Merge remote-tracking branch 'origin' into breaking/v2

2025-12-09 14:52:57 +03:00 · 2025-11-25 20:48:03 -08:00
parent 46793fe68a f523f39483
commit e306d6eb58
31 changed files with 1533 additions and 3604 deletions
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -3,10 +3,10 @@ module github.com/pocket-id/pocket-id/backend
 go 1.25

 require (
-	github.com/aws/aws-sdk-go-v2 v1.39.6
-	github.com/aws/aws-sdk-go-v2/config v1.31.17
-	github.com/aws/aws-sdk-go-v2/credentials v1.18.21
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.90.0
+	github.com/aws/aws-sdk-go-v2 v1.40.0
+	github.com/aws/aws-sdk-go-v2/config v1.32.2
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.2
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.92.1
 	github.com/aws/smithy-go v1.23.2
 	github.com/caarlos0/env/v11 v11.3.1
 	github.com/cenkalti/backoff/v5 v5.0.3
@@ -15,14 +15,14 @@ require (
 	github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6
 	github.com/emersion/go-smtp v0.24.0
 	github.com/fxamacker/cbor/v2 v2.9.0
-	github.com/gin-contrib/slog v1.1.0
+	github.com/gin-contrib/slog v1.2.0
 	github.com/gin-gonic/gin v1.11.0
 	github.com/glebarez/go-sqlite v1.22.0
 	github.com/glebarez/sqlite v1.11.0
-	github.com/go-co-op/gocron/v2 v2.17.0
+	github.com/go-co-op/gocron/v2 v2.18.1
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-playground/validator/v10 v10.28.0
-	github.com/go-webauthn/webauthn v0.14.0
+	github.com/go-webauthn/webauthn v0.15.0
 	github.com/golang-migrate/migrate/v4 v4.19.0
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-uuid v1.0.3
@@ -34,7 +34,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mileusna/useragent v1.3.5
 	github.com/orandin/slog-gorm v1.4.0
-	github.com/oschwald/maxminddb-golang/v2 v2.0.0
+	github.com/oschwald/maxminddb-golang/v2 v2.1.0
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	go.opentelemetry.io/contrib/bridges/otelslog v0.13.0
@@ -48,34 +48,35 @@ require (
 	go.opentelemetry.io/otel/sdk/log v0.14.0
 	go.opentelemetry.io/otel/sdk/metric v1.38.0
 	go.opentelemetry.io/otel/trace v1.38.0
-	golang.org/x/crypto v0.43.0
-	golang.org/x/image v0.32.0
-	golang.org/x/sync v0.17.0
-	golang.org/x/text v0.30.0
+	golang.org/x/crypto v0.45.0
+	golang.org/x/image v0.33.0
+	golang.org/x/sync v0.18.0
+	golang.org/x/text v0.31.0
 	golang.org/x/time v0.14.0
 	gorm.io/driver/postgres v1.6.0
-	gorm.io/gorm v1.31.0
+	gorm.io/gorm v1.31.1
 )

 require (
-	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+	github.com/Azure/go-ntlmssp v0.1.0 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
-	github.com/bytedance/sonic v1.14.1 // indirect
-	github.com/bytedance/sonic/loader v0.3.0 // indirect
+	github.com/bytedance/sonic v1.14.2 // indirect
+	github.com/bytedance/sonic/loader v0.4.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -83,20 +84,21 @@ require (
 	github.com/disintegration/gift v1.2.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.11 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-webauthn/x v0.1.25 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/go-webauthn/x v0.1.26 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
 	github.com/google/go-github/v39 v39.2.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.9.6 // indirect
+	github.com/google/go-tpm v0.9.7 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -128,17 +130,17 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.23.2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.67.1 // indirect
+	github.com/prometheus/common v0.67.4 // indirect
 	github.com/prometheus/otlptranslator v1.0.0 // indirect
-	github.com/prometheus/procfs v0.18.0 // indirect
-	github.com/quic-go/qpack v0.5.1 // indirect
-	github.com/quic-go/quic-go v0.55.0 // indirect
+	github.com/prometheus/procfs v0.19.2 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.57.0 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/segmentio/asm v1.2.1 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.3.0 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
 	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
@@ -154,22 +156,22 @@ require (
 	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.14.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.38.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.8.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
-	golang.org/x/arch v0.22.0 // indirect
-	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
-	golang.org/x/mod v0.29.0 // indirect
-	golang.org/x/net v0.46.0 // indirect
-	golang.org/x/oauth2 v0.32.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
-	google.golang.org/grpc v1.76.0 // indirect
+	golang.org/x/arch v0.23.0 // indirect
+	golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/oauth2 v0.33.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251124214823-79d6a2a48846 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect
+	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.66.10 // indirect
+	modernc.org/libc v1.67.1 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
-	modernc.org/sqlite v1.39.1 // indirect
+	modernc.org/sqlite v1.40.1 // indirect
 )
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -2,44 +2,76 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+A=
+github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/aws/aws-sdk-go-v2 v1.39.6 h1:2JrPCVgWJm7bm83BDwY5z8ietmeJUbh3O2ACnn+Xsqk=
 github.com/aws/aws-sdk-go-v2 v1.39.6/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE=
+github.com/aws/aws-sdk-go-v2 v1.40.0 h1:/WMUA0kjhZExjOQN2z3oLALDREea1A7TobfuiBrKlwc=
+github.com/aws/aws-sdk-go-v2 v1.40.0/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 h1:DHctwEM8P8iTXFxC/QK0MRjwEpWQeM9yzidCRjldUz0=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3/go.mod h1:xdCzcZEtnSTKVDOmUZs4l/j3pSV6rpo1WXl5ugNsL8Y=
 github.com/aws/aws-sdk-go-v2/config v1.31.17 h1:QFl8lL6RgakNK86vusim14P2k8BFSxjvUkcWLDjgz9Y=
 github.com/aws/aws-sdk-go-v2/config v1.31.17/go.mod h1:V8P7ILjp/Uef/aX8TjGk6OHZN6IKPM5YW6S78QnRD5c=
+github.com/aws/aws-sdk-go-v2/config v1.32.2 h1:4liUsdEpUUPZs5WVapsJLx5NPmQhQdez7nYFcovrytk=
+github.com/aws/aws-sdk-go-v2/config v1.32.2/go.mod h1:l0hs06IFz1eCT+jTacU/qZtC33nvcnLADAPL/XyrkZI=
 github.com/aws/aws-sdk-go-v2/credentials v1.18.21 h1:56HGpsgnmD+2/KpG0ikvvR8+3v3COCwaF4r+oWwOeNA=
