a6f1e0008e63cd4466fedf703c"},
@@ -1935,7 +1857,6 @@ version = "2024.7.24"
 description = "Alternative regular expression module, to replace re."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "regex-2024.7.24-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:228b0d3f567fafa0633aee87f08b9276c7062da9616931382993c03808bb68ce"},
     {file = "regex-2024.7.24-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:3426de3b91d1bc73249042742f45c2148803c111d1175b283270177fdf669024"},
@@ -2024,7 +1945,6 @@ version = "2.32.3"
 description = "Python HTTP for Humans."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"},
     {file = "requests-2.32.3.tar.gz", hash = "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760"},
@@ -2046,7 +1966,6 @@ version = "0.20.0"
 description = "Python bindings to Rust's persistent data structures (rpds)"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "rpds_py-0.20.0-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:3ad0fda1635f8439cde85c700f964b23ed5fc2d28016b32b9ee5fe30da5c84e2"},
     {file = "rpds_py-0.20.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9bb4a0d90fdb03437c109a17eade42dfbf6190408f29b2744114d11586611d6f"},
@@ -2155,30 +2074,29 @@ files = [
 
 [[package]]
 name = "ruff"
-version = "0.9.4"
+version = "0.9.5"
 description = "An extremely fast Python linter and code formatter, written in Rust."
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
 files = [
-    {file = "ruff-0.9.4-py3-none-linux_armv6l.whl", hash = "sha256:64e73d25b954f71ff100bb70f39f1ee09e880728efb4250c632ceed4e4cdf706"},
-    {file = "ruff-0.9.4-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:6ce6743ed64d9afab4fafeaea70d3631b4d4b28b592db21a5c2d1f0ef52934bf"},
-    {file = "ruff-0.9.4-py3-none-macosx_11_0_arm64.whl", hash = "sha256:54499fb08408e32b57360f6f9de7157a5fec24ad79cb3f42ef2c3f3f728dfe2b"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:37c892540108314a6f01f105040b5106aeb829fa5fb0561d2dcaf71485021137"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:de9edf2ce4b9ddf43fd93e20ef635a900e25f622f87ed6e3047a664d0e8f810e"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:87c90c32357c74f11deb7fbb065126d91771b207bf9bfaaee01277ca59b574ec"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:56acd6c694da3695a7461cc55775f3a409c3815ac467279dfa126061d84b314b"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e0c93e7d47ed951b9394cf352d6695b31498e68fd5782d6cbc282425655f687a"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1d4c8772670aecf037d1bf7a07c39106574d143b26cfe5ed1787d2f31e800214"},
-    {file = "ruff-0.9.4-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bfc5f1d7afeda8d5d37660eeca6d389b142d7f2b5a1ab659d9214ebd0e025231"},
-    {file = "ruff-0.9.4-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:faa935fc00ae854d8b638c16a5f1ce881bc3f67446957dd6f2af440a5fc8526b"},
-    {file = "ruff-0.9.4-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:a6c634fc6f5a0ceae1ab3e13c58183978185d131a29c425e4eaa9f40afe1e6d6"},
-    {file = "ruff-0.9.4-py3-none-musllinux_1_2_i686.whl", hash = "sha256:433dedf6ddfdec7f1ac7575ec1eb9844fa60c4c8c2f8887a070672b8d353d34c"},
-    {file = "ruff-0.9.4-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:d612dbd0f3a919a8cc1d12037168bfa536862066808960e0cc901404b77968f0"},
-    {file = "ruff-0.9.4-py3-none-win32.whl", hash = "sha256:db1192ddda2200671f9ef61d9597fcef89d934f5d1705e571a93a67fb13a4402"},
-    {file = "ruff-0.9.4-py3-none-win_amd64.whl", hash = "sha256:05bebf4cdbe3ef75430d26c375773978950bbf4ee3c95ccb5448940dc092408e"},
-    {file = "ruff-0.9.4-py3-none-win_arm64.whl", hash = "sha256:585792f1e81509e38ac5123492f8875fbc36f3ede8185af0a26df348e5154f41"},
-    {file = "ruff-0.9.4.tar.gz", hash = "sha256:6907ee3529244bb0ed066683e075f09285b38dd5b4039370df6ff06041ca19e7"},
+    {file = "ruff-0.9.5-py3-none-linux_armv6l.whl", hash = "sha256:d466d2abc05f39018d53f681fa1c0ffe9570e6d73cde1b65d23bb557c846f442"},
+    {file = "ruff-0.9.5-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:38840dbcef63948657fa7605ca363194d2fe8c26ce8f9ae12eee7f098c85ac8a"},
+    {file = "ruff-0.9.5-py3-none-macosx_11_0_arm64.whl", hash = "sha256:d56ba06da53536b575fbd2b56517f6f95774ff7be0f62c80b9e67430391eeb36"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4f7cb2a01da08244c50b20ccfaeb5972e4228c3c3a1989d3ece2bc4b1f996001"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:96d5c76358419bc63a671caac70c18732d4fd0341646ecd01641ddda5c39ca0b"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:deb8304636ed394211f3a6d46c0e7d9535b016f53adaa8340139859b2359a070"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:df455000bf59e62b3e8c7ba5ed88a4a2bc64896f900f311dc23ff2dc38156440"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:de92170dfa50c32a2b8206a647949590e752aca8100a0f6b8cefa02ae29dce80"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3d28532d73b1f3f627ba88e1456f50748b37f3a345d2be76e4c653bec6c3e393"},
+    {file = "ruff-0.9.5-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2c746d7d1df64f31d90503ece5cc34d7007c06751a7a3bbeee10e5f2463d52d2"},
+    {file = "ruff-0.9.5-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:11417521d6f2d121fda376f0d2169fb529976c544d653d1d6044f4c5562516ee"},
+    {file = "ruff-0.9.5-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:5b9d71c3879eb32de700f2f6fac3d46566f644a91d3130119a6378f9312a38e1"},
+    {file = "ruff-0.9.5-py3-none-musllinux_1_2_i686.whl", hash = "sha256:2e36c61145e70febcb78483903c43444c6b9d40f6d2f800b5552fec6e4a7bb9a"},
+    {file = "ruff-0.9.5-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:2f71d09aeba026c922aa7aa19a08d7bd27c867aedb2f74285a2639644c1c12f5"},
+    {file = "ruff-0.9.5-py3-none-win32.whl", hash = "sha256:134f958d52aa6fdec3b294b8ebe2320a950d10c041473c4316d2e7d7c2544723"},
+    {file = "ruff-0.9.5-py3-none-win_amd64.whl", hash = "sha256:78cc6067f6d80b6745b67498fb84e87d32c6fc34992b52bffefbdae3442967d6"},
+    {file = "ruff-0.9.5-py3-none-win_arm64.whl", hash = "sha256:18a29f1a005bddb229e580795627d297dfa99f16b30c7039e73278cf6b5f9fa9"},
+    {file = "ruff-0.9.5.tar.gz", hash = "sha256:11aecd7a633932875ab3cb05a484c99970b9d52606ce9ea912b690b02653d56c"},
 ]
 
