🎉 Release 2.2.0 (#613 )

* 🎉 Release 2.2.0
chore: remove docs workflows
2025-12-24 22:59:51 -05:00 · 2025-04-28 17:24:47 +02:00 · 2025-04-28 17:23:38 +02:00 · 2025-04-28 17:22:18 +02:00 · 2025-04-28 17:22:17 +02:00 · 2025-04-28 17:22:17 +02:00
193 changed files with 5294 additions and 1517 deletions
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -4,6 +4,8 @@ on:
    types: [opened, labeled, unlabeled, synchronize]
 jobs:
  label:
+    # Only run if PR is not from a fork
+    if: github.event.pull_request.head.repo.full_name == github.repository
    runs-on: ubuntu-latest
    permissions:
      issues: write
--- a/.make/protobuf.mk
+++ b/.make/protobuf.mk
@@ -14,12 +14,12 @@ protoc-deps: $(BINGO)
 	@cd ../.. && GOPATH="" GOBIN=".bingo" $(BINGO) get -l github.com/favadi/protoc-go-inject-tag

 .PHONY: buf-generate
-buf-generate: $(BUF) protoc-deps $(SHA1_LOCK_FILE)
+buf-generate: $(SHA1_LOCK_FILE)
 	@find $(abspath $(CURDIR)/../../protogen/proto/) -type f -print0 | sort -z | xargs -0 sha1sum > buf.sha1.lock.tmp
 	@cmp $(SHA1_LOCK_FILE) buf.sha1.lock.tmp --quiet || $(MAKE) -B $(SHA1_LOCK_FILE)
 	@rm -f buf.sha1.lock.tmp

-$(SHA1_LOCK_FILE):
+$(SHA1_LOCK_FILE): $(BUF) protoc-deps
 	@echo "generating protobuf content"
 	cd ../../protogen/proto && $(BUF) generate
 	find $(abspath $(CURDIR)/../../protogen/proto/) -type f -print0 | sort -z | xargs -0 sha1sum > $(SHA1_LOCK_FILE)
--- a/.make/recursion.mk
+++ b/.make/recursion.mk
@@ -1,8 +0,0 @@
-
-ifeq ($(MAKE_DEPTH),)
-MAKE_DEPTH := 0
-else
-$(eval MAKE_DEPTH := $(shell echo "$$(( $(MAKE_DEPTH) + 1 ))" ) )
-endif
-
-export
--- a/.woodpecker.env
+++ b/.woodpecker.env
@@ -1,3 +1,3 @@
 # The test runner source for UI tests
-WEB_COMMITID=25629bf0d846051ec0ed6f56ddbeb1a4de6f9ba0
+WEB_COMMITID=81996a0479fa7c1aa7b40d96ba2bea14569d46b6
 WEB_BRANCH=main
--- a/.woodpecker.star
+++ b/.woodpecker.star
@@ -48,7 +48,9 @@ dirs = {
    "zip": "/woodpecker/src/github.com/opencloud-eu/opencloud/zip",
    "webZip": "/woodpecker/src/github.com/opencloud-eu/opencloud/zip/web.tar.gz",
    "webPnpmZip": "/woodpecker/src/github.com/opencloud-eu/opencloud/zip/web-pnpm.tar.gz",
+    "baseGo": "/go/src/github.com/opencloud-eu/opencloud",
    "gobinTar": "go-bin.tar.gz",
+    "gobinTarPath": "/go/src/github.com/opencloud-eu/opencloud/go-bin.tar.gz",
    "opencloudConfig": "tests/config/woodpecker/opencloud-config.json",
    "opencloudRevaDataRoot": "/woodpecker/src/github.com/opencloud-eu/opencloud/srv/app/tmp/ocis/owncloud/data",
    "multiServiceOcBaseDataPath": "/woodpecker/src/github.com/opencloud-eu/opencloud/multiServiceData",
@@ -348,6 +350,14 @@ config = {

 GRAPH_AVAILABLE_ROLES = "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6,63e64e19-8d43-42ec-a738-2b6af2610efa"

+# workspace for pipeline to cache Go dependencies between steps of a pipeline
+# to be used in combination with stepVolumeGo
+workspace = \
+    {
+        "base": "/go",
+        "path": "src/github.com/opencloud-eu/opencloud/",
+    }
+
 # minio mc environment variables
 MINIO_MC_ENV = {
    "CACHE_BUCKET": {
@@ -412,8 +422,7 @@ def main(ctx):
    """

    build_release_helpers = \
-        readyReleaseGo() + \
-        docs()
+        readyReleaseGo()

    build_release_helpers.append(
        pipelineDependsOn(
@@ -550,6 +559,7 @@ def getGoBinForTesting(ctx):
                },
            },
        ],
+        "workspace": workspace,
    }]

 def checkGoBinCache():
@@ -558,7 +568,7 @@ def checkGoBinCache():
        "image": MINIO_MC,
        "environment": MINIO_MC_ENV,
        "commands": [
-            "bash -x %s/tests/config/woodpecker/check_go_bin_cache.sh %s %s" % (dirs["base"], dirs["base"], dirs["gobinTar"]),
+            "bash -x %s/tests/config/woodpecker/check_go_bin_cache.sh %s %s" % (dirs["baseGo"], dirs["baseGo"], dirs["gobinTar"]),
        ],
    }]

@@ -576,13 +586,12 @@ def cacheGoBin():
        },
        {
            "name": "archive-go-bin",
-            "image": OC_CI_GOLANG,
+            "image": OC_UBUNTU,
            "commands": [
                ". ./.env",
                "if $BIN_CACHE_FOUND; then exit 0; fi",
-                "tar -czvf %s/%s /go/bin " % (dirs["base"], dirs["gobinTar"]),
+                "tar -czvf %s /go/bin" % dirs["gobinTarPath"],
            ],
-            "environment": CI_HTTP_PROXY_ENV,
        },
        {
            "name": "cache-go-bin",
@@ -593,10 +602,10 @@ def cacheGoBin():
                "if $BIN_CACHE_FOUND; then exit 0; fi",
                # .bingo folder will change after 'bingo-get'
                # so get the stored hash of a .bingo folder
-                "BINGO_HASH=$(cat %s/.bingo_hash)" % dirs["base"],
+                "BINGO_HASH=$(cat %s/.bingo_hash)" % dirs["baseGo"],
                # cache using the minio client to the public bucket (long term bucket)
                "mc alias set s3 $MC_HOST $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY",
-                "mc cp -r %s/%s s3/$CACHE_BUCKET/opencloud/go-bin/$BINGO_HASH" % (dirs["base"], dirs["gobinTar"]),
+                "mc cp -r %s s3/$CACHE_BUCKET/opencloud/go-bin/$BINGO_HASH" % (dirs["gobinTarPath"]),
            ],
        },
    ]
@@ -608,32 +617,22 @@ def restoreGoBinCache():
            "image": MINIO_MC,
            "environment": MINIO_MC_ENV,
            "commands": [
-                "BINGO_HASH=$(cat %s/.bingo/* | sha256sum | cut -d ' ' -f 1)" % dirs["base"],
+                "BINGO_HASH=$(cat %s/.bingo/* | sha256sum | cut -d ' ' -f 1)" % dirs["baseGo"],
                "mc alias set s3 $MC_HOST $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY",
-                "mc cp -r -a s3/$CACHE_BUCKET/opencloud/go-bin/$BINGO_HASH/%s %s" % (dirs["gobinTar"], dirs["base"]),
+                "mc cp -r -a s3/$CACHE_BUCKET/opencloud/go-bin/$BINGO_HASH/%s %s" % (dirs["gobinTar"], dirs["baseGo"]),
            ],
        },
        {
            "name": "extract-go-bin-cache",
-            "image": OC_CI_GOLANG,
+            "image": OC_UBUNTU,
            "commands": [
-                "tar -xvmf %s/%s -C %s" % (dirs["base"], dirs["gobinTar"], dirs["base"]),
+                "tar -xvmf %s -C /" % dirs["gobinTarPath"],
            ],
        },
    ]

 def testOpencloud(ctx):
-    # environment = CI_HTTP_PROXY_ENV
-    # environment["GOBIN"] = "/woodpecker/src/github.com/opencloud-eu/opencloud/go/bin"
-    steps = restoreGoBinCache() + [
-        {
-            "name": "generate-go",
-            "image": OC_CI_GOLANG,
-            "commands": [
-                "for i in $(seq 3); do %s go-generate && break || sleep 1; done" % make,
-            ],
-            "environment": CI_HTTP_PROXY_ENV,
-        },
+    steps = restoreGoBinCache() + makeGoGenerate("") + [
        {
            "name": "golangci-lint",
            "image": OC_CI_GOLANG,
@@ -688,6 +687,7 @@ def testOpencloud(ctx):
            },
        ],
        "depends_on": getPipelineNames(getGoBinForTesting(ctx)),
+        "workspace": workspace,
    }

 def scanOpencloud(ctx):
@@ -714,6 +714,8 @@ def scanOpencloud(ctx):
                },
            },
        ],
+        "depends_on": getPipelineNames(getGoBinForTesting(ctx)),
+        "workspace": workspace,
    }

 def buildOpencloudBinaryForTesting(ctx):
@@ -732,6 +734,7 @@ def buildOpencloudBinaryForTesting(ctx):
                },
            },
        ],
+        "workspace": workspace,
    }]

 def vendorbinCodestyle(phpVersion):
@@ -1615,7 +1618,15 @@ def binaryRelease(ctx, arch, depends_on = []):
            {
                "name": "build",
                "image": OC_CI_GOLANG,
-                "environment": CI_HTTP_PROXY_ENV,
+                "environment": {
+                    "VERSION": (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
+                    "HTTP_PROXY": {
+                        "from_secret": "ci_http_proxy",
+                    },
+                    "HTTPS_PROXY": {
+                        "from_secret": "ci_http_proxy",
+                    },
+                },
                "commands": [
                    "make -C opencloud release-%s" % arch,
                ],
@@ -1664,8 +1675,6 @@ def binaryRelease(ctx, arch, depends_on = []):
    }

 def licenseCheck(ctx):
-    environment = CI_HTTP_PROXY_ENV
-    environment["GOBIN"] = "/woodpecker/src/github.com/opencloud-eu/opencloud/go/bin"
    return {
        "name": "check-licenses",
        "steps": restoreGoBinCache() + [
@@ -1686,7 +1695,7 @@ def licenseCheck(ctx):
            {
                "name": "go-check-licenses",
                "image": OC_CI_GOLANG,
-                "environment": environment,
+                "environment": CI_HTTP_PROXY_ENV,
                "commands": [
                    "make ci-go-check-licenses",
                ],
@@ -1694,7 +1703,7 @@ def licenseCheck(ctx):
            {
                "name": "go-save-licenses",
                "image": OC_CI_GOLANG,
-                "environment": environment,
+                "environment": CI_HTTP_PROXY_ENV,
                "commands": [
                    "make ci-go-save-licenses",
                ],
@@ -1729,6 +1738,7 @@ def licenseCheck(ctx):
            event["pull_request"],
            event["tag"],
        ],
+        "workspace": workspace,
    }

 def readyReleaseGo():
@@ -1788,34 +1798,6 @@ def releaseDockerReadme(repo, build_type):
        ],
    }

-def docs():
-    return [
-        {
-            "name": "dev-docs",
-            "steps": [
-                {
-                    "name": "devdocs",
-                    "image": "codeberg.org/xfix/plugin-codeberg-pages-deploy:1",
-                    "settings": {
-                        "folder": "docs",
-                        "branch": "docs",
-                        "git_config_email": "${CI_COMMIT_AUTHOR_EMAIL}",
-                        "git_config_name": "${CI_COMMIT_AUTHOR}",
-                        "ssh_key": {
-                            "from_secret": "ssh_key",
-                        },
-                    },
-                },
-            ],
-            "when": [
-                {
-                    "event": "push",
-                    "branch": "main",
-                },
-            ],
-        },
-    ]
-
 def makeNodeGenerate(module):
    if module == "":
        make = "make"
@@ -1823,7 +1805,7 @@ def makeNodeGenerate(module):
        make = "make -C %s" % module
    return [
        {
-            "name": "generate-nodejs",
+            "name": "generate nodejs",
            "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
            "environment": {
                "CHROMEDRIVER_SKIP_DOWNLOAD": True,  # install fails on arm and chromedriver is a test only dependency
@@ -1842,7 +1824,7 @@ def makeGoGenerate(module):
        make = "make -C %s" % module
    return [
        {
-            "name": "generate-go",
+            "name": "generate go",
            "image": OC_CI_GOLANG,
            "commands": [
                "for i in $(seq 3); do %s go-generate && break || sleep 1; done" % make,
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,63 @@
 # Changelog

+## [2.2.0](https://github.com/opencloud-eu/opencloud/releases/tag/v2.2.0) - 2025-04-28
+
+### ❤️ Thanks to all contributors! ❤️
+
+@AlexAndBear, @JammingBen, @ScharfViktor, @Svanvith, @TheOneRing, @aduffeck, @amrita-shrestha, @butonic, @dragonchaser, @dragotin, @fschade, @individual-it, @jnweiger, @micbar, @michaelstingl, @rhafer
+
+### ✨ Features
+
+- add new property IdentifierDefaultLogoTargetURI [[#684](https://github.com/opencloud-eu/opencloud/pull/684)]
+- feat: add dev docs for web [[#623](https://github.com/opencloud-eu/opencloud/pull/623)]
+- feat: improve the info about storage path in deployment example [[#617](https://github.com/opencloud-eu/opencloud/pull/617)]
+
+### 📈 Enhancement
+
+- [full-ci] chore(web): bump web to v2.3.0 [[#738](https://github.com/opencloud-eu/opencloud/pull/738)]
+- bare-metal-deploy. getting latest version [[#699](https://github.com/opencloud-eu/opencloud/pull/699)]
+- Automatically find the latest released version of opencloud [[#687](https://github.com/opencloud-eu/opencloud/pull/687)]
+- Expose more config vars for the posix fs watchers [[#669](https://github.com/opencloud-eu/opencloud/pull/669)]
+- Add env var to make the inotify stats frequency configurable [[#552](https://github.com/opencloud-eu/opencloud/pull/552)]
+- feat(web): remove old and unused color tokens [[#665](https://github.com/opencloud-eu/opencloud/pull/665)]
+- Feat: install.sh now honors OC_BASE_DIR and OC_HOST [[#574](https://github.com/opencloud-eu/opencloud/pull/574)]
+- revert: completely remove "edition" from capabilities [[#601](https://github.com/opencloud-eu/opencloud/pull/601)]
+
+### 📚 Documentation
+
+- Update descirption of COLLABORA_SSL_ENABLE [[#724](https://github.com/opencloud-eu/opencloud/pull/724)]
+- Fix broken links in opencloud_full README.md [[#643](https://github.com/opencloud-eu/opencloud/pull/643)]
+- chore: move dev docs to opencloud-eu/docs repo [[#635](https://github.com/opencloud-eu/opencloud/pull/635)]
+
+### 🐛 Bug Fixes
+
+- Makefile: fix protobuf dependencies [[#714](https://github.com/opencloud-eu/opencloud/pull/714)]
+- Some smaller Makefile adjustments [[#709](https://github.com/opencloud-eu/opencloud/pull/709)]
+- fix(decomposeds3): enable async-uploads by default [[#686](https://github.com/opencloud-eu/opencloud/pull/686)]
+- fix deployment: do not create demo accounts when using keycloak [[#671](https://github.com/opencloud-eu/opencloud/pull/671)]
+- fix: web dev docs broken links [[#633](https://github.com/opencloud-eu/opencloud/pull/633)]
+- fix inbucket setup [[#619](https://github.com/opencloud-eu/opencloud/pull/619)]
+
+### ✅ Tests
+
+- update test docs [[#652](https://github.com/opencloud-eu/opencloud/pull/652)]
+
+### 📦️ Dependencies
+
+- chore:reva bump v.2.32 [[#737](https://github.com/opencloud-eu/opencloud/pull/737)]
+- build(deps): bump golang.org/x/image from 0.25.0 to 0.26.0 [[#726](https://github.com/opencloud-eu/opencloud/pull/726)]
+- build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 [[#725](https://github.com/opencloud-eu/opencloud/pull/725)]
+- build(deps): bump github.com/nats-io/nats.go from 1.41.0 to 1.41.2 [[#722](https://github.com/opencloud-eu/opencloud/pull/722)]
+- build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 [[#721](https://github.com/opencloud-eu/opencloud/pull/721)]
+- build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 [[#602](https://github.com/opencloud-eu/opencloud/pull/602)]
+- build(deps): bump @testing-library/jest-dom from 6.4.8 to 6.6.3 in /services/idp [[#666](https://github.com/opencloud-eu/opencloud/pull/666)]
+- build(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 [[#641](https://github.com/opencloud-eu/opencloud/pull/641)]
+- build(deps-dev): bump webpack from 5.96.1 to 5.99.6 in /services/idp [[#707](https://github.com/opencloud-eu/opencloud/pull/707)]
+- build(deps): bump github.com/nats-io/nats-server/v2 from 2.11.0 to 2.11.1 [[#679](https://github.com/opencloud-eu/opencloud/pull/679)]
+- build(deps): bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 [[#637](https://github.com/opencloud-eu/opencloud/pull/637)]
+- build(deps): bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 [[#603](https://github.com/opencloud-eu/opencloud/pull/603)]
+- build(deps-dev): bump typescript from 5.7.3 to 5.8.3 in /services/idp [[#604](https://github.com/opencloud-eu/opencloud/pull/604)]
+
 ## [2.1.0](https://github.com/opencloud-eu/opencloud/releases/tag/v2.1.0) - 2025-04-07

 ### ❤️ Thanks to all contributors! ❤️
--- a/2
+++ b/2
@@ -78,8 +78,6 @@ ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warn
 include .bingo/Variables.mk
 endif

-include .make/recursion.mk
-
 .PHONY: help
 help:
 	@echo "Please use 'make <target>' where <target> is one of the following:"
--- a/deployments/examples/bare-metal-simple/install.sh
+++ b/deployments/examples/bare-metal-simple/install.sh
@@ -34,10 +34,19 @@ function backup_file () {
    fi
 }

+function get_latest_version() {
+     latest_version=$(curl -s https://api.github.com/repos/opencloud-eu/opencloud/releases/latest \
+	     | grep '"tag_name":' \
+	     | awk -F: '{print $2}' \
+         | tr -d ' ",v')
+}
+
 # URL pattern of the download file
 # https://github.com/opencloud-eu/opencloud/releases/download/v1.0.0/opencloud-1.0.0-linux-amd64

-dlversion="${OC_VERSION:-2.0.0}"
+get_latest_version
+
+dlversion="${OC_VERSION:-$latest_version}"
 dlurl="https://github.com/opencloud-eu/opencloud/releases/download/v${dlversion}/"

 sandbox="opencloud-sandbox-${dlversion}"
--- a/deployments/examples/opencloud_full/.env
+++ b/deployments/examples/opencloud_full/.env
@@ -193,7 +193,8 @@ COLLABORA_ADMIN_USER=
 # Admin password for Collabora.
 # Defaults to "admin".
 COLLABORA_ADMIN_PASSWORD=
-# Set to true to enable SSL for Collabora Online. Default is true if not specified.
+# Set to true to enable SSL handling in Collabora Online, this is only required if you are not using a reverse proxy.
+# Default is true if not specified.
 COLLABORA_SSL_ENABLE=false
 # If you're on an internet-facing server, enable SSL verification for Collabora Online.
 # Please comment out the following line:
@@ -250,9 +251,38 @@ INBUCKET_DOMAIN=
 # Path separator for supplemental compose files specified in COMPOSE_FILE.
 COMPOSE_PATH_SEPARATOR=:

-### Keycloak Settings ###
+### Ldap Settings ###
+# LDAP is always needed for OpenCloud to store user data as there is no relational database.
+# The built-in LDAP server should used for testing purposes or small installations only.
+# For production installations, it is recommended to use an external LDAP server.
+# We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable.
+# This LDAP configuration is known to work with OpenCloud and provides a blueprint for
+# configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers.
+#
 # Note: the leading colon is required to enable the service.
-#KEYCLOAK=:keycloak.yml
+LDAP=:ldap.yml
+# Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
+LDAP_ADMIN_PASSWORD=
+# LDAP manager
+# login with uid ldapadmin and password
+LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
+# LDAP manager domain. Defaults to "ldap.opencloud.test"
+LDAP_MANAGER_DOMAIN=
+
+### Keycloak Settings ###
+# Keycloak is an open-source identity and access management solution.
+# We are using Keycloak as the default identity provider on production installations.
+# It can be used to federate authentication with other identity providers like
+# Microsoft Entra ID, ADFS or other SAML/OIDC providers.
+# The use of Keycloak as bridge between OpenCloud and other identity providers creates more control over the
+# authentication process, the allowed clients and the session management.
+# Keycloak also manages the Role Based Access Control (RBAC) for OpenCloud.
+# Keycloak can be used in two different modes:
+# 1. Autoprovisioning: New are automatically created in openCloud when they log in for the first time.
+# 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately
+# because the LDAP server is connected to both Keycloak and OpenCloud.
+# Note: the leading colon is required to enable the service.
+KEYCLOAK=:keycloak.yml
 # Domain for Keycloak. Defaults to "keycloak.opencloud.test".
 KEYCLOAK_DOMAIN=
 # Realm which to be used with OpenCloud. Defaults to "OpenCloud"
@@ -261,20 +291,11 @@ KEYCLOAK_REALM=
 KEYCLOAK_ADMIN_USER=
 # Admin user login password. Defaults to "admin"
 KEYCLOAK_ADMIN_PASSWORD=
-
-### Ldap Settings ###
-# Note: the leading colon is required to enable the service.
-#LDAP=:ldap.yml
-# Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
-LDAP_ADMIN_PASSWORD=
-# LDAP manager
-# login with uid ldapadmin and password
-#LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
-# LDAP manager domain. Defaults to "ldap.opencloud.test"
-LDAP_MANAGER_DOMAIN=
+# Autoprovisioning mode. Defaults to "true"
+KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml

 ## IMPORTANT ##
 # This MUST be the last line as it assembles the supplemental compose files to be used.
 # ALL supplemental configs must be added here, whether commented or not.
 # Each var must either be empty or contain :path/file.yml
-COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${LDAP_MANAGER:-}
+COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${KEYCLOAK_AUTOPROVISIONING:-}${LDAP_MANAGER:-}
--- a/deployments/examples/opencloud_full/README.md
+++ b/deployments/examples/opencloud_full/README.md
@@ -6,12 +6,12 @@ document this deployment example in: docs/opencloud/deployment/opencloud_full.md

 This deployment example is documented in two locations for different audiences:

-* In the [Admin Documentation](https://docs.opencloud.eu/opencloud/latest/index.html)\
+* In the [Admin Documentation](https://docs.opencloud.eu/docs/admin/intro)\
  Providing two variants using detailed configuration step by step guides:\
-  [Local Production Setup](https://docs.opencloud.eu/opencloud/next/depl-examples/ubuntu-compose/ubuntu-compose-prod.html) and [Deploy OpenCloud on the Hetzner Cloud](https://docs.opencloud.eu/opencloud/next/depl-examples/ubuntu-compose/ubuntu-compose-hetzner.html).\
+  [Docker Compose Setup](https://docs.opencloud.eu/docs/admin/getting-started/docker/docker-compose) and [Docker Compose Local](https://docs.opencloud.eu/docs/admin/getting-started/docker/docker-compose-local).\
  Note that these examples use LetsEncrypt certificates and are intended for production use.

-* In the [Developer Documentation](https://docs.opencloud.eu/opencloud/deployment/opencloud_full/)\
+* In the [Developer Documentation](https://docs.opencloud.eu/docs/dev/intro)\
  Providing details which are more developer focused. This description can also be used when deviating from the default.\
  Note that this examples uses self signed certificates and is intended for testing purposes.

--- a/deployments/examples/opencloud_full/config/keycloak/docker-entrypoint-override.sh
+++ b/deployments/examples/opencloud_full/config/keycloak/docker-entrypoint-override.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 printenv
-# replace openCloud domain in keycloak realm import
+# replace openCloud domain and LDAP password in keycloak realm import
 mkdir /opt/keycloak/data/import
-sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" /opt/keycloak/data/import-dist/opencloud-realm.json > /opt/keycloak/data/import/opencloud-realm.json
+sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/opencloud-realm.json > /opt/keycloak/data/import/opencloud-realm.json

 # run original docker-entrypoint
 /opt/keycloak/bin/kc.sh "$@"
--- a/deployments/examples/opencloud_full/config/keycloak/opencloud-realm-autoprovisioning.dist.json
+++ b/deployments/examples/opencloud_full/config/keycloak/opencloud-realm-autoprovisioning.dist.json
--- a/deployments/examples/opencloud_full/config/ldap/ldif/10_base.ldif
+++ b/deployments/examples/opencloud_full/config/ldap/ldif/10_base.ldif
@@ -18,3 +18,7 @@ uid: ldapadmin
 dn: ou=groups,dc=opencloud,dc=eu
 objectClass: organizationalUnit
 ou: groups
+
+dn: ou=custom,ou=groups,dc=opencloud,dc=eu
+objectClass: organizationalUnit
+ou: custom
--- a/deployments/examples/opencloud_full/config/ldap/ldif/20_users.ldif
+++ b/deployments/examples/opencloud_full/config/ldap/ldif/20_users.ldif
@@ -2,9 +2,7 @@
 dn: uid=alan,ou=users,dc=opencloud,dc=eu
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
-objectClass: openCloudUser
 objectClass: person
-objectClass: posixAccount
 objectClass: top
 uid: alan
 givenName: Alan
@@ -13,18 +11,12 @@ cn: alan
 displayName: Alan Turing
 description:  An English mathematician, computer scientist, logician, cryptanalyst, philosopher and theoretical biologist. He was highly influential in the development of theoretical computer science, providing a formalisation of the concepts of algorithm and computation with the Turing machine.
 mail: alan@example.org
-uidNumber: 20000
-gidNumber: 30000
-homeDirectory: /home/alan
-openCloudUUID: b1f74ec4-dd7e-11ef-a543-03775734d0f7
 userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=

 dn: uid=lynn,ou=users,dc=opencloud,dc=eu
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
-objectClass: openCloudUser
 objectClass: person
-objectClass: posixAccount
 objectClass: top
 uid: lynn
 givenName: Lynn
@@ -33,19 +25,12 @@ cn: lynn
 displayName: Lynn Conway
 description:  An American computer scientist, electrical engineer, and transgender activist.
 mail: lynn@example.org
-uidNumber: 20001
-gidNumber: 30000
-homeDirectory: /home/lynn
-openCloudUserEnabled: TRUE
-openCloudUUID: 60708dda-e897-11ef-919f-bbb7437d6ec2
 userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=

 dn: uid=mary,ou=users,dc=opencloud,dc=eu
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
-objectClass: openCloudUser
 objectClass: person
-objectClass: posixAccount
 objectClass: top
 uid: mary
 givenName: Mary
@@ -54,19 +39,12 @@ cn: mary
 displayName: Mary Kenneth Keller
 description: Mary Kenneth Keller of the Sisters of Charity of the Blessed Virgin Mary was a pioneer in computer science.
 mail: mary@example.org
-uidNumber: 20002
-gidNumber: 30000
-homeDirectory: /home/mary
-openCloudUserEnabled: TRUE
-openCloudUUID: 056fc874-dd7f-11ef-ba84-af6fca4b7289
 userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=

 dn: uid=margaret,ou=users,dc=opencloud,dc=eu
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
-objectClass: openCloudUser
 objectClass: person
-objectClass: posixAccount
 objectClass: top
 uid: margaret
 givenName: Margaret
@@ -75,19 +53,12 @@ cn: margaret
 displayName: Margaret Hamilton
 description: A director of the Software Engineering Division of the MIT Instrumentation Laboratory, which developed on-board flight software for NASA's Apollo program.
 mail: margaret@example.org
-uidNumber: 20003
-gidNumber: 30000
-homeDirectory: /home/margaret
-openCloudUserEnabled: TRUE
-openCloudUUID: 801abee4-dd7f-11ef-a324-83f55a754b62
 userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=

 dn: uid=dennis,ou=users,dc=opencloud,dc=eu
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
-objectClass: openCloudUser
 objectClass: person
-objectClass: posixAccount
 objectClass: top
 uid: dennis
 givenName: Dennis
@@ -96,19 +67,12 @@ cn: dennis
 displayName: Dennis Ritchie
 description: American computer scientist. He created the C programming language and the Unix operating system and B language with long-time colleague Ken Thompson.
 mail: dennis@example.org
-uidNumber: 20004
-gidNumber: 30000
-homeDirectory: /home/dennis
-openCloudUserEnabled: TRUE
-openCloudUUID: cd88bf9a-dd7f-11ef-a609-7f78deb2345f
 userPassword:: e1NTSEF9Y2ZMdVlqMTBDUFpLWE44VC9mQ0FzYnFHQmtyZExJeGg=

 dn: uid=admin,ou=users,dc=opencloud,dc=eu
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
-objectClass: openCloudUser
 objectClass: person
-objectClass: posixAccount
 objectClass: top
 uid: admin
 givenName: Admin
@@ -117,9 +81,4 @@ cn: admin
 displayName: Admin
 description: An admin for this OpenCloud instance.
 mail: admin@example.org
-uidNumber: 20005
-gidNumber: 30000
-homeDirectory: /home/admin
-openCloudUserEnabled: TRUE
-openCloudUUID: f7fc96f6-ceb4-4387-bd69-07a6d7992973
 userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo==
--- a/deployments/examples/opencloud_full/config/ldap/ldif/30_groups.ldif
+++ b/deployments/examples/opencloud_full/config/ldap/ldif/30_groups.ldif
@@ -1,10 +1,8 @@
 dn: cn=users,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: users
 description: Users
-openCloudUUID: 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa
 member: uid=alan,ou=users,dc=opencloud,dc=eu
 member: uid=mary,ou=users,dc=opencloud,dc=eu
 member: uid=margaret,ou=users,dc=opencloud,dc=eu
@@ -14,74 +12,58 @@ member: uid=admin,ou=users,dc=opencloud,dc=eu

 dn: cn=chess-lovers,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: chess-lovers
 description: Chess lovers
-openCloudUUID: 9d31ec04-dd80-11ef-ac47-a38ba68cc36d
 member: uid=alan,ou=users,dc=opencloud,dc=eu

 dn: cn=machine-lovers,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: machine-lovers
 description: Machine Lovers
-openCloudUUID: d901562a-dd80-11ef-a510-fba1ed43fb21
 member: uid=alan,ou=users,dc=opencloud,dc=eu

 dn: cn=bible-readers,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: bible-readers
 description: Bible readers
-openCloudUUID: 2fc6ba22-dd81-11ef-89e6-e3eff494a998
 member: uid=mary,ou=users,dc=opencloud,dc=eu

 dn: cn=apollos,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: apollos
 description: Contributors to the Appollo mission
-openCloudUUID: 6f9bab36-dd94-11ef-a252-dbbdd20299dd
 member: uid=margaret,ou=users,dc=opencloud,dc=eu

 dn: cn=unix-lovers,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: unix-lovers
 description: Unix lovers
-openCloudUUID: 75bc3882-dd94-11ef-ad60-335f3df6cef3
 member: uid=dennis,ou=users,dc=opencloud,dc=eu

 dn: cn=basic-haters,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: basic-haters
 description: Haters of the Basic programming language
-openCloudUUID: a4eb2c12-dd94-11ef-9ebe-eb96f938d517
 member: uid=dennis,ou=users,dc=opencloud,dc=eu

 dn: cn=vlsi-lovers,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: vlsi-lovers
 description: Lovers of VLSI microchip design
-openCloudUUID: 914ce3de-e899-11ef-9a4b-732fbb2acc42
 member: uid=lynn,ou=users,dc=opencloud,dc=eu

 dn: cn=programmers,ou=groups,dc=opencloud,dc=eu
 objectClass: groupOfNames
-objectClass: openCloudObject
 objectClass: top
 cn: programmers
 description: Computer Programmers
-openCloudUUID: ce4aa240-dd94-11ef-82b8-4f4828849072
 member: uid=alan,ou=users,dc=opencloud,dc=eu
 member: uid=margaret,ou=users,dc=opencloud,dc=eu
 member: uid=dennis,ou=users,dc=opencloud,dc=eu
--- a/deployments/examples/opencloud_full/config/opencloud/app-registry.yaml
+++ b/deployments/examples/opencloud_full/config/opencloud/app-registry.yaml
@@ -12,49 +12,49 @@ app_registry:
    name: OpenDocument
    description: OpenDocument text document
    icon: ''
-    default_app: Collabora
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.oasis.opendocument.spreadsheet
    extension: ods
    name: OpenSpreadsheet
    description: OpenDocument spreadsheet document
    icon: ''
-    default_app: Collabora
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.oasis.opendocument.presentation
    extension: odp
    name: OpenPresentation
    description: OpenDocument presentation document
    icon: ''
-    default_app: Collabora
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
    extension: docx
    name: Microsoft Word
    description: Microsoft Word document
    icon: ''
-    default_app: OnlyOffice
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.form
    extension: docxf
    name: Form Document
    description: Form Document
    icon: ''
-    default_app: OnlyOffice
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
    extension: xlsx
    name: Microsoft Excel
    description: Microsoft Excel document
    icon: ''
-    default_app: OnlyOffice
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation
    extension: pptx
    name: Microsoft PowerPoint
    description: Microsoft PowerPoint document
    icon: ''
-    default_app: OnlyOffice
+    default_app: CollaboraOnline
    allow_creation: true
  - mime_type: application/vnd.jupyter
    extension: ipynb
--- a/deployments/examples/opencloud_full/keycloak-autoprovisioning.yml
+++ b/deployments/examples/opencloud_full/keycloak-autoprovisioning.yml
@@ -0,0 +1,41 @@
+---
+services:
+  opencloud:
+    environment:
+      # Keycloak IDP specific configuration for auto-provisioning
+      OC_LDAP_SERVER_WRITE_ENABLED: "true"
+      PROXY_AUTOPROVISION_ACCOUNTS: "true"
+      # Use the `sub` claim from keycloak for the user ID
+      # Keycloak uses the keycloak user ID as the `sub` claim
+      PROXY_USER_OIDC_CLAIM: "sub"
+      # Use the `sub` claim as identifier during autoprovisioning
+      # That mitigates problems when a user is renamed in keycloak
+      PROXY_AUTOPROVISION_CLAIM_USERNAME: "sub"
+      PROXY_USER_CS3_CLAIM: "username"
+      # This triggers the creation of the opencloudUUID during the provisioning of users and groups
+      GRAPH_LDAP_SERVER_UUID: "false"
+      # This is the default value, we need to set it here because we overwrite the values
+      OC_LDAP_USER_SCHEMA_ID: "opencloudUUID"
+      # This is the default value, we need to set it here because we overwrite the values
+      OC_LDAP_GROUP_SCHEMA_ID: "opencloudUUID"
+      # This is the default value, we need to set it here because we overwrite the values
+      OC_LDAP_DISABLE_USER_MECHANISM: "attribute"
+      # These values should only be set in keycloak, because opencloud updates them from the claims
+      FRONTEND_READONLY_USER_ATTRIBUTES: "user.onPremisesSamAccountName,user.displayName,user.mail,user.passwordProfile,user.memberOf"
+  ldap-server:
+    volumes:
+      # Use an empty named volume to overwrite the inherited values
+      - empty-dir:/ldifs
+      # Only use the base ldif file to create the base structure
+      - ./config/ldap/ldif/10_base.ldif:/ldifs/10_base.ldif
+      # Use the custom schema from opencloud because we are in full control of the ldap server
+      - ../shared/config/ldap/schemas/10_opencloud_schema.ldif:/schemas/10_opencloud_schema.ldif
+      - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
+      - ldap-certs:/opt/bitnami/openldap/share
+      - ldap-data:/bitnami/openldap
+  keycloak:
+    volumes:
+      - "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
+      - "./config/keycloak/opencloud-realm-autoprovisioning.dist.json:/opt/keycloak/data/import-dist/opencloud-realm.json"
+volumes:
+  empty-dir:
--- a/deployments/examples/opencloud_full/keycloak.yml
+++ b/deployments/examples/opencloud_full/keycloak.yml
@@ -9,23 +9,20 @@ services:
  opencloud:
    environment:
      # Keycloak IDP specific configuration
-      PROXY_AUTOPROVISION_ACCOUNTS: "true"
+      PROXY_AUTOPROVISION_ACCOUNTS: "false"
      PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
      OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/${KEYCLOAK_REALM:-openCloud}
      PROXY_OIDC_REWRITE_WELLKNOWN: "true"
      WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
-
-      PROXY_USER_OIDC_CLAIM: "preferred_username"
-      PROXY_USER_CS3_CLAIM: "username"
-      OC_EXCLUDE_RUN_SERVICES: "idp"
-      
+      PROXY_USER_OIDC_CLAIM: "uuid"
+      PROXY_USER_CS3_CLAIM: "userid"
+      WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/${KEYCLOAK_REALM:-openCloud}/account"
      # admin and demo accounts must be created in Keycloak
      OC_ADMIN_USER_ID: ""
      SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false"
-
      GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
      GRAPH_USERNAME_MATCH: "none"
-      KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test} 
+      KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}