 github.com/aws/aws-sdk-go-v2/credentials v1.18.21/go.mod h1:3YELwedmQbw7cXNaII2Wywd+YY58AmLPwX4LzARgmmA=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.2 h1:qZry8VUyTK4VIo5aEdUcBjPZHL2v4FyQ3QEOaWcFLu4=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.2/go.mod h1:YUqm5a1/kBnoK+/NY5WEiMocZihKSo15/tJdmdXnM5g=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 h1:T1brd5dR3/fzNFAQch/iBKeX07/ffu/cLu+q+RuzEWk=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13/go.mod h1:Peg/GBAQ6JDt+RoBf4meB1wylmAipb7Kg2ZFakZTlwk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 h1:WZVR5DbDgxzA0BJeudId89Kmgy6DIU4ORpxwsVHz0qA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14/go.mod h1:Dadl9QO0kHgbrH1GRqGiZdYtW5w+IXXaBNCHTIaheM4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 h1:a+8/MLcWlIxo1lF9xaGt3J/u3yOZx+CdSveSNwjhD40=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13/go.mod h1:oGnKwIYZ4XttyU2JWxFrwvhF6YKiK/9/wmE3v3Iu9K8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 h1:PZHqQACxYb8mYgms4RZbhZG0a7dPW06xOjmaH0EJC/I=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14/go.mod h1:VymhrMJUWs69D8u0/lZ7jSB6WgaG/NqHi3gX0aYf6U0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 h1:HBSI2kDkMdWz4ZM7FjwE7e/pWDEZ+nR95x8Ztet1ooY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13/go.mod h1:YE94ZoDArI7awZqJzBAZ3PDD2zSfuP7w6P2knOzIn8M=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 h1:bOS19y6zlJwagBfHxs0ESzr1XCOU2KXJCWcq3E2vfjY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14/go.mod h1:1ipeGBMAxZ0xcTm6y6paC2C/J6f6OO7LBODV9afuAyM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13 h1:eg/WYAa12vqTphzIdWMzqYRVKKnCboVPRlvaybNCqPA=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.13/go.mod h1:/FDdxWhz1486obGrKKC1HONd7krpk38LBt+dutLcN9k=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 h1:ITi7qiDSv/mSGDSWNpZ4k4Ve0DQR6Ug2SJQ8zEHoDXg=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14/go.mod h1:k1xtME53H1b6YpZt74YmwlONMWf4ecM+lut1WQLAF/U=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4 h1:NvMjwvv8hpGUILarKw7Z4Q0w1H9anXKsesMxtw++MA4=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.4/go.mod h1:455WPHSwaGj2waRSpQp7TsnpOnBfw8iDfPfbwl7KPJE=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 h1:Hjkh7kE6D81PgrHlE/m9gx+4TyyeLHuY8xJs7yXN5C4=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5/go.mod h1:nPRXgyCfAurhyaTMoBMwRBYBhaHI4lNPAnJmjM0Tslc=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 h1:kDqdFvMY4AtKoACfzIGD8A0+hbT41KTKF//gq7jITfM=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13/go.mod h1:lmKuogqSU3HzQCwZ9ZtcqOc5XGMqtDK7OIc2+DxiUEg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 h1:FIouAnCE46kyYqyhs0XEBDFFSREtdnr8HQuLPQPLCrY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14/go.mod h1:UTwDc5COa5+guonQU8qBikJo1ZJ4ln2r1MkF7Dqag1E=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13 h1:zhBJXdhWIFZ1acfDYIhu4+LCzdUS2Vbcum7D01dXlHQ=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.13/go.mod h1:JaaOeCE368qn2Hzi3sEzY6FgAZVCIYcC2nwbro2QCh8=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 h1:FzQE21lNtUor0Fb7QNgnEyiRCBlolLTX/Z1j65S7teM=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14/go.mod h1:s1ydyWG9pm3ZwmmYN21HKyG9WzAZhYVW85wMHs5FV6w=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.90.0 h1:ef6gIJR+xv/JQWwpa5FYirzoQctfSJm7tuDe3SZsUf8=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.90.0/go.mod h1:+wArOOrcHUevqdto9k1tKOF5++YTe9JEcPSc9Tx2ZSw=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.92.1 h1:OgQy/+0+Kc3khtqiEOk23xQAglXi3Tj0y5doOxbi5tg=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.92.1/go.mod h1:wYNqY3L02Z3IgRYxOBPH9I1zD9Cjh9hI5QOy/eOjQvw=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 h1:MxMBdKTYBjPQChlJhi4qlEueqB1p1KcbTEa7tD5aqPs=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.2/go.mod h1:iS6EPmNeqCsGo+xQmXv0jIMjyYtQfnwg36zl2FwEouk=
 github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 h1:0JPwLz1J+5lEOfy/g0SURC9cxhbQ1lIMHMa+AHZSzz0=
 github.com/aws/aws-sdk-go-v2/service/sso v1.30.1/go.mod h1:fKvyjJcz63iL/ftA6RaM8sRCtN4r4zl4tjL3qw5ec7k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 h1:ksUT5KtgpZd3SAiFJNJ0AFEJVva3gjBmN7eXUZjzUwQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.5/go.mod h1:av+ArJpoYf3pgyrj6tcehSFW+y9/QvAY8kMooR9bZCw=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 h1:OWs0/j2UYR5LOGi88sD5/lhN6TDLG6SfA7CqsQO9zF0=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5/go.mod h1:klO+ejMvYsB4QATfEOIXk8WAEwN4N0aBfJpvC+5SZBo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 h1:GtsxyiF3Nd3JahRBJbxLCCdYW9ltGQYrFWg8XdkGDd8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10/go.mod h1:/j67Z5XBVDx8nZVp9EuFM9/BS5dvBznbqILGuu73hug=
 github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 h1:mLlUgHn02ue8whiR4BmxxGJLR2gwU6s6ZzJ5wDamBUs=
 github.com/aws/aws-sdk-go-v2/service/sts v1.39.1/go.mod h1:E19xDjpzPZC7LS2knI9E6BaRFDK43Eul7vd6rSq2HWk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 h1:a5UTtD4mHBU3t0o6aHQZFJTNKVfxFWfPX7J0Lr7G+uY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.2/go.mod h1:6TxbXoDSgBQ225Qd8Q+MbxUxUh6TtNKwbRt/EPS9xso=
 github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM=
 github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -48,8 +80,12 @@ github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M
 github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
 github.com/bytedance/sonic v1.14.1 h1:FBMC0zVz5XUmE4z9wF4Jey0An5FueFvOsTKKKtwIl7w=
 github.com/bytedance/sonic v1.14.1/go.mod h1:gi6uhQLMbTdeP0muCnrjHLeCUPyb70ujhnNlhOylAFc=
+github.com/bytedance/sonic v1.14.2 h1:k1twIoe97C1DtYUo+fZQy865IuHia4PR5RPiuGPPIIE=
+github.com/bytedance/sonic v1.14.2/go.mod h1:T80iDELeHiHKSc0C9tubFygiuXoGzrkjKzX2quAx980=
 github.com/bytedance/sonic/loader v0.3.0 h1:dskwH8edlzNMctoruo8FPTJDF3vLtDT0sXZwvZJyqeA=
 github.com/bytedance/sonic/loader v0.3.0/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/bytedance/sonic/loader v0.4.0 h1:olZ7lEqcxtZygCK9EKYKADnpQoYkRQxaeY2NYzevs+o=
+github.com/bytedance/sonic/loader v0.4.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/caarlos0/env/v11 v11.3.1 h1:cArPWC15hWmEt+gWk7YBi7lEXTXCvpaSdCiZE2X5mCA=
 github.com/caarlos0/env/v11 v11.3.1/go.mod h1:qupehSf/Y0TUTsxKywqRt/vJjN5nz6vauiYEUUr8P4U=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
@@ -97,8 +133,12 @@ github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sa
 github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0=
 github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gabriel-vasile/mimetype v1.4.11 h1:AQvxbp830wPhHTqc1u7nzoLT+ZFxGY7emj5DR5DYFik=
+github.com/gabriel-vasile/mimetype v1.4.11/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
