run with full-ci

[full-ci]Remove mtime 500 issue from expected failure

.drone.env

@@ -1,3 +0,0 @@
-# The test runner source for UI tests
-WEB_COMMITID=8222156ec19d5a201ba3eb9293c1cd4516329400
-WEB_BRANCH=stable-11.0

.golangci.yml

@@ -5,7 +5,6 @@ linters:
   disable:
     - contextcheck # FIXME: causes panic in graph service
     - lll # 760 issues in the codebase
-    - exhaustivestruct
     - exhaustruct
     - exhaustive # 634 issues in the codebase
     - wrapcheck # 398 issues in the codebase
@@ -16,14 +15,12 @@ linters:
     - forbidigo
     - gochecknoglobals
     - nlreturn
-    - nosnakecase  # each 100-200 issues in codebase
     - gci
     - godot
     - funlen
-    - gomnd
     - gofumpt
     - ireturn
-    - goerr113
+    - err113
     - containedctx
     - paralleltest
     - gocritic # each 50-100 issues in codebase
@@ -31,8 +28,6 @@ linters:
     - cyclop
     - noctx
     - testpackage
-    - maligned
-    - golint
     - forcetypeassert
     - nonamedreturns
     - dupl

.make/go.mk

@@ -67,18 +67,6 @@ fmt:
 	@echo "- $(NAME): fmt"
 	gofmt -s -w $(SOURCES)
 
-.PHONY: golangci-lint-fix
-golangci-lint-fix: $(GOLANGCI_LINT)
-	$(GOLANGCI_LINT) run $(LINTERS) --fix
-
-.PHONY: golangci-lint
-golangci-lint: $(GOLANGCI_LINT)
-	$(GOLANGCI_LINT) run --path-prefix services/$(NAME)
-
-.PHONY: ci-golangci-lint
-ci-golangci-lint: $(GOLANGCI_LINT)
-	$(GOLANGCI_LINT) run --path-prefix services/$(NAME) --timeout 15m0s --issues-exit-code 0 --out-format checkstyle > checkstyle.xml
-
 .PHONY: test
 test:
 	@go test -v -tags '$(TAGS)' -coverprofile coverage.out ./...
@@ -122,3 +110,15 @@ debug-linux-docker-amd64: release-dirs
 		-ldflags '-extldflags "-static" $(DEBUG_LDFLAGS) $(DOCKER_LDFLAGS)' \
 		-o '$(DIST)/binaries/$(EXECUTABLE)-linux-amd64' \
 		./cmd/$(NAME)
+
+debug-linux-docker-arm64: release-dirs
+	GOOS=linux \
+	GOARCH=arm64 \
+	go build \
+        -gcflags="all=-N -l" \
+		-tags 'netgo $(TAGS)' \
+		-buildmode=exe \
+		-trimpath \
+		-ldflags '-extldflags "-static" $(DEBUG_LDFLAGS) $(DOCKER_LDFLAGS)' \
+		-o '$(DIST)/binaries/$(EXECUTABLE)-linux-arm64' \
+		./cmd/$(NAME)

.vscode/launch.json

@@ -101,6 +101,9 @@
         "APP_PROVIDER_GRPC_ADDR": "127.0.0.1:10164",
         "APP_REGISTRY_DEBUG_ADDR": "127.0.0.1:10243",
         "APP_REGISTRY_GRPC_ADDR": "127.0.0.1:10242",
+        "AUTH_APP_DEBUG_ADDR": "127.0.0.1:10245",
+        "AUTH_APP_GRPC_ADDR": "127.0.0.1:10246",
+        "AUTH_APP_HTTP_ADDR": "127.0.0.1:10247",
         "AUTH_BASIC_DEBUG_ADDR": "127.0.0.1:10147",
         "AUTH_BASIC_GRPC_ADDR": "127.0.0.1:10146",
         "AUTH_MACHINE_DEBUG_ADDR": "127.0.0.1:10167",

.woodpecker.env

@@ -0,0 +1,3 @@
+# The test runner source for UI tests
+WEB_COMMITID=a85b8b2f0b22d2e8fa133fee2dae8cc866c0c8c2
+WEB_BRANCH=main

CHANGELOG.md

@@ -0,0 +1,2 @@
+# Table of Contents
+

Makefile

@@ -213,20 +213,16 @@ protobuf:
     done
 
 .PHONY: golangci-lint
-golangci-lint:
-	@for mod in $(OC_MODULES); do \
-        $(MAKE) --no-print-directory -C $$mod golangci-lint; \
-    done
+golangci-lint: $(GOLANGCI_LINT)
+	$(GOLANGCI_LINT) run --modules-download-mode vendor --timeout 15m0s --issues-exit-code 0 --out-format checkstyle > checkstyle.xml
 
 .PHONY: ci-golangci-lint
-ci-golangci-lint: $(GOLANGCI_LINT)
+ci-golangci-lint:
 	$(GOLANGCI_LINT) run --modules-download-mode vendor --timeout 15m0s --issues-exit-code 0 --out-format checkstyle > checkstyle.xml
 
 .PHONY: golangci-lint-fix
-golangci-lint-fix:
-	@for mod in $(OC_MODULES); do \
-        $(MAKE) --no-print-directory -C $$mod golangci-lint-fix; \
-    done
+golangci-lint-fix: $(GOLANGCI_LINT)
+	$(GOLANGCI_LINT) run --fix --modules-download-mode vendor --timeout 15m0s --issues-exit-code 0 --out-format checkstyle > checkstyle.xml
 
 .PHONY: test-gherkin-lint
 test-gherkin-lint:
@@ -241,13 +237,13 @@ bingo-update: $(BINGO)
 	$(BINGO) get -l -v -t 20
 
 .PHONY: check-licenses
-check-licenses: ci-go-check-licenses ci-node-check-licenses
+check-licenses: $(GO_LICENSES) ci-go-check-licenses ci-node-check-licenses
 
 .PHONY: save-licenses
-save-licenses: ci-go-save-licenses ci-node-save-licenses
+save-licenses: $(GO_LICENSES) ci-go-save-licenses ci-node-save-licenses
 
 .PHONY: ci-go-check-licenses
-ci-go-check-licenses: $(GO_LICENSES)
+ci-go-check-licenses:
 	$(GO_LICENSES) check ./...
 
 .PHONY: ci-node-check-licenses
@@ -257,7 +253,7 @@ ci-node-check-licenses:
     done
 
 .PHONY: ci-go-save-licenses
-ci-go-save-licenses: $(GO_LICENSES)
+ci-go-save-licenses:
 	@mkdir -p ./third-party-licenses/go/opencloud/third-party-licenses
 	$(GO_LICENSES) csv ./... > ./third-party-licenses/go/opencloud/third-party-licenses.csv
 	$(GO_LICENSES) save ./... --force --save_path="./third-party-licenses/go/opencloud/third-party-licenses"

README.md

@@ -1,7 +1,8 @@
 ![OpenCloud logo](https://raw.githubusercontent.com/opencloud-eu/opencloud/refs/heads/main/opencloud_logo.png)
 
--[![Matrix](https://img.shields.io/matrix/opencloud%3Amatrix.org?logo=matrix)](https://app.element.io/#/room/#opencloud:matrix.org)
--[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![status-badge](https://ci.opencloud.eu/api/badges/3/status.svg)](https://ci.opencloud.eu/repos/3)
+ [![Matrix](https://img.shields.io/matrix/opencloud%3Amatrix.org?logo=matrix)](https://app.element.io/#/room/#opencloud:matrix.org)
+ [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
 # Server Backend
 

deployments/examples/bare-metal-simple/install.sh

@@ -37,7 +37,7 @@ function backup_file () {
 # URL pattern of the download file
 # https://github.com/opencloud-eu/opencloud/releases/download/v1.0.0/opencloud-1.0.0-linux-amd64
 
-dlversion="${OC_VERSION:-1.0.0}"
+dlversion="${OC_VERSION:-1.1.0}"
 dlurl="https://github.com/opencloud-eu/opencloud/releases/download/v${dlversion}/"
 
 sandbox="opencloud-sandbox-${dlversion}"

deployments/examples/opencloud_full/.env

@@ -50,11 +50,11 @@ OC_DOMAIN=
 ADMIN_PASSWORD=
 # Demo users should not be created on a production instance,
 # because their passwords are public. Defaults to "false".
-# Also see: https://doc.opencloud.eu/opencloud/latest/deployment/general/general-info.html#demo-users-and-groups
+# If demo users is set to "true", the following user accounts are created automatically:
+# alan, mary, margaret, dennis and lynn - the password is 'demo' for all.
 DEMO_USERS=
 # Define the openCloud loglevel used.
-# For more details see:
-# https://doc.opencloud.eu/opencloud/latest/deployment/services/env-vars-special-scope.html
+#
 LOG_LEVEL=
 # Define the kind of logging.
 # The default log can be read by machines.
@@ -64,8 +64,6 @@ LOG_LEVEL=
 # Define the openCloud storage location. Set the paths for config and data to a local path.
 # Note that especially the data directory can grow big.
 # Leaving it default stores data in docker internal volumes.
-# For more details see:
-# https://doc.opencloud.eu/opencloud/next/deployment/general/general-info.html#default-paths
 # OC_CONFIG_DIR=/your/local/opencloud/config
 # OC_DATA_DIR=/your/local/opencloud/data
 
@@ -74,7 +72,7 @@ LOG_LEVEL=
 # Per default, S3 storage is disabled and the decomposed storage driver is used.
 # To enable S3 storage, uncomment the following line and configure the S3 storage.
 # For more details see:
-# https://doc.opencloud.eu/opencloud/next/deployment/storage/decomposeds3.html
+# https://docs.opencloud.eu/docs/admin/configuration/storage-decomposeds3
 # Note: the leading colon is required to enable the service.
 #DECOMPOSEDS3=:decomposeds3.yml
 # Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes.
@@ -102,8 +100,7 @@ MINIO_DOMAIN=
 #POSIX=:posix.yml
 
 # Define SMPT settings if you would like to send OpenCloud email notifications.
-# For more details see:
-# https://doc.opencloud.eu/opencloud/latest/deployment/services/s-list/notifications.html
+# 
 # NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details.
 # SMTP host to connect to.
 SMTP_HOST=
@@ -205,7 +202,6 @@ COLLABORA_SSL_VERIFICATION=false
 
 
 ### Debugging - Monitoring ###
-# Please see documentation at: https://opencloud.dev/opencloud/deployment/monitoring-tracing/
 # Note: the leading colon is required to enable the service.
 #MONITORING=:monitoring_tracing/monitoring.yml
 

deployments/examples/opencloud_full/collabora.yml

@@ -53,7 +53,7 @@ services:
     restart: always
 
   collabora:
-    image: collabora/code:24.04.12.2.1
+    image: collabora/code:24.04.13.2.1
     # release notes: https://www.collaboraonline.com/release-notes/
     networks:
       opencloud-net:
@@ -80,6 +80,7 @@ services:
     logging:
       driver: ${LOG_DRIVER:-local}
     restart: always
-    command: ["bash", "-c", "coolconfig generate-proof-key ; /start-collabora-online.sh"]
+    entrypoint: ['/bin/bash', '-c']
+    command: ['coolconfig generate-proof-key && /start-collabora-online.sh']
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]

deployments/examples/opencloud_full/config/opencloud/apps.yaml

@@ -15,9 +15,3 @@ external-sites:
         color: "#E2BAFF"
         icon: cloud
         priority: 50
-      - name: Wikipedia
-        url: "https://www.wikipedia.org"
-        target: external
-        color: "#0D856F"
-        icon: book
-        priority: 51

deployments/examples/opencloud_full/config/opencloud/csp.yaml

@@ -6,7 +6,7 @@ directives:
     - 'blob:'
     - 'https://${COMPANION_DOMAIN|companion.opencloud.test}/'
     - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/'
-    - 'https://raw.githubusercontent.com/opencloud/awesome-apps/'
+    - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
   default-src:
     - '''none'''
   font-src:
@@ -26,7 +26,7 @@ directives:
     - '''self'''
     - 'data:'
     - 'blob:'
-    - 'https://raw.githubusercontent.com/opencloud/awesome-apps/'
+    - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
     # In contrary to bash and docker the default is given after the | character
     - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/'
     - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'

docs/intro.md

@@ -15,4 +15,3 @@ If you want to contribute to the dev docs, please visit [OpenCloud on Github](ht
 
 Contents will be transferred, during the build process.
 