 [[package]]
@@ -2187,7 +2105,6 @@ version = "1.16.0"
 description = "Python 2 and 3 compatibility utilities"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*"
-groups = ["dev"]
 files = [
     {file = "six-1.16.0-py2.py3-none-any.whl", hash = "sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"},
     {file = "six-1.16.0.tar.gz", hash = "sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"},
@@ -2199,7 +2116,6 @@ version = "0.10.2"
 description = "Python Library for Tom's Obvious, Minimal Language"
 optional = false
 python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*"
-groups = ["main"]
 files = [
     {file = "toml-0.10.2-py2.py3-none-any.whl", hash = "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"},
     {file = "toml-0.10.2.tar.gz", hash = "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"},
@@ -2211,8 +2127,6 @@ version = "2.0.1"
 description = "A lil' TOML parser"
 optional = false
 python-versions = ">=3.7"
-groups = ["dev"]
-markers = "python_version < \"3.11\""
 files = [
     {file = "tomli-2.0.1-py3-none-any.whl", hash = "sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc"},
     {file = "tomli-2.0.1.tar.gz", hash = "sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f"},
@@ -2224,7 +2138,6 @@ version = "0.13.2"
 description = "Style preserving TOML library"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "tomlkit-0.13.2-py3-none-any.whl", hash = "sha256:7a974427f6e119197f670fbbbeae7bef749a6c14e793db934baefc1b5f03efde"},
     {file = "tomlkit-0.13.2.tar.gz", hash = "sha256:fff5fe59a87295b278abd31bec92c15d9bc4a06885ab12bcea52c71119392e79"},
@@ -2236,7 +2149,6 @@ version = "2.32.0.20241016"
 description = "Typing stubs for requests"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "types-requests-2.32.0.20241016.tar.gz", hash = "sha256:0d9cad2f27515d0e3e3da7134a1b6f28fb97129d86b867f24d9c726452634d95"},
     {file = "types_requests-2.32.0.20241016-py3-none-any.whl", hash = "sha256:4195d62d6d3e043a4eaaf08ff8a62184584d2e8684e9d2aa178c7915a7da3747"},
@@ -2251,7 +2163,6 @@ version = "0.10.8.20240310"
 description = "Typing stubs for toml"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "types-toml-0.10.8.20240310.tar.gz", hash = "sha256:3d41501302972436a6b8b239c850b26689657e25281b48ff0ec06345b8830331"},
     {file = "types_toml-0.10.8.20240310-py3-none-any.whl", hash = "sha256:627b47775d25fa29977d9c70dc0cbab3f314f32c8d8d0c012f2ef5de7aaec05d"},
@@ -2263,7 +2174,6 @@ version = "4.12.2"
 description = "Backported and Experimental Type Hints for Python 3.8+"
 optional = false
 python-versions = ">=3.8"
-groups = ["main", "dev"]
 files = [
     {file = "typing_extensions-4.12.2-py3-none-any.whl", hash = "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"},
     {file = "typing_extensions-4.12.2.tar.gz", hash = "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8"},
@@ -2275,7 +2185,6 @@ version = "2.2.2"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
 files = [
     {file = "urllib3-2.2.2-py3-none-any.whl", hash = "sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472"},
     {file = "urllib3-2.2.2.tar.gz", hash = "sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168"},
@@ -2293,7 +2202,6 @@ version = "5.0.2"
 description = "Filesystem events monitoring"
 optional = false
 python-versions = ">=3.9"
-groups = ["dev"]
 files = [
     {file = "watchdog-5.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d961f4123bb3c447d9fcdcb67e1530c366f10ab3a0c7d1c0c9943050936d4877"},
     {file = "watchdog-5.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:72990192cb63872c47d5e5fefe230a401b87fd59d257ee577d61c9e5564c62e5"},
@@ -2336,7 +2244,6 @@ version = "0.13.0"
 description = "Makes working with XML feel like you are working with JSON"
 optional = false
 python-versions = ">=3.4"
-groups = ["dev"]
 files = [
     {file = "xmltodict-0.13.0-py2.py3-none-any.whl", hash = "sha256:aa89e8fd76320154a40d19a0df04a4695fb9dc5ba977cbb68ab3e4eb225e7852"},
     {file = "xmltodict-0.13.0.tar.gz", hash = "sha256:341595a488e3e01a85a9d8911d8912fd922ede5fecc4dce437eb4b6c8d037e56"},
@@ -2348,7 +2255,6 @@ version = "1.18.0"
 description = "Yet another URL library"
 optional = false
 python-versions = ">=3.9"
-groups = ["main", "dev"]
 files = [
     {file = "yarl-1.18.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:074fee89caab89a97e18ef5f29060ef61ba3cae6cd77673acc54bfdd3214b7b7"},
     {file = "yarl-1.18.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b026cf2c32daf48d90c0c4e406815c3f8f4cfe0c6dfccb094a9add1ff6a0e41a"},
@@ -2445,8 +2351,6 @@ version = "3.20.1"
 description = "Backport of pathlib-compatible object wrapper for zip files"
 optional = false
 python-versions = ">=3.8"
-groups = ["dev"]
-markers = "python_version < \"3.10\""
 files = [
     {file = "zipp-3.20.1-py3-none-any.whl", hash = "sha256:9960cd8967c8f85a56f920d5d507274e74f9ff813a0ab8889a5b5be2daf44064"},
     {file = "zipp-3.20.1.tar.gz", hash = "sha256:c22b14cc4763c5a5b04134207736c107db42e9d3ef2d9779d465f5f1bcba572b"},
@@ -2461,6 +2365,6 @@ test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools",
 type = ["pytest-mypy"]
 