  postgres:
    image: postgres:alpine
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/ggwhite/go-masker v1.1.0
 	github.com/go-chi/chi/v5 v5.2.1
 	github.com/go-chi/render v1.0.3
-	github.com/go-ldap/ldap/v3 v3.4.10
+	github.com/go-ldap/ldap/v3 v3.4.11
 	github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3
 	github.com/go-micro/plugins/v4/client/grpc v1.2.1
 	github.com/go-micro/plugins/v4/logger/zerolog v1.2.0
@@ -51,24 +51,24 @@ require (
 	github.com/kovidgoyal/imaging v1.6.4
 	github.com/leonelquinteros/gotext v1.7.1
 	github.com/libregraph/idm v0.5.0
-	github.com/libregraph/lico v0.65.1
+	github.com/libregraph/lico v0.65.2-0.20250428103211-356e98f98457
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/mna/pigeon v1.3.0
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
-	github.com/nats-io/nats-server/v2 v2.11.0
-	github.com/nats-io/nats.go v1.41.0
+	github.com/nats-io/nats-server/v2 v2.11.1
+	github.com/nats-io/nats.go v1.41.2
 	github.com/oklog/run v1.1.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
 	github.com/open-policy-agent/opa v1.3.0
-	github.com/opencloud-eu/reva/v2 v2.31.0
+	github.com/opencloud-eu/reva/v2 v2.32.0
 	github.com/orcaman/concurrent-map v1.0.0
 	github.com/owncloud/libre-graph-api-go v1.0.5-0.20240829135935-80dc00d6f5ea
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/xattr v0.4.10
-	github.com/prometheus/client_golang v1.21.1
+	github.com/prometheus/client_golang v1.22.0
 	github.com/r3labs/sse/v2 v2.10.0
 	github.com/riandyrn/otelchi v0.12.1
 	github.com/rogpeppe/go-internal v1.14.1
@@ -96,16 +96,16 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
 	go.opentelemetry.io/otel/sdk v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
-	golang.org/x/crypto v0.36.0
+	golang.org/x/crypto v0.37.0
 	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac
-	golang.org/x/image v0.25.0
-	golang.org/x/net v0.38.0
-	golang.org/x/oauth2 v0.28.0
-	golang.org/x/sync v0.12.0
-	golang.org/x/term v0.30.0
-	golang.org/x/text v0.23.0
+	golang.org/x/image v0.26.0
+	golang.org/x/net v0.39.0
+	golang.org/x/oauth2 v0.29.0
+	golang.org/x/sync v0.13.0
+	golang.org/x/term v0.31.0
+	golang.org/x/text v0.24.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb
-	google.golang.org/grpc v1.71.1
+	google.golang.org/grpc v1.72.0
 	google.golang.org/protobuf v1.36.6
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.5.2
@@ -152,7 +152,7 @@ require (
 	github.com/bluele/gcache v0.0.2 // indirect
 	github.com/bombsimon/logrusr/v3 v3.1.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/ceph/go-ceph v0.32.0 // indirect
+	github.com/ceph/go-ceph v0.33.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cevaris/ordered_map v0.0.0-20190319150403-3adeae072e73 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
@@ -179,7 +179,7 @@ require (
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/gdexlab/go-render v1.0.1 // indirect
 	github.com/go-acme/lego/v4 v4.4.0 // indirect
-	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-git/go-git/v5 v5.13.2 // indirect
@@ -197,7 +197,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
 	github.com/go-resty/resty/v2 v2.7.0 // indirect
-	github.com/go-sql-driver/mysql v1.9.1 // indirect
+	github.com/go-sql-driver/mysql v1.9.2 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
@@ -232,7 +232,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/jonboulle/clockwork v0.5.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/juliangruber/go-intersect v1.1.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
@@ -262,7 +262,7 @@ require (
 	github.com/mschoch/smat v0.2.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nats-io/jwt/v2 v2.7.3 // indirect
-	github.com/nats-io/nkeys v0.4.10 // indirect
+	github.com/nats-io/nkeys v0.4.11 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
@@ -282,7 +282,7 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/xid v1.6.0 // indirect
-	github.com/russellhaering/goxmldsig v1.4.0 // indirect
+	github.com/russellhaering/goxmldsig v1.5.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/segmentio/kafka-go v0.4.47 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
--- a/go.sum
+++ b/go.sum
@@ -130,7 +130,6 @@ github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk
 github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/bbalet/stopwords v1.0.0 h1:0TnGycCtY0zZi4ltKoOGRFIlZHv0WqpoIGUsObjztfo=
 github.com/bbalet/stopwords v1.0.0/go.mod h1:sAWrQoDMfqARGIn4s6dp7OW7ISrshUD8IP2q3KoqPjc=
-github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs=
 github.com/beevik/etree v1.5.0/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@@ -203,8 +202,8 @@ github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK3
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/ceph/go-ceph v0.32.0 h1:iXRUGdPmH7h9Vf/WA1Dg3Wo1tgL7gcUbylfpbxrlGLs=
-github.com/ceph/go-ceph v0.32.0/go.mod h1:42eoJzyLS3VREzqrg2ot44NtuluQZi55hFRSoLF36GQ=
+github.com/ceph/go-ceph v0.33.0 h1:xT9v/MAa+DIBmflyITyFkGRgWngATghGegKJguEOInQ=
+github.com/ceph/go-ceph v0.33.0/go.mod h1:6ef0lIyDHnwArykqfWZDWCfbbJAVTXL1tOYrM1M4bAE=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -237,7 +236,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo=
 github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
 github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
@@ -333,8 +331,8 @@ github.com/go-acme/lego/v4 v4.4.0 h1:uHhU5LpOYQOdp3aDU+XY2bajseu8fuExphTL1Ss6/Fc
 github.com/go-acme/lego/v4 v4.4.0/go.mod h1:l3+tFUFZb590dWcqhWZegynUthtaHJbG2fevUpoOOE0=
 github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-asn1-ber/asn1-ber v1.4.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
-github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
+github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
+github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
 github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
@@ -367,8 +365,8 @@ github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBj
 github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
 github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-ldap/ldap/v3 v3.1.7/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q=
-github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU=
-github.com/go-ldap/ldap/v3 v3.4.10/go.mod h1:JXh4Uxgi40P6E9rdsYqpUtbW46D9UTjJ9QSwGRznplY=
+github.com/go-ldap/ldap/v3 v3.4.11 h1:4k0Yxweg+a3OyBLjdYn5OKglv18JNvfDykSoI8bW0gU=
+github.com/go-ldap/ldap/v3 v3.4.11/go.mod h1:bY7t0FLK8OAVpp/vV6sSlpz3EQDGcQwc8pF0ujLgKvM=
 github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3 h1:sfz1YppV05y4sYaW7kXZtrocU/+vimnIWt4cxAYh7+o=
 github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3/go.mod h1:ZXFhGda43Z2TVbfGZefXyMJzsDHhCh0go3bZUcwTx7o=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -418,8 +416,8 @@ github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq
 github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
-github.com/go-sql-driver/mysql v1.9.1 h1:FrjNGn/BsJQjVRuSa8CBrM5BWA9BWoXXat3KrtSb/iI=
-github.com/go-sql-driver/mysql v1.9.1/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
+github.com/go-sql-driver/mysql v1.9.2 h1:4cNKDYQ1I84SXslGddlsrMhc8k4LeDVj6Ad6WRjiHuU=
+github.com/go-sql-driver/mysql v1.9.2/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
@@ -447,8 +445,8 @@ github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeH
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
 github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid/v5 v5.3.0 h1:m0mUMr+oVYUdxpMLgSYCZiXe7PuVPnI94+OMeVBNedk=
-github.com/gofrs/uuid/v5 v5.3.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
+github.com/gofrs/uuid/v5 v5.3.2 h1:2jfO8j3XgSwlz/wHqemAEugfnTlikAYHhnqQ8Xh4fE0=
+github.com/gofrs/uuid/v5 v5.3.2/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
@@ -572,8 +570,6 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
 github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
-github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=
@@ -660,8 +656,8 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
-github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
+github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
+github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -705,8 +701,6 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -725,8 +719,8 @@ github.com/leonelquinteros/gotext v1.7.1 h1:/JNPeE3lY5JeVYv2+KBpz39994W3W9fmZCGq
 github.com/leonelquinteros/gotext v1.7.1/go.mod h1:I0WoFDn9u2D3VbPnnDPT8mzZu0iSXG8iih+AH2fHHqg=
 github.com/libregraph/idm v0.5.0 h1:tDMwKbAOZzdeDYMxVlY5PbSqRKO7dbAW9KT42A51WSk=
 github.com/libregraph/idm v0.5.0/go.mod h1:BGMwIQ/6orJSPVzJ1x6kgG2JyG9GY05YFmbsnaD80k0=
-github.com/libregraph/lico v0.65.1 h1:7ENAoAgbetZkJSwa1dMMP5WvXMTQ5E/3LI4uRDhwjEk=
-github.com/libregraph/lico v0.65.1/go.mod h1:6w+kgoTYiXpJ7VriAaKJfeyF0eV/Stapd9pnK64du84=
+github.com/libregraph/lico v0.65.2-0.20250428103211-356e98f98457 h1:cwmUM+mSeqWYtZKAHn8QN7ns1nNf3Pc8nUfShka9+x0=
+github.com/libregraph/lico v0.65.2-0.20250428103211-356e98f98457/go.mod h1:2s2UkO0pY7/k1UlenXwio1qenfHZ217Npx22YyZJfSA=
 github.com/libregraph/oidc-go v1.1.0 h1:RyudjL3UyQblqeBQI06W53PniWobqODeeyAy6v/HumA=
 github.com/libregraph/oidc-go v1.1.0/go.mod h1:qW9ubcXvZrfbbWZBaLMuk7bt5qAUMYyt9/NtXQt07Cw=
 github.com/linode/linodego v0.25.3/go.mod h1:GSBKPpjoQfxEfryoCRcgkuUOCuVtGHWhzI8OMdycNTE=
@@ -827,12 +821,12 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nats-io/jwt/v2 v2.7.3 h1:6bNPK+FXgBeAqdj4cYQ0F8ViHRbi7woQLq4W29nUAzE=
 github.com/nats-io/jwt/v2 v2.7.3/go.mod h1:GvkcbHhKquj3pkioy5put1wvPxs78UlZ7D/pY+BgZk4=
-github.com/nats-io/nats-server/v2 v2.11.0 h1:fdwAT1d6DZW/4LUz5rkvQUe5leGEwjjOQYntzVRKvjE=
-github.com/nats-io/nats-server/v2 v2.11.0/go.mod h1:leXySghbdtXSUmWem8K9McnJ6xbJOb0t9+NQ5HTRZjI=
-github.com/nats-io/nats.go v1.41.0 h1:PzxEva7fflkd+n87OtQTXqCTyLfIIMFJBpyccHLE2Ko=
-github.com/nats-io/nats.go v1.41.0/go.mod h1:wV73x0FSI/orHPSYoyMeJB+KajMDoWyXmFaRrrYaaTo=
-github.com/nats-io/nkeys v0.4.10 h1:glmRrpCmYLHByYcePvnTBEAwawwapjCPMjy2huw20wc=
-github.com/nats-io/nkeys v0.4.10/go.mod h1:OjRrnIKnWBFl+s4YK5ChQfvHP2fxqZexrKJoVVyWB3U=
+github.com/nats-io/nats-server/v2 v2.11.1 h1:LwdauqMqMNhTxTN3+WFTX6wGDOKntHljgZ+7gL5HCnk=
+github.com/nats-io/nats-server/v2 v2.11.1/go.mod h1:leXySghbdtXSUmWem8K9McnJ6xbJOb0t9+NQ5HTRZjI=
+github.com/nats-io/nats.go v1.41.2 h1:5UkfLAtu/036s99AhFRlyNDI1Ieylb36qbGjJzHixos=
+github.com/nats-io/nats.go v1.41.2/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0=
+github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
@@ -865,8 +859,8 @@ github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
 github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/open-policy-agent/opa v1.3.0 h1:zVvQvQg+9+FuSRBt4LgKNzJwsWl/c85kD5jPozJTydY=
 github.com/open-policy-agent/opa v1.3.0/go.mod h1:t9iPNhaplD2qpiBqeudzJtEX3fKHK8zdA29oFvofAHo=
-github.com/opencloud-eu/reva/v2 v2.31.0 h1:UVgeb0hSPoaDdqcKSJ7XZAhXCtHaVK9qm/JtFtJM/7U=
-github.com/opencloud-eu/reva/v2 v2.31.0/go.mod h1:8MT1a/WJASZZhlSMC0oeE3ECQdjqFw3BUiiAIZ/JR8I=
+github.com/opencloud-eu/reva/v2 v2.32.0 h1:JRWPleHiEl0film95Gkh1iBEhc6eikEsx5FKLfVx6l8=
+github.com/opencloud-eu/reva/v2 v2.32.0/go.mod h1:FDhGVC+ZsRRWdC3am4EbuILBtviTbCDVrTUjFECOqvg=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
@@ -895,7 +889,6 @@ github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0
 github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
 github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -926,8 +919,8 @@ github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
-github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
-github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
 github.com/prometheus/client_model v0.0.0-20170216185247-6f3806018612/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
@@ -978,8 +971,6 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
@@ -988,8 +979,8 @@ github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
-github.com/russellhaering/goxmldsig v1.4.0 h1:8UcDh/xGyQiyrW+Fq5t8f+l2DLB1+zlhYzkPUJ7Qhys=
-github.com/russellhaering/goxmldsig v1.4.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
+github.com/russellhaering/goxmldsig v1.5.0 h1:AU2UkkYIUOTyZRbe08XMThaOCelArgvNfYapcmSjBNw=
+github.com/russellhaering/goxmldsig v1.5.0/go.mod h1:x98CjQNFJcWfMxeOrMnMKg70lvDP6tE0nTaeUnjXDmk=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -1226,15 +1217,13 @@ golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1250,8 +1239,8 @@ golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac/go.mod h1:hH+7mtFmImwwcMvScy
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
-golang.org/x/image v0.25.0 h1:Y6uW6rH1y5y/LK1J8BPWZtr6yZ7hrsy6hFrXjgsc2fQ=
-golang.org/x/image v0.25.0/go.mod h1:tCAmOEGthTtkalusGp1g3xa2gke8J6c2N565dTyl9Rs=
+golang.org/x/image v0.26.0 h1:4XjIFEZWQmCZi6Wv8BoxsDhRU3RVnLX04dToTDAEPlY=
+golang.org/x/image v0.26.0/go.mod h1:lcxbMFAovzpnJxzXS3nyL83K27tmqtKzIJpctK8YO5c=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1326,16 +1315,14 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1343,8 +1330,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
-golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1362,9 +1349,8 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1445,7 +1431,6 @@ golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
 golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
@@ -1459,9 +1444,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
+golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1477,9 +1461,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1624,8 +1607,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.71.1 h1:ffsFWr7ygTUscGPI0KKK6TLrGz0476KUvvsbqWK0rPI=
-google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
+google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=
+google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e h1:m7aQHHqd0q89mRwhwS9Bx2rjyl/hsFAeta+uGrHsQaU=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e/go.mod h1:gID3PKrg7pWKntu9Ss6zTLJ0ttC0X9IHgREOCZwbCVU=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
--- a/opencloud/Makefile
+++ b/opencloud/Makefile
@@ -11,7 +11,6 @@ ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warn
 include ../.bingo/Variables.mk
 endif
 include ../.make/default.mk
-include ../.make/recursion.mk
 include ../.make/go.mk
 include ../.make/release.mk
 include ../.make/docs.mk
--- a/pkg/Makefile
+++ b/pkg/Makefile
@@ -5,7 +5,6 @@ ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warn
 include ../.bingo/Variables.mk
 endif
 include ../.make/default.mk
-include ../.make/recursion.mk
 include ../.make/go.mk
 include ../.make/release.mk
 include ../.make/docs.mk
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -16,7 +16,7 @@ var (
 	// LatestTag is the latest released version plus the dev meta version.
 	// Will be overwritten by the release pipeline
 	// Needs a manual change for every tagged release
-	LatestTag = "2.1.0+dev"
+	LatestTag = "2.2.0+dev"

 	// Date indicates the build date.
 	// This has been removed, it looks like you can only replace static strings with recent go versions
--- a/protogen/Makefile
+++ b/protogen/Makefile
@@ -5,7 +5,6 @@ ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warn
 include ../.bingo/Variables.mk
 endif
 include ../.make/default.mk
-include ../.make/recursion.mk
 include ../.make/generate.mk

 .PHONY: go-generate
--- a/services/activitylog/Makefile
+++ b/services/activitylog/Makefile
@@ -8,7 +8,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/antivirus/Makefile
+++ b/services/antivirus/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/app-provider/Makefile
+++ b/services/app-provider/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/app-registry/Makefile
+++ b/services/app-registry/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/audit/Makefile
+++ b/services/audit/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/auth-app/Makefile
+++ b/services/auth-app/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/auth-basic/Makefile
+++ b/services/auth-basic/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/auth-bearer/Makefile
+++ b/services/auth-bearer/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/auth-machine/Makefile
+++ b/services/auth-machine/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/auth-service/Makefile
+++ b/services/auth-service/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/clientlog/Makefile
+++ b/services/clientlog/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/collaboration/Makefile
+++ b/services/collaboration/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/eventhistory/Makefile
+++ b/services/eventhistory/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/frontend/Makefile
+++ b/services/frontend/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/gateway/Makefile
+++ b/services/gateway/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/graph/Makefile
+++ b/services/graph/Makefile
@@ -8,13 +8,12 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk

 .PHONY: go-generate
-go-generate:
+go-generate: $(MOCKERY)
 	$(MOCKERY)

 .PHONY: l10n-pull
--- a/services/groups/Makefile
+++ b/services/groups/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/idm/Makefile
+++ b/services/idm/Makefile
@@ -7,7 +7,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/idp/Makefile
+++ b/services/idp/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
@@ -16,20 +15,16 @@ node-generate-prod: assets

 .PHONY: assets
 assets: pnpm-build \
-		assets/identifier/static \
 		assets/identifier/static/favicon.svg \
 		assets/identifier/static/icon-lilac.svg

-assets/identifier/static:
-	mkdir -p assets/identifier/static
-
 .PHONY: assets/identifier/static/favicon.svg # force overwrite
-assets/identifier/static/favicon.svg:
+assets/identifier/static/favicon.svg: pnpm-build
 	cp src/images/favicon.svg assets/identifier/static/favicon.svg
 	rm assets/identifier/static/favicon.ico

 .PHONY: assets/identifier/static/icon-lilac.svg
-assets/identifier/static/icon-lilac.svg:
+assets/identifier/static/icon-lilac.svg: pnpm-build
 	cp src/images/icon-lilac.svg assets/identifier/static/icon-lilac.svg

 .PHONY: pnpm-build
--- a/services/idp/package.json
+++ b/services/idp/package.json
@@ -74,7 +74,7 @@
    "@fontsource/roboto": "^5.1.0",
    "@material-ui/core": "^4.12.4",
    "@material-ui/icons": "^4.11.3",
-    "@testing-library/jest-dom": "^6.4.8",
+    "@testing-library/jest-dom": "^6.6.3",
    "@testing-library/react": "^11.2.7",
    "@testing-library/user-event": "^14.5.2",
    "@types/jest": "^29.5.12",
@@ -150,7 +150,7 @@
    "source-map-explorer": "^2.5.3",
    "typescript": "^5.8.3",
    "url-loader": "4.1.1",
-    "webpack": "5.96.1",
+    "webpack": "5.99.6",
    "webpack-manifest-plugin": "5.0.0",
    "workbox-webpack-plugin": "7.1.0"
  },
--- a/services/idp/pkg/config/config.go
+++ b/services/idp/pkg/config/config.go
@@ -101,6 +101,7 @@ type Settings struct {
 	IdentifierScopesConf              string `yaml:"-"` // unused
 	IdentifierDefaultBannerLogo       string
 	IdentifierDefaultSignInPageText   string `yaml:"default_sign_in_page_text" env:"IDP_DEFAULT_SIGNIN_PAGE_TEXT" desc:"" introductionVersion:"2.0.0"`
+	IdentifierDefaultLogoTargetURI    string `yaml:"default_logo_target_uri" env:"IDP_DEFAULT_LOGO_TARGET_URI" desc:"Default logo target URI." introductionVersion:"%%NEXT%%"`
 	IdentifierDefaultUsernameHintText string
 	IdentifierUILocales               []string