-A change to trigger CI

go.mod

@@ -1,11 +1,11 @@
 module github.com/opencloud-eu/opencloud
 
-go 1.24.0
+go 1.24.1
 
 require (
 	dario.cat/mergo v1.0.1
 	github.com/CiscoM31/godata v1.0.10
-	github.com/KimMachineGun/automemlimit v0.7.0
+	github.com/KimMachineGun/automemlimit v0.7.1
 	github.com/Masterminds/semver v1.5.0
 	github.com/MicahParks/keyfunc/v2 v2.1.0
 	github.com/Nerzal/gocloak/v13 v13.9.0
@@ -13,7 +13,7 @@ require (
 	github.com/beevik/etree v1.5.0
 	github.com/blevesearch/bleve/v2 v2.4.4
 	github.com/cenkalti/backoff v2.2.1+incompatible
-	github.com/coreos/go-oidc/v3 v3.12.0
+	github.com/coreos/go-oidc/v3 v3.13.0
 	github.com/cs3org/go-cs3apis v0.0.0-20241105092511-3ad35d174fc1
 	github.com/davidbyttow/govips/v2 v2.16.0
 	github.com/dhowden/tag v0.0.0-20240417053706-3d75831295e8
@@ -21,7 +21,7 @@ require (
 	github.com/egirna/icap-client v0.1.1
 	github.com/gabriel-vasile/mimetype v1.4.8
 	github.com/ggwhite/go-masker v1.1.0
-	github.com/go-chi/chi/v5 v5.2.0
+	github.com/go-chi/chi/v5 v5.2.1
 	github.com/go-chi/render v1.0.3
 	github.com/go-ldap/ldap/v3 v3.4.10
 	github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3
@@ -35,78 +35,78 @@ require (
 	github.com/go-micro/plugins/v4/wrapper/trace/opentelemetry v1.2.0
 	github.com/go-playground/validator/v10 v10.25.0
 	github.com/gofrs/uuid v4.4.0+incompatible
-	github.com/golang-jwt/jwt/v5 v5.2.1
+	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/golang/protobuf v1.5.4
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-tika v0.3.1
 	github.com/google/uuid v1.6.0
 	github.com/gookit/config/v2 v2.2.5
 	github.com/gorilla/mux v1.8.1
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.0
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3
 	github.com/invopop/validation v0.8.0
 	github.com/jellydator/ttlcache/v2 v2.11.1
 	github.com/jellydator/ttlcache/v3 v3.3.0
 	github.com/jinzhu/now v1.1.5
 	github.com/justinas/alice v1.2.0
-	github.com/kovidgoyal/imaging v1.6.3
-	github.com/leonelquinteros/gotext v1.7.0
+	github.com/kovidgoyal/imaging v1.6.4
+	github.com/leonelquinteros/gotext v1.7.1
 	github.com/libregraph/idm v0.5.0
 	github.com/libregraph/lico v0.65.1
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/mna/pigeon v1.3.0
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
-	github.com/nats-io/nats-server/v2 v2.10.26
+	github.com/nats-io/nats-server/v2 v2.11.0
 	github.com/nats-io/nats.go v1.39.1
 	github.com/oklog/run v1.1.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/ginkgo/v2 v2.23.0
-	github.com/onsi/gomega v1.36.2
-	github.com/open-policy-agent/opa v1.1.0
-	github.com/opencloud-eu/reva/v2 v2.27.3-0.20250304172421-22b1ead80cdd
+	github.com/onsi/ginkgo/v2 v2.23.3
+	github.com/onsi/gomega v1.36.3
+	github.com/open-policy-agent/opa v1.2.0
+	github.com/opencloud-eu/reva/v2 v2.28.1-0.20250325103543-f3ec73475a58
 	github.com/orcaman/concurrent-map v1.0.0
 	github.com/owncloud/libre-graph-api-go v1.0.5-0.20240829135935-80dc00d6f5ea
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/xattr v0.4.10
 	github.com/prometheus/client_golang v1.21.1
 	github.com/r3labs/sse/v2 v2.10.0
-	github.com/riandyrn/otelchi v0.12.0
+	github.com/riandyrn/otelchi v0.12.1
 	github.com/rogpeppe/go-internal v1.14.1
 	github.com/rs/cors v1.11.1
 	github.com/rs/zerolog v1.33.0
-	github.com/shamaton/msgpack/v2 v2.2.2
+	github.com/shamaton/msgpack/v2 v2.2.3
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/afero v1.12.0
-	github.com/spf13/cobra v1.8.1
+	github.com/spf13/afero v1.14.0
+	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	github.com/test-go/testify v1.1.4
 	github.com/thejerf/suture/v4 v4.0.6
 	github.com/tidwall/gjson v1.18.0
-	github.com/tus/tusd/v2 v2.6.0
+	github.com/tus/tusd/v2 v2.7.1
 	github.com/unrolled/secure v1.16.0
 	github.com/urfave/cli/v2 v2.27.5
 	github.com/xhit/go-simple-mail/v2 v2.16.0
 	go-micro.dev/v4 v4.11.0
 	go.etcd.io/bbolt v1.4.0
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0
-	go.opentelemetry.io/contrib/zpages v0.57.0
+	go.opentelemetry.io/contrib/zpages v0.60.0
 	go.opentelemetry.io/otel v1.35.0
 	go.opentelemetry.io/otel/exporters/jaeger v1.17.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0
 	go.opentelemetry.io/otel/sdk v1.35.0
 	go.opentelemetry.io/otel/trace v1.35.0
-	golang.org/x/crypto v0.34.0
-	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
-	golang.org/x/image v0.24.0
-	golang.org/x/net v0.35.0
-	golang.org/x/oauth2 v0.26.0
-	golang.org/x/sync v0.11.0
-	golang.org/x/term v0.29.0
-	golang.org/x/text v0.22.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f
-	google.golang.org/grpc v1.70.0
-	google.golang.org/protobuf v1.36.3
+	golang.org/x/crypto v0.36.0
+	golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac
+	golang.org/x/image v0.25.0
+	golang.org/x/net v0.37.0
+	golang.org/x/oauth2 v0.28.0
+	golang.org/x/sync v0.12.0
+	golang.org/x/term v0.30.0
+	golang.org/x/text v0.23.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb
+	google.golang.org/grpc v1.71.0
+	google.golang.org/protobuf v1.36.5
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.5.2
 	stash.kopano.io/kgol/rndm v1.1.2
@@ -116,14 +116,13 @@ require (
 	contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v1.1.5 // indirect
 	github.com/RoaringBitmap/roaring v1.9.3 // indirect
-	github.com/agnivade/levenshtein v1.2.0 // indirect
+	github.com/agnivade/levenshtein v1.2.1 // indirect
 	github.com/ajg/form v1.5.1 // indirect
 	github.com/alexedwards/argon2id v1.0.0 // indirect
 	github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 // indirect
@@ -160,7 +159,7 @@ require (
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cornelk/hashmap v1.0.8 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
 	github.com/crewjam/saml v0.4.14 // indirect
 	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
@@ -198,7 +197,7 @@ require (
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
 	github.com/go-resty/resty/v2 v2.7.0 // indirect
-	github.com/go-sql-driver/mysql v1.9.0 // indirect
+	github.com/go-sql-driver/mysql v1.9.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/go-test/deep v1.1.0 // indirect
@@ -210,12 +209,13 @@ require (
 	github.com/goccy/go-yaml v1.11.2 // indirect
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gomodule/redigo v1.9.2 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/go-tpm v0.9.3 // indirect
 	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
 	github.com/google/renameio/v2 v2.0.0 // indirect
 	github.com/gookit/color v1.5.4 // indirect
@@ -254,7 +254,7 @@ require (
 	github.com/minio/crc64nvme v1.0.1 // indirect
 	github.com/minio/highwayhash v1.0.3 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
-	github.com/minio/minio-go/v7 v7.0.87 // indirect
+	github.com/minio/minio-go/v7 v7.0.88 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -274,7 +274,7 @@ require (
 	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/cachecontrol v0.2.0 // indirect
-	github.com/prometheus/alertmanager v0.27.0 // indirect
+	github.com/prometheus/alertmanager v0.28.1 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
@@ -288,9 +288,10 @@ require (
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sercand/kuberesolver/v5 v5.1.1 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/sethvargo/go-diceware v0.5.0 // indirect
 	github.com/sethvargo/go-password v0.3.1 // indirect
-	github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 // indirect
-	github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546 // indirect
+	github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c // indirect
+	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 // indirect
 	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/spacewander/go-suffix-tree v0.0.0-20191010040751-0865e368c784 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
@@ -308,24 +309,24 @@ require (
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.18 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.18 // indirect
-	go.etcd.io/etcd/client/v3 v3.5.18 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.20 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.20 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.20 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect
 	go.opentelemetry.io/otel/metric v1.35.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.23.0 // indirect
-	golang.org/x/mod v0.23.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/time v0.10.0 // indirect
-	golang.org/x/tools v0.30.0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	golang.org/x/tools v0.31.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
 	gopkg.in/cenkalti/backoff.v1 v1.1.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect

go.sum

@@ -61,15 +61,15 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0=
-github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/CiscoM31/godata v1.0.10 h1:DZdJ6M8QNh4HquvDDOqNLu6h77Wl86KGK7Qlbmb90sk=
 github.com/CiscoM31/godata v1.0.10/go.mod h1:ZMiT6JuD3Rm83HEtiTx4JEChsd25YCrxchKGag/sdTc=
 github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c h1:ocsNvQ2tNHme4v/lTs17HROamc7mFzZfzWcg4m+UXN0=
 github.com/DeepDiver1975/secure v0.0.0-20240611112133-abc838fb797c/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40=
-github.com/KimMachineGun/automemlimit v0.7.0 h1:7G06p/dMSf7G8E6oq+f2uOPuVncFyIlDI/pBWK49u88=
-github.com/KimMachineGun/automemlimit v0.7.0/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
+github.com/KimMachineGun/automemlimit v0.7.1 h1:QcG/0iCOLChjfUweIMC3YL5Xy9C3VBeNmCZHrZfJMBw=
+github.com/KimMachineGun/automemlimit v0.7.1/go.mod h1:QZxpHaGOQoYvFhv/r4u3U0JTC2ZcOwbSr11UZF46UBM=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
@@ -84,8 +84,6 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA
 github.com/Nerzal/gocloak/v13 v13.9.0 h1:YWsJsdM5b0yhM2Ba3MLydiOlujkBry4TtdzfIzSVZhw=
 github.com/Nerzal/gocloak/v13 v13.9.0/go.mod h1:YYuDcXZ7K2zKECyVP7pPqjKxx2AzYSpKDj8d6GuyM10=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
-github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks=
 github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4=
 github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
@@ -93,8 +91,8 @@ github.com/RoaringBitmap/roaring v1.9.3 h1:t4EbC5qQwnisr5PrP9nt0IRhRTb9gMUgQF4t4
 github.com/RoaringBitmap/roaring v1.9.3/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY=
-github.com/agnivade/levenshtein v1.2.0/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU=
+github.com/agnivade/levenshtein v1.2.1 h1:EHBY3UOn1gwdy/VbFwgo4cxecRznFk7fKWN1KOX7eoM=
+github.com/agnivade/levenshtein v1.2.1/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU=
 github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.0/go.mod h1:kX6YddBkXqqywAe8c9LyvgTCyFuZCTMF4cRPQhc3Fy8=
@@ -113,6 +111,8 @@ github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 h1:I9YN9WMo3SUh7p/
 github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964/go.mod h1:eFiR01PwTcpbzXtdMces7zxg6utvFM5puiWHpWB8D/k=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
+github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op h1:+OSa/t11TFhqfrX0EOSqQBDJ0YlpmK0rDSiB19dg9M0=
+github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op/go.mod h1:IUpT2DPAKh6i/YhSbt6Gl3v2yvUZjmKncl7U91fup7E=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
@@ -133,9 +133,8 @@ github.com/bbalet/stopwords v1.0.0/go.mod h1:sAWrQoDMfqARGIn4s6dp7OW7ISrshUD8IP2
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
 github.com/beevik/etree v1.5.0 h1:iaQZFSDS+3kYZiGoc9uKeOkUY3nYMXOKLl6KIJxiJWs=
 github.com/beevik/etree v1.5.0/go.mod h1:gPNJNaBGVZ9AwsidazFZyygnd+0pAU38N4D+WemwKNs=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
-github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
-github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -223,8 +222,8 @@ github.com/cloudflare/cloudflare-go v0.14.0/go.mod h1:EnwdgGMaFOruiPZRFSgn+TsQ3h
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-oidc/v3 v3.12.0 h1:sJk+8G2qq94rDI6ehZ71Bol3oUHy63qNYmkiSjrc/Jo=
-github.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0=
+github.com/coreos/go-oidc/v3 v3.13.0 h1:M66zd0pcc5VxvBNM4pB331Wrsanby+QomQYjN8HamW8=
+github.com/coreos/go-oidc/v3 v3.13.0/go.mod h1:HaZ3szPaZ0e4r6ebqvsLWlk2Tn+aejfmrfah6hnSYEU=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -236,9 +235,8 @@ github.com/cornelk/hashmap v1.0.8/go.mod h1:RfZb7JO3RviW/rT6emczVuC/oxpdz4UsSB2L
 github.com/cpu/goacmedns v0.1.1/go.mod h1:MuaouqEhPAHxsbqjgnck5zeghuwBP1dLnPoobeGqugQ=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
-github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo=
 github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
@@ -338,8 +336,8 @@ github.com/go-asn1-ber/asn1-ber v1.4.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkPro
 github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk=
 github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
-github.com/go-chi/chi/v5 v5.2.0 h1:Aj1EtB0qR2Rdo2dG4O94RIU35w2lvQSj6BRA4+qwFL0=
-github.com/go-chi/chi/v5 v5.2.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/chi/v5 v5.2.1 h1:KOIHODQj58PmL80G2Eak4WdvUzjSJSm0vG72crDCqb8=
+github.com/go-chi/chi/v5 v5.2.1/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-chi/render v1.0.3 h1:AsXqd2a1/INaIfUSKq3G5uA8weYx20FOsM7uSoCyyt4=
 github.com/go-chi/render v1.0.3/go.mod h1:/gr3hVkmYR0YlEy3LxCuVRFzEu9Ruok+gFqbIofjao0=
 github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
@@ -420,8 +418,8 @@ github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq
 github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
-github.com/go-sql-driver/mysql v1.9.0 h1:Y0zIbQXhQKmQgTp44Y1dp3wTXcn804QoTptLZT1vtvo=
-github.com/go-sql-driver/mysql v1.9.0/go.mod h1:pDetrLJeA3oMujJuvXc8RJoasr589B6A9fwzD3QMrqw=
+github.com/go-sql-driver/mysql v1.9.1 h1:FrjNGn/BsJQjVRuSa8CBrM5BWA9BWoXXat3KrtSb/iI=
+github.com/go-sql-driver/mysql v1.9.1/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
@@ -457,10 +455,10 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
-github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
-github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
-github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 h1:gtexQ/VGyN+VVFRXSFiguSNcXmS6rkKT+X7FdIrTtfo=
 github.com/golang/geo v0.0.0-20210211234256-740aa86cb551/go.mod h1:QZ0nwyI2jOfgRAoBvP+ab5aRr7c9x7lhGEJrKvBwjWI=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -530,6 +528,8 @@ github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/go-tika v0.3.1 h1:l+jr10hDhZjcgxFRfcQChRLo1bPXQeLFluMyvDhXTTA=
 github.com/google/go-tika v0.3.1/go.mod h1:DJh5N8qxXIl85QkqmXknd+PeeRkUOTbvwyYf7ieDz6c=
+github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc=
+github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -581,8 +581,8 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vb
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
 github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.0 h1:VD1gqscl4nYs1YxVuSdemTrSgTKrwOWDK0FVFMqm+Cg=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.0/go.mod h1:4EgsQoS4TOhJizV+JTFg40qx1Ofh3XmXEQNBpgvNT40=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI=
 github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
@@ -699,8 +699,8 @@ github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b/go.mod h1:o03bZfuBwAXH
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kovidgoyal/imaging v1.6.3 h1:iNPpv7ygiaB/NOztc6APMT7yr9UwBS+rOZwIbAdtyY8=
-github.com/kovidgoyal/imaging v1.6.3/go.mod h1:sHvcLOOVhJuto2IoNdPLEqnAUoL5ZfHEF0PpNH+882g=
+github.com/kovidgoyal/imaging v1.6.4 h1:K0idhRPXnRrJBKnBYcTfI1HTWSNDeAn7hYDvf9I0dCk=
+github.com/kovidgoyal/imaging v1.6.4/go.mod h1:bEIgsaZmXlvFfkv/CUxr9rJook6AQkJnpB5EPosRfRY=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -721,8 +721,8 @@ github.com/labstack/echo/v4 v4.1.11/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvf
 github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/leonelquinteros/gotext v1.7.0 h1:jcJmF4AXqyamP7vuw2MMIKs+O3jAEmvrc5JQiI8Ht/8=
-github.com/leonelquinteros/gotext v1.7.0/go.mod h1:qJdoQuERPpccw7L70uoU+K/BvTfRBHYsisCQyFLXyvw=
+github.com/leonelquinteros/gotext v1.7.1 h1:/JNPeE3lY5JeVYv2+KBpz39994W3W9fmZCGq3eO9Ri8=
+github.com/leonelquinteros/gotext v1.7.1/go.mod h1:I0WoFDn9u2D3VbPnnDPT8mzZu0iSXG8iih+AH2fHHqg=
 github.com/libregraph/idm v0.5.0 h1:tDMwKbAOZzdeDYMxVlY5PbSqRKO7dbAW9KT42A51WSk=
 github.com/libregraph/idm v0.5.0/go.mod h1:BGMwIQ/6orJSPVzJ1x6kgG2JyG9GY05YFmbsnaD80k0=
 github.com/libregraph/lico v0.65.1 h1:7ENAoAgbetZkJSwa1dMMP5WvXMTQ5E/3LI4uRDhwjEk=
@@ -789,8 +789,8 @@ github.com/minio/highwayhash v1.0.3 h1:kbnuUMoHYyVl7szWjSxJnxw11k2U709jqFPPmIUyD
 github.com/minio/highwayhash v1.0.3/go.mod h1:GGYsuwP/fPD6Y9hMiXuapVvlIUEhFhMTh0rxU3ik1LQ=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.87 h1:nkr9x0u53PespfxfUqxP3UYWiE2a41gaofgNnC4Y8WQ=
-github.com/minio/minio-go/v7 v7.0.87/go.mod h1:33+O8h0tO7pCeCWwBVa07RhVVfB/3vS4kEX7rwYKmIg=
+github.com/minio/minio-go/v7 v7.0.88 h1:v8MoIJjwYxOkehp+eiLIuvXk87P2raUtoU5klrAAshs=
+github.com/minio/minio-go/v7 v7.0.88/go.mod h1:33+O8h0tO7pCeCWwBVa07RhVVfB/3vS4kEX7rwYKmIg=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
@@ -827,8 +827,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nats-io/jwt/v2 v2.7.3 h1:6bNPK+FXgBeAqdj4cYQ0F8ViHRbi7woQLq4W29nUAzE=
 github.com/nats-io/jwt/v2 v2.7.3/go.mod h1:GvkcbHhKquj3pkioy5put1wvPxs78UlZ7D/pY+BgZk4=
-github.com/nats-io/nats-server/v2 v2.10.26 h1:2i3rAsn4x5/2eOt2NEmuI/iSb8zfHpIUI7yiaOWbo2c=
-github.com/nats-io/nats-server/v2 v2.10.26/go.mod h1:SGzoWGU8wUVnMr/HJhEMv4R8U4f7hF4zDygmRxpNsvg=
+github.com/nats-io/nats-server/v2 v2.11.0 h1:fdwAT1d6DZW/4LUz5rkvQUe5leGEwjjOQYntzVRKvjE=
+github.com/nats-io/nats-server/v2 v2.11.0/go.mod h1:leXySghbdtXSUmWem8K9McnJ6xbJOb0t9+NQ5HTRZjI=
 github.com/nats-io/nats.go v1.39.1 h1:oTkfKBmz7W047vRxV762M67ZdXeOtUgvbBaNoQ+3PPk=
 github.com/nats-io/nats.go v1.39.1/go.mod h1:MgRb8oOdigA6cYpEPhXJuRVH6UE/V4jblJ2jQ27IXYM=
 github.com/nats-io/nkeys v0.4.10 h1:glmRrpCmYLHByYcePvnTBEAwawwapjCPMjy2huw20wc=
@@ -856,17 +856,17 @@ github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.23.0 h1:FA1xjp8ieYDzlgS5ABTpdUDB7wtngggONc8a7ku2NqQ=
-github.com/onsi/ginkgo/v2 v2.23.0/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
+github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
-github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
-github.com/open-policy-agent/opa v1.1.0 h1:HMz2evdEMTyNqtdLjmu3Vyx06BmhNYAx67Yz3Ll9q2s=
-github.com/open-policy-agent/opa v1.1.0/go.mod h1:T1pASQ1/vwfTa+e2fYcfpLCvWgYtqtiUv+IuA/dLPQs=
-github.com/opencloud-eu/reva/v2 v2.27.3-0.20250304172421-22b1ead80cdd h1:n4w8SHHuk74HOHy7ZEsL6zw2N/SEarqr482jAh5C/p4=
-github.com/opencloud-eu/reva/v2 v2.27.3-0.20250304172421-22b1ead80cdd/go.mod h1:Zi6h/WupAKzY/umvteGJCY3q4GOvTyrlm4JZfiuHeds=
+github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
+github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/open-policy-agent/opa v1.2.0 h1:88NDVCM0of1eO6Z4AFeL3utTEtMuwloFmWWU7dRV1z0=
+github.com/open-policy-agent/opa v1.2.0/go.mod h1:30euUmOvuBoebRCcJ7DMF42bRBOPznvt0ACUMYDUGVY=