 [metadata]
-lock-version = "2.1"
+lock-version = "2.0"
 python-versions = "^3.9"
-content-hash = "2054bfa713e5795de404383ba78c6383671ef5a4b04624026e2e578d2a644fcb"
+content-hash = "f614f512e5cfcf28eb72369010b689568f2736563e498bd6cf252292eb8bf08c"
diff --git a/pykanidm/pyproject.toml b/pykanidm/pyproject.toml
index 0705b3eba..39bd4ec71 100644
--- a/pykanidm/pyproject.toml
+++ b/pykanidm/pyproject.toml
@@ -29,7 +29,7 @@ Authlib = "^1.2.0"
 
 
 [tool.poetry.group.dev.dependencies]
-ruff = ">=0.5.1,<0.9.5"
+ruff = ">=0.5.1,<0.9.6"
 pytest = "^8.3.4"
 mypy = "^1.14.1"
 types-requests = "^2.32.0.20241016"
@@ -40,7 +40,7 @@ pylint-pydantic = "^0.3.5"
 coverage = "^7.6.10"
 mkdocs = "^1.6.1"
 mkdocs-material = "^9.6.1"
-mkdocstrings = "^0.27.0"
+mkdocstrings = ">=0.27,<0.29"
 mkdocstrings-python = "^1.13.0"
 pook = "^2.1.3"
 

From ccde675cd292f6db58184aca8d2fc348f884ae28 Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Mon, 10 Feb 2025 06:10:12 +0000
Subject: [PATCH 84/87] feat: Added webfinger implementation (#3410)

Adds WebFinger endpoints to every oauth2 client

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
---
 book/src/integrations/oauth2.md   | 25 ++++++++++++
 proto/src/oauth2.rs               | 15 +++++++
 server/core/src/actors/v1_read.rs | 16 ++++++++
 server/core/src/https/oauth2.rs   | 46 ++++++++++++++++++++-
 server/lib/src/idm/oauth2.rs      | 68 ++++++++++++++++++++++++++++++-
 5 files changed, 168 insertions(+), 2 deletions(-)

diff --git a/book/src/integrations/oauth2.md b/book/src/integrations/oauth2.md
index 5d7e37c06..54d09bcf8 100644
--- a/book/src/integrations/oauth2.md
+++ b/book/src/integrations/oauth2.md
@@ -70,6 +70,31 @@ anything special for Kanidm (or another provider).
 **Note:** some apps automatically append `/.well-known/openid-configuration` to
 the end of an OIDC Discovery URL, so you may need to omit that.
 