 github.com/gin-contrib/slog v1.1.0 h1:K9MVNrETT6r/C3u2Aheer/gxwVeVqrGL0hXlsmv3fm4=
 github.com/gin-contrib/slog v1.1.0/go.mod h1:PvNXQVXcVOAaaiJR84LV1/xlQHIaXi9ygEXyBkmjdkY=
+github.com/gin-contrib/slog v1.2.0 h1:vAxZfr7knD1ZYK5+pMJLP52sZXIkJXkcRPa/0dx9hSk=
+github.com/gin-contrib/slog v1.2.0/go.mod h1:vYK6YltmpsEFkO0zfRMLTKHrWS3DwUSn0TMpT+kMagI=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
@@ -111,6 +151,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-co-op/gocron/v2 v2.17.0 h1:e/oj6fcAM8vOOKZxv2Cgfmjo+s8AXC46po5ZPtaSea4=
 github.com/go-co-op/gocron/v2 v2.17.0/go.mod h1:Zii6he+Zfgy5W9B+JKk/KwejFOW0kZTFvHtwIpR4aBI=
+github.com/go-co-op/gocron/v2 v2.18.1 h1:VVxgAghLW1Q6VHi/rc+B0ZSpFoUVlWgkw09Yximvn58=
+github.com/go-co-op/gocron/v2 v2.18.1/go.mod h1:Zii6he+Zfgy5W9B+JKk/KwejFOW0kZTFvHtwIpR4aBI=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
 github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -126,10 +168,16 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688=
 github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/go-webauthn/webauthn v0.14.0 h1:ZLNPUgPcDlAeoxe+5umWG/tEeCoQIDr7gE2Zx2QnhL0=
 github.com/go-webauthn/webauthn v0.14.0/go.mod h1:QZzPFH3LJ48u5uEPAu+8/nWJImoLBWM7iAH/kSVSo6k=
+github.com/go-webauthn/webauthn v0.15.0 h1:LR1vPv62E0/6+sTenX35QrCmpMCzLeVAcnXeH4MrbJY=
+github.com/go-webauthn/webauthn v0.15.0/go.mod h1:hcAOhVChPRG7oqG7Xj6XKN1mb+8eXTGP/B7zBLzkX5A=
 github.com/go-webauthn/x v0.1.25 h1:g/0noooIGcz/yCVqebcFgNnGIgBlJIccS+LYAa+0Z88=
 github.com/go-webauthn/x v0.1.25/go.mod h1:ieblaPY1/BVCV0oQTsA/VAo08/TWayQuJuo5Q+XxmTY=
+github.com/go-webauthn/x v0.1.26 h1:eNzreFKnwNLDFoywGh9FA8YOMebBWTUNlNSdolQRebs=
+github.com/go-webauthn/x v0.1.26/go.mod h1:jmf/phPV6oIsF6hmdVre+ovHkxjDOmNH0t6fekWUxvg=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw=
@@ -154,6 +202,8 @@ github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA=
 github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm v0.9.7 h1:u89J4tUUeDTlH8xxC3CTW7OHZjbjKoHdQ9W7gCUhtxA=
+github.com/google/go-tpm v0.9.7/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
@@ -265,6 +315,8 @@ github.com/orandin/slog-gorm v1.4.0 h1:FgA8hJufF9/jeNSYoEXmHPPBwET2gwlF3B85JdpsT
 github.com/orandin/slog-gorm v1.4.0/go.mod h1:MoZ51+b7xE9lwGNPYEhxcUtRNrYzjdcKvA8QXQQGEPA=
 github.com/oschwald/maxminddb-golang/v2 v2.0.0 h1:Gyljxck1kHbBxDgLM++NfDWBqvu1pWWfT8XbosSo0bo=
 github.com/oschwald/maxminddb-golang/v2 v2.0.0/go.mod h1:gG4V88LsawPEqtbL1Veh1WRh+nVSYwXzJ1P5Fcn77g0=
+github.com/oschwald/maxminddb-golang/v2 v2.1.0 h1:2Iv7lmG9XtxuZA/jFAsd7LnZaC1E59pFsj5O/nU15pw=
+github.com/oschwald/maxminddb-golang/v2 v2.1.0/go.mod h1:gG4V88LsawPEqtbL1Veh1WRh+nVSYwXzJ1P5Fcn77g0=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -277,14 +329,22 @@ github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNw
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
 github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI=
 github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q=
+github.com/prometheus/common v0.67.4 h1:yR3NqWO1/UyO1w2PhUvXlGQs/PtFmoveVO0KZ4+Lvsc=
+github.com/prometheus/common v0.67.4/go.mod h1:gP0fq6YjjNCLssJCQp0yk4M8W6ikLURwkdd/YKtTbyI=
 github.com/prometheus/otlptranslator v1.0.0 h1:s0LJW/iN9dkIH+EnhiD3BlkkP5QVIUVEoIwkU+A6qos=
 github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVRBlPWtBNDb7kGR3uKM=
 github.com/prometheus/procfs v0.18.0 h1:2QTA9cKdznfYJz7EDaa7IiJobHuV7E1WzeBwcrhk0ao=
 github.com/prometheus/procfs v0.18.0/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw=
+github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws=
+github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw=
 github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
 github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
 github.com/quic-go/quic-go v0.55.0 h1:zccPQIqYCXDt5NmcEabyYvOnomjs8Tlwl7tISjJh9Mk=
 github.com/quic-go/quic-go v0.55.0/go.mod h1:DR51ilwU1uE164KuWXhinFcKWGlEjzys2l8zUl5Ss1U=
+github.com/quic-go/quic-go v0.57.0 h1:AsSSrrMs4qI/hLrKlTH/TGQeTMY0ib1pAOX7vA3AdqE=
+github.com/quic-go/quic-go v0.57.0/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
@@ -302,18 +362,23 @@ github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3A
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.3.0 h1:Qd2W2sQawAfG8XSvzwhBeoGq71zXOC/Q1E9y/wUcsUA=
 github.com/ugorji/go/codec v1.3.0/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
 github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -372,6 +437,8 @@ go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJr
 go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
 go.opentelemetry.io/proto/otlp v1.8.0 h1:fRAZQDcAFHySxpJ1TwlA1cJ4tvcrw7nXl9xWWC8N5CE=
 go.opentelemetry.io/proto/otlp v1.8.0/go.mod h1:tIeYOeNBU4cvmPqpaji1P+KbB4Oloai8wN4rWzRrFF0=
+go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
@@ -380,53 +447,71 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0=
 go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8=
 golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
 golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg=
+golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
-golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
+golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
+golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
+golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39 h1:DHNhtq3sNNzrvduZZIiFyXWOL9IWaDPHqTnLJp+rCBY=
+golang.org/x/exp v0.0.0-20251125195548-87e1e737ad39/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0=
 golang.org/x/image v0.0.0-20191009234506-e7c1f5e7dbb8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.32.0 h1:6lZQWq75h7L5IWNk0r+SCpUJ6tUVd3v4ZHnbRKLkUDQ=
 golang.org/x/image v0.32.0/go.mod h1:/R37rrQmKXtO6tYXAjtDLwQgFLHmhW+V6ayXlxzP2Pc=
+golang.org/x/image v0.33.0 h1:LXRZRnv1+zGd5XBUVRFmYEphyyKJjQjCRiOuAP3sZfQ=
+golang.org/x/image v0.33.0/go.mod h1:DD3OsTYT9chzuzTQt+zMcOlBHgfoKQb1gry8p76Y1sc=
 golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
 golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
-golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
+golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
 golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
-golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
-golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
+golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
-golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k=
-golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
+golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8 h1:mepRgnBZa07I4TRuomDE4sTIYieg/osKmzIf4USdWS4=
 google.golang.org/genproto/googleapis/api v0.0.0-20251022142026-3a174f9686a8/go.mod h1:fDMmzKV90WSg1NbozdqrE64fkuTv6mlq2zxo9ad+3yo=
+google.golang.org/genproto/googleapis/api v0.0.0-20251124214823-79d6a2a48846 h1:ZdyUkS9po3H7G0tuh955QVyyotWvOD4W0aEapeGeUYk=
+google.golang.org/genproto/googleapis/api v0.0.0-20251124214823-79d6a2a48846/go.mod h1:Fk4kyraUvqD7i5H6S43sj2W98fbZa75lpZz/eUyhfO0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 h1:Wgl1rcDNThT+Zn47YyCXOXyX/COgMTIdhJ717F0l4xk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
 google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
+google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM=
+google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig=
 google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
 google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -439,10 +524,14 @@ gorm.io/driver/postgres v1.6.0 h1:2dxzU8xJ+ivvqTRph34QX+WrRaJlmfyPqXmoGVjMBa4=
 gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXDhtWo=
 gorm.io/gorm v1.31.0 h1:0VlycGreVhK7RF/Bwt51Fk8v0xLiiiFdbGDPIZQ7mJY=
 gorm.io/gorm v1.31.0/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
+gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg=
+gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 modernc.org/cc/v4 v4.26.5 h1:xM3bX7Mve6G8K8b+T11ReenJOT+BmVqQj0FY5T4+5Y4=
 modernc.org/cc/v4 v4.26.5/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
 modernc.org/ccgo/v4 v4.28.1 h1:wPKYn5EC/mYTqBO373jKjvX2n+3+aK7+sICCv4Fjy1A=
 modernc.org/ccgo/v4 v4.28.1/go.mod h1:uD+4RnfrVgE6ec9NGguUNdhqzNIeeomeXf6CL0GTE5Q=
+modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc=
 modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
 modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
@@ -451,6 +540,8 @@ modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
 modernc.org/libc v1.66.10 h1:yZkb3YeLx4oynyR+iUsXsybsX4Ubx7MQlSYEw4yj59A=
 modernc.org/libc v1.66.10/go.mod h1:8vGSEwvoUoltr4dlywvHqjtAqHBaw0j1jI7iFBTAr2I=
+modernc.org/libc v1.67.1 h1:bFaqOaa5/zbWYJo8aW0tXPX21hXsngG2M7mckCnFSVk=
+modernc.org/libc v1.67.1/go.mod h1:QvvnnJ5P7aitu0ReNpVIEyesuhmDLQ8kaEoyMjIFZJA=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@@ -461,6 +552,8 @@ modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
 modernc.org/sqlite v1.39.1 h1:H+/wGFzuSCIEVCvXYVHX5RQglwhMOvtHSv+VtidL2r4=
 modernc.org/sqlite v1.39.1/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
+modernc.org/sqlite v1.40.1 h1:VfuXcxcUWWKRBuP8+BR9L7VnmusMgBNNnBYGEe9w/iY=
+modernc.org/sqlite v1.40.1/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
--- a/backend/internal/bootstrap/bootstrap.go
+++ b/backend/internal/bootstrap/bootstrap.go
@@ -38,13 +38,14 @@ func Bootstrap(ctx context.Context) error {
 		fileStorage, err = storage.NewDatabaseStorage(db)
 	case storage.TypeS3:
 		s3Cfg := storage.S3Config{
-			Bucket:          common.EnvConfig.S3Bucket,
-			Region:          common.EnvConfig.S3Region,
-			Endpoint:        common.EnvConfig.S3Endpoint,
-			AccessKeyID:     common.EnvConfig.S3AccessKeyID,
-			SecretAccessKey: common.EnvConfig.S3SecretAccessKey,
-			ForcePathStyle:  common.EnvConfig.S3ForcePathStyle,
-			Root:            common.EnvConfig.UploadPath,
+			Bucket:                        common.EnvConfig.S3Bucket,
+			Region:                        common.EnvConfig.S3Region,
+			Endpoint:                      common.EnvConfig.S3Endpoint,
+			AccessKeyID:                   common.EnvConfig.S3AccessKeyID,
+			SecretAccessKey:               common.EnvConfig.S3SecretAccessKey,
+			ForcePathStyle:                common.EnvConfig.S3ForcePathStyle,
+			DisableDefaultIntegrityChecks: common.EnvConfig.S3DisableDefaultIntegrityChecks,
+			Root:                          common.EnvConfig.UploadPath,
 		}
 		fileStorage, err = storage.NewS3Storage(ctx, s3Cfg)
 	default:
--- a/backend/internal/common/env_config.go
+++ b/backend/internal/common/env_config.go
@@ -40,34 +40,38 @@ const (
 type EnvConfigSchema struct {
 	AppEnv             AppEnv     `env:"APP_ENV" options:"toLower"`
 	LogLevel           string     `env:"LOG_LEVEL" options:"toLower"`
+	LogJSON            bool       `env:"LOG_JSON"`
 	AppURL             string     `env:"APP_URL" options:"toLower,trimTrailingSlash"`
 	DbProvider         DbProvider `env:"DB_PROVIDER" options:"toLower"`
 	DbConnectionString string     `env:"DB_CONNECTION_STRING" options:"file"`
-	FileBackend        string     `env:"FILE_BACKEND" options:"toLower"`
-	UploadPath         string     `env:"UPLOAD_PATH"`
-	S3Bucket           string     `env:"S3_BUCKET"`
-	S3Region           string     `env:"S3_REGION"`
-	S3Endpoint         string     `env:"S3_ENDPOINT"`
-	S3AccessKeyID      string     `env:"S3_ACCESS_KEY_ID"`
-	S3SecretAccessKey  string     `env:"S3_SECRET_ACCESS_KEY"`
-	S3ForcePathStyle   bool       `env:"S3_FORCE_PATH_STYLE"`
 	EncryptionKey      []byte     `env:"ENCRYPTION_KEY" options:"file"`
 	Port               string     `env:"PORT"`
 	Host               string     `env:"HOST" options:"toLower"`
 	UnixSocket         string     `env:"UNIX_SOCKET"`
 	UnixSocketMode     string     `env:"UNIX_SOCKET_MODE"`
-	MaxMindLicenseKey  string     `env:"MAXMIND_LICENSE_KEY" options:"file"`
-	GeoLiteDBPath      string     `env:"GEOLITE_DB_PATH"`
-	GeoLiteDBUrl       string     `env:"GEOLITE_DB_URL"`
 	LocalIPv6Ranges    string     `env:"LOCAL_IPV6_RANGES"`
 	UiConfigDisabled   bool       `env:"UI_CONFIG_DISABLED"`
 	MetricsEnabled     bool       `env:"METRICS_ENABLED"`
 	TracingEnabled     bool       `env:"TRACING_ENABLED"`
-	LogJSON            bool       `env:"LOG_JSON"`
 	TrustProxy         bool       `env:"TRUST_PROXY"`
 	AnalyticsDisabled  bool       `env:"ANALYTICS_DISABLED"`
 	AllowDowngrade     bool       `env:"ALLOW_DOWNGRADE"`
 	InternalAppURL     string     `env:"INTERNAL_APP_URL"`
+
+	MaxMindLicenseKey string `env:"MAXMIND_LICENSE_KEY" options:"file"`
+	GeoLiteDBPath     string `env:"GEOLITE_DB_PATH"`
+	GeoLiteDBUrl      string `env:"GEOLITE_DB_URL"`
+
+	FileBackend string `env:"FILE_BACKEND" options:"toLower"`
+	UploadPath  string `env:"UPLOAD_PATH"`
+
+	S3Bucket                        string `env:"S3_BUCKET"`
+	S3Region                        string `env:"S3_REGION"`
+	S3Endpoint                      string `env:"S3_ENDPOINT"`
+	S3AccessKeyID                   string `env:"S3_ACCESS_KEY_ID"`