+github.com/opencloud-eu/reva/v2 v2.28.1-0.20250325103543-f3ec73475a58 h1:sWVVkEAz3EQOigCRQqbpgd+YzArj6HWbVUyDqtj4Frw=
+github.com/opencloud-eu/reva/v2 v2.28.1-0.20250325103543-f3ec73475a58/go.mod h1:BBTT/JIHofRQu1VdFStlXRlrwAMD3wCnVkNAx3jsfO8=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
@@ -911,8 +911,8 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
 github.com/pquerna/cachecontrol v0.2.0 h1:vBXSNuE5MYP9IJ5kjsdo8uq+w41jSPgvba2DEnkRx9k=
 github.com/pquerna/cachecontrol v0.2.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
 github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/prometheus/alertmanager v0.27.0 h1:V6nTa2J5V4s8TG4C4HtrBP/WNSebCCTYGGv4qecA/+I=
-github.com/prometheus/alertmanager v0.27.0/go.mod h1:8Ia/R3urPmbzJ8OsdvmZvIprDwvwmYCmUbwBL+jlPOE=
+github.com/prometheus/alertmanager v0.28.1 h1:BK5pCoAtaKg01BYRUJhEDV1tqJMEtYBGzPw8QdvnnvA=
+github.com/prometheus/alertmanager v0.28.1/go.mod h1:0StpPUDDHi1VXeM7p2yYfeZgLVi/PPlt39vo9LQUHxM=
 github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
@@ -969,8 +969,8 @@ github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKc
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ=
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/riandyrn/otelchi v0.12.0 h1:7aXphKyzut8849DDb/0LWyCPq4mfnikpggEmmW3b38U=
-github.com/riandyrn/otelchi v0.12.0/go.mod h1:weZZeUJURvtCcbWsdb7Y6F8KFZGedJlSrgUjq9VirV8=
+github.com/riandyrn/otelchi v0.12.1 h1:FdRKK3/RgZ/T+d+qTH5Uw3MFx0KwRF38SkdfTMMq/m8=
+github.com/riandyrn/otelchi v0.12.1/go.mod h1:weZZeUJURvtCcbWsdb7Y6F8KFZGedJlSrgUjq9VirV8=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -1004,17 +1004,19 @@ github.com/sercand/kuberesolver/v5 v5.1.1 h1:CYH+d67G0sGBj7q5wLK61yzqJJ8gLLC8aep
 github.com/sercand/kuberesolver/v5 v5.1.1/go.mod h1:Fs1KbKhVRnB2aDWN12NjKCB+RgYMWZJ294T3BtmVCpQ=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
+github.com/sethvargo/go-diceware v0.5.0 h1:exrQ7GpaBo00GqRVM1N8ChXSsi3oS7tjQiIehsD+yR0=
+github.com/sethvargo/go-diceware v0.5.0/go.mod h1:Lg1SyPS7yQO6BBgTN5r4f2MUDkqGfLWsOjHPY0kA8iw=
 github.com/sethvargo/go-password v0.3.1 h1:WqrLTjo7X6AcVYfC6R7GtSyuUQR9hGyAj/f1PYQZCJU=
 github.com/sethvargo/go-password v0.3.1/go.mod h1:rXofC1zT54N7R8K/h1WDUdkf9BOx5OptoxrMBcrXzvs=
-github.com/shamaton/msgpack/v2 v2.2.2 h1:GOIg0c9LV04VwzOOqZSrmsv/JzjNOOMxnS/HvOHGdgs=
-github.com/shamaton/msgpack/v2 v2.2.2/go.mod h1:6khjYnkx73f7VQU7wjcFS9DFjs+59naVWJv1TB7qdOI=
+github.com/shamaton/msgpack/v2 v2.2.3 h1:uDOHmxQySlvlUYfQwdjxyybAOzjlQsD1Vjy+4jmO9NM=
+github.com/shamaton/msgpack/v2 v2.2.3/go.mod h1:6khjYnkx73f7VQU7wjcFS9DFjs+59naVWJv1TB7qdOI=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
-github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749 h1:bUGsEnyNbVPw06Bs80sCeARAlK8lhwqGyi6UT8ymuGk=
-github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c h1:aqg5Vm5dwtvL+YgDpBcK1ITf3o96N/K7/wsRXQnUTEs=
+github.com/shurcooL/httpfs v0.0.0-20230704072500-f1e31cf0ba5c/go.mod h1:owqhoLW1qZoYLZzLnBw+QkPP9WZnjlSWihhxAJC1+/M=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546 h1:pXY9qYc/MP5zdvqWEUH6SjNiu7VhSjuVFTFiTcphaLU=
-github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
+github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 h1:OfRzdxCzDhp+rsKWXuOO2I/quKMJ/+TQwVbIP/gltZg=
+github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92/go.mod h1:7/OT02F6S6I7v6WXb+IjhMuZEYfH/RJ5RwEWnEo5BMg=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
@@ -1036,13 +1038,13 @@ github.com/spacewander/go-suffix-tree v0.0.0-20191010040751-0865e368c784/go.mod
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.4.1/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
-github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
-github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
+github.com/spf13/afero v1.14.0 h1:9tH6MapGnn/j0eb0yIXiLjERO8RB6xIVZRDCX7PtqWA=
+github.com/spf13/afero v1.14.0/go.mod h1:acJQ8t0ohCGuMN3O+Pv0V0hgMxNYDlvdk+VTfyZmbYo=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -1097,8 +1099,8 @@ github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208/go.mod h1:BzWtXXrXz
 github.com/transip/gotransip/v6 v6.2.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
 github.com/trustelem/zxcvbn v1.0.1 h1:mp4JFtzdDYGj9WYSD3KQSkwwUumWNFzXaAjckaTYpsc=
 github.com/trustelem/zxcvbn v1.0.1/go.mod h1:zonUyKeh7sw6psPf/e3DtRqkRyZvAbOfjNz/aO7YQ5s=
-github.com/tus/tusd/v2 v2.6.0 h1:Je243QDKnFTvm/WkLH2bd1oQ+7trolrflRWyuI0PdWI=
-github.com/tus/tusd/v2 v2.6.0/go.mod h1:1Eb1lBoSRBfYJ/mQfFVjyw8ZdNMdBqW17vgQKl3Ah9g=
+github.com/tus/tusd/v2 v2.7.1 h1:TGJjhv9RYXDmsTz8ug/qSd9vQpmD0Ik0G0IPo80Qmc0=
+github.com/tus/tusd/v2 v2.7.1/go.mod h1:PLdIMQ/ge+5ADgGKcL3FgTaPs+7wB0JIiI5HQXAiJE8=
 github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
 github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
@@ -1144,12 +1146,12 @@ github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.4.0 h1:TU77id3TnN/zKr7CO/uk+fBCwF2jGcMuw2B/FMAzYIk=
 go.etcd.io/bbolt v1.4.0/go.mod h1:AsD+OCi/qPN1giOX1aiLAha3o1U8rAz65bvN4j0sRuk=
-go.etcd.io/etcd/api/v3 v3.5.18 h1:Q4oDAKnmwqTo5lafvB+afbgCDF7E35E4EYV2g+FNGhs=
-go.etcd.io/etcd/api/v3 v3.5.18/go.mod h1:uY03Ob2H50077J7Qq0DeehjM/A9S8PhVfbQ1mSaMopU=
-go.etcd.io/etcd/client/pkg/v3 v3.5.18 h1:mZPOYw4h8rTk7TeJ5+3udUkfVGBqc+GCjOJYd68QgNM=
-go.etcd.io/etcd/client/pkg/v3 v3.5.18/go.mod h1:BxVf2o5wXG9ZJV+/Cu7QNUiJYk4A29sAhoI5tIRsCu4=
-go.etcd.io/etcd/client/v3 v3.5.18 h1:nvvYmNHGumkDjZhTHgVU36A9pykGa2K4lAJ0yY7hcXA=
-go.etcd.io/etcd/client/v3 v3.5.18/go.mod h1:kmemwOsPU9broExyhYsBxX4spCTDX3yLgPMWtpBXG6E=
+go.etcd.io/etcd/api/v3 v3.5.20 h1:aKfz3nPZECWoZJXMSH9y6h2adXjtOHaHTGEVCuCmaz0=
+go.etcd.io/etcd/api/v3 v3.5.20/go.mod h1:QqKGViq4KTgOG43dr/uH0vmGWIaoJY3ggFi6ZH0TH/U=
+go.etcd.io/etcd/client/pkg/v3 v3.5.20 h1:sZIAtra+xCo56gdf6BR62to/hiie5Bwl7hQIqMzVTEM=
+go.etcd.io/etcd/client/pkg/v3 v3.5.20/go.mod h1:qaOi1k4ZA9lVLejXNvyPABrVEe7VymMF2433yyRQ7O0=
+go.etcd.io/etcd/client/v3 v3.5.20 h1:jMT2MwQEhyvhQg49Cec+1ZHJzfUf6ZgcmV0GjPv0tIQ=
+go.etcd.io/etcd/client/v3 v3.5.20/go.mod h1:J5lbzYRMUR20YolS5UjlqqMcu3/wdEvG5VNBhzyo3m0=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -1162,20 +1164,20 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ=
-go.opentelemetry.io/contrib/zpages v0.57.0 h1:mHFZlTkyrUJcuBhpytPSaVPiVkqri96RKUDk01d83eQ=
-go.opentelemetry.io/contrib/zpages v0.57.0/go.mod h1:u/SScNsxj6TacMBA6KCJZjXVC1uwkdVgLFyHrOe0x9M=
+go.opentelemetry.io/contrib/zpages v0.60.0 h1:wOM9ie1Hz4H88L9KE6GrGbKJhfm+8F1NfW/Y3q9Xt+8=
+go.opentelemetry.io/contrib/zpages v0.60.0/go.mod h1:xqfToSRGh2MYUsfyErNz8jnNDPlnpZqWM/y6Z2Cx7xw=
 go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
 go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
 go.opentelemetry.io/otel/exporters/jaeger v1.17.0 h1:D7UpUy2Xc2wsi1Ras6V40q806WM07rqoCWzXu7Sqy+4=
 go.opentelemetry.io/otel/exporters/jaeger v1.17.0/go.mod h1:nPCqOnEH9rNLKqH/+rrUjiMzHJdV1BlpKcTwRTyKkKI=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 h1:tgJ0uaNS4c98WRNUEx5U3aDlrDOI5Rs+1Vifcw4DJ8U=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0/go.mod h1:U7HYyW0zt/a9x5J1Kjs+r1f/d4ZHnYFclhYY2+YbeoE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0 h1:m639+BofXTvcY1q8CGs4ItwQarYtJPOWmVobfM1HpVI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.35.0/go.mod h1:LjReUci/F4BUyv+y4dwnq3h/26iNOeC3wAIqgvTIZVo=
 go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
 go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
 go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
@@ -1196,8 +1198,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
-go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
@@ -1226,8 +1228,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.34.0 h1:+/C6tk6rf/+t5DhUketUbD1aNGqiSX3j15Z6xuIDlBA=
-golang.org/x/crypto v0.34.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1238,13 +1240,13 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
+golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac h1:l5+whBCLH3iH2ZNHYLbAe58bo7yrN4mVcnkHDYz5vvs=
+golang.org/x/exp v0.0.0-20250210185358-939b2ce775ac/go.mod h1:hH+7mtFmImwwcMvScyxUhjuVHR3HGaDPMn9rMSUUbxo=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E=
-golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
-golang.org/x/image v0.24.0/go.mod h1:4b/ITuLfqYq1hqZcjofwctIhi7sZh2WaCjvsBNjjya8=
+golang.org/x/image v0.25.0 h1:Y6uW6rH1y5y/LK1J8BPWZtr6yZ7hrsy6hFrXjgsc2fQ=
+golang.org/x/image v0.25.0/go.mod h1:tCAmOEGthTtkalusGp1g3xa2gke8J6c2N565dTyl9Rs=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1269,8 +1271,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1327,8 +1329,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1336,8 +1338,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
-golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1356,8 +1358,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1439,8 +1441,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1453,8 +1455,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1471,16 +1473,16 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
-golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1535,8 +1537,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
-golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1598,10 +1600,10 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
 google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
-google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f h1:gap6+3Gk41EItBuyi4XX/bp4oqJ3UwuIMl25yGinuAA=
-google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:Ic02D47M+zbarjYYUlK57y316f2MoN0gjAwI3f2S95o=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1617,8 +1619,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ=
-google.golang.org/grpc v1.70.0/go.mod h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
+google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
+google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e h1:m7aQHHqd0q89mRwhwS9Bx2rjyl/hsFAeta+uGrHsQaU=
 google.golang.org/grpc/examples v0.0.0-20211102180624-670c133e568e/go.mod h1:gID3PKrg7pWKntu9Ss6zTLJ0ttC0X9IHgREOCZwbCVU=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -1635,8 +1637,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.36.3 h1:82DV7MYdb8anAVi3qge1wSnMDrnKK7ebr+I0hHRN1BU=
-google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/cenkalti/backoff.v1 v1.1.0 h1:Arh75ttbsvlpVA7WtVpH4u9h6Zl46xuptxqLxPiSo4Y=
 gopkg.in/cenkalti/backoff.v1 v1.1.0/go.mod h1:J6Vskwqd+OMVJl8C33mmtxTBs2gyzfv7UDAkHu8BrjI=