+
+<dl>
+<dt>[Webfinger](https://datatracker.ietf.org/doc/html/rfc7033) URL</dt>
+
+<dd>
+
+`https://idm.example.com/oauth2/openid/:client_id:/.well-known/webfinger`
+
+The webfinger URL is implemented for each OpenID client, under its specific endpoint, giving full control to the administrator regarding which to use.
+
+To make this compliant with the standard, it must be made available under the correct [well-known endpoint](https://datatracker.ietf.org/doc/html/rfc7033#section-10.1) (e.g `example.com/.well-known/webfinger`), typically via a reverse proxy or similar. Kanidm doesn't currently provide a mechanism for this URI rewrite.
+
+One example would be dedicating one client as the "primary" or "default" and redirecting all requests to that. Alternatively, source IP or other request metadata could be used to decide which client to forward the request to.
+
+### Caddy
+`Caddyfile`
+```caddy
+# assuming a kanidm service with domain "example.com"
+example.com {
+  redir /.well-known/webfinger https://idm.example.com/oauth2/openid/:client_id:{uri} 307
+}
+```
+**Note:** the `{uri}` is important as it preserves the original request past the redirect.
+
+
 </dd>
 
 <dt>
diff --git a/proto/src/oauth2.rs b/proto/src/oauth2.rs
index e34b9eaac..026a3c053 100644
--- a/proto/src/oauth2.rs
+++ b/proto/src/oauth2.rs
@@ -443,6 +443,21 @@ fn require_request_uri_parameter_supported_default() -> bool {
     false
 }
 
+#[derive(Serialize, Deserialize, Debug)]
+pub struct OidcWebfingerRel {
+    pub rel: String,
+    pub href: String,
+}
+
+/// The response to an Webfinger request. Only a subset of the body is defined here.
+/// <https://datatracker.ietf.org/doc/html/rfc7033#section-4.4>
+#[skip_serializing_none]
+#[derive(Serialize, Deserialize, Debug)]
+pub struct OidcWebfingerResponse {
+    pub subject: String,
+    pub links: Vec<OidcWebfingerRel>,
+}
+
 /// The response to an OpenID connect discovery request
 /// <https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata>
 #[skip_serializing_none]
diff --git a/server/core/src/actors/v1_read.rs b/server/core/src/actors/v1_read.rs
index 8bfa7853b..a91cbad95 100644
--- a/server/core/src/actors/v1_read.rs
+++ b/server/core/src/actors/v1_read.rs
@@ -9,6 +9,7 @@ use kanidm_proto::internal::{
     IdentifyUserRequest, IdentifyUserResponse, ImageValue, OperationError, RadiusAuthToken,
     SearchRequest, SearchResponse, UserAuthToken,
 };
+use kanidm_proto::oauth2::OidcWebfingerResponse;
 use kanidm_proto::v1::{
     AuthIssueSession, AuthRequest, Entry as ProtoEntry, UatStatus, UnixGroupToken, UnixUserToken,
     WhoamiResponse,
@@ -1509,6 +1510,21 @@ impl QueryServerReadV1 {
         idms_prox_read.oauth2_openid_discovery(&client_id)
     }
 
+    #[instrument(
+        level = "info",
+        skip_all,
+        fields(uuid = ?eventid)
+    )]
+    pub async fn handle_oauth2_webfinger_discovery(
+        &self,
+        client_id: &str,
+        resource_id: &str,
+        eventid: Uuid,
+    ) -> Result<OidcWebfingerResponse, OperationError> {
+        let mut idms_prox_read = self.idms.proxy_read().await?;
+        idms_prox_read.oauth2_openid_webfinger(client_id, resource_id)
+    }
+
     #[instrument(
         level = "info",
         skip_all,
diff --git a/server/core/src/https/oauth2.rs b/server/core/src/https/oauth2.rs
index 33a142507..ad7078fc3 100644
--- a/server/core/src/https/oauth2.rs
+++ b/server/core/src/https/oauth2.rs
@@ -513,7 +513,7 @@ pub async fn oauth2_token_post(
     }
 }
 
-// // For future openid integration
+// For future openid integration
 pub async fn oauth2_openid_discovery_get(
     State(state): State<ServerState>,
     Path(client_id): Path<String>,
@@ -538,6 +538,46 @@ pub async fn oauth2_openid_discovery_get(
     }
 }
 