--- a/services/idp/pkg/config/defaults/defaultconfig.go
+++ b/services/idp/pkg/config/defaults/defaultconfig.go
@@ -58,6 +58,7 @@ func DefaultConfig() *config.Config {
 			IdentifierScopesConf:               "",
 			IdentifierDefaultBannerLogo:        "",
 			IdentifierDefaultSignInPageText:    "",
+			IdentifierDefaultLogoTargetURI:     "",
 			IdentifierDefaultUsernameHintText:  "",
 			SigningKid:                         "private-key",
 			SigningMethod:                      "PS256",
--- a/services/idp/pkg/service/v0/service.go
+++ b/services/idp/pkg/service/v0/service.go
@@ -100,6 +100,7 @@ func NewService(opts ...Option) Service {
 		IdentifierScopesConf:              options.Config.IDP.IdentifierScopesConf,
 		IdentifierDefaultBannerLogo:       options.Config.IDP.IdentifierDefaultBannerLogo,
 		IdentifierDefaultSignInPageText:   options.Config.IDP.IdentifierDefaultSignInPageText,
+		IdentifierDefaultLogoTargetURI:    options.Config.IDP.IdentifierDefaultLogoTargetURI,
 		IdentifierDefaultUsernameHintText: options.Config.IDP.IdentifierDefaultUsernameHintText,
 		IdentifierUILocales:               options.Config.IDP.IdentifierUILocales,
 		SigningKid:                        options.Config.IDP.SigningKid,
--- a/services/idp/pnpm-lock.yaml
+++ b/services/idp/pnpm-lock.yaml
--- a/services/idp/src/components/ResponsiveScreen.jsx
+++ b/services/idp/src/components/ResponsiveScreen.jsx
@@ -44,6 +44,7 @@ const ResponsiveScreen = (props) => {
    loading,
    children,
    className,
+    branding,
    ...other
  } = props;
  const { theme } = useContext(OpenCloudContext);
@@ -55,21 +56,38 @@ const ResponsiveScreen = (props) => {
  const content = loading ? <Loading/> : (withoutPadding ? children : <DialogContent>{children}</DialogContent>);

  return (
-    <Grid container justifyContent="center" alignItems="center" direction="column" spacing={0}
-      className={classNames(classes.root, className)} {...other}>
-        <div className={classes.wrapper}>
-            <div className={classes.content}>
+    <Grid
+      container
+      justifyContent="center"
+      alignItems="center"
+      direction="column"
+      spacing={0}
+      className={classNames(classes.root, className)}
+      {...other}
+    >
+      <div className={classes.wrapper}>
+        <div className={classes.content}>
+          {branding?.signinPageLogoURI ? (
+            <a
+              href={branding.signinPageLogoURI}
+              target="_blank"
+              rel="noopener noreferrer"
+            >
              {logo}
-              <div className={'oc-card'}>
-                <div className={'oc-card-body'}>
-                {content}
-                </div>
-              </div>
-            </div>
+            </a>
+          ) : (
+            logo
+          )}
+          <div className={"oc-card"}>
+            <div className={"oc-card-body"}>{content}</div>
+          </div>
        </div>
-        <footer className="oc-footer-message">
-              <Trans i18nKey="konnect.footer.slogan"><strong>OpenCloud</strong> - excellent file sharing</Trans>
-        </footer>
+      </div>
+      <footer className="oc-footer-message">
+        <Trans i18nKey="konnect.footer.slogan">
+          <strong>OpenCloud</strong> - excellent file sharing
+        </Trans>
+      </footer>
    </Grid>
  );
 };
--- a/services/invitations/Makefile
+++ b/services/invitations/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/nats/Makefile
+++ b/services/nats/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/notifications/Makefile
+++ b/services/notifications/Makefile
@@ -8,7 +8,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/ocdav/Makefile
+++ b/services/ocdav/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/ocm/Makefile
+++ b/services/ocm/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/ocs/Makefile
+++ b/services/ocs/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/policies/Makefile
+++ b/services/policies/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/postprocessing/Makefile
+++ b/services/postprocessing/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/proxy/Makefile
+++ b/services/proxy/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/search/Makefile
+++ b/services/search/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/settings/Makefile
+++ b/services/settings/Makefile
@@ -8,7 +8,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/sharing/Makefile
+++ b/services/sharing/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/sse/Makefile
+++ b/services/sse/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/storage-publiclink/Makefile
+++ b/services/storage-publiclink/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/storage-shares/Makefile
+++ b/services/storage-shares/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/storage-system/Makefile
+++ b/services/storage-system/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/storage-users/Makefile
+++ b/services/storage-users/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/storage-users/pkg/config/config.go
+++ b/services/storage-users/pkg/config/config.go
@@ -214,10 +214,12 @@ type PosixDriver struct {

 	EnableFSRevisions bool `yaml:"enable_fs_revisions" env:"STORAGE_USERS_POSIX_ENABLE_FS_REVISIONS" desc:"Allow for generating revisions from changes done to the local storage. Note: This doubles the number of bytes stored on disk because a copy of the current revision is stored to be turned into a revision later." introductionVersion:"1.0.0"`

-	WatchFS                 bool   `yaml:"watch_fs" env:"STORAGE_USERS_POSIX_WATCH_FS" desc:"Enable the filesystem watcher to detect changes to the filesystem. This is used to detect changes to the filesystem and update the metadata accordingly." introductionVersion:"2.0.0"`
-	WatchType               string `yaml:"watch_type" env:"STORAGE_USERS_POSIX_WATCH_TYPE" desc:"Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'gpfswatchfolder' and 'gpfsfileauditlogging'." introductionVersion:"1.0.0"`
-	WatchPath               string `yaml:"watch_path" env:"STORAGE_USERS_POSIX_WATCH_PATH" desc:"Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch." introductionVersion:"1.0.0"`
-	WatchFolderKafkaBrokers string `yaml:"watch_folder_kafka_hosts" env:"STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS" desc:"Comma-separated list of kafka brokers to read the watchfolder events from." introductionVersion:"1.0.0"`
+	WatchFS                  bool          `yaml:"watch_fs" env:"STORAGE_USERS_POSIX_WATCH_FS" desc:"Enable the filesystem watcher to detect changes to the filesystem. This is used to detect changes to the filesystem and update the metadata accordingly." introductionVersion:"2.0.0"`
+	WatchType                string        `yaml:"watch_type" env:"STORAGE_USERS_POSIX_WATCH_TYPE" desc:"Type of the watcher to use for getting notified about changes to the filesystem. Currently available options are 'inotifywait' (default), 'cephfs', 'gpfswatchfolder' and 'gpfsfileauditlogging'." introductionVersion:"1.0.0"`
+	WatchPath                string        `yaml:"watch_path" env:"STORAGE_USERS_POSIX_WATCH_PATH" desc:"Path to the watch directory/file. Only applies to the 'gpfsfileauditlogging' and 'inotifywait' watcher, in which case it is the path of the file audit log file/base directory to watch." introductionVersion:"1.0.0"`
+	WatchNotificationBrokers string        `yaml:"watch_notification_brokers" env:"STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS,STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS" desc:"Comma-separated list of kafka brokers to read the watchfolder events from." introductionVersion:"1.0.0" deprecationVersion:"%%NEXT%%" deprecationNotice:"STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS is deprecated and will be removed in a future version. Please use STORAGE_USERS_POSIX_WATCH_NOTIFICATION_BROKERS instead."`
+	WatchRoot                string        `yaml:"watch_root" env:"STORAGE_USERS_POSIX_WATCH_ROOT" desc:"Path to the watch root directory. Event paths will be considered relative to this path. Only applies to the 'gpswatchfolder' and 'cephfs' watchers." introductionVersion:"%%NEXT%%"`
+	InotifyStatsFrequency    time.Duration `yaml:"inotify_stats_frequency" env:"STORAGE_USERS_POSIX_INOTIFY_STATS_FREQUENCY" desc:"Frequency to log inotify stats." introductionVersion:"%%NEXT%%"`
 }

 // Events combines the configuration options for the event bus.
--- a/services/storage-users/pkg/config/defaults/defaultconfig.go
+++ b/services/storage-users/pkg/config/defaults/defaultconfig.go
@@ -123,6 +123,7 @@ func DefaultConfig() *config.Config {
 				MaxConcurrency:             5,
 				LockCycleDurationFactor:    30,
 				DisableMultipart:           true,
+				AsyncUploads:               true,
 			},
 			Decomposed: config.DecomposedDriver{
 				Propagator:                 "sync",
@@ -151,6 +152,7 @@ func DefaultConfig() *config.Config {
 				ScanDebounceDelay:          1 * time.Second,
 				WatchFS:                    false,
 				EnableFSRevisions:          false,
+				InotifyStatsFrequency:      5 * time.Minute,
 			},
 		},
 		Events: config.Events{
--- a/services/storage-users/pkg/revaconfig/drivers.go
+++ b/services/storage-users/pkg/revaconfig/drivers.go
@@ -140,7 +140,9 @@ func Posix(cfg *config.Config, enableFSScan, enableFSWatch bool) map[string]inte
 		"watch_fs":                   enableFSWatch,
 		"watch_type":                 cfg.Drivers.Posix.WatchType,
 		"watch_path":                 cfg.Drivers.Posix.WatchPath,
-		"watch_folder_kafka_brokers": cfg.Drivers.Posix.WatchFolderKafkaBrokers,
+		"watch_notification_brokers": cfg.Drivers.Posix.WatchNotificationBrokers,
+		"watch_root":                 cfg.Drivers.Posix.WatchRoot,
+		"inotify_stats_frequency":    cfg.Drivers.Posix.InotifyStatsFrequency,
 	}
 }

--- a/services/thumbnails/Makefile
+++ b/services/thumbnails/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/userlog/Makefile
+++ b/services/userlog/Makefile
@@ -8,7 +8,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/users/Makefile
+++ b/services/users/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/web/Makefile
+++ b/services/web/Makefile
@@ -1,6 +1,6 @@
 SHELL := bash
 NAME := web
-WEB_ASSETS_VERSION = v2.2.0
+WEB_ASSETS_VERSION = v2.3.0
 WEB_ASSETS_BRANCH = main

 ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
@@ -8,7 +8,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/webdav/Makefile
+++ b/services/webdav/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/services/webfinger/Makefile
+++ b/services/webfinger/Makefile
@@ -6,7 +6,6 @@ include ../../.bingo/Variables.mk
 endif

 include ../../.make/default.mk
-include ../../.make/recursion.mk
 include ../../.make/go.mk
 include ../../.make/release.mk
 include ../../.make/docs.mk
--- a/tests/config/woodpecker/check_go_bin_cache.sh
+++ b/tests/config/woodpecker/check_go_bin_cache.sh
@@ -7,13 +7,15 @@

 ROOT_PATH="$1"
 if [ -z "$1" ]; then
-    ROOT_PATH="/woodpecker/src/github.com/opencloud-eu/opencloud"
+    ROOT_PATH="/drone/src"
 fi
 BINGO_DIR="$ROOT_PATH/.bingo"

 # generate hash of a .bingo folder
 BINGO_HASH=$(cat "$BINGO_DIR"/* | sha256sum | cut -d ' ' -f 1)

+URL="$CACHE_ENDPOINT/$CACHE_BUCKET/opencloud/go-bin/$BINGO_HASH/$2"
+
 mc alias set s3 "$MC_HOST" "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY"

 if mc ls --json s3/"$CACHE_BUCKET"/opencloud/go-bin/"$BINGO_HASH"/$2 | grep "\"status\":\"success\""; then
--- a/vendor/github.com/ceph/go-ceph/cephfs/directory.go
+++ b/vendor/github.com/ceph/go-ceph/cephfs/directory.go
@@ -47,7 +47,14 @@ func (mount *MountInfo) OpenDir(path string) (*Directory, error) {
 //
 //	int ceph_closedir(struct ceph_mount_info *cmount, struct ceph_dir_result *dirp);
 func (dir *Directory) Close() error {
-	return getError(C.ceph_closedir(dir.mount.mount, dir.dir))
+	if dir.dir == nil {
+		return nil
+	}
+	if err := getError(C.ceph_closedir(dir.mount.mount, dir.dir)); err != nil {
+		return err
+	}
+	dir.dir = nil
+	return nil
 }

 // Inode represents an inode number in the file system.
@@ -141,6 +148,9 @@ func toDirEntryPlus(de *C.struct_dirent, s C.struct_ceph_statx) *DirEntryPlus {
 //
 //	int ceph_readdir_r(struct ceph_mount_info *cmount, struct ceph_dir_result *dirp, struct dirent *de);
 func (dir *Directory) ReadDir() (*DirEntry, error) {
+	if dir.dir == nil {
+		return nil, errBadFile
+	}
 	var de C.struct_dirent
 	ret := C.ceph_readdir_r(dir.mount.mount, dir.dir, &de)
 	if ret < 0 {
@@ -165,6 +175,9 @@ func (dir *Directory) ReadDir() (*DirEntry, error) {
 func (dir *Directory) ReadDirPlus(
 	want StatxMask, flags AtFlags) (*DirEntryPlus, error) {

+	if dir.dir == nil {
+		return nil, errBadFile
+	}
 	var (
 		de C.struct_dirent
 		s  C.struct_ceph_statx
@@ -193,6 +206,9 @@ func (dir *Directory) ReadDirPlus(
 //
 //	void ceph_rewinddir(struct ceph_mount_info *cmount, struct ceph_dir_result *dirp);
 func (dir *Directory) RewindDir() {
+	if dir.dir == nil {
+		return
+	}
 	C.ceph_rewinddir(dir.mount.mount, dir.dir)
 }