opencloud/Makefile

@@ -7,7 +7,9 @@ ifdef ENABLE_VIPS
 	TAGS := ${TAGS},enable_vips
 endif
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../.bingo/Variables.mk
+endif
 include ../.make/default.mk
 include ../.make/recursion.mk
 include ../.make/go.mk
@@ -28,16 +30,10 @@ dev-docker-multiarch:
 	docker buildx rm opencloudbuilder || true
 	docker buildx create --platform linux/arm64,linux/amd64 --name opencloudbuilder
 	docker buildx use opencloudbuilder
-	cd .. && docker buildx build --platform linux/arm64,linux/amd64 --output type=docker --file opencloud/docker/Dockerfile.linux.multiarch --tag opencloud-eu/opencloud:dev-multiarch .
+	cd .. && docker buildx build --platform linux/arm64,linux/amd64 --output type=docker --file opencloud/docker/Dockerfile.multiarch --tag opencloudeu/opencloud:dev-multiarch .
 	docker buildx rm opencloudbuilder
 
 .PHONY: debug-docker
 debug-docker:
 	$(MAKE) --no-print-directory debug-linux-docker-$(GOARCH)
-	docker build -f docker/Dockerfile.linux.debug.$(GOARCH) -t opencloud-eu/opencloud:debug .
-
-.PHONY: node-generate-prod
-node-generate-prod: # opencloud needs assets of all other modules
-	@if [ $(MAKE_DEPTH) -le 1 ]; then \
-	$(MAKE) --no-print-directory -C .. node-generate-prod \
-	; fi;
+	docker build -f docker/Dockerfile.linux.debug.$(GOARCH) -t opencloudeu/opencloud:debug .

opencloud/docker/Dockerfile.linux.amd64

@@ -1,4 +1,4 @@
-FROM amd64/alpine:3.20
+FROM amd64/alpine:3.21
 
 ARG VERSION=""
 ARG REVISION=""

opencloud/docker/Dockerfile.linux.arm64

@@ -1,4 +1,4 @@
-FROM arm64v8/alpine:3.20
+FROM arm64v8/alpine:3.21
 
 ARG VERSION=""
 ARG REVISION=""

opencloud/docker/Dockerfile.linux.debug.amd64

@@ -1,4 +1,4 @@
-FROM amd64/alpine:latest
+FROM amd64/alpine:edge
 
 ARG VERSION=""
 ARG REVISION=""

opencloud/docker/Dockerfile.linux.debug.arm64

@@ -0,0 +1,41 @@
+FROM arm64v8/alpine:edge
+
+ARG VERSION=""
+ARG REVISION=""
+
+RUN apk add --no-cache attr bash ca-certificates curl delve inotify-tools libc6-compat mailcap tree vips patch && \
+	echo 'hosts: files dns' >| /etc/nsswitch.conf
+
+LABEL maintainer="OpenCloud GmbH <devops@opencloud.eu>" \
+  org.opencontainers.image.title="OpenCloud" \
+  org.opencontainers.image.vendor="OpenCloud GmbH" \
+  org.opencontainers.image.authors="OpenCloud GmbH" \
+  org.opencontainers.image.description="OpenCloud is a modern file-sync and share platform" \
+  org.opencontainers.image.licenses="Apache-2.0" \
+  org.opencontainers.image.documentation="https://github.com/opencloud-eu/opencloud" \
+  org.opencontainers.image.url="https://hub.docker.com/r/opencloud-eu/opencloud" \
+  org.opencontainers.image.source="https://github.com/opencloud-eu/opencloud" \
+  org.opencontainers.image.version="${VERSION}" \
+  org.opencontainers.image.revision="${REVISION}"
+
+RUN addgroup -g 1000 -S opencloud-group && \
+  adduser -S --ingroup opencloud-group --uid 1000 opencloud-user --home /var/lib/opencloud
+
+RUN mkdir -p /var/lib/opencloud && \
+ chown -R opencloud-user:opencloud-group /var/lib/opencloud && \
+ chmod -R 751 /var/lib/opencloud && \
+ mkdir -p /etc/opencloud && \
+ chown -R opencloud-user:opencloud-group /etc/opencloud && \
+ chmod -R 751 /etc/opencloud
+
+VOLUME [ "/var/lib/opencloud", "/etc/opencloud" ]
+WORKDIR /var/lib/opencloud
+
+USER 1000
+
+EXPOSE 9200/tcp
+
+ENTRYPOINT ["/usr/bin/opencloud"]
+CMD ["server"]
+
+COPY dist/binaries/opencloud-linux-arm64 /usr/bin/opencloud

opencloud/docker/Dockerfile.multiarch

@@ -1,14 +1,15 @@
-FROM golang:alpine3.20 AS build
+FROM golang:alpine3.21 AS build
 ARG TARGETOS
 ARG TARGETARCH
+ARG VERSION
+ARG STRING
 