+#[derive(Deserialize)]
+pub struct Oauth2OpenIdWebfingerQuery {
+    resource: String,
+}
+
+pub async fn oauth2_openid_webfinger_get(
+    State(state): State<ServerState>,
+    Path(client_id): Path<String>,
+    Query(query): Query<Oauth2OpenIdWebfingerQuery>,
+    Extension(kopid): Extension<KOpId>,
+) -> impl IntoResponse {
+    let Oauth2OpenIdWebfingerQuery { resource } = query;
+
+    let cleaned_resource = resource.strip_prefix("acct:").unwrap_or(&resource);
+
+    let res = state
+        .qe_r_ref
+        .handle_oauth2_webfinger_discovery(&client_id, cleaned_resource, kopid.eventid)
+        .await;
+
+    match res {
+        Ok(mut dsc) => (
+            StatusCode::OK,
+            [
+                (ACCESS_CONTROL_ALLOW_ORIGIN, "*"),
+                (CONTENT_TYPE, "application/jrd+json"),
+            ],
+            Json({
+                dsc.subject = resource;
+                dsc
+            }),
+        )
+            .into_response(),
+        Err(e) => {
+            error!(err = ?e, "Unable to access discovery info");
+            WebError::from(e).response_with_access_control_origin_header()
+        }
+    }
+}
+
 pub async fn oauth2_rfc8414_metadata_get(
     State(state): State<ServerState>,
     Path(client_id): Path<String>,
@@ -770,6 +810,10 @@ pub fn route_setup(state: ServerState) -> Router<ServerState> {
             "/oauth2/openid/:client_id/.well-known/openid-configuration",
             get(oauth2_openid_discovery_get).options(oauth2_preflight_options),
         )
+        .route(
+            "/oauth2/openid/:client_id/.well-known/webfinger",
+            get(oauth2_openid_webfinger_get).options(oauth2_preflight_options),
+        )
         // // ⚠️  ⚠️   WARNING  ⚠️  ⚠️
         // // IF YOU CHANGE THESE VALUES YOU MUST UPDATE OIDC DISCOVERY URLS
         .route(
diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs
index 152924b16..2fb259931 100644
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@@ -32,7 +32,7 @@ pub use kanidm_proto::oauth2::{
     AccessTokenIntrospectRequest, AccessTokenIntrospectResponse, AccessTokenRequest,
     AccessTokenResponse, AuthorisationRequest, CodeChallengeMethod, ErrorResponse, GrantTypeReq,
     OAuth2RFC9068Token, OAuth2RFC9068TokenExtensions, Oauth2Rfc8414MetadataResponse,
-    OidcDiscoveryResponse, PkceAlg, TokenRevokeRequest,
+    OidcDiscoveryResponse, OidcWebfingerRel, OidcWebfingerResponse, PkceAlg, TokenRevokeRequest,
 };
 
 use kanidm_proto::oauth2::{
@@ -2742,6 +2742,44 @@ impl IdmServerProxyReadTransaction<'_> {
         })
     }
 
+    #[instrument(level = "debug", skip_all)]
+    pub fn oauth2_openid_webfinger(
+        &mut self,
+        client_id: &str,
+        resource_id: &str,
+    ) -> Result<OidcWebfingerResponse, OperationError> {
+        let o2rs = self.oauth2rs.inner.rs_set.get(client_id).ok_or_else(|| {
+            admin_warn!(
+                "Invalid OAuth2 client_id (have you configured the OAuth2 resource server?)"
+            );
+            OperationError::NoMatchingEntries
+        })?;
+
+        let Some(spn) = PartialValue::new_spn_s(resource_id) else {
+            return Err(OperationError::NoMatchingEntries);
+        };
+
+        // Ensure that the account exists.
+        if !self
+            .qs_read
+            .internal_exists(Filter::new(f_eq(Attribute::Spn, spn)))?
+        {
+            return Err(OperationError::NoMatchingEntries);
+        }
+
+        let issuer = o2rs.iss.clone();
+
+        Ok(OidcWebfingerResponse {
+            // we set the subject to the resource_id to ensure we always send something valid back
+            // but realistically this will be overwritten on at the API layer
+            subject: resource_id.to_string(),
+            links: vec![OidcWebfingerRel {
+                rel: "http://openid.net/specs/connect/1.0/issuer".into(),
+                href: issuer.into(),
+            }],
+        })
+    }
+
     #[instrument(level = "debug", skip_all)]
     pub fn oauth2_openid_publickey(&self, client_id: &str) -> Result<JwkKeySet, OperationError> {
         let o2rs = self.oauth2rs.inner.rs_set.get(client_id).ok_or_else(|| {
@@ -5434,6 +5472,34 @@ mod tests {
             .expect("Oauth2 authorisation failed");
     }
 