+	S3SecretAccessKey               string `env:"S3_SECRET_ACCESS_KEY"`
+	S3ForcePathStyle                bool   `env:"S3_FORCE_PATH_STYLE"`
+	S3DisableDefaultIntegrityChecks bool   `env:"S3_DISABLE_DEFAULT_INTEGRITY_CHECKS"`
 }

 var EnvConfig = defaultConfig()
--- a/backend/internal/storage/s3.go
+++ b/backend/internal/storage/s3.go
@@ -18,13 +18,14 @@ import (
 )

 type S3Config struct {
-	Bucket          string
-	Region          string
-	Endpoint        string
-	AccessKeyID     string
-	SecretAccessKey string
-	ForcePathStyle  bool
-	Root            string
+	Bucket                        string
+	Region                        string
+	Endpoint                      string
+	AccessKeyID                   string
+	SecretAccessKey               string
+	ForcePathStyle                bool
+	DisableDefaultIntegrityChecks bool
+	Root                          string
 }

 type s3Storage struct {
@@ -44,6 +45,10 @@ func NewS3Storage(ctx context.Context, cfg S3Config) (FileStorage, error) {
 			o.BaseEndpoint = aws.String(cfg.Endpoint)
 		}
 		o.UsePathStyle = cfg.ForcePathStyle
+		if cfg.DisableDefaultIntegrityChecks {
+			o.RequestChecksumCalculation = aws.RequestChecksumCalculationWhenRequired
+			o.ResponseChecksumValidation = aws.ResponseChecksumValidationWhenRequired
+		}
 	})

 	return &s3Storage{
--- a/email-templates/package.json
+++ b/email-templates/package.json
@@ -9,17 +9,17 @@
    "export": "email export"
  },
  "dependencies": {
-    "@react-email/components": "0.1.1",
+    "@react-email/components": "1.0.1",
    "react": "^19.2.0",
    "react-dom": "^19.2.0",
-    "tailwind-merge": "^3.3.1"
+    "tailwind-merge": "^3.4.0"
  },
  "devDependencies": {
-    "@react-email/preview-server": "4.2.8",
-    "@types/node": "^24.9.1",
-    "@types/react": "^19.2.2",
-    "@types/react-dom": "^19.2.2",
-    "react-email": "4.2.8",
+    "@react-email/preview-server": "5.0.5",
+    "@types/node": "^24.10.1",
+    "@types/react": "^19.2.7",
+    "@types/react-dom": "^19.2.3",
+    "react-email": "5.0.5",
    "tsx": "^4.20.6"
  }
 }
--- a/frontend/messages/cs.json
+++ b/frontend/messages/cs.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Přihlášení tokenem",
 	"client_authorization": "Autorizace klienta",
 	"new_client_authorization": "Nová autorizace klienta",
+	"device_code_authorization": "Autorizace kódu zařízení",
+	"new_device_code_authorization": "Autorizace nového kódu zařízení",
+	"passkey_added": "Přidán přístupový klíč",
+	"passkey_removed": "Heslo odstraněno",
 	"disable_animations": "Zakázat animace",
 	"turn_off_ui_animations": "Vypnout animace v celém uživatelském rozhraní.",
 	"user_disabled": "Účet deaktivován",
--- a/frontend/messages/da.json
+++ b/frontend/messages/da.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Token-login",
 	"client_authorization": "Godkendelse af klient",
 	"new_client_authorization": "Ny klientgodkendelse",
+	"device_code_authorization": "Autorisation af enhedskode",
+	"new_device_code_authorization": "Autorisation af ny enhedskode",
+	"passkey_added": "Passkey tilføjet",
+	"passkey_removed": "Adgangskode fjernet",
 	"disable_animations": "Deaktiver animationer",
 	"turn_off_ui_animations": "Slå animationer fra for hele brugergrænsefladen.",
 	"user_disabled": "Konto deaktiveret",
--- a/frontend/messages/de.json
+++ b/frontend/messages/de.json
@@ -105,7 +105,7 @@
 	"unknown": "unbekannt",
 	"account_details_updated_successfully": "Kontodetails erfolgreich aktualisiert",
 	"profile_picture_updated_successfully": "Profilbild erfolgreich aktualisiert. Die Aktualisierung kann einige Minuten dauern.",
-	"account_settings": "Konto Einstellungen",
+	"account_settings": "Konto-Einstellungen",
 	"passkey_missing": "Passkey fehlt",
 	"please_provide_a_passkey_to_prevent_losing_access_to_your_account": "Bitte füge einen Passkey hinzu, um zu verhindern, dass du den Zugriff auf dein Konto verlierst.",
 	"single_passkey_configured": "Nur ein Passkey hinterlegt",
@@ -331,6 +331,10 @@
 	"token_sign_in": "Token-Anmeldung",
 	"client_authorization": "Client-Autorisierung",
 	"new_client_authorization": "Neue Client-Autorisierung",
+	"device_code_authorization": "Gerätecode-Autorisierung",
+	"new_device_code_authorization": "Neue Gerätecode-Autorisierung",
+	"passkey_added": "Passwort hinzugefügt",
+	"passkey_removed": "Passwort entfernt",
 	"disable_animations": "Animationen deaktivieren",
 	"turn_off_ui_animations": "Deaktiviert alle Animationen in der Benutzeroberfläche.",
 	"user_disabled": "Account deaktiviert",
--- a/frontend/messages/es.json
+++ b/frontend/messages/es.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Inicio de sesión con token",
 	"client_authorization": "Autorización del cliente",
 	"new_client_authorization": "Autorización de nuevo cliente",
+	"device_code_authorization": "Autorización del código del dispositivo",
+	"new_device_code_authorization": "Autorización de código de nuevo dispositivo",
+	"passkey_added": "Clave de acceso añadida",
+	"passkey_removed": "Clave de acceso eliminada",
 	"disable_animations": "Desactivar animaciones",
 	"turn_off_ui_animations": "Desactiva las animaciones en toda la interfaz de usuario.",
 	"user_disabled": "Cuenta desactivada",
--- a/frontend/messages/fi.json
+++ b/frontend/messages/fi.json
@@ -0,0 +1,473 @@
+{
+	"$schema": "https://inlang.com/schema/inlang-message-format",
+	"my_account": "My Account",
+	"logout": "Logout",
+	"confirm": "Confirm",
+	"docs": "Docs",
+	"key": "Key",
+	"value": "Value",
+	"remove_custom_claim": "Remove custom claim",
+	"add_custom_claim": "Add custom claim",
+	"add_another": "Add another",
+	"select_a_date": "Select a date",
+	"select_file": "Select File",
+	"profile_picture": "Profile Picture",
+	"profile_picture_is_managed_by_ldap_server": "The profile picture is managed by the LDAP server and cannot be changed here.",
+	"click_profile_picture_to_upload_custom": "Click on the profile picture to upload a custom one from your files.",
+	"image_should_be_in_format": "The image should be in PNG or JPEG format.",
+	"items_per_page": "Items per page",
+	"no_items_found": "No items found",
+	"select_items": "Select items...",
+	"search": "Search...",
+	"expand_card": "Expand card",
+	"copied": "Copied",
+	"click_to_copy": "Click to copy",
+	"something_went_wrong": "Something went wrong",
+	"go_back_to_home": "Go back to home",
+	"alternative_sign_in_methods": "Alternative Sign In Methods",
+	"login_background": "Login background",
+	"logo": "Logo",
+	"login_code": "Login Code",