--- a/vendor/github.com/ceph/go-ceph/cephfs/errors.go
+++ b/vendor/github.com/ceph/go-ceph/cephfs/errors.go
@@ -46,4 +46,6 @@ var (
 	errInvalid     = getError(-C.EINVAL)
 	errNameTooLong = getError(-C.ENAMETOOLONG)
 	errRange       = getError(-C.ERANGE)
+	errBadFile     = getError(-C.EBADF)
+	errNotDir      = getError(-C.ENOTDIR)
 )
--- a/vendor/github.com/ceph/go-ceph/cephfs/file.go
+++ b/vendor/github.com/ceph/go-ceph/cephfs/file.go
@@ -101,6 +101,9 @@ func (f *File) read(buf []byte, offset int64) (int, error) {
 	if err := f.validate(); err != nil {
 		return 0, err
 	}
+	if len(buf) == 0 {
+		return 0, nil
+	}
 	bufptr := (*C.char)(unsafe.Pointer(&buf[0]))
 	ret := C.ceph_read(
 		f.mount.mount, f.fd, bufptr, C.int64_t(len(buf)), C.int64_t(offset))
@@ -178,6 +181,9 @@ func (f *File) write(buf []byte, offset int64) (int, error) {
 	if err := f.validate(); err != nil {
 		return 0, err
 	}
+	if len(buf) == 0 {
+		return 0, nil
+	}
 	bufptr := (*C.char)(unsafe.Pointer(&buf[0]))
 	ret := C.ceph_write(
 		f.mount.mount, f.fd, bufptr, C.int64_t(len(buf)), C.int64_t(offset))
--- a/vendor/github.com/ceph/go-ceph/cephfs/fscompat.go
+++ b/vendor/github.com/ceph/go-ceph/cephfs/fscompat.go
@@ -0,0 +1,408 @@
+//go:build ceph_preview
+
+package cephfs
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"io/fs"
+	"os"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/ceph/go-ceph/internal/log"
+)
+
+var (
+	errIsDir = errors.New("is a directory")
+)
+
+// MountWrapper provides a wrapper type that adapts a CephFS Mount into a
+// io.FS compatible type.
+type MountWrapper struct {
+	mount       *MountInfo
+	enableTrace bool
+}
+
+type fileWrapper struct {
+	parent *MountWrapper
+	file   *File
+	name   string
+}
+
+type dirWrapper struct {
+	parent    *MountWrapper
+	directory *Directory
+	name      string
+}
+
+type dentryWrapper struct {
+	parent *MountWrapper
+	de     *DirEntryPlus
+}
+
+type infoWrapper struct {
+	parent *MountWrapper
+	sx     *CephStatx
+	name   string
+}
+
+// Wrap a CephFS Mount object into a new type that is compatible with Go's io.FS
+// interface. CephFS Mounts are not compatible with io.FS directly because the
+// go-ceph library predates the addition of io.FS to Go as well as the fact that
+// go-ceph attempts to provide APIs that match the cephfs libraries first and
+// foremost.
+func Wrap(mount *MountInfo) *MountWrapper {
+	wm := &MountWrapper{mount: mount}
+	debugf(wm, "Wrap", "created")
+	return wm
+}
+
+/* MountWrapper:
+** Implements https://pkg.go.dev/io/fs#FS
+** Wraps cephfs.MountInfo
+ */
+
+// SetTracing configures the MountWrapper and objects connected to it for debug
+// tracing. True enables tracing and false disables it. A debug logging
+// function must also be set using go-ceph's common.log.SetDebugf function.
+func (mw *MountWrapper) SetTracing(enable bool) {
+	mw.enableTrace = enable
+}
+
+// identify the MountWrapper object for logging purposes.
+func (mw *MountWrapper) identify() string {
+	return fmt.Sprintf("MountWrapper<%p>", mw)
+}
+
+// trace returns true if debug tracing is enabled.
+func (mw *MountWrapper) trace() bool {
+	return mw.enableTrace
+}
+
+// Open opens the named file. This may be either a regular file or a directory.
+// Directories opened with this function will return object compatible with the
+// io.ReadDirFile interface.
+func (mw *MountWrapper) Open(name string) (fs.File, error) {
+	debugf(mw, "Open", "(%v)", name)
+	// there are a bunch of patterns that fsTetster/testfs looks for that seems
+	// under-documented. They mainly seem to try and enforce "clean" paths.
+	// look for them and reject them here because ceph libs won't reject on
+	// its own
+	if strings.HasPrefix(name, "/") ||
+		strings.HasSuffix(name, "/.") ||
+		strings.Contains(name, "//") ||
+		strings.Contains(name, "/./") ||
+		strings.Contains(name, "/../") {
+		return nil, &fs.PathError{Op: "open", Path: name, Err: errInvalid}
+	}
+
+	d, err := mw.mount.OpenDir(name)
+	if err == nil {
+		debugf(mw, "Open", "(%v): dir ok", name)
+		dw := &dirWrapper{parent: mw, directory: d, name: name}
+		return dw, nil
+	}
+	if !errors.Is(err, errNotDir) {
+		debugf(mw, "Open", "(%v): dir error: %v", name, err)
+		return nil, &fs.PathError{Op: "open", Path: name, Err: err}
+	}
+
+	f, err := mw.mount.Open(name, os.O_RDONLY, 0)
+	if err == nil {
+		debugf(mw, "Open", "(%v): file ok", name)
+		fw := &fileWrapper{parent: mw, file: f, name: name}
+		return fw, nil
+	}
+	debugf(mw, "Open", "(%v): file error: %v", name, err)
+	return nil, &fs.PathError{Op: "open", Path: name, Err: err}
+}
+
+/* fileWrapper:
+** Implements https://pkg.go.dev/io/fs#FS
+** Wraps cephfs.File
+ */
+
+func (fw *fileWrapper) Stat() (fs.FileInfo, error) {
+	debugf(fw, "Stat", "()")
+	sx, err := fw.file.Fstatx(StatxBasicStats, AtSymlinkNofollow)
+	if err != nil {
+		debugf(fw, "Stat", "() -> err:%v", err)
+		return nil, &fs.PathError{Op: "stat", Path: fw.name, Err: err}
+	}
+	debugf(fw, "Stat", "() ok")
+	return &infoWrapper{fw.parent, sx, path.Base(fw.name)}, nil
+}
+
+func (fw *fileWrapper) Read(b []byte) (int, error) {
+	debugf(fw, "Read", "(...)")
+	return fw.file.Read(b)
+}
+
+func (fw *fileWrapper) Close() error {
+	debugf(fw, "Close", "()")
+	return fw.file.Close()
+}
+
+func (fw *fileWrapper) identify() string {
+	return fmt.Sprintf("fileWrapper<%p>[%v]", fw, fw.name)
+}
+
+func (fw *fileWrapper) trace() bool {
+	return fw.parent.trace()
+}
+
+/* dirWrapper:
+** Implements https://pkg.go.dev/io/fs#ReadDirFile
+** Wraps cephfs.Directory
+ */
+
+func (dw *dirWrapper) Stat() (fs.FileInfo, error) {
+	debugf(dw, "Stat", "()")
+	sx, err := dw.parent.mount.Statx(dw.name, StatxBasicStats, AtSymlinkNofollow)
+	if err != nil {
+		debugf(dw, "Stat", "() -> err:%v", err)
+		return nil, &fs.PathError{Op: "stat", Path: dw.name, Err: err}
+	}
+	debugf(dw, "Stat", "() ok")
+	return &infoWrapper{dw.parent, sx, path.Base(dw.name)}, nil
+}
+
+func (dw *dirWrapper) Read(_ []byte) (int, error) {
+	debugf(dw, "Read", "(...)")
+	return 0, &fs.PathError{Op: "read", Path: dw.name, Err: errIsDir}
+}
+
+func (dw *dirWrapper) ReadDir(n int) ([]fs.DirEntry, error) {
+	debugf(dw, "ReadDir", "(%v)", n)
+	if n > 0 {
+		return dw.readDirSome(n)
+	}
+	return dw.readDirAll()
+}
+
+const defaultDirReadCount = 256 // how many entries to read per loop
+
+func (dw *dirWrapper) readDirAll() ([]fs.DirEntry, error) {
+	debugf(dw, "readDirAll", "()")
+	var (
+		err     error
+		egroup  []fs.DirEntry
+		entries = make([]fs.DirEntry, 0)
+		size    = defaultDirReadCount
+	)
+	for {
+		egroup, err = dw.readDirSome(size)
+		entries = append(entries, egroup...)
+		if err == io.EOF {
+			err = nil
+			break
+		}
+		if err != nil {
+			break
+		}
+	}
+	debugf(dw, "readDirAll", "() -> len:%v, err:%v", len(entries), err)
+	return entries, err
+}
+
+func (dw *dirWrapper) readDirSome(n int) ([]fs.DirEntry, error) {
+	debugf(dw, "readDirSome", "(%v)", n)
+	var (
+		idx     int
+		err     error
+		entry   *DirEntryPlus
+		entries = make([]fs.DirEntry, n)
+	)
+	for {
+		entry, err = dw.directory.ReadDirPlus(StatxBasicStats, AtSymlinkNofollow)
+		debugf(dw, "readDirSome", "(%v): got entry:%v, err:%v", n, entry, err)
+		if err != nil || entry == nil {
+			break
+		}
+		switch entry.Name() {
+		case ".", "..":
+			continue
+		}
+		entries[idx] = &dentryWrapper{dw.parent, entry}
+		idx++
+		if idx >= n {
+			break
+		}
+	}
+	if idx == 0 {
+		debugf(dw, "readDirSome", "(%v): EOF", n)
+		return nil, io.EOF
+	}
+	debugf(dw, "readDirSome", "(%v): got entry:%v, err:%v", n, entries[:idx], err)
+	return entries[:idx], err
+}
+
+func (dw *dirWrapper) Close() error {
+	debugf(dw, "Close", "()")
+	return dw.directory.Close()
+}
+
+func (dw *dirWrapper) identify() string {
+	return fmt.Sprintf("dirWrapper<%p>[%v]", dw, dw.name)
+}
+
+func (dw *dirWrapper) trace() bool {
+	return dw.parent.trace()
+}
+
+/* dentryWrapper:
+** Implements https://pkg.go.dev/io/fs#DirEntry
+** Wraps cephfs.DirEntryPlus
+ */
+
+func (dew *dentryWrapper) Name() string {
+	debugf(dew, "Name", "()")
+	return dew.de.Name()
+}
+
+func (dew *dentryWrapper) IsDir() bool {
+	v := dew.de.DType() == DTypeDir
+	debugf(dew, "IsDir", "() -> %v", v)
+	return v
+}
+
+func (dew *dentryWrapper) Type() fs.FileMode {
+	m := dew.de.Statx().Mode
+	v := cephModeToFileMode(m).Type()
+	debugf(dew, "Type", "() -> %v", v)
+	return v
+}
+
+func (dew *dentryWrapper) Info() (fs.FileInfo, error) {
+	debugf(dew, "Info", "()")
+	sx := dew.de.Statx()
+	name := dew.de.Name()
+	return &infoWrapper{dew.parent, sx, name}, nil
+}
+
+func (dew *dentryWrapper) identify() string {
+	return fmt.Sprintf("dentryWrapper<%p>[%v]", dew, dew.de.Name())
+}
+
+func (dew *dentryWrapper) trace() bool {
+	return dew.parent.trace()
+}
+
+/* infoWrapper:
+** Implements https://pkg.go.dev/io/fs#FileInfo
+** Wraps cephfs.CephStatx
+ */
+
+func (iw *infoWrapper) Name() string {
+	debugf(iw, "Name", "()")
+	return iw.name
+}
+
+func (iw *infoWrapper) Size() int64 {
+	debugf(iw, "Size", "() -> %v", iw.sx.Size)
+	return int64(iw.sx.Size)
+}
+
+func (iw *infoWrapper) Sys() any {
+	debugf(iw, "Sys", "()")
+	return iw.sx
+}
+
+func (iw *infoWrapper) Mode() fs.FileMode {
+	v := cephModeToFileMode(iw.sx.Mode)
+	debugf(iw, "Mode", "() -> %#o -> %#o/%v", iw.sx.Mode, uint32(v), v.Type())
+	return v
+}
+
+func (iw *infoWrapper) IsDir() bool {
+	v := iw.sx.Mode&modeIFMT == modeIFDIR
+	debugf(iw, "IsDir", "() -> %v", v)
+	return v
+}
+
+func (iw *infoWrapper) ModTime() time.Time {
+	v := time.Unix(iw.sx.Mtime.Sec, iw.sx.Mtime.Nsec)
+	debugf(iw, "ModTime", "() -> %v", v)
+	return v
+}
+
+func (iw *infoWrapper) identify() string {
+	return fmt.Sprintf("infoWrapper<%p>[%v]", iw, iw.name)
+}
+
+func (iw *infoWrapper) trace() bool {
+	return iw.parent.trace()
+}
+
+/* copy and paste values from the linux headers. We always need to use
+** the linux header values, regardless of the platform go-ceph is built
+** for. Rather than jumping through header hoops, copy and paste is
+** more consistent and reliable.
+ */
+const (
+	/* file type mask */
+	modeIFMT = uint16(0170000)
+	/* file types */
+	modeIFDIR  = uint16(0040000)
+	modeIFCHR  = uint16(0020000)
+	modeIFBLK  = uint16(0060000)
+	modeIFREG  = uint16(0100000)
+	modeIFIFO  = uint16(0010000)
+	modeIFLNK  = uint16(0120000)
+	modeIFSOCK = uint16(0140000)
+	/* protection bits */
+	modeISUID = uint16(0004000)
+	modeISGID = uint16(0002000)
+	modeISVTX = uint16(0001000)
+)
+
+// cephModeToFileMode takes a linux compatible cephfs mode value
+// and returns a Go-compatiable os-agnostic FileMode value.
+func cephModeToFileMode(m uint16) fs.FileMode {
+	// start with permission bits
+	mode := fs.FileMode(m & 0777)
+	// file type - inspired by go's src/os/stat_linux.go
+	switch m & modeIFMT {
+	case modeIFBLK:
+		mode |= fs.ModeDevice
+	case modeIFCHR:
+		mode |= fs.ModeDevice | fs.ModeCharDevice
+	case modeIFDIR:
+		mode |= fs.ModeDir
+	case modeIFIFO:
+		mode |= fs.ModeNamedPipe
+	case modeIFLNK:
+		mode |= fs.ModeSymlink
+	case modeIFREG:
+		// nothing to do
+	case modeIFSOCK:
+		mode |= fs.ModeSocket
+	}
+	// protection bits
+	if m&modeISUID != 0 {
+		mode |= fs.ModeSetuid
+	}
+	if m&modeISGID != 0 {
+		mode |= fs.ModeSetgid
+	}
+	if m&modeISVTX != 0 {
+		mode |= fs.ModeSticky
+	}
+	return mode
+}
+
+// wrapperObject helps identify an object to be logged.
+type wrapperObject interface {
+	identify() string
+	trace() bool
+}
+
+// debugf formats info about a function and logs it.
+func debugf(o wrapperObject, fname, format string, args ...any) {
+	if o.trace() {
+		log.Debugf(fmt.Sprintf("%v.%v: %s", o.identify(), fname, format), args...)
+	}
+}
--- a/vendor/github.com/ceph/go-ceph/rados/rados_getaddrs.go
+++ b/vendor/github.com/ceph/go-ceph/rados/rados_getaddrs.go
@@ -1,5 +1,3 @@
-//go:build ceph_preview
-
 package rados

 // #cgo LDFLAGS: -lrados
--- a/vendor/github.com/go-asn1-ber/asn1-ber/ber.go
+++ b/vendor/github.com/go-asn1-ber/asn1-ber/ber.go
@@ -412,7 +412,7 @@ func readPacket(reader io.Reader) (*Packet, int, error) {
 				p.Value = val
 			}
 		case TagRelativeOID:
-			oid, err := parseObjectIdentifier(content)
+			oid, err := parseRelativeObjectIdentifier(content)
 			if err == nil {
 				p.Value = OIDToString(oid)
 			}
@@ -560,16 +560,14 @@ func NewBoolean(classType Class, tagType Type, tag Tag, value bool, description

 // NewLDAPBoolean returns a RFC 4511-compliant Boolean packet.
 func NewLDAPBoolean(classType Class, tagType Type, tag Tag, value bool, description string) *Packet {
-	intValue := int64(0)
-
-	if value {
-		intValue = 255
-	}
-
 	p := Encode(classType, tagType, tag, nil, description)

 	p.Value = value
-	p.Data.Write(encodeInteger(intValue))
+	if value {
+		p.Data.Write([]byte{255})
+	} else {
+		p.Data.Write([]byte{0})
+	}

 	return p
 }
@@ -663,6 +661,25 @@ func NewOID(classType Class, tagType Type, tag Tag, value interface{}, descripti
 	return p
 }

+func NewRelativeOID(classType Class, tagType Type, tag Tag, value interface{}, description string) *Packet {
+	p := Encode(classType, tagType, tag, nil, description)
+
+	switch v := value.(type) {
+	case string:
+		encoded, err := encodeRelativeOID(v)
+		if err != nil {
+			fmt.Printf("failed writing %v", err)
+			return nil
+		}
+		p.Value = v
+		p.Data.Write(encoded)
+		// TODO: support []int already ?
+	default:
+		panic(fmt.Sprintf("Invalid type %T, expected float{64|32}", v))
+	}
+	return p
+}
+
 // encodeOID takes a string representation of an OID and returns its DER-encoded byte slice along with any error.
 func encodeOID(oidString string) ([]byte, error) {
 	// Convert the string representation to an asn1.ObjectIdentifier
@@ -688,6 +705,26 @@ func encodeOID(oidString string) ([]byte, error) {
 	return encoded, nil
 }

+func encodeRelativeOID(oidString string) ([]byte, error) {
+	parts := strings.Split(oidString, ".")
+	oid := make([]int, len(parts))
+	for i, part := range parts {
+		var val int
+		if _, err := fmt.Sscanf(part, "%d", &val); err != nil {
+			return nil, fmt.Errorf("invalid RELATIVE OID part '%s': %w", part, err)
+		}
+		oid[i] = val
+	}
+
+	encoded := make([]byte, 0)
+
+	for i := 0; i < len(oid); i++ {
+		encoded = appendBase128Int(encoded, int64(oid[i]))
+	}
+
+	return encoded, nil
+}
+
 func appendBase128Int(dst []byte, n int64) []byte {
 	l := base128IntLength(n)

@@ -772,6 +809,27 @@ func parseObjectIdentifier(bytes []byte) (s []int, err error) {
 	return
 }

+func parseRelativeObjectIdentifier(bytes []byte) (s []int, err error) {
+	if len(bytes) == 0 {
+		err = fmt.Errorf("zero length RELATIVE OBJECT IDENTIFIER")
+		return
+	}
+
+	s = make([]int, len(bytes)+1)
+
+	var v, offset int
+	i := 0
+	for ; offset < len(bytes); i++ {
+		v, offset, err = parseBase128Int(bytes, offset)
+		if err != nil {
+			return
+		}
+		s[i] = v
+	}
+	s = s[0:i]
+	return
+}
+
 // parseBase128Int parses a base-128 encoded int from the given offset in the
 // given byte slice. It returns the value and the new offset.
 func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err error) {
--- a/vendor/github.com/go-ldap/ldap/v3/bind.go
+++ b/vendor/github.com/go-ldap/ldap/v3/bind.go
@@ -3,15 +3,19 @@ package ldap
 import (
 	"bytes"
 	"crypto/md5"
+	"encoding/binary"
+	"encoding/hex"
 	enchex "encoding/hex"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"math/rand"
 	"strings"
+	"unicode/utf16"

 	"github.com/Azure/go-ntlmssp"
 	ber "github.com/go-asn1-ber/asn1-ber"
+	"golang.org/x/crypto/md4" //nolint:staticcheck
 )

 // SimpleBindRequest represents a username/password bind operation
@@ -216,7 +220,7 @@ func (l *Conn) DigestMD5Bind(digestMD5BindRequest *DigestMD5BindRequest) (*Diges
 		}
 	}

-	if params != nil {
+	if len(params) > 0 {
 		resp := computeResponse(
 			params,
 			"ldap/"+strings.ToLower(digestMD5BindRequest.Host),
@@ -249,6 +253,34 @@ func (l *Conn) DigestMD5Bind(digestMD5BindRequest *DigestMD5BindRequest) (*Diges
 		if err != nil {
 			return nil, fmt.Errorf("read packet: %s", err)
 		}
+
+		if len(packet.Children) == 2 {
+			response := packet.Children[1]
+			if response == nil {
+				return result, GetLDAPError(packet)
+			}
+			if response.ClassType == ber.ClassApplication && response.TagType == ber.TypeConstructed && len(response.Children) >= 3 {
+				if ber.Type(response.Children[0].Tag) == ber.Type(ber.TagInteger) || ber.Type(response.Children[0].Tag) == ber.Type(ber.TagEnumerated) {
+					resultCode := uint16(response.Children[0].Value.(int64))
+					if resultCode == 14 {
+						msgCtx, err := l.doRequest(digestMD5BindRequest)
+						if err != nil {
+							return nil, err
+						}
+						defer l.finishMessage(msgCtx)
+						packetResponse, ok := <-msgCtx.responses
+						if !ok {
+							return nil, NewError(ErrorNetwork, errors.New("ldap: response channel closed"))
+						}
+						packet, err = packetResponse.ReadPacket()
+						l.Debug.Printf("%d: got response %p", msgCtx.id, packet)
+						if err != nil {
+							return nil, fmt.Errorf("read packet: %s", err)
+						}
+					}
+				}
+			}
+		}
 	}

 	err = GetLDAPError(packet)
@@ -406,17 +438,36 @@ type NTLMBindRequest struct {
 	Hash string
 	// Controls are optional controls to send with the bind request
 	Controls []Control
+	// Negotiator allows to specify a custom NTLM negotiator.
+	Negotiator NTLMNegotiator
 }

-func (req *NTLMBindRequest) appendTo(envelope *ber.Packet) error {
+// NTLMNegotiator is an abstraction of an NTLM implementation that produces and
+// processes NTLM binary tokens.
+type NTLMNegotiator interface {
+	Negotiate(domain string, workstation string) ([]byte, error)
+	ChallengeResponse(challenge []byte, username string, hash string) ([]byte, error)
+}
+
+func (req *NTLMBindRequest) appendTo(envelope *ber.Packet) (err error) {
 	request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationBindRequest, nil, "Bind Request")
 	request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, 3, "Version"))
 	request.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "", "User Name"))

+	var negMessage []byte
+
 	// generate an NTLMSSP Negotiation message for the  specified domain (it can be blank)
-	negMessage, err := ntlmssp.NewNegotiateMessage(req.Domain, "")
-	if err != nil {
-		return fmt.Errorf("err creating negmessage: %s", err)
+	switch {
+	case req.Negotiator == nil:
+		negMessage, err = ntlmssp.NewNegotiateMessage(req.Domain, "")
+		if err != nil {
+			return fmt.Errorf("create NTLM negotiate message: %s", err)
+		}
+	default:
+		negMessage, err = req.Negotiator.Negotiate(req.Domain, "")
+		if err != nil {
+			return fmt.Errorf("create NTLM negotiate message with custom negotiator: %s", err)
+		}
 	}

 	// append the generated NTLMSSP message as a TagEnumerated BER value
@@ -514,18 +565,29 @@ func (l *Conn) NTLMChallengeBind(ntlmBindRequest *NTLMBindRequest) (*NTLMBindRes
 	if ntlmsspChallenge != nil {
 		var err error
 		var responseMessage []byte
-		// generate a response message to the challenge with the given Username/Password if password is provided
-		if ntlmBindRequest.Hash != "" {
+
+		switch {
+		case ntlmBindRequest.Hash == "" && ntlmBindRequest.Password == "" && !ntlmBindRequest.AllowEmptyPassword:
+			err = fmt.Errorf("need a password or hash to generate reply")
+		case ntlmBindRequest.Negotiator == nil && ntlmBindRequest.Hash != "":
 			responseMessage, err = ntlmssp.ProcessChallengeWithHash(ntlmsspChallenge, ntlmBindRequest.Username, ntlmBindRequest.Hash)
-		} else if ntlmBindRequest.Password != "" || ntlmBindRequest.AllowEmptyPassword {
+		case ntlmBindRequest.Negotiator == nil && (ntlmBindRequest.Password != "" || ntlmBindRequest.AllowEmptyPassword):
+			// generate a response message to the challenge with the given Username/Password if password is provided
 			_, _, domainNeeded := ntlmssp.GetDomain(ntlmBindRequest.Username)
 			responseMessage, err = ntlmssp.ProcessChallenge(ntlmsspChallenge, ntlmBindRequest.Username, ntlmBindRequest.Password, domainNeeded)
-		} else {
-			err = fmt.Errorf("need a password or hash to generate reply")
+		default:
+			hash := ntlmBindRequest.Hash
+			if len(hash) == 0 {
+				hash = ntHash(ntlmBindRequest.Password)
+			}
+
+			responseMessage, err = ntlmBindRequest.Negotiator.ChallengeResponse(ntlmsspChallenge, ntlmBindRequest.Username, hash)
 		}
+
 		if err != nil {
-			return result, fmt.Errorf("parsing ntlm-challenge: %s", err)
+			return result, fmt.Errorf("process NTLM challenge: %s", err)
 		}
+
 		packet = ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
 		packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))