+    #[idm_test]
+    async fn test_idm_oauth2_webfinger(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
+        let ct = Duration::from_secs(TEST_CURRENT_TIME);
+        let (_secret, _uat, _ident, _) =
+            setup_oauth2_resource_server_basic(idms, ct, true, false, true).await;
+        let mut idms_prox_read = idms.proxy_read().await.unwrap();
+
+        let user = "testperson1@example.com";
+
+        let webfinger = idms_prox_read
+            .oauth2_openid_webfinger("test_resource_server", user)
+            .expect("Failed to get webfinger");
+
+        assert_eq!(webfinger.subject, user);
+        assert_eq!(webfinger.links.len(), 1);
+
+        let link = &webfinger.links[0];
+        assert_eq!(link.rel, "http://openid.net/specs/connect/1.0/issuer");
+        assert_eq!(
+            link.href,
+            "https://idm.example.com/oauth2/openid/test_resource_server"
+        );
+
+        let failed_webfinger = idms_prox_read
+            .oauth2_openid_webfinger("test_resource_server", "someone@another.domain");
+        assert!(failed_webfinger.is_err());
+    }
+
     #[idm_test]
     async fn test_idm_oauth2_openid_legacy_crypto(
         idms: &IdmServer,

From 399e1d71b838923865d186ca037374c3d2771d55 Mon Sep 17 00:00:00 2001
From: James Hodgkinson <james@terminaloutcomes.com>
Date: Tue, 11 Feb 2025 07:26:44 +1000
Subject: [PATCH 85/87] Update examples/proxmox.md

---
 examples/proxmox.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/proxmox.md b/examples/proxmox.md
index d6ed35a70..a736c6b96 100644
--- a/examples/proxmox.md
+++ b/examples/proxmox.md
@@ -7,7 +7,7 @@
 
 ## Proxmox OIDC limitation
 
-As of December 2024 OIDC implementation in proxmox supports only authentication.
+As of December 2024, the OIDC implementation in Proxmox supports only authentication.
 Authorization has to be done manually.
 Mapping user to specific groups won't work yet (steps 2,3,4).
 

From 211e7d4e898a822106329dda427b68c9a970b67e Mon Sep 17 00:00:00 2001
From: George Wu <gbw@users.noreply.github.com>
Date: Mon, 10 Feb 2025 20:41:55 -0800
Subject: [PATCH 86/87] Remove white background from square logo. (#3417)

---
 server/core/static/img/logo-square.svg | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/server/core/static/img/logo-square.svg b/server/core/static/img/logo-square.svg
index dca55c5f2..b10252372 100644
--- a/server/core/static/img/logo-square.svg
+++ b/server/core/static/img/logo-square.svg
@@ -88,15 +88,6 @@
       </cc:Work>
     </rdf:RDF>
   </metadata>
-  <rect
-     style="fill:#ffffff;stroke-width:0.243721"
-     id="rect443"
-     width="135.46666"
-     height="135.46666"
-     x="0"
-     y="0"
-     inkscape:label="background"
-     sodipodi:insensitive="true" />
   <g
      id="layer1"
      transform="matrix(0.91407203,0,0,0.91407203,-34.121105,-24.362694)"

From af6f55b1fe97c0358e7c08e42dc2791caa227a1b Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 11 Feb 2025 17:26:07 +1000
Subject: [PATCH 87/87] Update to 1.6.0-dev (#3418)

---
 Cargo.lock                          | 44 ++++++++++++++---------------
 Cargo.toml                          | 28 +++++++++---------
 server/lib/src/constants/mod.rs     | 18 ++++++++----
 server/lib/src/server/migrations.rs | 16 ++++++++++-
 server/lib/src/server/mod.rs        |  4 +++
 5 files changed, 67 insertions(+), 43 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 2cd5e62e7..c22bfb148 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1030,7 +1030,7 @@ dependencies = [
 
 [[package]]
 name = "daemon"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "clap",
  "clap_complete",
@@ -2866,7 +2866,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm-ipa-sync"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "chrono",
  "clap",
@@ -2890,7 +2890,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm-ldap-sync"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "chrono",
  "clap",
@@ -2915,7 +2915,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_build_profiles"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "base64 0.22.1",
  "gix",
@@ -2926,7 +2926,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_client"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "compact_jwt",
  "http 1.2.0",
@@ -2948,7 +2948,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_device_flow"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "anyhow",
  "kanidm_proto",
@@ -2961,7 +2961,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_lib_crypto"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "argon2",
  "base64 0.22.1",
@@ -2982,14 +2982,14 @@ dependencies = [
 
 [[package]]
 name = "kanidm_lib_file_permissions"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "kanidm_utils_users",
 ]
 
 [[package]]
 name = "kanidm_proto"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "base32",
  "base64 0.22.1",
@@ -3015,7 +3015,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_tools"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "anyhow",
  "clap",
@@ -3046,7 +3046,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_unix_common"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "bytes",
  "csv",
@@ -3065,7 +3065,7 @@ dependencies = [
 