+	"create_a_login_code_to_sign_in_without_a_passkey_once": "Create a login code that the user can use to sign in without a passkey once.",
+	"one_hour": "1 hour",
+	"twelve_hours": "12 hours",
+	"one_day": "1 day",
+	"one_week": "1 week",
+	"one_month": "1 month",
+	"expiration": "Expiration",
+	"generate_code": "Generate Code",
+	"name": "Name",
+	"browser_unsupported": "Browser unsupported",
+	"this_browser_does_not_support_passkeys": "This browser doesn't support passkeys. Please use an alternative sign in method.",
+	"an_unknown_error_occurred": "An unknown error occurred",
+	"authentication_process_was_aborted": "The authentication process was aborted",
+	"error_occurred_with_authenticator": "An error occurred with the authenticator",
+	"authenticator_does_not_support_discoverable_credentials": "The authenticator does not support discoverable credentials",
+	"authenticator_does_not_support_resident_keys": "The authenticator does not support resident keys",
+	"passkey_was_previously_registered": "This passkey was previously registered",
+	"authenticator_does_not_support_any_of_the_requested_algorithms": "The authenticator does not support any of the requested algorithms",
+	"authenticator_timed_out": "The authenticator timed out",
+	"critical_error_occurred_contact_administrator": "A critical error occurred. Please contact your administrator.",
+	"sign_in_to": "Sign in to {name}",
+	"client_not_found": "Client not found",
+	"client_wants_to_access_the_following_information": "<b>{client}</b> wants to access the following information:",
+	"do_you_want_to_sign_in_to_client_with_your_app_name_account": "Do you want to sign in to <b>{client}</b> with your {appName} account?",
+	"email": "Email",
+	"view_your_email_address": "View your email address",
+	"profile": "Profile",
+	"view_your_profile_information": "View your profile information",
+	"groups": "Groups",
+	"view_the_groups_you_are_a_member_of": "View the groups you are a member of",
+	"cancel": "Cancel",
+	"sign_in": "Sign in",
+	"try_again": "Try again",
+	"client_logo": "Client Logo",
+	"sign_out": "Sign out",
+	"do_you_want_to_sign_out_of_pocketid_with_the_account": "Do you want to sign out of {appName} with the account <b>{username}</b>?",
+	"sign_in_to_appname": "Sign in to {appName}",
+	"please_try_to_sign_in_again": "Please try to sign in again.",
+	"authenticate_with_passkey_to_access_account": "Authenticate yourself with your passkey to access your account.",
+	"authenticate": "Authenticate",
+	"please_try_again": "Please try again.",
+	"continue": "Continue",
+	"alternative_sign_in": "Alternative Sign In",
+	"if_you_do_not_have_access_to_your_passkey_you_can_sign_in_using_one_of_the_following_methods": "If you don't have access to your passkey, you can sign in using one of the following methods.",
+	"use_your_passkey_instead": "Use your passkey instead?",
+	"email_login": "Email Login",
+	"enter_a_login_code_to_sign_in": "Enter a login code to sign in.",
+	"sign_in_with_login_code": "Sign in with login code",
+	"request_a_login_code_via_email": "Request a login code via email.",
+	"go_back": "Go back",
+	"an_email_has_been_sent_to_the_provided_email_if_it_exists_in_the_system": "An email has been sent to the provided email, if it exists in the system.",
+	"enter_code": "Enter code",
+	"enter_your_email_address_to_receive_an_email_with_a_login_code": "Enter your email address to receive an email with a login code.",
+	"your_email": "Your email",
+	"submit": "Submit",
+	"enter_the_code_you_received_to_sign_in": "Enter the code you received to sign in.",
+	"code": "Code",
+	"invalid_redirect_url": "Invalid redirect URL",
+	"audit_log": "Audit Log",
+	"users": "Users",
+	"user_groups": "User Groups",
+	"oidc_clients": "OIDC Clients",
+	"api_keys": "API Keys",
+	"application_configuration": "Application Configuration",
+	"settings": "Settings",
+	"update_pocket_id": "Update Pocket ID",
+	"powered_by": "Powered by",
+	"see_your_account_activities_from_the_last_3_months": "See your account activities from the last 3 months.",
+	"time": "Time",
+	"event": "Event",
+	"approximate_location": "Approximate Location",
+	"ip_address": "IP Address",
+	"device": "Device",
+	"client": "Client",
+	"unknown": "Unknown",
+	"account_details_updated_successfully": "Account details updated successfully",
+	"profile_picture_updated_successfully": "Profile picture updated successfully. It may take a few minutes to update.",
+	"account_settings": "Account Settings",
+	"passkey_missing": "Passkey missing",
+	"please_provide_a_passkey_to_prevent_losing_access_to_your_account": "Please add a passkey to prevent losing access to your account.",
+	"single_passkey_configured": "Single Passkey Configured",
+	"it_is_recommended_to_add_more_than_one_passkey": "It is recommended to add more than one passkey to avoid losing access to your account.",
+	"account_details": "Account Details",
+	"passkeys": "Passkeys",
+	"manage_your_passkeys_that_you_can_use_to_authenticate_yourself": "Manage your passkeys that you can use to authenticate yourself.",
+	"add_passkey": "Add Passkey",
+	"create_a_one_time_login_code_to_sign_in_from_a_different_device_without_a_passkey": "Create a one-time login code to sign in from a different device without a passkey.",
+	"create": "Create",
+	"first_name": "First name",
+	"last_name": "Last name",
+	"username": "Username",
+	"save": "Save",
+	"username_can_only_contain": "Username can only contain lowercase letters, numbers, underscores, dots, hyphens, and '@' symbols",
+	"username_must_start_with": "Username must start with an alphanumeric character",
+	"username_must_end_with": "Username must end with an alphanumeric character",
+	"sign_in_using_the_following_code_the_code_will_expire_in_minutes": "Sign in using the following code. The code will expire in 15 minutes.",
+	"or_visit": "or visit",
+	"added_on": "Added on",
+	"rename": "Rename",
+	"delete": "Delete",
+	"are_you_sure_you_want_to_delete_this_passkey": "Are you sure you want to delete this passkey?",
+	"passkey_deleted_successfully": "Passkey deleted successfully",
+	"delete_passkey_name": "Delete {passkeyName}",
+	"passkey_name_updated_successfully": "Passkey name updated successfully",
+	"name_passkey": "Name Passkey",
+	"name_your_passkey_to_easily_identify_it_later": "Name your passkey to easily identify it later.",
+	"create_api_key": "Create API Key",
+	"add_a_new_api_key_for_programmatic_access": "Add a new API key for programmatic access to the <link href='https://pocket-id.org/docs/api'>Pocket ID API</link>.",