@@ -559,6 +621,18 @@ func (l *Conn) NTLMChallengeBind(ntlmBindRequest *NTLMBindRequest) (*NTLMBindRes
 	return result, err
 }

+func ntHash(pass string) string {
+	runes := utf16.Encode([]rune(pass))
+
+	b := bytes.Buffer{}
+	_ = binary.Write(&b, binary.LittleEndian, &runes)
+
+	hash := md4.New()
+	_, _ = hash.Write(b.Bytes())
+
+	return hex.EncodeToString(hash.Sum(nil))
+}
+
 // GSSAPIClient interface is used as the client-side implementation for the
 // GSSAPI SASL mechanism.
 // Interface inspired by GSSAPIClient from golang.org/x/crypto/ssh
@@ -577,6 +651,9 @@ type GSSAPIClient interface {
 	// to InitSecContext via the token parameters.
 	// See RFC 4752 section 3.1.
 	InitSecContext(target string, token []byte) (outputToken []byte, needContinue bool, err error)
+	// InitSecContextWithOptions is the same as InitSecContext but allows for additional options to be passed to the context establishment.
+	// See RFC 4752 section 3.1.
+	InitSecContextWithOptions(target string, token []byte, options []int) (outputToken []byte, needContinue bool, err error)
 	// NegotiateSaslAuth performs the last step of the Sasl handshake.
 	// It takes a token, which, when unwrapped, describes the servers supported
 	// security layers (first octet) and maximum receive buffer (remaining
@@ -614,6 +691,11 @@ func (l *Conn) GSSAPIBind(client GSSAPIClient, servicePrincipal, authzid string)

 // GSSAPIBindRequest performs the GSSAPI SASL bind using the provided GSSAPI client.
 func (l *Conn) GSSAPIBindRequest(client GSSAPIClient, req *GSSAPIBindRequest) error {
+	return l.GSSAPIBindRequestWithAPOptions(client, req, []int{})
+}
+
+// GSSAPIBindRequest performs the GSSAPI SASL bind using the provided GSSAPI client.
+func (l *Conn) GSSAPIBindRequestWithAPOptions(client GSSAPIClient, req *GSSAPIBindRequest, APOptions []int) error {
 	//nolint:errcheck
 	defer client.DeleteSecContext()

@@ -624,7 +706,7 @@ func (l *Conn) GSSAPIBindRequest(client GSSAPIClient, req *GSSAPIBindRequest) er
 	for {
 		if needInit {
 			// Establish secure context between client and server.
-			reqToken, needInit, err = client.InitSecContext(req.ServicePrincipalName, recvToken)
+			reqToken, needInit, err = client.InitSecContextWithOptions(req.ServicePrincipalName, recvToken, APOptions)
 			if err != nil {
 				return err
 			}
--- a/vendor/github.com/go-ldap/ldap/v3/control.go
+++ b/vendor/github.com/go-ldap/ldap/v3/control.go
@@ -709,7 +709,7 @@ func (c *ControlDirSync) Encode() *ber.Packet {

 	packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Control")
 	packet.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, ControlTypeDirSync, "Control Type ("+ControlTypeMap[ControlTypeDirSync]+")"))
-	packet.AppendChild(ber.NewBoolean(ber.ClassUniversal, ber.TypePrimitive, ber.TagBoolean, c.Criticality, "Criticality")) // must be true always
+	packet.AppendChild(ber.NewLDAPBoolean(ber.ClassUniversal, ber.TypePrimitive, ber.TagBoolean, c.Criticality, "Criticality")) // must be true always

 	val := ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, nil, "Control Value (DirSync)")
 	seq := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "DirSync Control Value")
@@ -755,7 +755,7 @@ func NewControlServerSideSorting(value *ber.Packet) (*ControlServerSideSorting,
 	sequences := val[0].Children

 	for i, sequence := range sequences {
-		sortKey := &SortKey{}
+		sortKey := new(SortKey)

 		if len(sequence.Children) < 2 {
 			return nil, fmt.Errorf("attributeType or matchingRule is missing from sequence %d", i)
@@ -864,10 +864,14 @@ func (c ControlServerSideSortingCode) Valid() error {
 }

 func NewControlServerSideSortingResult(pkt *ber.Packet) (*ControlServerSideSortingResult, error) {
-	control := &ControlServerSideSortingResult{}
+	control := new(ControlServerSideSortingResult)

 	if pkt == nil || len(pkt.Children) == 0 {
-		return nil, fmt.Errorf("bad packet")
+		// This is currently not compliant with the ServerSideSorting RFC (see https://datatracker.ietf.org/doc/html/rfc2891#section-1.2).
+		// but it's necessary because there seems to be a bug in the implementation of the popular OpenLDAP server.
+		//
+		// See: https://github.com/go-ldap/ldap/pull/546
+		return control, nil
 	}

 	codeInt, err := ber.ParseInt64(pkt.Children[0].Data.Bytes())
@@ -875,8 +879,7 @@ func NewControlServerSideSortingResult(pkt *ber.Packet) (*ControlServerSideSorti
 		return nil, err
 	}

-	code := ControlServerSideSortingCode(codeInt)
-	if err := code.Valid(); err != nil {
+	if err = ControlServerSideSortingCode(codeInt).Valid(); err != nil {
 		return nil, err
 	}

--- a/vendor/github.com/go-sql-driver/mysql/CHANGELOG.md
+++ b/vendor/github.com/go-sql-driver/mysql/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog

+## v1.9.2 (2025-04-07)
+
+v1.9.2 is a re-release of v1.9.1 due to a release process issue; no changes were made to the content.
+
+
 ## v1.9.1 (2025-03-21)

 ### Major Changes
--- a/vendor/github.com/jonboulle/clockwork/README.md
+++ b/vendor/github.com/jonboulle/clockwork/README.md
@@ -2,9 +2,9 @@

 [![Mentioned in Awesome Go](https://awesome.re/mentioned-badge-flat.svg)](https://github.com/avelino/awesome-go#utilities)

-[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/jonboulle/clockwork/CI?style=flat-square)](https://github.com/jonboulle/clockwork/actions?query=workflow%3ACI)
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/jonboulle/clockwork/ci.yaml?style=flat-square)](https://github.com/jonboulle/clockwork/actions?query=workflow%3ACI)
 [![Go Report Card](https://goreportcard.com/badge/github.com/jonboulle/clockwork?style=flat-square)](https://goreportcard.com/report/github.com/jonboulle/clockwork)
-![Go Version](https://img.shields.io/badge/go%20version-%3E=1.11-61CFDD.svg?style=flat-square)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.15-61CFDD.svg?style=flat-square)
 [![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/jonboulle/clockwork)