 [[package]]
 name = "kanidm_unix_int"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "async-trait",
  "bytes",
@@ -3106,14 +3106,14 @@ dependencies = [
 
 [[package]]
 name = "kanidm_utils_users"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "libc",
 ]
 
 [[package]]
 name = "kanidmd_core"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "askama",
  "askama_axum",
@@ -3168,7 +3168,7 @@ dependencies = [
 
 [[package]]
 name = "kanidmd_lib"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "base64 0.22.1",
  "base64urlsafedata",
@@ -3221,7 +3221,7 @@ dependencies = [
 
 [[package]]
 name = "kanidmd_lib_macros"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3230,7 +3230,7 @@ dependencies = [
 
 [[package]]
 name = "kanidmd_testkit"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "compact_jwt",
  "escargot",
@@ -3702,7 +3702,7 @@ dependencies = [
 
 [[package]]
 name = "nss_kanidm"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "cc",
  "kanidm_unix_common",
@@ -4062,7 +4062,7 @@ dependencies = [
 
 [[package]]
 name = "orca"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "async-trait",
  "chrono",
@@ -4099,7 +4099,7 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
 
 [[package]]
 name = "pam_kanidm"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "kanidm_unix_common",
  "libc",
@@ -4917,7 +4917,7 @@ dependencies = [
 
 [[package]]
 name = "scim_proto"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "base64urlsafedata",
  "peg",
@@ -5198,7 +5198,7 @@ dependencies = [
 
 [[package]]
 name = "sketching"
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 dependencies = [
  "num_enum",
  "opentelemetry",
diff --git a/Cargo.toml b/Cargo.toml
index b07522519..9d0634dd1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace.package]
-version = "1.5.0-dev"
+version = "1.6.0-dev"
 authors = [
     "William Brown <william@blackhats.net.au>",
     "James Hodgkinson <james@terminaloutcomes.com>",
@@ -123,20 +123,20 @@ codegen-units = 256
 libnss = { git = "https://github.com/Firstyear/libnss-rs.git", branch = "20250207-freebsd" }
 
 [workspace.dependencies]
-kanidmd_core = { path = "./server/core", version = "=1.5.0-dev" }
-kanidmd_lib = { path = "./server/lib", version = "=1.5.0-dev" }
-kanidmd_lib_macros = { path = "./server/lib-macros", version = "=1.5.0-dev" }
-kanidmd_testkit = { path = "./server/testkit", version = "=1.5.0-dev" }
-kanidm_build_profiles = { path = "./libs/profiles", version = "=1.5.0-dev" }
-kanidm_client = { path = "./libs/client", version = "=1.5.0-dev" }
+kanidmd_core = { path = "./server/core", version = "=1.6.0-dev" }
+kanidmd_lib = { path = "./server/lib", version = "=1.6.0-dev" }
+kanidmd_lib_macros = { path = "./server/lib-macros", version = "=1.6.0-dev" }
+kanidmd_testkit = { path = "./server/testkit", version = "=1.6.0-dev" }
+kanidm_build_profiles = { path = "./libs/profiles", version = "=1.6.0-dev" }
+kanidm_client = { path = "./libs/client", version = "=1.6.0-dev" }
 kanidm-hsm-crypto = "^0.2.0"
-kanidm_lib_crypto = { path = "./libs/crypto", version = "=1.5.0-dev" }
-kanidm_lib_file_permissions = { path = "./libs/file_permissions", version = "=1.5.0-dev" }
-kanidm_proto = { path = "./proto", version = "=1.5.0-dev" }
-kanidm_unix_common = { path = "./unix_integration/common", version = "=1.5.0-dev" }
-kanidm_utils_users = { path = "./libs/users", version = "=1.5.0-dev" }
-scim_proto = { path = "./libs/scim_proto", version = "=1.5.0-dev" }
-sketching = { path = "./libs/sketching", version = "=1.5.0-dev" }
+kanidm_lib_crypto = { path = "./libs/crypto", version = "=1.6.0-dev" }
+kanidm_lib_file_permissions = { path = "./libs/file_permissions", version = "=1.6.0-dev" }
+kanidm_proto = { path = "./proto", version = "=1.6.0-dev" }
+kanidm_unix_common = { path = "./unix_integration/common", version = "=1.6.0-dev" }
+kanidm_utils_users = { path = "./libs/users", version = "=1.6.0-dev" }
+scim_proto = { path = "./libs/scim_proto", version = "=1.6.0-dev" }
+sketching = { path = "./libs/sketching", version = "=1.6.0-dev" }
 
 anyhow = { version = "1.0.95" }
 argon2 = { version = "0.5.3", features = ["alloc"] }
diff --git a/server/lib/src/constants/mod.rs b/server/lib/src/constants/mod.rs
index 95e1346d4..18dba211c 100644
--- a/server/lib/src/constants/mod.rs
+++ b/server/lib/src/constants/mod.rs
@@ -79,22 +79,28 @@ pub const PATCH_LEVEL_2: u32 = 2;
 /// Deprecated as of 1.8.0
 pub const DOMAIN_LEVEL_10: DomainVersion = 10;
 