 RUN apk add bash make git curl gcc musl-dev libc-dev binutils-gold inotify-tools vips-dev
 
-COPY ./ /opencloud/
+COPY ../ /opencloud/
 
 WORKDIR /opencloud
 RUN GOOS="${TARGETOS:-linux}" GOARCH="${TARGETARCH:-amd64}" ; \
-    make go-generate ; \
     make -C opencloud release-linux-docker-${TARGETARCH} ENABLE_VIPS=true
 
 FROM alpine:3.20

opencloud/pkg/backup/backup.go

@@ -28,7 +28,7 @@ var (
 
 	// regex to determine if a node is trashed or versioned.
 	// 9113a718-8285-4b32-9042-f930f1a58ac2.REV.2024-05-22T07:32:53.89969726Z
-	_versionRegex = regexp.MustCompile(`\.REV\.[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]+)?Z$`)
+	_versionRegex = regexp.MustCompile(`\.REV\.[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]+)?Z(\.\d+)?$`)
 	//   9113a718-8285-4b32-9042-f930f1a58ac2.T.2024-05-23T08:25:20.006571811Z <- this HAS a symlink
 	_trashRegex = regexp.MustCompile(`\.T\.[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]+)?Z$`)
 )

opencloud/pkg/command/decomposedfs.go

@@ -313,9 +313,9 @@ func setCmd(cfg *config.Config) *cli.Command {
 func backend(root, backend string) metadata.Backend {
 	switch backend {
 	case "xattrs":
-		return metadata.NewXattrsBackend(root, cache.Config{})
+		return metadata.NewXattrsBackend(cache.Config{})
 	case "mpk":
-		return metadata.NewMessagePackBackend(root, cache.Config{})
+		return metadata.NewMessagePackBackend(cache.Config{})
 	}
 	return metadata.NullBackend{}
 }

opencloud/pkg/runtime/service/service.go

@@ -11,17 +11,9 @@ import (
 	"strings"
 	"time"
 
-	authapp "github.com/opencloud-eu/opencloud/services/auth-app/pkg/command"
-
 	"github.com/cenkalti/backoff"
 	"github.com/mohae/deepcopy"
 	"github.com/olekukonko/tablewriter"
-	notifications "github.com/opencloud-eu/opencloud/services/notifications/pkg/command"
-	"github.com/opencloud-eu/reva/v2/pkg/events/stream"
-	"github.com/opencloud-eu/reva/v2/pkg/logger"
-	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
-	"github.com/thejerf/suture/v4"
-
 	occfg "github.com/opencloud-eu/opencloud/pkg/config"
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	ogrpc "github.com/opencloud-eu/opencloud/pkg/service/grpc"
@@ -31,6 +23,7 @@ import (
 	appProvider "github.com/opencloud-eu/opencloud/services/app-provider/pkg/command"
 	appRegistry "github.com/opencloud-eu/opencloud/services/app-registry/pkg/command"
 	audit "github.com/opencloud-eu/opencloud/services/audit/pkg/command"
+	authapp "github.com/opencloud-eu/opencloud/services/auth-app/pkg/command"
 	authbasic "github.com/opencloud-eu/opencloud/services/auth-basic/pkg/command"
 	authmachine "github.com/opencloud-eu/opencloud/services/auth-machine/pkg/command"
 	authservice "github.com/opencloud-eu/opencloud/services/auth-service/pkg/command"
@@ -44,6 +37,7 @@ import (
 	idp "github.com/opencloud-eu/opencloud/services/idp/pkg/command"
 	invitations "github.com/opencloud-eu/opencloud/services/invitations/pkg/command"
 	nats "github.com/opencloud-eu/opencloud/services/nats/pkg/command"
+	notifications "github.com/opencloud-eu/opencloud/services/notifications/pkg/command"
 	ocdav "github.com/opencloud-eu/opencloud/services/ocdav/pkg/command"
 	ocm "github.com/opencloud-eu/opencloud/services/ocm/pkg/command"
 	ocs "github.com/opencloud-eu/opencloud/services/ocs/pkg/command"
@@ -64,6 +58,10 @@ import (
 	web "github.com/opencloud-eu/opencloud/services/web/pkg/command"
 	webdav "github.com/opencloud-eu/opencloud/services/webdav/pkg/command"
 	webfinger "github.com/opencloud-eu/opencloud/services/webfinger/pkg/command"
+	"github.com/opencloud-eu/reva/v2/pkg/events/stream"
+	"github.com/opencloud-eu/reva/v2/pkg/logger"
+	"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
+	"github.com/thejerf/suture/v4"
 )
 
 var (
@@ -160,6 +158,11 @@ func NewService(ctx context.Context, options ...Option) (*Service, error) {
 		cfg.AppRegistry.Commons = cfg.Commons
 		return appRegistry.Execute(cfg.AppRegistry)
 	})
+	reg(3, opts.Config.AuthApp.Service.Name, func(ctx context.Context, cfg *occfg.Config) error {
+		cfg.AuthApp.Context = ctx
+		cfg.AuthApp.Commons = cfg.Commons
+		return authapp.Execute(cfg.AuthApp)
+	})
 	reg(3, opts.Config.AuthBasic.Service.Name, func(ctx context.Context, cfg *occfg.Config) error {
 		cfg.AuthBasic.Context = ctx
 		cfg.AuthBasic.Commons = cfg.Commons
@@ -324,11 +327,6 @@ func NewService(ctx context.Context, options ...Option) (*Service, error) {
 		cfg.Audit.Commons = cfg.Commons
 		return audit.Execute(cfg.Audit)
 	})
-	areg(opts.Config.AuthApp.Service.Name, func(ctx context.Context, cfg *occfg.Config) error {
-		cfg.AuthApp.Context = ctx
-		cfg.AuthApp.Commons = cfg.Commons
-		return authapp.Execute(cfg.AuthApp)
-	})
 	areg(opts.Config.Policies.Service.Name, func(ctx context.Context, cfg *occfg.Config) error {
 		cfg.Policies.Context = ctx
 		cfg.Policies.Commons = cfg.Commons

pkg/Makefile

@@ -1,7 +1,9 @@
 SHELL := bash
 NAME := pkg
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../.bingo/Variables.mk
+endif
 include ../.make/default.mk
 include ../.make/recursion.mk
 include ../.make/go.mk

pkg/version/version.go

@@ -16,7 +16,7 @@ var (
 	// LatestTag is the latest released version plus the dev meta version.
 	// Will be overwritten by the release pipeline
 	// Needs a manual change for every tagged release
-	LatestTag = "1.0.0+dev"
+	LatestTag = "1.1.0+dev"
 
 	// Date indicates the build date.
 	// This has been removed, it looks like you can only replace static strings with recent go versions

protogen/Makefile

@@ -1,7 +1,9 @@
 SHELL := bash
 NAME := protogen
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../.bingo/Variables.mk
+endif
 include ../.make/default.mk
 include ../.make/recursion.mk
 include ../.make/generate.mk

services/activitylog/Makefile

@@ -3,7 +3,10 @@ NAME := activitylog
 OUTPUT_DIR = ./pkg/service/l10n
 TEMPLATE_FILE = ./pkg/service/l10n/activitylog.pot
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/antivirus/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := antivirus
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/antivirus/pkg/scanners/mocks/scanner.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/app-provider/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := app-provider
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/app-registry/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := app-registry
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/audit/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := audit
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/auth-app/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := auth-app
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/auth-app/README.md

@@ -1,53 +1,44 @@
 # Auth-App
 
-The auth-app service provides authentication for 3rd party apps.
+The auth-app service provides authentication for 3rd party apps unable to use
+OpenID Connect. The service is enabled by default and started automatically. It
+is possible to disable the service by setting:
 
-## The `auth` Service Family
-
-OpenCloud uses serveral authentication services for different use cases. All services that start with `auth-` are part of the authentication service family. Each member authenticates requests with different scopes. As of now, these services exist:
-  -   `auth-app` handles authentication of external 3rd party apps
-  -   `auth-basic` handles basic authentication
-  -   `auth-bearer` handles oidc authentication
-  -   `auth-machine` handles interservice authentication when a user is impersonated
-  -   `auth-service` handles interservice authentication when using service accounts
-
-## Service Startup
-
-Because this service is not started automatically, a manual start needs to be initiated which can be done in several ways. To configure the service usage, an environment variable for the proxy service needs to be set to allow app authentication.
 ```bash
-OC_ADD_RUN_SERVICES=auth-app  # deployment specific. Add the service to the manual startup list, use with binary deployments. Alternatively you can start the service explicitly via the command line.
-PROXY_ENABLE_APP_AUTH=true      # mandatory, allow app authentication. In case of a distributed environment, this envvar needs to be set in the proxy service.
+OC_EXCLUDE_RUN_SERVICES=auth-app # deployment specific. Removes service from the list of automatically started services, use with single-binary deployments
+PROXY_ENABLE_APP_AUTH=false      # mandatory, disables app authentication. In case of a distributed environment, this envvar needs to be set in the proxy service.
 ```
 
 ## App Tokens
 
-App Tokens are used to authenticate 3rd party access via https like when using curl (apps) to access an API endpoint. These apps need to authenticate themselves as no logged in user authenticates the request. To be able to use an app token, one must first create a token. There are different options of creating a token.
+App Tokens are password specifically generated to be used by 3rd party applications
+for authentication when accessing the OpenCloud API endpoints. To
+be able to use an app token, one must first create a token. There are different
+options of creating a token.
 
-### Via CLI (dev only)
+## Important Security Note
 
-Replace the `user-name` with an existing user. For the `token-expiration`, you can use any time abbreviation from the following list: `h, m, s`. Examples: `72h` or `1h` or `1m` or `1s.` Default is `72h`.
+When using an external IDP for authentication, App Token are NOT invalidated
+when the user is disabled or locked in that external IDP. That means the user
+will still be able to use its existing App Tokens for authentication for as
+long as the App Tokes are valid.
 
-```bash
-opencloud auth-app create --user-name={user-name} --expiration={token-expiration}
-```
-
-Once generated, these tokens can be used to authenticate requests to OpenCloud. They are passed as part of the request as `Basic Auth` header.
+## Managing App Tokens
 
 ### Via API
 
-The `auth-app` service provides an API to create (POST), list (GET) and delete (DELETE) tokens at the `/auth-app/tokens` endpoint.
+Please note: This API is preliminary. In the future we will provide endpoints
+in the `graph` service for allowing the management of App Tokens.
 
-When using curl for the respective command, you need to authenticate with a header. To do so, get from the browsers developer console the currently active bearer token. Consider that this token has a short lifetime. In any example, replace `<your host[:port]>` with the URL:port of your OpenCloud instance, and `{token}`  `{value}` accordingly. Note that the active bearer token authenticates the user the token was issued for.
+The `auth-app` service provides an API to create (POST), list (GET) and delete (DELETE) tokens at the `/auth-app/tokens` endpoint.
 