 **A simple fake clock for Go.**
@@ -36,6 +36,7 @@ Now you can easily test `myFunc` with a `FakeClock`:

 ```go
 func TestMyFunc(t *testing.T) {
+	ctx := context.Background()
 	c := clockwork.NewFakeClock()

 	// Start our sleepy function
@@ -46,8 +47,12 @@ func TestMyFunc(t *testing.T) {
 		wg.Done()
 	}()

-	// Ensure we wait until myFunc is sleeping
-	c.BlockUntil(1)
+	// Ensure we wait until myFunc is waiting on the clock.
+	// Use a context to avoid blocking forever if something
+	// goes wrong.
+	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	defer cancel()
+	c.BlockUntilContext(ctx, 1)

 	assertState()

--- a/vendor/github.com/jonboulle/clockwork/SECURITY.md
+++ b/vendor/github.com/jonboulle/clockwork/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+If you have discovered a security vulnerability in this project, please report it
+privately. **Do not disclose it as a public issue.** This gives me time to work with you
+to fix the issue before public exposure, reducing the chance that the exploit will be
+used before a patch is released.
+
+You may submit the report in the following ways:
+
+- send an email to ???@???; and/or
+- send a [private vulnerability report](https://github.com/jonboulle/clockwork/security/advisories/new)
+
+Please provide the following information in your report:
+
+- A description of the vulnerability and its impact
+- How to reproduce the issue
+
+This project is maintained by a single maintainer on a reasonable-effort basis. As such,
+please give me 90 days to work on a fix before public exposure.
--- a/vendor/github.com/jonboulle/clockwork/clockwork.go
+++ b/vendor/github.com/jonboulle/clockwork/clockwork.go
@@ -1,30 +1,25 @@
+// Package clockwork contains a simple fake clock for Go.
 package clockwork

 import (
+	"context"
+	"errors"
+	"slices"
 	"sync"
 	"time"
 )

-// Clock provides an interface that packages can use instead of directly
-// using the time module, so that chronology-related behavior can be tested
+// Clock provides an interface that packages can use instead of directly using
+// the [time] module, so that chronology-related behavior can be tested.
 type Clock interface {
 	After(d time.Duration) <-chan time.Time
 	Sleep(d time.Duration)
 	Now() time.Time
 	Since(t time.Time) time.Duration
+	Until(t time.Time) time.Duration
 	NewTicker(d time.Duration) Ticker
-}
-
-// FakeClock provides an interface for a clock which can be
-// manually advanced through time
-type FakeClock interface {
-	Clock
-	// Advance advances the FakeClock to a new point in time, ensuring any existing
-	// sleepers are notified appropriately before returning
-	Advance(d time.Duration)
-	// BlockUntil will block until the FakeClock has the given number of
-	// sleepers (callers of Sleep or After)
-	BlockUntil(n int)
+	NewTimer(d time.Duration) Timer
+	AfterFunc(d time.Duration, f func()) Timer
 }

 // NewRealClock returns a Clock which simply delegates calls to the actual time
@@ -33,21 +28,6 @@ func NewRealClock() Clock {
 	return &realClock{}
 }

-// NewFakeClock returns a FakeClock implementation which can be
-// manually advanced through time for testing. The initial time of the
-// FakeClock will be an arbitrary non-zero time.
-func NewFakeClock() FakeClock {
-	// use a fixture that does not fulfill Time.IsZero()
-	return NewFakeClockAt(time.Date(1984, time.April, 4, 0, 0, 0, 0, time.UTC))
-}
-
-// NewFakeClockAt returns a FakeClock initialised at the given time.Time.
-func NewFakeClockAt(t time.Time) FakeClock {
-	return &fakeClock{
-		time: t,
-	}
-}
-
 type realClock struct{}

 func (rc *realClock) After(d time.Duration) <-chan time.Time {
@@ -66,130 +46,274 @@ func (rc *realClock) Since(t time.Time) time.Duration {
 	return rc.Now().Sub(t)
 }

-func (rc *realClock) NewTicker(d time.Duration) Ticker {
-	return &realTicker{time.NewTicker(d)}
+func (rc *realClock) Until(t time.Time) time.Duration {
+	return t.Sub(rc.Now())
 }

-type fakeClock struct {
-	sleepers []*sleeper
+func (rc *realClock) NewTicker(d time.Duration) Ticker {
+	return realTicker{time.NewTicker(d)}
+}
+
+func (rc *realClock) NewTimer(d time.Duration) Timer {
+	return realTimer{time.NewTimer(d)}
+}
+
+func (rc *realClock) AfterFunc(d time.Duration, f func()) Timer {
+	return realTimer{time.AfterFunc(d, f)}
+}
+
+// FakeClock provides an interface for a clock which can be manually advanced
+// through time.
+//
+// FakeClock maintains a list of "waiters," which consists of all callers
+// waiting on the underlying clock (i.e. Tickers and Timers including callers of
+// Sleep or After). Users can call BlockUntil to block until the clock has an
+// expected number of waiters.
+type FakeClock struct {
+	// l protects all attributes of the clock, including all attributes of all
+	// waiters and blockers.
+	l        sync.RWMutex
+	waiters  []expirer
 	blockers []*blocker
 	time     time.Time
-
-	l sync.RWMutex
 }

-// sleeper represents a caller of After or Sleep
-type sleeper struct {
-	until time.Time
-	done  chan time.Time
+// NewFakeClock returns a FakeClock implementation which can be
+// manually advanced through time for testing. The initial time of the
+// FakeClock will be the current system time.
+//
+// Tests that require a deterministic time must use NewFakeClockAt.
+func NewFakeClock() *FakeClock {
+	return NewFakeClockAt(time.Now())
 }

-// blocker represents a caller of BlockUntil
+// NewFakeClockAt returns a FakeClock initialised at the given time.Time.
+func NewFakeClockAt(t time.Time) *FakeClock {
+	return &FakeClock{
+		time: t,
+	}
+}
+
+// blocker is a caller of BlockUntil.
 type blocker struct {
 	count int
-	ch    chan struct{}
+
+	// ch is closed when the underlying clock has the specified number of blockers.
+	ch chan struct{}
 }

-// After mimics time.After; it waits for the given duration to elapse on the
+// expirer is a timer or ticker that expires at some point in the future.
+type expirer interface {
+	// expire the expirer at the given time, returning the desired duration until
+	// the next expiration, if any.
+	expire(now time.Time) (next *time.Duration)
+
+	// Get and set the expiration time.
+	expiration() time.Time
+	setExpiration(time.Time)
+}
+
+// After mimics [time.After]; it waits for the given duration to elapse on the
 // fakeClock, then sends the current time on the returned channel.
-func (fc *fakeClock) After(d time.Duration) <-chan time.Time {
-	fc.l.Lock()
-	defer fc.l.Unlock()
-	now := fc.time
-	done := make(chan time.Time, 1)
-	if d.Nanoseconds() <= 0 {
-		// special case - trigger immediately
-		done <- now
-	} else {
-		// otherwise, add to the set of sleepers
-		s := &sleeper{
-			until: now.Add(d),
-			done:  done,
-		}
-		fc.sleepers = append(fc.sleepers, s)
-		// and notify any blockers
-		fc.blockers = notifyBlockers(fc.blockers, len(fc.sleepers))
-	}
-	return done
+func (fc *FakeClock) After(d time.Duration) <-chan time.Time {
+	return fc.NewTimer(d).Chan()
 }

-// notifyBlockers notifies all the blockers waiting until the
-// given number of sleepers are waiting on the fakeClock. It
-// returns an updated slice of blockers (i.e. those still waiting)
-func notifyBlockers(blockers []*blocker, count int) (newBlockers []*blocker) {
-	for _, b := range blockers {
-		if b.count == count {
-			close(b.ch)
-		} else {
-			newBlockers = append(newBlockers, b)
-		}
-	}
-	return
-}
-
-// Sleep blocks until the given duration has passed on the fakeClock
-func (fc *fakeClock) Sleep(d time.Duration) {
+// Sleep blocks until the given duration has passed on the fakeClock.
+func (fc *FakeClock) Sleep(d time.Duration) {
 	<-fc.After(d)
 }

-// Time returns the current time of the fakeClock
-func (fc *fakeClock) Now() time.Time {
+// Now returns the current time of the fakeClock
+func (fc *FakeClock) Now() time.Time {
 	fc.l.RLock()
-	t := fc.time
-	fc.l.RUnlock()
-	return t
+	defer fc.l.RUnlock()
+	return fc.time
 }

-// Since returns the duration that has passed since the given time on the fakeClock
-func (fc *fakeClock) Since(t time.Time) time.Duration {
+// Since returns the duration that has passed since the given time on the
+// fakeClock.
+func (fc *FakeClock) Since(t time.Time) time.Duration {
 	return fc.Now().Sub(t)
 }

-func (fc *fakeClock) NewTicker(d time.Duration) Ticker {
-	ft := &fakeTicker{
-		c:      make(chan time.Time, 1),
-		stop:   make(chan bool, 1),
-		clock:  fc,
-		period: d,
+// Until returns the duration that has to pass from the given time on the fakeClock
+// to reach the given time.
+func (fc *FakeClock) Until(t time.Time) time.Duration {
+	return t.Sub(fc.Now())
+}
+
+// NewTicker returns a Ticker that will expire only after calls to
+// FakeClock.Advance() have moved the clock past the given duration.
+//
+// The duration d must be greater than zero; if not, NewTicker will panic.
+func (fc *FakeClock) NewTicker(d time.Duration) Ticker {
+	// Maintain parity with
+	// https://cs.opensource.google/go/go/+/refs/tags/go1.20.3:src/time/tick.go;l=23-25
+	if d <= 0 {
+		panic(errors.New("non-positive interval for NewTicker"))
 	}
-	ft.runTickThread()
+	ft := newFakeTicker(fc, d)
+	fc.l.Lock()
+	defer fc.l.Unlock()
+	fc.setExpirer(ft, d)
 	return ft
 }

-// Advance advances fakeClock to a new point in time, ensuring channels from any
-// previous invocations of After are notified appropriately before returning
-func (fc *fakeClock) Advance(d time.Duration) {
+// NewTimer returns a Timer that will fire only after calls to
+// fakeClock.Advance() have moved the clock past the given duration.
+func (fc *FakeClock) NewTimer(d time.Duration) Timer {
+	t, _ := fc.newTimer(d, nil)
+	return t
+}
+
+// AfterFunc mimics [time.AfterFunc]; it returns a Timer that will invoke the
+// given function only after calls to fakeClock.Advance() have moved the clock
+// past the given duration.
+func (fc *FakeClock) AfterFunc(d time.Duration, f func()) Timer {
+	t, _ := fc.newTimer(d, f)
+	return t
+}
+
+// newTimer returns a new timer using an optional afterFunc and the time that
+// timer expires.
+func (fc *FakeClock) newTimer(d time.Duration, afterfunc func()) (*fakeTimer, time.Time) {
+	ft := newFakeTimer(fc, afterfunc)
+	fc.l.Lock()
+	defer fc.l.Unlock()
+	fc.setExpirer(ft, d)
+	return ft, ft.expiration()
+}
+
+// newTimerAtTime is like newTimer, but uses a time instead of a duration.
+//
+// It is used to ensure FakeClock's lock is held constant through calling
+// fc.After(t.Sub(fc.Now())). It should not be exposed externally.
+func (fc *FakeClock) newTimerAtTime(t time.Time, afterfunc func()) *fakeTimer {
+	ft := newFakeTimer(fc, afterfunc)
+	fc.l.Lock()
+	defer fc.l.Unlock()
+	fc.setExpirer(ft, t.Sub(fc.time))
+	return ft
+}
+
+// Advance advances fakeClock to a new point in time, ensuring waiters and
+// blockers are notified appropriately before returning.
+func (fc *FakeClock) Advance(d time.Duration) {
 	fc.l.Lock()
 	defer fc.l.Unlock()
 	end := fc.time.Add(d)
-	var newSleepers []*sleeper
-	for _, s := range fc.sleepers {
-		if end.Sub(s.until) >= 0 {
-			s.done <- end
-		} else {
-			newSleepers = append(newSleepers, s)
+	// Expire the earliest waiter until the earliest waiter's expiration is after
+	// end.
+	//
+	// We don't iterate because the callback of the waiter might register a new
+	// waiter, so the list of waiters might change as we execute this.
+	for len(fc.waiters) > 0 && !end.Before(fc.waiters[0].expiration()) {
+		w := fc.waiters[0]
+		fc.waiters = fc.waiters[1:]
+
+		// Use the waiter's expiration as the current time for this expiration.
+		now := w.expiration()
+		fc.time = now
+		if d := w.expire(now); d != nil {
+			// Set the new expiration if needed.
+			fc.setExpirer(w, *d)
 		}
 	}
-	fc.sleepers = newSleepers
-	fc.blockers = notifyBlockers(fc.blockers, len(fc.sleepers))
 	fc.time = end
 }

-// BlockUntil will block until the fakeClock has the given number of sleepers
-// (callers of Sleep or After)
-func (fc *fakeClock) BlockUntil(n int) {
-	fc.l.Lock()
-	// Fast path: current number of sleepers is what we're looking for
-	if len(fc.sleepers) == n {
-		fc.l.Unlock()
-		return
+// BlockUntil blocks until the FakeClock has the given number of waiters.
+//
+// Prefer BlockUntilContext in new code, which offers context cancellation to
+// prevent deadlock.
+//
+// Deprecated: New code should prefer BlockUntilContext.
+func (fc *FakeClock) BlockUntil(n int) {
+	fc.BlockUntilContext(context.TODO(), n)
+}
+
+// BlockUntilContext blocks until the fakeClock has the given number of waiters
+// or the context is cancelled.
+func (fc *FakeClock) BlockUntilContext(ctx context.Context, n int) error {
+	b := fc.newBlocker(n)
+	if b == nil {
+		return nil
 	}
-	// Otherwise, set up a new blocker
+
+	select {
+	case <-b.ch:
+		return nil
+	case <-ctx.Done():
+		return ctx.Err()
+	}
+}
+
+func (fc *FakeClock) newBlocker(n int) *blocker {
+	fc.l.Lock()
+	defer fc.l.Unlock()
+	// Fast path: we already have >= n waiters.
+	if len(fc.waiters) >= n {
+		return nil
+	}
+	// Set up a new blocker to wait for more waiters.
 	b := &blocker{
 		count: n,
 		ch:    make(chan struct{}),
 	}
 	fc.blockers = append(fc.blockers, b)
-	fc.l.Unlock()
-	<-b.ch
+	return b
+}
+
+// stop stops an expirer, returning true if the expirer was stopped.
+func (fc *FakeClock) stop(e expirer) bool {
+	fc.l.Lock()
+	defer fc.l.Unlock()
+	return fc.stopExpirer(e)
+}
+
+// stopExpirer stops an expirer, returning true if the expirer was stopped.
+//
+// The caller must hold fc.l.
+func (fc *FakeClock) stopExpirer(e expirer) bool {
+	idx := slices.Index(fc.waiters, e)
+	if idx == -1 {
+		return false
+	}
+	// Remove element, maintaining order, setting inaccessible elements to nil so
+	// they can be garbage collected.
+	copy(fc.waiters[idx:], fc.waiters[idx+1:])
+	fc.waiters[len(fc.waiters)-1] = nil
+	fc.waiters = fc.waiters[:len(fc.waiters)-1]
+	return true
+}
+
+// setExpirer sets an expirer to expire at a future point in time.
+//
+// The caller must hold fc.l.
+func (fc *FakeClock) setExpirer(e expirer, d time.Duration) {
+	if d.Nanoseconds() <= 0 {
+		// Special case for timers with duration <= 0: trigger immediately, never
+		// reset.
+		//
+		// Tickers never get here, they panic if d is < 0.
+		e.expire(fc.time)
+		return
+	}
+	// Add the expirer to the set of waiters and notify any blockers.
+	e.setExpiration(fc.time.Add(d))
+	fc.waiters = append(fc.waiters, e)
+	slices.SortFunc(fc.waiters, func(a, b expirer) int {
+		return a.expiration().Compare(b.expiration())
+	})
+
+	// Notify blockers of our new waiter.
+	count := len(fc.waiters)
+	fc.blockers = slices.DeleteFunc(fc.blockers, func(b *blocker) bool {
+		if b.count <= count {
+			close(b.ch)
+			return true
+		}
+		return false
+	})
 }
--- a/vendor/github.com/jonboulle/clockwork/context.go
+++ b/vendor/github.com/jonboulle/clockwork/context.go
@@ -0,0 +1,169 @@
+package clockwork
+
+import (
+	"context"
+	"fmt"
+	"sync"
+	"time"
+)
+
+// contextKey is private to this package so we can ensure uniqueness here. This
+// type identifies context values provided by this package.
+type contextKey string
+
+// keyClock provides a clock for injecting during tests. If absent, a real clock
+// should be used.
+var keyClock = contextKey("clock") // clockwork.Clock
+
+// AddToContext creates a derived context that references the specified clock.
+//
+// Be aware this doesn't change the behavior of standard library functions, such
+// as [context.WithTimeout] or [context.WithDeadline]. For this reason, users
+// should prefer passing explicit [clockwork.Clock] variables rather can passing
+// the clock via the context.
+func AddToContext(ctx context.Context, clock Clock) context.Context {
+	return context.WithValue(ctx, keyClock, clock)
+}
+
+// FromContext extracts a clock from the context. If not present, a real clock
+// is returned.
+func FromContext(ctx context.Context) Clock {
+	if clock, ok := ctx.Value(keyClock).(Clock); ok {
+		return clock
+	}
+	return NewRealClock()
+}
+
+// ErrFakeClockDeadlineExceeded is the error returned by [context.Context] when
+// the deadline passes on a context which uses a [FakeClock].
+//
+// It wraps a [context.DeadlineExceeded] error, i.e.:
+//
+//	// The following is true for any Context whose deadline has been exceeded,
+//	// including contexts made with clockwork.WithDeadline or clockwork.WithTimeout.
+//
+//	errors.Is(ctx.Err(), context.DeadlineExceeded)
+//
+//	// The following can only be true for contexts made
+//	// with clockwork.WithDeadline or clockwork.WithTimeout.
+//
+//	errors.Is(ctx.Err(), clockwork.ErrFakeClockDeadlineExceeded)
+var ErrFakeClockDeadlineExceeded error = fmt.Errorf("clockwork.FakeClock: %w", context.DeadlineExceeded)
+
+// WithDeadline returns a context with a deadline based on a [FakeClock].
+//
+// The returned context ignores parent cancelation if the parent was cancelled
+// with a [context.DeadlineExceeded] error. Any other error returned by the
+// parent is treated normally, cancelling the returned context.
+//
+// If the parent is cancelled with a [context.DeadlineExceeded] error, the only
+// way to then cancel the returned context is by calling the returned
+// context.CancelFunc.
+func WithDeadline(parent context.Context, clock Clock, t time.Time) (context.Context, context.CancelFunc) {
+	if fc, ok := clock.(*FakeClock); ok {
+		return newFakeClockContext(parent, t, fc.newTimerAtTime(t, nil).Chan())
+	}
+	return context.WithDeadline(parent, t)
+}
+
+// WithTimeout returns a context with a timeout based on a [FakeClock].
+//
+// The returned context follows the same behaviors as [WithDeadline].
+func WithTimeout(parent context.Context, clock Clock, d time.Duration) (context.Context, context.CancelFunc) {
+	if fc, ok := clock.(*FakeClock); ok {
+		t, deadline := fc.newTimer(d, nil)
+		return newFakeClockContext(parent, deadline, t.Chan())
+	}
+	return context.WithTimeout(parent, d)
+}
+
+// fakeClockContext implements context.Context, using a fake clock for its
+// deadline.
+//
+// It ignores parent cancellation if the parent is cancelled with
+// context.DeadlineExceeded.
+type fakeClockContext struct {
+	parent   context.Context
+	deadline time.Time // The user-facing deadline based on the fake clock's time.
+
+	// Tracks timeout/deadline cancellation.
+	timerDone <-chan time.Time
+
+	// Tracks manual calls to the cancel function.
+	cancel       func() // Closes cancelCalled wrapped in a sync.Once.
+	cancelCalled chan struct{}
+
+	// The user-facing data from the context.Context interface.
+	ctxDone chan struct{} // Returned by Done().
+	err     error         // nil until ctxDone is ready to be closed.
+}
+
+func newFakeClockContext(parent context.Context, deadline time.Time, timer <-chan time.Time) (context.Context, context.CancelFunc) {
+	cancelCalled := make(chan struct{})
+	ctx := &fakeClockContext{
+		parent:       parent,
+		deadline:     deadline,
+		timerDone:    timer,
+		cancelCalled: cancelCalled,
+		ctxDone:      make(chan struct{}),
+		cancel: sync.OnceFunc(func() {
+			close(cancelCalled)
+		}),
+	}
+	ready := make(chan struct{}, 1)
+	go ctx.runCancel(ready)
+	<-ready // Wait until the cancellation goroutine is running.
+	return ctx, ctx.cancel
+}
+
+func (c *fakeClockContext) Deadline() (time.Time, bool) {
+	return c.deadline, true
+}
+
+func (c *fakeClockContext) Done() <-chan struct{} {
+	return c.ctxDone
+}
+
+func (c *fakeClockContext) Err() error {
+	<-c.Done() // Don't return the error before it is ready.
+	return c.err
+}
+
+func (c *fakeClockContext) Value(key any) any {
+	return c.parent.Value(key)
+}
+
+// runCancel runs the fakeClockContext's cancel goroutine and returns the
+// fakeClockContext's cancel function.
+//
+// fakeClockContext is then cancelled when any of the following occur:
+//
+//   - The fakeClockContext.done channel is closed by its timer.
+//   - The returned CancelFunc is executed.
+//   - The fakeClockContext's parent context is cancelled with an error other
+//     than context.DeadlineExceeded.
+func (c *fakeClockContext) runCancel(ready chan struct{}) {
+	parentDone := c.parent.Done()
+
+	// Close ready when done, just in case the ready signal races with other
+	// branches of our select statement below.
+	defer close(ready)
+
+	for c.err == nil {
+		select {
+		case <-c.timerDone:
+			c.err = ErrFakeClockDeadlineExceeded
+		case <-c.cancelCalled:
+			c.err = context.Canceled
+		case <-parentDone:
+			c.err = c.parent.Err()
+
+		case ready <- struct{}{}:
+			// Signals the cancellation goroutine has begun, in an attempt to minimize
+			// race conditions related to goroutine startup time.
+			ready = nil // This case statement can only fire once.
+		}
+	}
+	close(c.ctxDone)
+	return
+}
--- a/vendor/github.com/jonboulle/clockwork/ticker.go
+++ b/vendor/github.com/jonboulle/clockwork/ticker.go
@@ -1,72 +1,71 @@
 package clockwork

-import (
-	"time"
-)
+import "time"

-// Ticker provides an interface which can be used instead of directly
-// using the ticker within the time module. The real-time ticker t
-// provides ticks through t.C which becomes now t.Chan() to make
-// this channel requirement definable in this interface.
+// Ticker provides an interface which can be used instead of directly using
+// [time.Ticker]. The real-time ticker t provides ticks through t.C which
+// becomes t.Chan() to make this channel requirement definable in this
+// interface.
 type Ticker interface {
 	Chan() <-chan time.Time
+	Reset(d time.Duration)
 	Stop()
 }

 type realTicker struct{ *time.Ticker }

-func (rt *realTicker) Chan() <-chan time.Time {
-	return rt.C
+func (r realTicker) Chan() <-chan time.Time {
+	return r.C
 }

 type fakeTicker struct {
-	c      chan time.Time
-	stop   chan bool
-	clock  FakeClock
-	period time.Duration
+	// The channel associated with the firer, used to send expiration times.
+	c chan time.Time
+
+	// The time when the ticker expires. Only meaningful if the ticker is currently
+	// one of a FakeClock's waiters.
+	exp time.Time
+
+	// reset and stop provide the implementation of the respective exported
+	// functions.
+	reset func(d time.Duration)
+	stop  func()
+
+	// The duration of the ticker.
+	d time.Duration
 }

-func (ft *fakeTicker) Chan() <-chan time.Time {
-	return ft.c
+func newFakeTicker(fc *FakeClock, d time.Duration) *fakeTicker {
+	var ft *fakeTicker
+	ft = &fakeTicker{
+		c: make(chan time.Time, 1),
+		d: d,
+		reset: func(d time.Duration) {
+			fc.l.Lock()
+			defer fc.l.Unlock()
+			ft.d = d
+			fc.setExpirer(ft, d)
+		},
+		stop: func() { fc.stop(ft) },
+	}
+	return ft
 }

-func (ft *fakeTicker) Stop() {
-	ft.stop <- true
+func (f *fakeTicker) Chan() <-chan time.Time { return f.c }
+
+func (f *fakeTicker) Reset(d time.Duration) { f.reset(d) }
+
+func (f *fakeTicker) Stop() { f.stop() }
+
+func (f *fakeTicker) expire(now time.Time) *time.Duration {
+	// Never block on expiration.
+	select {
+	case f.c <- now:
+	default:
+	}
+	return &f.d
 }

-// runTickThread initializes a background goroutine to send the tick time to the ticker channel