+/// Domain Level introduced with 1.7.0.
+/// Deprecated as of 1.9.0
+pub const DOMAIN_LEVEL_11: DomainVersion = 11;
+
 // The minimum level that we can re-migrate from.
 // This should be DOMAIN_TGT_LEVEL minus 2
-pub const DOMAIN_MIN_REMIGRATION_LEVEL: DomainVersion = DOMAIN_LEVEL_7;
+pub const DOMAIN_MIN_REMIGRATION_LEVEL: DomainVersion = DOMAIN_TGT_LEVEL - 2;
 // The minimum supported domain functional level (for replication)
 pub const DOMAIN_MIN_LEVEL: DomainVersion = DOMAIN_TGT_LEVEL;
 // The previous releases domain functional level
-pub const DOMAIN_PREVIOUS_TGT_LEVEL: DomainVersion = DOMAIN_LEVEL_8;
+pub const DOMAIN_PREVIOUS_TGT_LEVEL: DomainVersion = DOMAIN_TGT_LEVEL - 1;
 // The target supported domain functional level. During development this is
-// the NEXT level that users will upgrade too.
-pub const DOMAIN_TGT_LEVEL: DomainVersion = DOMAIN_LEVEL_9;
+// the NEXT level that users will upgrade too. In other words if we are
+// developing 1.6.0-dev, then we need to set TGT_LEVEL to 10 which is
+// the corresponding level.
+pub const DOMAIN_TGT_LEVEL: DomainVersion = DOMAIN_LEVEL_10;
 // The current patch level if any out of band fixes are required.
 pub const DOMAIN_TGT_PATCH_LEVEL: u32 = PATCH_LEVEL_2;
 // The target domain functional level for the SUBSEQUENT release/dev cycle.
-pub const DOMAIN_TGT_NEXT_LEVEL: DomainVersion = DOMAIN_LEVEL_10;
+pub const DOMAIN_TGT_NEXT_LEVEL: DomainVersion = DOMAIN_TGT_LEVEL + 1;
 // The maximum supported domain functional level
-pub const DOMAIN_MAX_LEVEL: DomainVersion = DOMAIN_LEVEL_10;
+pub const DOMAIN_MAX_LEVEL: DomainVersion = DOMAIN_LEVEL_11;
 
 // On test builds define to 60 seconds
 #[cfg(test)]
diff --git a/server/lib/src/server/migrations.rs b/server/lib/src/server/migrations.rs
index b402df520..10bd56d91 100644
--- a/server/lib/src/server/migrations.rs
+++ b/server/lib/src/server/migrations.rs
@@ -760,7 +760,18 @@ impl QueryServerWriteTransaction<'_> {
     #[instrument(level = "info", skip_all)]
     pub(crate) fn migrate_domain_9_to_10(&mut self) -> Result<(), OperationError> {
         if !cfg!(test) && DOMAIN_TGT_LEVEL < DOMAIN_LEVEL_9 {
-            error!("Unable to raise domain level from 8 to 9.");
+            error!("Unable to raise domain level from 9 to 10.");
+            return Err(OperationError::MG0004DomainLevelInDevelopment);
+        }
+
+        Ok(())
+    }
+
+    /// Migration domain level 10 to 11 (1.7.0)
+    #[instrument(level = "info", skip_all)]
+    pub(crate) fn migrate_domain_10_to_11(&mut self) -> Result<(), OperationError> {
+        if !cfg!(test) && DOMAIN_TGT_LEVEL < DOMAIN_LEVEL_10 {
+            error!("Unable to raise domain level from 10 to 11.");
             return Err(OperationError::MG0004DomainLevelInDevelopment);
         }
 
@@ -1489,4 +1500,7 @@ mod tests {
 
     #[qs_test(domain_level=DOMAIN_LEVEL_9)]
     async fn test_migrations_dl9_dl10(_server: &QueryServer) {}
+
+    #[qs_test(domain_level=DOMAIN_LEVEL_10)]
+    async fn test_migrations_dl10_dl11(_server: &QueryServer) {}
 }
diff --git a/server/lib/src/server/mod.rs b/server/lib/src/server/mod.rs
index f9b2e2012..51ad616d1 100644
--- a/server/lib/src/server/mod.rs
+++ b/server/lib/src/server/mod.rs
@@ -2369,6 +2369,10 @@ impl<'a> QueryServerWriteTransaction<'a> {
             self.migrate_domain_9_to_10()?;
         }
 
+        if previous_version <= DOMAIN_LEVEL_10 && domain_info_version >= DOMAIN_LEVEL_11 {
+            self.migrate_domain_10_to_11()?;
+        }
+
         // This is here to catch when we increase domain levels but didn't create the migration
         // hooks. If this fails it probably means you need to add another migration hook
         // in the above.