+	"add_api_key": "Add API Key",
+	"manage_api_keys": "Manage API Keys",
+	"api_key_created": "API Key Created",
+	"for_security_reasons_this_key_will_only_be_shown_once": "For security reasons, this key will only be shown once. Please store it securely.",
+	"description": "Description",
+	"api_key": "API Key",
+	"close": "Close",
+	"name_to_identify_this_api_key": "Name to identify this API key.",
+	"expires_at": "Expires At",
+	"when_this_api_key_will_expire": "When this API key will expire.",
+	"optional_description_to_help_identify_this_keys_purpose": "Optional description to help identify this key's purpose.",
+	"expiration_date_must_be_in_the_future": "Expiration date must be in the future",
+	"revoke_api_key": "Revoke API Key",
+	"never": "Never",
+	"revoke": "Revoke",
+	"api_key_revoked_successfully": "API key revoked successfully",
+	"are_you_sure_you_want_to_revoke_the_api_key_apikeyname": "Are you sure you want to revoke the API key \"{apiKeyName}\"? This will break any integrations using this key.",
+	"last_used": "Last Used",
+	"actions": "Actions",
+	"images_updated_successfully": "Images updated successfully. It may take a few minutes to update.",
+	"general": "General",
+	"configure_smtp_to_send_emails": "Enable email notifications to alert users when a login is detected from a new device or location.",
+	"ldap": "LDAP",
+	"configure_ldap_settings_to_sync_users_and_groups_from_an_ldap_server": "Configure LDAP settings to sync users and groups from an LDAP server.",
+	"images": "Images",
+	"update": "Update",
+	"email_configuration_updated_successfully": "Email configuration updated successfully",
+	"save_changes_question": "Save changes?",
+	"you_have_to_save_the_changes_before_sending_a_test_email_do_you_want_to_save_now": "You have to save the changes before sending a test email. Do you want to save now?",
+	"save_and_send": "Save and send",
+	"test_email_sent_successfully": "Test email sent successfully to your email address.",
+	"failed_to_send_test_email": "Failed to send test email. Check the server logs for more information.",
+	"smtp_configuration": "SMTP Configuration",
+	"smtp_host": "SMTP Host",
+	"smtp_port": "SMTP Port",
+	"smtp_user": "SMTP User",
+	"smtp_password": "SMTP Password",
+	"smtp_from": "SMTP From",
+	"smtp_tls_option": "SMTP TLS Option",
+	"email_tls_option": "Email TLS Option",
+	"skip_certificate_verification": "Skip Certificate Verification",
+	"this_can_be_useful_for_selfsigned_certificates": "This can be useful for self-signed certificates.",
+	"enabled_emails": "Enabled Emails",
+	"email_login_notification": "Email Login Notification",
+	"send_an_email_to_the_user_when_they_log_in_from_a_new_device": "Send an email to the user when they log in from a new device.",
+	"emai_login_code_requested_by_user": "Email Login Code Requested by User",
+	"allow_users_to_sign_in_with_a_login_code_sent_to_their_email": "Allows users to bypass passkeys by requesting a login code sent to their email. This significantly reduces security as anyone with access to the user's email can gain entry.",
+	"email_login_code_from_admin": "Email Login Code from Admin",
+	"allows_an_admin_to_send_a_login_code_to_the_user": "Allows an admin to send a login code to the user via email.",
+	"send_test_email": "Send test email",
+	"application_configuration_updated_successfully": "Application configuration updated successfully",
+	"application_name": "Application Name",
+	"session_duration": "Session Duration",
+	"the_duration_of_a_session_in_minutes_before_the_user_has_to_sign_in_again": "The duration of a session in minutes before the user has to sign in again.",
+	"enable_self_account_editing": "Enable Self-Account Editing",
+	"whether_the_users_should_be_able_to_edit_their_own_account_details": "Whether the users should be able to edit their own account details.",
+	"emails_verified": "Emails Verified",
+	"whether_the_users_email_should_be_marked_as_verified_for_the_oidc_clients": "Whether the user's email should be marked as verified for the OIDC clients.",
+	"ldap_configuration_updated_successfully": "LDAP configuration updated successfully",
+	"ldap_disabled_successfully": "LDAP disabled successfully",
+	"ldap_sync_finished": "LDAP sync finished",
+	"client_configuration": "Client Configuration",
+	"ldap_url": "LDAP URL",
+	"ldap_bind_dn": "LDAP Bind DN",
+	"ldap_bind_password": "LDAP Bind Password",
+	"ldap_base_dn": "LDAP Base DN",
+	"user_search_filter": "User Search Filter",
+	"the_search_filter_to_use_to_search_or_sync_users": "The Search filter to use to search/sync users.",
+	"groups_search_filter": "Groups Search Filter",
+	"the_search_filter_to_use_to_search_or_sync_groups": "The Search filter to use to search/sync groups.",
+	"attribute_mapping": "Attribute Mapping",
+	"user_unique_identifier_attribute": "User Unique Identifier Attribute",
+	"the_value_of_this_attribute_should_never_change": "The value of this attribute should never change.",
+	"username_attribute": "Username Attribute",
+	"user_mail_attribute": "User Mail Attribute",
+	"user_first_name_attribute": "User First Name Attribute",
+	"user_last_name_attribute": "User Last Name Attribute",
+	"user_profile_picture_attribute": "User Profile Picture Attribute",
+	"the_value_of_this_attribute_can_either_be_a_url_binary_or_base64_encoded_image": "The value of this attribute can either be a URL, a binary or a base64 encoded image.",
+	"group_members_attribute": "Group Members Attribute",
+	"the_attribute_to_use_for_querying_members_of_a_group": "The attribute to use for querying members of a group.",
+	"group_unique_identifier_attribute": "Group Unique Identifier Attribute",
+	"group_rdn_attribute": "Group RDN Attribute (in DN)",
+	"admin_group_name": "Admin Group Name",
+	"members_of_this_group_will_have_admin_privileges_in_pocketid": "Members of this group will have Admin Privileges in Pocket ID.",
+	"disable": "Disable",
+	"sync_now": "Sync now",
+	"enable": "Enable",
+	"user_created_successfully": "User created successfully",
+	"create_user": "Create User",
+	"add_a_new_user_to_appname": "Add a new user to {appName}",
+	"add_user": "Add User",
+	"manage_users": "Manage Users",
+	"admin_privileges": "Admin Privileges",
+	"admins_have_full_access_to_the_admin_panel": "Admins have full access to the admin panel.",
+	"delete_firstname_lastname": "Delete {firstName} {lastName}",
+	"are_you_sure_you_want_to_delete_this_user": "Are you sure you want to delete this user?",