-// after every period. Tick events are discarded if the underlying ticker channel does not have
-// enough capacity.
-func (ft *fakeTicker) runTickThread() {
-	nextTick := ft.clock.Now().Add(ft.period)
-	next := ft.clock.After(ft.period)
-	go func() {
-		for {
-			select {
-			case <-ft.stop:
-				return
-			case <-next:
-				// We send the time that the tick was supposed to occur at.
-				tick := nextTick
-				// Before sending the tick, we'll compute the next tick time and star the clock.After call.
-				now := ft.clock.Now()
-				// First, figure out how many periods there have been between "now" and the time we were
-				// supposed to have trigged, then advance over all of those.
-				skipTicks := (now.Sub(tick) + ft.period - 1) / ft.period
-				nextTick = nextTick.Add(skipTicks * ft.period)
-				// Now, keep advancing until we are past now. This should happen at most once.
-				for !nextTick.After(now) {
-					nextTick = nextTick.Add(ft.period)
-				}
-				// Figure out how long between now and the next scheduled tick, then wait that long.
-				remaining := nextTick.Sub(now)
-				next = ft.clock.After(remaining)
-				// Finally, we can actually send the tick.
-				select {
-				case ft.c <- tick:
-				default:
-				}
-			}
-		}
-	}()
-}
+func (f *fakeTicker) expiration() time.Time { return f.exp }
+
+func (f *fakeTicker) setExpiration(t time.Time) { f.exp = t }
--- a/vendor/github.com/jonboulle/clockwork/timer.go
+++ b/vendor/github.com/jonboulle/clockwork/timer.go
@@ -0,0 +1,79 @@
+package clockwork
+
+import "time"
+
+// Timer provides an interface which can be used instead of directly using
+// [time.Timer]. The real-time timer t provides events through t.C which becomes
+// t.Chan() to make this channel requirement definable in this interface.
+type Timer interface {
+	Chan() <-chan time.Time
+	Reset(d time.Duration) bool
+	Stop() bool
+}
+
+type realTimer struct{ *time.Timer }
+
+func (r realTimer) Chan() <-chan time.Time {
+	return r.C
+}
+
+type fakeTimer struct {
+	// The channel associated with the firer, used to send expiration times.
+	c chan time.Time
+
+	// The time when the firer expires. Only meaningful if the firer is currently
+	// one of a FakeClock's waiters.
+	exp time.Time
+
+	// reset and stop provide the implementation of the respective exported
+	// functions.
+	reset func(d time.Duration) bool
+	stop  func() bool
+
+	// If present when the timer fires, the timer calls afterFunc in its own
+	// goroutine rather than sending the time on Chan().
+	afterFunc func()
+}
+
+func newFakeTimer(fc *FakeClock, afterfunc func()) *fakeTimer {
+	var ft *fakeTimer
+	ft = &fakeTimer{
+		c: make(chan time.Time, 1),
+		reset: func(d time.Duration) bool {
+			fc.l.Lock()
+			defer fc.l.Unlock()
+			// fc.l must be held across the calls to stopExpirer & setExpirer.
+			stopped := fc.stopExpirer(ft)
+			fc.setExpirer(ft, d)
+			return stopped
+		},
+		stop: func() bool { return fc.stop(ft) },
+
+		afterFunc: afterfunc,
+	}
+	return ft
+}
+
+func (f *fakeTimer) Chan() <-chan time.Time { return f.c }
+
+func (f *fakeTimer) Reset(d time.Duration) bool { return f.reset(d) }
+
+func (f *fakeTimer) Stop() bool { return f.stop() }
+
+func (f *fakeTimer) expire(now time.Time) *time.Duration {
+	if f.afterFunc != nil {
+		go f.afterFunc()
+		return nil
+	}
+
+	// Never block on expiration.
+	select {
+	case f.c <- now:
+	default:
+	}
+	return nil
+}
+
+func (f *fakeTimer) expiration() time.Time { return f.exp }
+
+func (f *fakeTimer) setExpiration(t time.Time) { f.exp = t }
--- a/vendor/github.com/libregraph/lico/bootstrap/backends/ldap/ldap.go
+++ b/vendor/github.com/libregraph/lico/bootstrap/backends/ldap/ldap.go
@@ -143,10 +143,11 @@ func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
 		AuthorizationEndpointURI: fullAuthorizationEndpointURL,
 		SignedOutEndpointURI:     fullSignedOutEndpointURL,

-		DefaultBannerLogo:       config.IdentifierDefaultBannerLogo,
-		DefaultSignInPageText:   config.IdentifierDefaultSignInPageText,
-		DefaultUsernameHintText: config.IdentifierDefaultUsernameHintText,
-		UILocales:               config.IdentifierUILocales,
+		DefaultBannerLogo:        config.IdentifierDefaultBannerLogo,
+		DefaultSignInPageText:    config.IdentifierDefaultSignInPageText,
+		DefaultSignInPageLogoURI: config.IdentifierDefaultLogoTargetURI,
+		DefaultUsernameHintText:  config.IdentifierDefaultUsernameHintText,
+		UILocales:                config.IdentifierUILocales,

 		Backend: identifierBackend,
 	})
--- a/vendor/github.com/libregraph/lico/bootstrap/backends/libregraph/libregraph.go
+++ b/vendor/github.com/libregraph/lico/bootstrap/backends/libregraph/libregraph.go
@@ -126,10 +126,11 @@ func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
 		AuthorizationEndpointURI: fullAuthorizationEndpointURL,
 		SignedOutEndpointURI:     fullSignedOutEndpointURL,

-		DefaultBannerLogo:       config.IdentifierDefaultBannerLogo,
-		DefaultSignInPageText:   config.IdentifierDefaultSignInPageText,
-		DefaultUsernameHintText: config.IdentifierDefaultUsernameHintText,
-		UILocales:               config.IdentifierUILocales,
+		DefaultBannerLogo:        config.IdentifierDefaultBannerLogo,
+		DefaultSignInPageText:    config.IdentifierDefaultSignInPageText,
+		DefaultSignInPageLogoURI: config.IdentifierDefaultLogoTargetURI,
+		DefaultUsernameHintText:  config.IdentifierDefaultUsernameHintText,
+		UILocales:                config.IdentifierUILocales,

 		Backend: identifierBackend,
 	})
--- a/vendor/github.com/libregraph/lico/bootstrap/bootstrap.go
+++ b/vendor/github.com/libregraph/lico/bootstrap/bootstrap.go
@@ -33,7 +33,7 @@ import (
 	"strings"
 	"time"

-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/longsleep/rndm"
 	"github.com/sirupsen/logrus"

@@ -260,6 +260,9 @@ func (bs *bootstrap) initialize(settings *Settings) error {
 	if settings.IdentifierDefaultSignInPageText != "" {
 		bs.config.IdentifierDefaultSignInPageText = &settings.IdentifierDefaultSignInPageText
 	}
+	if settings.IdentifierDefaultLogoTargetURI != "" {
+		bs.config.IdentifierDefaultLogoTargetURI = &settings.IdentifierDefaultLogoTargetURI
+	}
 	if settings.IdentifierDefaultUsernameHintText != "" {
 		bs.config.IdentifierDefaultUsernameHintText = &settings.IdentifierDefaultUsernameHintText
 	}
--- a/vendor/github.com/libregraph/lico/bootstrap/config.go
+++ b/vendor/github.com/libregraph/lico/bootstrap/config.go
@@ -24,7 +24,7 @@ import (
 	"net/http"
 	"net/url"

-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"

 	"github.com/libregraph/lico/config"
 )
@@ -51,6 +51,7 @@ type Config struct {
 	IdentifierScopesConf              string
 	IdentifierDefaultBannerLogo       []byte
 	IdentifierDefaultSignInPageText   *string
+	IdentifierDefaultLogoTargetURI    *string
 	IdentifierDefaultUsernameHintText *string
 	IdentifierUILocales               []string

--- a/vendor/github.com/libregraph/lico/bootstrap/settings.go
+++ b/vendor/github.com/libregraph/lico/bootstrap/settings.go
@@ -44,6 +44,7 @@ type Settings struct {
 	IdentifierScopesConf              string
 	IdentifierDefaultBannerLogo       string
 	IdentifierDefaultSignInPageText   string
+	IdentifierDefaultLogoTargetURI    string
 	IdentifierDefaultUsernameHintText string
 	IdentifierUILocales               []string
 	SigningKid                        string
--- a/vendor/github.com/libregraph/lico/bootstrap/utils.go
+++ b/vendor/github.com/libregraph/lico/bootstrap/utils.go
@@ -16,10 +16,8 @@ import (
 	"strings"

 	"github.com/go-jose/go-jose/v3"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/sirupsen/logrus"
-
-	"github.com/libregraph/lico/signing"
 )

 func parseJSONWebKey(jsonBytes []byte) (*jose.JSONWebKey, error) {
@@ -297,7 +295,7 @@ func validateSigners(bs *bootstrap) error {
 		if !haveECDSA {
 			return fmt.Errorf("no private key for signing method: %s", bs.config.SigningMethod.Alg())
 		}
-	case *signing.SigningMethodEdwardsCurve:
+	case *jwt.SigningMethodEd25519:
 		if !haveEd25519 {
 			return fmt.Errorf("no private key for signing method: %s", bs.config.SigningMethod.Alg())
 		}
--- a/vendor/github.com/libregraph/lico/claims.go
+++ b/vendor/github.com/libregraph/lico/claims.go
@@ -20,7 +20,7 @@ package lico
 import (
 	"errors"

-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"

 	"github.com/libregraph/lico/oidc"
 	"github.com/libregraph/lico/oidc/payload"
@@ -67,7 +67,7 @@ const (

 // AccessTokenClaims define the claims found in access tokens issued.
 type AccessTokenClaims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims

 	TokenType TokenTypeValue `json:"lg.t"`

@@ -81,20 +81,16 @@ type AccessTokenClaims struct {
 	*oidc.SessionClaims
 }

-// Valid implements the jwt.Claims interface.
-func (c AccessTokenClaims) Valid() error {
-	if err := c.StandardClaims.Valid(); err != nil {
-		return err
+// Validate implements the jwt.ClaimsValidator interface.
+func (c AccessTokenClaims) Validate() error {
+	if !c.TokenType.Is(TokenTypeAccessToken) {
+		return errors.New("not an access token")
 	}
-	if c.IdentityClaims != nil {
-		if err := c.IdentityClaims.Valid(); err != nil {
-			return err
-		}
+	if len(c.Audience) != 1 {
+		return errors.New("access token must have exactly one audience value")
 	}
-	if c.TokenType.Is(TokenTypeAccessToken) {
-		return nil
-	}
-	return errors.New("not an access token")
+
+	return nil
 }

 // AuthorizedScopes returns a map with scope keys and true value of all scopes
@@ -110,7 +106,7 @@ func (c AccessTokenClaims) AuthorizedScopes() map[string]bool {

 // RefreshTokenClaims define the claims used by refresh tokens.
 type RefreshTokenClaims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims

 	TokenType TokenTypeValue `json:"lg.t"`

@@ -123,20 +119,17 @@ type RefreshTokenClaims struct {
 	IdentityProvider string        `json:"lg.p,omitempty"`
 }

-// Valid implements the jwt.Claims interface.
-func (c RefreshTokenClaims) Valid() error {
-	if err := c.StandardClaims.Valid(); err != nil {
-		return err
+// Validate implements the jwt.ClaimsValidator interface.
+func (c RefreshTokenClaims) Validate() error {
+	if !c.TokenType.Is(TokenTypeRefreshToken) {
+		return errors.New("not a refresh token")
 	}
-	if c.IdentityClaims != nil {
-		if err := c.IdentityClaims.Valid(); err != nil {
-			return err
-		}
+
+	if len(c.Audience) != 1 {
+		return errors.New("refresh token must have exactly one audience value")
 	}
-	if c.TokenType.Is(TokenTypeRefreshToken) {
-		return nil
-	}
-	return errors.New("not a refresh token")
+
+	return nil
 }

 // NumericIDClaims define the claims used with the konnect/id scope.
@@ -147,8 +140,8 @@ type NumericIDClaims struct {
 	NumericIDUsername string `json:"username,omitempty"`
 }

-// Valid implements the jwt.Claims interface.
-func (c NumericIDClaims) Valid() error {
+// Validate implements the jwt.ClaimsValidator interface.
+func (c NumericIDClaims) Validate() error {
 	if c.NumericIDUsername == "" {
 		return errors.New("username claim not valid")
 	}
@@ -160,8 +153,8 @@ type UniqueUserIDClaims struct {
 	UniqueUserID string `json:"lg.uuid,omitempty"`
 }

-// Valid implements the jwt.Claims interface.
-func (c UniqueUserIDClaims) Valid() error {
+// Validate implements the jwt.ClaimsValidator interface.
+func (c UniqueUserIDClaims) Validate() error {
 	if c.UniqueUserID == "" {
 		return errors.New("lg.uuid claim not valid")
 	}
--- a/vendor/github.com/libregraph/lico/context.go
+++ b/vendor/github.com/libregraph/lico/context.go
@@ -21,7 +21,7 @@ import (
 	"context"
 	"net/http"

-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )

 // key is an unexported type for keys defined in this package.
--- a/vendor/github.com/libregraph/lico/identifier/api.go
+++ b/vendor/github.com/libregraph/lico/identifier/api.go
@@ -47,10 +47,11 @@ func (i Identifier) writeHelloResponse(rw http.ResponseWriter, req *http.Request
 	response := &HelloResponse{
 		State: r.State,
 		Branding: &meta.Branding{
-			BannerLogo:       i.defaultBannerLogo,
-			UsernameHintText: i.Config.DefaultUsernameHintText,
-			SignInPageText:   i.Config.DefaultSignInPageText,
-			Locales:          i.Config.UILocales,
+			BannerLogo:        i.defaultBannerLogo,
+			UsernameHintText:  i.Config.DefaultUsernameHintText,
+			SignInPageText:    i.Config.DefaultSignInPageText,
+			SignInPageLogoURI: i.Config.DefaultSignInPageLogoURI,
+			Locales:           i.Config.UILocales,
 		},
 	}

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
OpenCloud Devops	f07377a2d1	🎉 Release 2.2.0 (#613 ) * 🎉 Release 2.2.0	2025-04-28 17:24:47 +02:00
Michael Barz	3593e0fa04	chore: remove docs workflows	2025-04-28 17:23:38 +02:00
Michael Barz	aa5471dcd2	feat: modify .env file to make the needed changes for keycloak and ldap	2025-04-28 17:22:18 +02:00
Michael Barz	631f6e1fb7	feat: add autoprovisioning with keycloak and openCloud LDAP scheme	2025-04-28 17:22:17 +02:00
Michael Barz	01a86f028a	feat!: Use synced directory (LDAP) for keycloak and opencloud	2025-04-28 17:22:17 +02:00
Michael Barz	bd0816bf5a	feat!: Remove the openCloud LDAP schema from the keycloak exampfeat!: Remove the openCloud LDAP schema from the keycloak example	2025-04-28 17:22:16 +02:00
Viktor Scharf	e99f99aa2f	chore: bump version v2.2.0 (#739 )	2025-04-28 17:06:55 +02:00
Jannik Stehle	d9316be939	chore(web): bump web to v2.3.0 (#738 )	2025-04-28 15:42:32 +02:00
Viktor Scharf	ecedf7dc6d	chore:reva bump v.2.32 (#737 )	2025-04-28 15:32:22 +02:00
Christian Richter	4dea7ed870	Merge pull request #684 from dragonchaser/idp_logo_config add new property IdentifierDefaultLogoTargetURI	2025-04-28 14:10:42 +02:00
Christian Richter	6c6033a830	switch back to upstream Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:43:21 +02:00
Christian Richter	1a79e1aa7a	bump to fix typo Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:36:13 +02:00
Christian Richter	002744afe4	fix jsx Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:36:13 +02:00
Christian Richter	96d83dbcd9	bump to changes in upstream PR Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:36:13 +02:00
Alex Ackermann	2882119c0b	feat: add react part	2025-04-28 13:36:13 +02:00
Christian Richter	d98b2bea3e	add missing entry to service.go Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:36:13 +02:00
Christian Richter	a327b36bc0	add missing variables Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:36:13 +02:00
Christian Richter	16307e036d	add new property IdentifierDefaultLogoTargetURI Signed-off-by: Christian Richter <c.richter@opencloud.eu>	2025-04-28 13:36:13 +02:00
Ralf Haferkamp	515cd1f978	Merge pull request #726 from opencloud-eu/dependabot/go_modules/golang.org/x/image-0.26.0 build(deps): bump golang.org/x/image from 0.25.0 to 0.26.0	2025-04-28 11:51:45 +02:00
dependabot[bot]	706aeaea8e	build(deps): bump golang.org/x/image from 0.25.0 to 0.26.0 Bumps [golang.org/x/image](https://github.com/golang/image) from 0.25.0 to 0.26.0. - [Commits](https://github.com/golang/image/compare/v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-version: 0.26.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-28 06:17:06 +00:00
Ralf Haferkamp	3f741fdfc7	Merge pull request #725 from opencloud-eu/dependabot/go_modules/golang.org/x/net-0.39.0 build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0	2025-04-28 08:14:56 +02:00
Ralf Haferkamp	ad14206d61	Merge pull request #724 from opencloud-eu/TheOneRing-patch-1 Update descirption of COLLABORA_SSL_ENABLE	2025-04-28 08:14:12 +02:00
dependabot[bot]	6f941d5ceb	build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.38.0 to 0.39.0. - [Commits](https://github.com/golang/net/compare/v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-25 14:34:40 +00:00
Hannah von Reth	42e65dd6e0	Update descirption of COLLABORA_SSL_ENABLE	2025-04-25 16:24:30 +02:00
Ralf Haferkamp	c9b2ced3ba	Merge pull request #722 from opencloud-eu/dependabot/go_modules/github.com/nats-io/nats.go-1.41.2 build(deps): bump github.com/nats-io/nats.go from 1.41.0 to 1.41.2	2025-04-25 11:49:59 +02:00
dependabot[bot]	54a510cad2	build(deps): bump github.com/nats-io/nats.go from 1.41.0 to 1.41.2 Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go) from 1.41.0 to 1.41.2. - [Release notes](https://github.com/nats-io/nats.go/releases) - [Commits](https://github.com/nats-io/nats.go/compare/v1.41.0...v1.41.2) --- updated-dependencies: - dependency-name: github.com/nats-io/nats.go dependency-version: 1.41.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-25 07:28:24 +00:00
Ralf Haferkamp	67ca132804	Merge pull request #721 from opencloud-eu/dependabot/go_modules/google.golang.org/grpc-1.72.0 build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0	2025-04-25 09:25:00 +02:00
dependabot[bot]	0f7e23d868	build(deps): bump google.golang.org/grpc from 1.71.1 to 1.72.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.71.1 to 1.72.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.71.1...v1.72.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.72.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-24 14:23:01 +00:00
Ralf Haferkamp	ef94ccc5c7	Merge pull request #602 from opencloud-eu/dependabot/go_modules/golang.org/x/oauth2-0.29.0 build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0	2025-04-24 10:00:20 +02:00
Ralf Haferkamp	1a6fa5601f	Merge pull request #714 from rhafer/makefile Makefile: fix protobuf dependencies	2025-04-24 09:41:18 +02:00
dependabot[bot]	5934e92abf	build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.28.0 to 0.29.0. - [Commits](https://github.com/golang/oauth2/compare/v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-24 07:15:00 +00:00
Ralf Haferkamp	e5b82afb0a	Merge pull request #666 from opencloud-eu/dependabot/npm_and_yarn/services/idp/testing-library/jest-dom-6.6.3 build(deps): bump @testing-library/jest-dom from 6.4.8 to 6.6.3 in /services/idp	2025-04-24 09:13:17 +02:00
Ralf Haferkamp	3774d2eb67	Merge pull request #641 from opencloud-eu/dependabot/go_modules/golang.org/x/text-0.24.0 build(deps): bump golang.org/x/text from 0.23.0 to 0.24.0	2025-04-24 09:11:56 +02:00
dependabot[bot]	0fc63da88e	build(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 Bumps [golang.org/x/text](https://github.com/golang/text) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-24 06:49:35 +00:00
Ralf Haferkamp	f1cec421c1	Makefile: fix protobuf dependencies Another fix to address "make -j" issues	2025-04-23 10:07:48 +02:00
Ralf Haferkamp	1becc86cfe	Merge pull request #709 from rhafer/makefile Some smaller Makefile adjustments	2025-04-23 08:40:08 +02:00
Viktor Scharf	8c7f723fd2	Merge pull request #699 from opencloud-eu/deploy_simple3 bare-metal-deploy. getting latest version	2025-04-22 17:11:20 +02:00
Ralf Haferkamp	d0837780b1	Makefile: fix idp dependencies The pnp-build step create the static assets tree. So make the other steps depend on it.	2025-04-22 17:07:55 +02:00
Ralf Haferkamp	f3230164cd	Makefile: graph depends on mockery	2025-04-22 17:07:01 +02:00
Ralf Haferkamp	24da3687d9	Makefile: remove unneeded recursion.mk The MAKE_DEPTH variable is not used anywhere anymore.	2025-04-22 16:57:17 +02:00
dependabot[bot]	a7fa8d5495	build(deps-dev): bump webpack from 5.96.1 to 5.99.6 in /services/idp (#707 ) Bumps [webpack](https://github.com/webpack/webpack) from 5.96.1 to 5.99.6. - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.96.1...v5.99.6) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.99.6 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-04-22 09:45:52 +02:00
dependabot[bot]	f91450bd95	build(deps): bump @testing-library/jest-dom in /services/idp Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.4.8 to 6.6.3. - [Release notes](https://github.com/testing-library/jest-dom/releases) - [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md) - [Commits](https://github.com/testing-library/jest-dom/compare/v6.4.8...v6.6.3) --- updated-dependencies: - dependency-name: "@testing-library/jest-dom" dependency-version: 6.6.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-22 07:13:14 +00:00
Viktor Scharf	f837c3dc79	bare-metal-deploy. getting latest version	2025-04-17 21:42:27 +02:00
Viktor Scharf	26808f7a12	Merge pull request #693 from opencloud-eu/fix-binary-release fix: binary release version	2025-04-17 14:48:52 +02:00
Michael Stingl	6f2fc6e224	Fix broken links in opencloud_full README.md (#643 ) * Fix broken links in opencloud_full README.md Fixes opencloud-eu/opencloud#621 * Update GitHub workflow to skip label check for PRs from forks	2025-04-17 13:57:13 +02:00
Michael Barz	850fbc071d	fix: binary release version	2025-04-17 13:54:16 +02:00
Jannik Stehle	0b3b09fc35	Merge pull request #692 from opencloud-eu/chore/fix-app-provider-names chore: fix app provider default names in opencloud_full deployment	2025-04-17 13:39:58 +02:00
Jannik Stehle	1dd12e1d7e	chore: fix app provider names in opencloud_full deployment The app provider is called `CollaboraOnline` in the deployment example, not `Collabora`. Also switches the default app to Collabora for all mime types since it's the only app provider running per default.	2025-04-17 12:27:11 +02:00
Florian Schade	900d596b65	fix(decomposeds3): enable async-uploads by default (#686 )	2025-04-17 09:17:53 +02:00
Viktor Scharf	41026c27f6	Merge pull request #688 from opencloud-eu/fix-bot fix: labels bot needs token for forks	2025-04-17 09:14:51 +02:00
Viktor Scharf	2f7e0c3fed	Merge pull request #687 from opencloud-eu/deploy_simple2 Automatically find the latest released version of opencloud	2025-04-17 09:10:42 +02:00
Michael Barz	396fb9cd11	fix: labels bot needs token for forks	2025-04-16 21:19:57 +02:00
Klaas Freitag	f31bdb08cf	Automatically find the latest released version of opencloud	2025-04-16 18:32:11 +02:00
Andre Duffeck	386807dae8	Merge pull request #679 from opencloud-eu/dependabot/go_modules/github.com/nats-io/nats-server/v2-2.11.1 build(deps): bump github.com/nats-io/nats-server/v2 from 2.11.0 to 2.11.1	2025-04-16 14:14:13 +02:00
Jörn Friedrich Dreyer	7eadc275e1	Merge pull request #669 from aduffeck/ceph-watcher Expose more config vars for the posix fs watchers	2025-04-16 11:58:38 +02:00
André Duffeck	f8c89b1c3d	Add deprecation notice for STORAGE_USERS_POSIX_WATCH_FOLDER_KAFKA_BROKERS	2025-04-16 11:09:30 +02:00
André Duffeck	8c9e05d1f0	Expose more config vars for the posix fs watchers	2025-04-16 11:08:03 +02:00
Jörn Friedrich Dreyer	83d3657c4d	Merge pull request #552 from aduffeck/expose-inotify-stats-frequency Add env var to make the inotify stats frequency configurable	2025-04-16 10:55:22 +02:00
dependabot[bot]	93c1131e78	build(deps): bump github.com/nats-io/nats-server/v2 Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/nats-io/nats-server/releases) - [Changelog](https://github.com/nats-io/nats-server/blob/main/.goreleaser.yml) - [Commits](https://github.com/nats-io/nats-server/compare/v2.11.0...v2.11.1) --- updated-dependencies: - dependency-name: github.com/nats-io/nats-server/v2 dependency-version: 2.11.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2025-04-16 07:45:21 +00:00
André Duffeck	91fd396c86	Add env var to make the inotify stats frequency configurable	2025-04-15 09:24:55 +02:00