 * **Create a token**\
   The POST request requires:
   * A `expiry` key/value pair in the form of `expiry=<number><h|m|s>`\
     Example: `expiry=72h`
-  * An active bearer token
   ```bash
   curl --request POST 'https://<your host:9200>/auth-app/tokens?expiry={value}' \
-       --header 'accept: application/json' \
-       --header 'authorization: Bearer {token}'
+       --header 'accept: application/json'
   ```
   Example output:
   ```
@@ -59,14 +50,19 @@ When using curl for the respective command, you need to authenticate with a head
   }
   ```
 
+  Note, that this is the only time the app token will be returned in cleartext. To use the token
+  please copy it from the response.
+
 * **List tokens**\
-  The GET request only requires an active bearer token for authentication:\
-  Note that `--request GET` is technically not required because it is curl default. 
   ```bash
   curl --request GET 'https://<your host:9200>/auth-app/tokens' \
-       --header 'accept: application/json' \
-       --header 'authorization: Bearer {token}'
+       --header 'accept: application/json'
   ```
+
+  Note that the `token` value in the response to the "List Tokens` request is not the actual
+  app token, but a hashed value of the token. So this value cannot be used for authenticating
+  with the token.
+
   Example output:
   ```
   [
@@ -87,20 +83,23 @@ When using curl for the respective command, you need to authenticate with a head
 
 * **Delete a token**\
   The DELETE request requires:
-  * A `token` key/value pair in the form of `token=<token_issued>`\
-    Example: `token=Z3s2K7816M4vuSpd5`
-  * An active bearer token
+  * A `token` key/value pair in the form of `token=<token_issued>`. The value needs to be the hashed value as returned by the `List Tokens` respone.\
+    Example: `token=$2$Z3s2K7816M4vuSpd5`
   ```bash
   curl --request DELETE 'https://<your host:9200>/auth-app/tokens?token={value}' \
-       --header 'accept: application/json' \
-       --header 'authorization: Bearer {token}'
+       --header 'accept: application/json'
   ```
 
 ### Via Impersonation API
 
-When setting the environment variable `AUTH_APP_ENABLE_IMPERSONATION` to `true`, admins will be able to use the `/auth-app/tokens` endpoint to create tokens for other users but using their own bearer token for authentication. This can be important for migration scenarios, but should not be considered for regular tasks on a production system for security reasons.
+When setting the environment variable `AUTH_APP_ENABLE_IMPERSONATION` to
+`true`, admins will be able to use the `/auth-app/tokens` endpoint to create
+tokens for other users. This can be important for migration scenarios, but
+should not be considered for regular tasks on a production system for security
+reasons.
 
-To impersonate, the respective requests from the CLI commands above extend with the following parameters, where you can use one or the other:
+To impersonate, the respective requests from the CLI commands above extend with
+the following parameters, where you can use one or the other:
 
 * The `userID` in the form of: `userID={value}`\
   Example:\
@@ -114,6 +113,27 @@ Example:\
 A final create request would then look like:
 ```bash
 curl --request POST 'https://<your host:9200>/auth-app/tokens?expiry={value}&userName={value}' \
-     --header 'accept: application/json' \
-     --header 'authorization: Bearer {token}'
+     --header 'accept: application/json'
+```
+
+### Via CLI (developer only)
+
+As the CLI is using the internal CS3Apis this needs access to the reva gateway
+service. This is mainly of developer (and admin) usage.
+Replace the `user-name` with an existing user. For the `token-expiration`, you
+can use any time abbreviation from the following list: `h, m, s`. Examples:
+`72h` or `1h` or `1m` or `1s.` Default is `72h`.
+
+```bash
+opencloud auth-app create --user-name={user-name} --expiration={token-expiration}
+```
+
+## Authenticating using App Tokens
+
+To autenticate using an App Token simply use the username for which token was generated
+and the token value as returned by the "Create Token" request.
+
+```bash
+curl -u <username>:<tokenvalue> 'https://<your host>/graph/v1.0/me' \
+     --header 'accept: application/json'
 ```

services/auth-app/pkg/config/config.go

@@ -28,9 +28,40 @@ type Config struct {
 
 	AllowImpersonation bool `yaml:"allow_impersonation" env:"AUTH_APP_ENABLE_IMPERSONATION" desc:"Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments." introductionVersion:"1.0.0"`
 
+	StorageDriver  string         `yaml:"storage_driver" env:"AUTH_APP_STORAGE_DRIVER" desc:"Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'." introductionVersion:"%%NEXT%%"`
+	StorageDrivers StorageDrivers `yaml:"storage_drivers"`
+
 	Context context.Context `yaml:"-"`
 }
 
+type StorageDrivers struct {
+	JSONCS3 JSONCS3Driver `yaml:"jsoncs3"`
+}
+
+type JSONCS3Driver struct {
+	ProviderAddr             string                   `yaml:"provider_addr" env:"AUTH_APP_JSONCS3_PROVIDER_ADDR" desc:"GRPC address of the STORAGE-SYSTEM service." introductionVersion:"%%NEXT%%"`
+	SystemUserID             string                   `yaml:"system_user_id" env:"OC_SYSTEM_USER_ID;AUTH_APP_JSONCS3_SYSTEM_USER_ID" desc:"ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format." introductionVersion:"%%NEXT%%"`
+	SystemUserIDP            string                   `yaml:"system_user_idp" env:"OC_SYSTEM_USER_IDP;AUTH_APP_JSONCS3_SYSTEM_USER_IDP" desc:"IDP of the OpenCloud STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"`
+	SystemUserAPIKey         string                   `yaml:"system_user_api_key" env:"OC_SYSTEM_USER_API_KEY;AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY" desc:"API key for the STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"`
+	PasswordGenerator        string                   `yaml:"password_generator" env:"AUTH_APP_JSONCS3_PASSWORD_GENERATOR" desc:"The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'." introductionVersion:"%%NEXT%%"`
+	PasswordGeneratorOptions PasswordGeneratorOptions `yaml:"password_generator_options"`
+}
+
+type PasswordGeneratorOptions struct {
+	DicewareOptions DicewareOptions `yaml:"diceware"`
+	RandPWOpts      RandPWOpts      `yaml:"randon"`
+}
+
+// DicewareOptions defines the config options for the "diceware" password generator
+type DicewareOptions struct {
+	NumberOfWords int `yaml:"number_of_words" env:"AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS" desc:"The number of words the generated passphrase will have." introductionVersion:"%%NEXT%%"`
+}
+
+// RandPWOpts defines the config options for the "random" password generator
+type RandPWOpts struct {
+	PasswordLength int `yaml:"password_length" env:"AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH" desc:"The number of charactors the generated passwords will have." introductionVersion:"%%NEXT%%"`
+}
+
 // Log defines the loging configuration
 type Log struct {
 	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`

services/auth-app/pkg/config/defaults/defaultconfig.go

@@ -44,6 +44,19 @@ func DefaultConfig() *config.Config {
 		Service: config.Service{
 			Name: "auth-app",
 		},
+		StorageDriver: "jsoncs3",
+		StorageDrivers: config.StorageDrivers{
+			JSONCS3: config.JSONCS3Driver{
+				ProviderAddr:      "eu.opencloud.api.storage-system",
+				SystemUserIDP:     "internal",
+				PasswordGenerator: "diceware",
+				PasswordGeneratorOptions: config.PasswordGeneratorOptions{
+					DicewareOptions: config.DicewareOptions{
+						NumberOfWords: 6,
+					},
+				},
+			},
+		},
 		Reva: shared.DefaultRevaConfig(),
 	}
 }
@@ -85,6 +98,14 @@ func EnsureDefaults(cfg *config.Config) {
 		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
 	}
 
+	if cfg.StorageDrivers.JSONCS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" {
+		cfg.StorageDrivers.JSONCS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey
+	}
+
+	if cfg.StorageDrivers.JSONCS3.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" {
+		cfg.StorageDrivers.JSONCS3.SystemUserID = cfg.Commons.SystemUserID
+	}
+
 	if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
 		cfg.TokenManager = &config.TokenManager{
 			JWTSecret: cfg.Commons.TokenManager.JWTSecret,

services/auth-app/pkg/revaconfig/config.go

@@ -11,6 +11,14 @@ import (
 func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} {
 	appAuthJSON := filepath.Join(defaults.BaseDataPath(), "appauth.json")
 
+	jsonCS3pwGenOpt := map[string]any{}
+	switch cfg.StorageDrivers.JSONCS3.PasswordGenerator {
+	case "random":
+		jsonCS3pwGenOpt["token_strength"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.RandPWOpts.PasswordLength
+	case "diceware":
+		jsonCS3pwGenOpt["number_of_words"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.DicewareOptions.NumberOfWords
+	}
+
 	rcfg := map[string]interface{}{
 		"shared": map[string]interface{}{
 			"jwt_secret":                cfg.TokenManager.JWTSecret,
@@ -36,11 +44,19 @@ func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} {
 					},
 				},
 				"applicationauth": map[string]interface{}{
-					"driver": "json",
+					"driver": cfg.StorageDriver,
 					"drivers": map[string]interface{}{
 						"json": map[string]interface{}{
 							"file": appAuthJSON,
 						},
+						"jsoncs3": map[string]interface{}{
+							"provider_addr":       cfg.StorageDrivers.JSONCS3.ProviderAddr,
+							"service_user_id":     cfg.StorageDrivers.JSONCS3.SystemUserID,
+							"service_user_idp":    cfg.StorageDrivers.JSONCS3.SystemUserIDP,
+							"machine_auth_apikey": cfg.StorageDrivers.JSONCS3.SystemUserAPIKey,
+							"password_generator":  cfg.StorageDrivers.JSONCS3.PasswordGenerator,
+							"generator_config":    jsonCS3pwGenOpt,
+						},
 					},
 				},
 			},

services/auth-app/pkg/service/service.go

@@ -99,7 +99,10 @@ func (a *AuthAppService) HandleCreate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	label := "Generated via API"
+	label := q.Get("label")
+	if label == "" {
+		label = "Generated via API"
+	}
 
 	// Impersonated request
 	userID, userName := q.Get("userID"), q.Get("userName")
@@ -131,7 +134,7 @@ func (a *AuthAppService) HandleCreate(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		label = "Generated via Impersonation API"
+		label = label + " (Impersonation)"
 	}
 
 	scopes, err := scope.AddOwnerScope(map[string]*authpb.Scope{})

services/auth-basic/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := auth-basic
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/auth-bearer/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := auth-bearer
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/auth-machine/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := auth-machine
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/auth-service/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := auth-service
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/clientlog/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := clientlog
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/collaboration/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := collaboration
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/collaboration/mocks/connector_service.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/collaboration/mocks/content_connector_service.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/collaboration/mocks/file_connector_service.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/collaboration/mocks/gateway_selector.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/collaboration/mocks/lock_parser.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/eventhistory/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := eventhistory
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/frontend/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := frontend
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/frontend/pkg/config/config.go

@@ -34,7 +34,6 @@ type Config struct {
 	EnableFederatedSharingIncoming bool   `yaml:"enable_federated_sharing_incoming" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING" desc:"Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
 	EnableFederatedSharingOutgoing bool   `yaml:"enable_federated_sharing_outgoing" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING" desc:"Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
 	SearchMinLength                int    `yaml:"search_min_length" env:"FRONTEND_SEARCH_MIN_LENGTH" desc:"Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed." introductionVersion:"1.0.0"`
-	Edition                        string `yaml:"edition" env:"OC_EDITION;FRONTEND_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
 	DisableSSE                     bool   `yaml:"disable_sse" env:"OC_DISABLE_SSE;FRONTEND_DISABLE_SSE" desc:"When set to true, clients are informed that the Server-Sent Events endpoint is not accessible." introductionVersion:"1.0.0"`
 	DefaultLinkPermissions         int    `yaml:"default_link_permissions" env:"FRONTEND_DEFAULT_LINK_PERMISSIONS" desc:"Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1." introductionVersion:"1.0.0"`
 

services/frontend/pkg/config/defaults/defaultconfig.go

@@ -87,7 +87,6 @@ func DefaultConfig() *config.Config {
 		DefaultUploadProtocol:    "tus",
 		DefaultLinkPermissions:   1,
 		SearchMinLength:          3,
-		Edition:                  "Community",
 		Checksums: config.Checksums{
 			SupportedTypes:      []string{"sha1", "md5", "adler32"},
 			PreferredUploadType: "sha1",

services/frontend/pkg/revaconfig/config.go

@@ -208,7 +208,6 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 									"needsDbUpgrade": false,
 									"version":        version.Legacy,
 									"versionstring":  version.LegacyString,
-									"edition":        cfg.Edition,
 									"productname":    "OpenCloud",
 									"product":        "OpenCloud",
 									"productversion": version.GetString(),
@@ -339,7 +338,7 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 						},
 						"version": map[string]interface{}{
 							"product":        "OpenCloud",
-							"edition":        "Community",
+							"edition":        "",
 							"major":          version.ParsedLegacy().Major(),
 							"minor":          version.ParsedLegacy().Minor(),
 							"micro":          version.ParsedLegacy().Patch(),

services/gateway/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := gateway
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/graph/Makefile

@@ -3,7 +3,10 @@ NAME := graph
 OUTPUT_DIR = ./pkg/l10n
 TEMPLATE_FILE = ./pkg/l10n/graph.pot
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk
@@ -11,7 +14,7 @@ include ../../.make/release.mk
 include ../../.make/docs.mk
 
 .PHONY: go-generate
-go-generate: $(MOCKERY)
+go-generate:
 	$(MOCKERY)
 
 .PHONY: l10n-pull

services/graph/mocks/base_graph_provider.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/drive_item_permissions_provider.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/drives_drive_item_provider.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/gateway_selector.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/http_client.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/permissions.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/publisher.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/mocks/role_service.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/pkg/identity/mocks/backend.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/pkg/identity/mocks/education_backend.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/pkg/identity/mocks/ldapclient.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/graph/pkg/service/v0/driveitems.go

@@ -677,21 +677,34 @@ func (g Graph) getSpecialDriveItems(ctx context.Context, baseURL *url.URL, space
 	}
 
 	var spaceItems []libregraph.DriveItem
+	var err error
+	doCache := true
 
-	spaceItems = g.fetchSpecialDriveItem(ctx, spaceItems, SpaceImageSpecialFolderName, imageNode, space, baseURL)
-	spaceItems = g.fetchSpecialDriveItem(ctx, spaceItems, ReadmeSpecialFolderName, readmeNode, space, baseURL)
+	spaceItems, err = g.fetchSpecialDriveItem(ctx, spaceItems, SpaceImageSpecialFolderName, imageNode, space, baseURL)
+	if err != nil {
+		doCache = false
+		g.logger.Debug().Err(err).Str("ID", imageNode).Msg("Could not get space image")
+	}
+	spaceItems, err = g.fetchSpecialDriveItem(ctx, spaceItems, ReadmeSpecialFolderName, readmeNode, space, baseURL)
+	if err != nil {
+		doCache = false
+		g.logger.Debug().Err(err).Str("ID", imageNode).Msg("Could not get space readme")
+	}
 
 	// cache properties
 	spacePropertiesEntry := specialDriveItemEntry{
 		specialDriveItems: spaceItems,
 		rootMtime:         space.GetMtime(),
 	}
-	g.specialDriveItemsCache.Set(cachekey, spacePropertiesEntry, time.Duration(g.config.Spaces.ExtendedSpacePropertiesCacheTTL))
+
+	if doCache {
+		g.specialDriveItemsCache.Set(cachekey, spacePropertiesEntry, time.Duration(g.config.Spaces.ExtendedSpacePropertiesCacheTTL))
+	}
 
 	return spaceItems
 }
 
-func (g Graph) fetchSpecialDriveItem(ctx context.Context, spaceItems []libregraph.DriveItem, itemName string, itemNode string, space *storageprovider.StorageSpace, baseURL *url.URL) []libregraph.DriveItem {
+func (g Graph) fetchSpecialDriveItem(ctx context.Context, spaceItems []libregraph.DriveItem, itemName string, itemNode string, space *storageprovider.StorageSpace, baseURL *url.URL) ([]libregraph.DriveItem, error) {
 	var ref *storageprovider.Reference
 	if itemNode != "" {
 		rid, _ := storagespace.ParseID(itemNode)
@@ -700,12 +713,15 @@ func (g Graph) fetchSpecialDriveItem(ctx context.Context, spaceItems []libregrap
 		ref = &storageprovider.Reference{
 			ResourceId: &rid,
 		}
-		spaceItem := g.getSpecialDriveItem(ctx, ref, itemName, baseURL, space)
+		spaceItem, err := g.getSpecialDriveItem(ctx, ref, itemName, baseURL, space)
+		if err != nil {
+			return spaceItems, err
+		}
 		if spaceItem != nil {
 			spaceItems = append(spaceItems, *spaceItem)
 		}
 	}
-	return spaceItems
+	return spaceItems, nil
 }
 
 // generates a space root stat cache key used to detect changes in a space
@@ -730,10 +746,10 @@ type specialDriveItemEntry struct {
 	rootMtime         *types.Timestamp
 }
 
-func (g Graph) getSpecialDriveItem(ctx context.Context, ref *storageprovider.Reference, itemName string, baseURL *url.URL, space *storageprovider.StorageSpace) *libregraph.DriveItem {
+func (g Graph) getSpecialDriveItem(ctx context.Context, ref *storageprovider.Reference, itemName string, baseURL *url.URL, space *storageprovider.StorageSpace) (*libregraph.DriveItem, error) {
 	var spaceItem *libregraph.DriveItem
 	if ref.GetResourceId().GetSpaceId() == "" && ref.GetResourceId().GetOpaqueId() == "" {
-		return nil
+		return nil, nil
 	}
 
 	// FIXME we should send a fieldmask 'path' and return it as the Path property to save an additional call to the storage.
@@ -741,16 +757,14 @@ func (g Graph) getSpecialDriveItem(ctx context.Context, ref *storageprovider.Ref
 	// and Path should always be relative to the space root OR the resource the current user can access ...
 	spaceItem, err := g.getDriveItem(ctx, ref)
 	if err != nil {
-		g.logger.Debug().Err(err).Str("ID", ref.GetResourceId().GetOpaqueId()).Str("name", itemName).Msg("Could not get item info")
-		return nil
+		return nil, err
 	}
 	itemPath := ref.GetPath()
 	if itemPath == "" {
 		// lookup by id
 		itemPath, err = g.getPathForResource(ctx, *ref.GetResourceId())
 		if err != nil {
-			g.logger.Debug().Err(err).Str("ID", ref.GetResourceId().GetOpaqueId()).Str("name", itemName).Msg("Could not get item path")
-			return nil
+			return nil, err
 		}
 	}
 	spaceItem.SpecialFolder = &libregraph.SpecialFolder{Name: libregraph.PtrString(itemName)}
@@ -758,5 +772,5 @@ func (g Graph) getSpecialDriveItem(ctx context.Context, ref *storageprovider.Ref
 	webdavURL.Path = path.Join(webdavURL.Path, space.GetId().GetOpaqueId(), itemPath)
 	spaceItem.WebDavUrl = libregraph.PtrString(webdavURL.String())
 
-	return spaceItem
+	return spaceItem, nil
 }

services/groups/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := groups
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/idm/Makefile

@@ -2,7 +2,10 @@ SHELL := bash
 NAME := idm
 TAGS := disable_crypt
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/idp/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := idp
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/idp/package.json

@@ -105,13 +105,13 @@
     "web-vitals": "^3.5.2"
   },
   "devDependencies": {
-    "@babel/core": "7.22.11",
+    "@babel/core": "7.26.10",
     "@typescript-eslint/eslint-plugin": "^4.33.0",
     "@typescript-eslint/parser": "^4.33.0",
     "babel-eslint": "^10.1.0",
-    "babel-loader": "9.2.1",
+    "babel-loader": "10.0.0",
     "babel-plugin-named-asset-import": "^0.3.8",
-    "babel-preset-react-app": "^10.0.1",
+    "babel-preset-react-app": "^10.1.0",
     "case-sensitive-paths-webpack-plugin": "2.4.0",
     "cldr": "^7.5.0",
     "css-loader": "5.2.7",

services/idp/pkg/config/config.go

@@ -60,13 +60,14 @@ type Asset struct {
 }
 
 type Client struct {
-	ID              string   `yaml:"id"`
-	Name            string   `yaml:"name"`
-	Trusted         bool     `yaml:"trusted"`
-	Secret          string   `yaml:"secret"`
-	RedirectURIs    []string `yaml:"redirect_uris"`
-	Origins         []string `yaml:"origins"`
-	ApplicationType string   `yaml:"application_type"`
+	ID                     string   `yaml:"id"`
+	Name                   string   `yaml:"name"`
+	Trusted                bool     `yaml:"trusted"`
+	Secret                 string   `yaml:"secret"`
+	RedirectURIs           []string `yaml:"redirect_uris"`
+	PostLogoutRedirectURIs []string `yaml:"post_logout_redirect_uris"`
+	Origins                []string `yaml:"origins"`
+	ApplicationType        string   `yaml:"application_type"`
 }
 
 type Settings struct {
@@ -99,7 +100,7 @@ type Settings struct {
 	IdentifierRegistrationConf        string `yaml:"-"`
 	IdentifierScopesConf              string `yaml:"-"` // unused
 	IdentifierDefaultBannerLogo       string
-	IdentifierDefaultSignInPageText   string
+	IdentifierDefaultSignInPageText   string `yaml:"default_sign_in_page_text" env:"IDP_DEFAULT_SIGNIN_PAGE_TEXT" desc:"" introductionVersion:"2.0.0"`
 	IdentifierDefaultUsernameHintText string
 	IdentifierUILocales               []string
 

services/idp/pkg/config/defaults/defaultconfig.go

@@ -101,6 +101,9 @@ func DefaultConfig() *config.Config {
 				RedirectURIs: []string{
 					"oc://android.opencloud.eu",
 				},
+				PostLogoutRedirectURIs: []string{
+					"oc://android.opencloud.eu",
+				},
 			},
 			{
 				ID:              "OpenCloudIOS",
@@ -109,6 +112,9 @@ func DefaultConfig() *config.Config {
 				RedirectURIs: []string{
 					"oc://ios.opencloud.eu",
 				},
+				PostLogoutRedirectURIs: []string{
+					"oc://ios.opencloud.eu",
+				},
 			},
 		},
 		Ldap: config.Ldap{

services/idp/src/containers/Login/Login.jsx

@@ -1,209 +1,234 @@
-import React, {useEffect, useMemo} from 'react';
-import PropTypes from 'prop-types';
-import {connect} from 'react-redux';
+import React, { useEffect, useMemo } from "react";
+import PropTypes from "prop-types";
+import { connect } from "react-redux";
 
-import {useTranslation} from 'react-i18next';
+import { useTranslation } from "react-i18next";
 
-import {withStyles} from '@material-ui/core/styles';
-import Button from '@material-ui/core/Button';
-import CircularProgress from '@material-ui/core/CircularProgress';
-import green from '@material-ui/core/colors/green';
-import Typography from '@material-ui/core/Typography';
-import Link from '@material-ui/core/Link';
+import { withStyles } from "@material-ui/core/styles";
+import Button from "@material-ui/core/Button";
+import CircularProgress from "@material-ui/core/CircularProgress";
+import green from "@material-ui/core/colors/green";
+import Typography from "@material-ui/core/Typography";
+import Link from "@material-ui/core/Link";
 
-import TextInput from '../../components/TextInput'
+import TextInput from "../../components/TextInput";
 
-import {updateInput, executeLogonIfFormValid, advanceLogonFlow} from '../../actions/login';
-import {ErrorMessage} from '../../errors';
+import {
+  updateInput,
+  executeLogonIfFormValid,
+  advanceLogonFlow,
+} from "../../actions/login";
+import { ErrorMessage } from "../../errors";
 
-const styles = theme => ({
-    buttonProgress: {
-        color: green[500],
-        position: 'absolute',
-        top: '50%',
-        left: '50%',
-        marginTop: -12,
-        marginLeft: -12
-    },
-    main: {
-        width: '100%'
-    },
-    header: {
-        textAlign: 'center',
-        marginTop: 0,
-        marginBottom: theme.spacing(6)
-    },
-    wrapper: {
-        position: 'relative',
-        width: '100%',
-        textAlign: 'center'
-    },
-    message: {
-        marginTop: 5,
-        marginBottom: 5
-    }
+const styles = (theme) => ({
+  buttonProgress: {
+    color: green[500],
+    position: "absolute",
+    top: "50%",
+    left: "50%",
+    marginTop: -12,
+    marginLeft: -12,
+  },
+  main: {
+    width: "100%",
+  },
+  header: {
+    textAlign: "center",
+    marginTop: 0,
+    marginBottom: theme.spacing(6),
+  },
+  wrapper: {
+    position: "relative",
+    width: "100%",
+    textAlign: "center",
+  },
+  message: {
+    marginTop: 5,
+    marginBottom: 5,
+  },
 });
 
 function Login(props) {
-    const {
-        hello,
-        query,
-        dispatch,
-        history,
-        loading,
-        errors,
-        classes,
-        username,
-        password,
-        passwordResetLink,
-    } = props;
+  const {
+    hello,
+    query,
+    dispatch,
+    history,
+    loading,
+    errors,
+    classes,
+    username,
+    password,
+    passwordResetLink,
+    branding,
+  } = props;
 
-    const {t} = useTranslation();
-    const loginFailed = errors.http;
-    const hasError = errors.http || errors.username || errors.password;
-    const errorMessage = errors.http
-        ? <ErrorMessage error={errors.http}></ErrorMessage>
-        : (errors.username
-            ? <ErrorMessage error={errors.username}></ErrorMessage>
-            : <ErrorMessage error={errors.password}></ErrorMessage>);
-    const extraPropsUsername = {
-        "aria-invalid": (errors.username || errors.http) ? 'true' : 'false'
-    };
-    const extraPropsPassword = {
-        "aria-invalid": (errors.password || errors.http) ? 'true' : 'false',
-    };
+  const { t } = useTranslation();
+  const loginFailed = errors.http;
+  const hasError = errors.http || errors.username || errors.password;
+  const errorMessage = errors.http ? (
+    <ErrorMessage error={errors.http}></ErrorMessage>
+  ) : errors.username ? (
+    <ErrorMessage error={errors.username}></ErrorMessage>
+  ) : (
+    <ErrorMessage error={errors.password}></ErrorMessage>
+  );
+  const extraPropsUsername = {
+    "aria-invalid": errors.username || errors.http ? "true" : "false",
+  };
+  const extraPropsPassword = {
+    "aria-invalid": errors.password || errors.http ? "true" : "false",
+  };
 
-    if (errors.username || errors.http) {
-        extraPropsUsername['extraClassName'] = 'error';
-        extraPropsUsername['aria-describedby'] = 'oc-login-error-message';
+  if (errors.username || errors.http) {
+    extraPropsUsername["extraClassName"] = "error";
+    extraPropsUsername["aria-describedby"] = "oc-login-error-message";
+  }
+
+  if (errors.password || errors.http) {
+    extraPropsPassword["extraClassName"] = "error";
+    extraPropsPassword["aria-describedby"] = "oc-login-error-message";
+  }
+
+  useEffect(() => {
+    if (hello && hello.state && history.action !== "PUSH") {
+      if (!query.prompt || query.prompt.indexOf("select_account") === -1) {
+        dispatch(advanceLogonFlow(true, history));
+        return;
+      }
+
+      history.replace(
+        `/chooseaccount${history.location.search}${history.location.hash}`
+      );
+      return;
     }
+  });
 
-    if (errors.password || errors.http) {
-        extraPropsPassword['extraClassName'] = 'error';
-        extraPropsPassword['aria-describedby'] = 'oc-login-error-message';
-    }
+  const handleChange = (name) => (event) => {
+    dispatch(updateInput(name, event.target.value));
+  };
 
-    useEffect(() => {
-        if (hello && hello.state && history.action !== 'PUSH') {
-            if (!query.prompt || query.prompt.indexOf('select_account') === -1) {
-                dispatch(advanceLogonFlow(true, history));
-                return;
-            }
+  const handleNextClick = (event) => {
+    event.preventDefault();
 
-            history.replace(`/chooseaccount${history.location.search}${history.location.hash}`);
-            return;
+    dispatch(executeLogonIfFormValid(username, password, false)).then(
+      (response) => {
+        if (response.success) {
+          dispatch(advanceLogonFlow(response.success, history));
         }
-    });
-
-    const handleChange = (name) => (event) => {
-        dispatch(updateInput(name, event.target.value));
-    };
-
-    const handleNextClick = (event) => {
-        event.preventDefault();
-
-        dispatch(executeLogonIfFormValid(username, password, false)).then((response) => {
-            if (response.success) {
-                dispatch(advanceLogonFlow(response.success, history));
-            }
-        });
-    };
-
-    const usernamePlaceHolder = useMemo(() => {
-        if (hello?.details?.branding?.usernameHintText) {
-            switch (hello.details.branding.usernameHintText) {
-                case "Username":
-                    break;
-                case "Email":
-                    return t("konnect.login.usernameField.placeholder.email", "Email");
-                case "Identity":
-                    return t("konnect.login.usernameField.placeholder.identity", "Identity");
-                default:
-                    return hello.details.branding.usernameHintText;
-            }
-        }
-
-        return t("konnect.login.usernameField.placeholder.username", "Username");
-    }, [hello, t]);
-
-    return (
-        <div className={classes.main}>
-            <h1 className={classes.header}> {t("konnect.login.headline", "Sign in")}</h1>
-            <form action="" className="oc-login-form" onSubmit={(event) => handleNextClick(event)}>
-                <TextInput
-                    autoFocus
-                    autoCapitalize="off"
-                    spellCheck="false"
-                    value={username}
-                    onChange={handleChange('username')}
-                    autoComplete="kopano-account username"
-                    placeholder={t("konnect.login.usernameField.label", "Username")}
-                    label={t("konnect.login.usernameField.label", "Username")}
-                    id="oc-login-username"
-                    {...extraPropsUsername}
-                />
-                <TextInput
-                    type="password"
-                    margin="normal"
-                    onChange={handleChange('password')}
-                    autoComplete="kopano-account current-password"
-                    placeholder={t("konnect.login.passwordField.label", "Password")}
-                    label={t("konnect.login.passwordField.label", "Password")}
-                    id="oc-login-password"
-                    {...extraPropsPassword}
-                />
-                {hasError && <Typography id="oc-login-error-message" variant="subtitle2" component="span" color="error"
-                                         className={classes.message}>{errorMessage}</Typography>}
-                <div className={classes.wrapper}>
-                    {loginFailed && passwordResetLink && <Link id="oc-login-password-reset" href={passwordResetLink}
-                                                               variant="subtitle2">{"Reset password?"}</Link>}
-                    <Button
-                        type="submit"
-                        color="primary"
-                        variant="contained"
-                        className="oc-button-primary oc-mt-l"
-                        disabled={!!loading}
-                        onClick={handleNextClick}
-                    >
-                        {t("konnect.login.nextButton.label", "Log in")}
-                    </Button>
-                    {loading && <CircularProgress size={24} className={classes.buttonProgress}/>}
-                </div>
-            </form>
-        </div>
+      }
     );
+  };
+
+  return (
+    <div className={classes.main}>
+      <h1 className={classes.header}>
+        {" "}
+        {t("konnect.login.headline", "Sign in")}
+      </h1>
+      {branding?.signinPageText && (
+        <Typography
+          variant="body2"
+          dangerouslySetInnerHTML={{ __html: branding.signinPageText }}
+        />
+      )}
+      <form
+        action=""
+        className="oc-login-form"
+        onSubmit={(event) => handleNextClick(event)}
+      >
+        <TextInput
+          autoFocus
+          autoCapitalize="off"
+          spellCheck="false"
+          value={username}
+          onChange={handleChange("username")}
+          autoComplete="kopano-account username"
+          placeholder={t("konnect.login.usernameField.label", "Username")}
+          label={t("konnect.login.usernameField.label", "Username")}
+          id="oc-login-username"
+          {...extraPropsUsername}
+        />
+        <TextInput
+          type="password"
+          margin="normal"
+          onChange={handleChange("password")}
+          autoComplete="kopano-account current-password"
+          placeholder={t("konnect.login.passwordField.label", "Password")}
+          label={t("konnect.login.passwordField.label", "Password")}
+          id="oc-login-password"
+          {...extraPropsPassword}
+        />
+        {hasError && (
+          <Typography
+            id="oc-login-error-message"
+            variant="subtitle2"
+            component="span"
+            color="error"
+            className={classes.message}
+          >
+            {errorMessage}
+          </Typography>
+        )}
+        <div className={classes.wrapper}>
+          {loginFailed && passwordResetLink && (
+            <Link
+              id="oc-login-password-reset"
+              href={passwordResetLink}
+              variant="subtitle2"
+            >
+              {"Reset password?"}
+            </Link>
+          )}
+          <Button
+            type="submit"
+            color="primary"
+            variant="contained"
+            className="oc-button-primary oc-mt-l"
+            disabled={!!loading}
+            onClick={handleNextClick}
+          >
+            {t("konnect.login.nextButton.label", "Log in")}
+          </Button>
+          {loading && (
+            <CircularProgress size={24} className={classes.buttonProgress} />
+          )}
+        </div>
+      </form>
+    </div>
+  );
 }
 
 Login.propTypes = {
-    classes: PropTypes.object.isRequired,
+  classes: PropTypes.object.isRequired,
 
-    loading: PropTypes.string.isRequired,
-    username: PropTypes.string.isRequired,
-    password: PropTypes.string.isRequired,
-    passwordResetLink: PropTypes.string.isRequired,
-    errors: PropTypes.object.isRequired,
-    branding: PropTypes.object,
-    hello: PropTypes.object,
-    query: PropTypes.object.isRequired,
+  loading: PropTypes.string.isRequired,
+  username: PropTypes.string.isRequired,
+  password: PropTypes.string.isRequired,
+  passwordResetLink: PropTypes.string.isRequired,
+  errors: PropTypes.object.isRequired,
+  branding: PropTypes.object,
+  hello: PropTypes.object,
+  query: PropTypes.object.isRequired,
 
-    dispatch: PropTypes.func.isRequired,
-    history: PropTypes.object.isRequired
+  dispatch: PropTypes.func.isRequired,
+  history: PropTypes.object.isRequired,
 };
 
 const mapStateToProps = (state) => {
-    const {loading, username, password, errors} = state.login;
-    const {branding, hello, query, passwordResetLink} = state.common;
+  const { loading, username, password, errors } = state.login;
+  const { branding, hello, query, passwordResetLink } = state.common;
 
-    return {
-        loading,
-        username,
-        password,
-        errors,
-        branding,
-        hello,
-        query,
-        passwordResetLink
-    };
+  return {
+    loading,
+    username,
+    password,
+    errors,
+    branding,
+    hello,
+    query,
+    passwordResetLink,
+  };
 };
 
 export default connect(mapStateToProps)(withStyles(styles)(Login));

services/invitations/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := invitations
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/invitations/pkg/backends/keycloak/mocks/client.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/nats/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := nats
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/notifications/Makefile

@@ -3,7 +3,10 @@ NAME := notifications
 OUTPUT_DIR = ./pkg/email/l10n
 TEMPLATE_FILE = ./pkg/email/l10n/notifications.pot
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/ocdav/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := ocdav
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/ocdav/pkg/command/server.go

@@ -77,7 +77,6 @@ func Server(cfg *config.Config) *cli.Command {
 					ocdav.Product(cfg.Status.Product),
 					ocdav.Version(cfg.Status.Version),
 					ocdav.VersionString(cfg.Status.VersionString),
-					ocdav.Edition(cfg.Status.Edition),
 					ocdav.MachineAuthAPIKey(cfg.MachineAuthAPIKey),
 					ocdav.Broker(broker.NoOp{}),
 					// ocdav.FavoriteManager() // FIXME needs a proper persistence implementation https://github.com/owncloud/ocis/issues/1228

services/ocdav/pkg/config/config.go

@@ -81,5 +81,4 @@ type Status struct {
 	Product        string
 	ProductName    string
 	ProductVersion string
-	Edition        string `yaml:"edition" env:"OC_EDITION;OCDAV_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
 }

services/ocdav/pkg/config/defaults/defaultconfig.go

@@ -92,7 +92,6 @@ func DefaultConfig() *config.Config {
 			ProductVersion: version.GetString(),
 			Product:        "OpenCloud",
 			ProductName:    "OpenCloud",
-			Edition:        "Community",
 		},
 	}
 }

services/ocm/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := ocm
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/ocs/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := ocs
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/policies/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := policies
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/postprocessing/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := postprocessing
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/proxy/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := proxy
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/proxy/pkg/command/server.go

@@ -352,7 +352,7 @@ func loadMiddlewares(logger log.Logger, cfg *config.Config,
 			middleware.CredentialsByUserAgent(cfg.AuthMiddleware.CredentialsByUserAgent),
 			middleware.Logger(logger),
 			middleware.OIDCIss(cfg.OIDC.Issuer),
-			middleware.EnableBasicAuth(cfg.EnableBasicAuth),
+			middleware.EnableBasicAuth(cfg.EnableBasicAuth || cfg.AuthMiddleware.AllowAppAuth),
 			middleware.TraceProvider(traceProvider),
 		),
 		middleware.AccountResolver(

services/proxy/pkg/config/defaults/defaultconfig.go

@@ -100,6 +100,9 @@ func DefaultConfig() *config.Config {
 			Cluster:   "opencloud-cluster",
 			EnableTLS: false,
 		},
+		AuthMiddleware: config.AuthMiddleware{
+			AllowAppAuth: true,
+		},
 	}
 }
 

services/proxy/pkg/user/backend/mocks/user_backend.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/proxy/pkg/userroles/mocks/user_role_assigner.go

@@ -1,4 +1,4 @@
-// Code generated by mockery v2.53.0. DO NOT EDIT.
+// Code generated by mockery v2.53.2. DO NOT EDIT.
 
 package mocks
 

services/search/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := search
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/settings/Makefile

@@ -3,7 +3,10 @@ NAME := settings
 OUTPUT_DIR = ./pkg/service/v0/l10n
 TEMPLATE_FILE = ./pkg/service/v0/l10n/settings.pot
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/sharing/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := sharing
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk

services/sse/Makefile

@@ -1,7 +1,10 @@
 SHELL := bash
 NAME := sse
 
+ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
 include ../../.bingo/Variables.mk
+endif
+
 include ../../.make/default.mk
 include ../../.make/recursion.mk
 include ../../.make/go.mk