+	"user_deleted_successfully": "User deleted successfully",
+	"role": "Role",
+	"source": "Source",
+	"admin": "Admin",
+	"user": "User",
+	"local": "Local",
+	"toggle_menu": "Toggle menu",
+	"edit": "Edit",
+	"user_groups_updated_successfully": "User groups updated successfully",
+	"user_updated_successfully": "User updated successfully",
+	"custom_claims_updated_successfully": "Custom claims updated successfully",
+	"back": "Back",
+	"user_details_firstname_lastname": "User Details {firstName} {lastName}",
+	"manage_which_groups_this_user_belongs_to": "Manage which groups this user belongs to.",
+	"custom_claims": "Custom Claims",
+	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user": "Custom claims are key-value pairs that can be used to store additional information about a user. These claims will be included in the ID token if the scope 'profile' is requested.",
+	"user_group_created_successfully": "User group created successfully",
+	"create_user_group": "Create User Group",
+	"create_a_new_group_that_can_be_assigned_to_users": "Create a new group that can be assigned to users.",
+	"add_group": "Add Group",
+	"manage_user_groups": "Manage User Groups",
+	"friendly_name": "Friendly Name",
+	"name_that_will_be_displayed_in_the_ui": "Name that will be displayed in the UI",
+	"name_that_will_be_in_the_groups_claim": "Name that will be in the \"groups\" claim",
+	"delete_name": "Delete {name}",
+	"are_you_sure_you_want_to_delete_this_user_group": "Are you sure you want to delete this user group?",
+	"user_group_deleted_successfully": "User group deleted successfully",
+	"user_count": "User Count",
+	"user_group_updated_successfully": "User group updated successfully",
+	"users_updated_successfully": "Users updated successfully",
+	"user_group_details_name": "User Group Details {name}",
+	"assign_users_to_this_group": "Assign users to this group.",
+	"custom_claims_are_key_value_pairs_that_can_be_used_to_store_additional_information_about_a_user_prioritized": "Custom claims are key-value pairs that can be used to store additional information about a user. These claims will be included in the ID token if the scope 'profile' is requested. Custom claims defined on the user will be prioritized if there are conflicts.",
+	"oidc_client_created_successfully": "OIDC client created successfully",
+	"create_oidc_client": "Create OIDC Client",
+	"add_a_new_oidc_client_to_appname": "Add a new OIDC client to {appName}.",
+	"add_oidc_client": "Add OIDC Client",
+	"manage_oidc_clients": "Manage OIDC Clients",
+	"one_time_link": "One Time Link",
+	"use_this_link_to_sign_in_once": "Use this link to sign in once. This is needed for users who haven't added a passkey yet or have lost it.",
+	"add": "Add",
+	"callback_urls": "Callback URLs",
+	"logout_callback_urls": "Logout Callback URLs",
+	"public_client": "Public Client",
+	"public_clients_description": "Public clients do not have a client secret. They are designed for mobile, web, and native applications where secrets cannot be securely stored.",
+	"pkce": "PKCE",
+	"public_key_code_exchange_is_a_security_feature_to_prevent_csrf_and_authorization_code_interception_attacks": "Public Key Code Exchange is a security feature to prevent CSRF and authorization code interception attacks.",
+	"requires_reauthentication": "Requires Re-Authentication",
+	"requires_users_to_authenticate_again_on_each_authorization": "Requires users to authenticate again on each authorization, even if already signed in",
+	"name_logo": "{name} logo",
+	"change_logo": "Change Logo",
+	"upload_logo": "Upload Logo",
+	"remove_logo": "Remove Logo",
+	"are_you_sure_you_want_to_delete_this_oidc_client": "Are you sure you want to delete this OIDC client?",
+	"oidc_client_deleted_successfully": "OIDC client deleted successfully",
+	"authorization_url": "Authorization URL",
+	"oidc_discovery_url": "OIDC Discovery URL",
+	"token_url": "Token URL",
+	"userinfo_url": "Userinfo URL",
+	"logout_url": "Logout URL",
+	"certificate_url": "Certificate URL",
+	"enabled": "Enabled",
+	"disabled": "Disabled",
+	"oidc_client_updated_successfully": "OIDC client updated successfully",
+	"create_new_client_secret": "Create new client secret",
+	"are_you_sure_you_want_to_create_a_new_client_secret": "Are you sure you want to create a new client secret? The old one will be invalidated.",
+	"generate": "Generate",
+	"new_client_secret_created_successfully": "New client secret created successfully",
+	"allowed_user_groups_updated_successfully": "Allowed user groups updated successfully",
+	"oidc_client_name": "OIDC Client {name}",
+	"client_id": "Client ID",
+	"client_secret": "Client secret",
+	"show_more_details": "Show more details",
+	"allowed_user_groups": "Allowed User Groups",
+	"add_user_groups_to_this_client_to_restrict_access_to_users_in_these_groups": "Add user groups to this client to restrict access to users in these groups. If no user groups are selected, all users will have access to this client.",
+	"favicon": "Favicon",
+	"light_mode_logo": "Light Mode Logo",
+	"dark_mode_logo": "Dark Mode Logo",
+	"background_image": "Background Image",
+	"language": "Language",
+	"reset_profile_picture_question": "Reset profile picture?",
+	"this_will_remove_the_uploaded_image_and_reset_the_profile_picture_to_default": "This will remove the uploaded image and reset the profile picture to default. Do you want to continue?",
+	"reset": "Reset",
+	"reset_to_default": "Reset to default",
+	"profile_picture_has_been_reset": "Profile picture has been reset. It may take a few minutes to update.",
+	"select_the_language_you_want_to_use": "Select the language you want to use. Please note that some text may be automatically translated and could be inaccurate.",
+	"contribute_to_translation": "If you find an issue you're welcome to contribute to the translation on <link href='https://crowdin.com/project/pocket-id'>Crowdin</link>.",
+	"personal": "Personal",
+	"global": "Global",
+	"all_users": "All Users",
+	"all_events": "All Events",
+	"all_clients": "All Clients",
+	"all_locations": "All Locations",
+	"global_audit_log": "Global Audit Log",
+	"see_all_account_activities_from_the_last_3_months": "See all user activity for the last 3 months.",
+	"token_sign_in": "Token Sign In",
+	"client_authorization": "Client Authorization",
+	"new_client_authorization": "New Client Authorization",
+	"device_code_authorization": "Device Code Authorization",
+	"new_device_code_authorization": "New Device Code Authorization",
+	"passkey_added": "Passkey Added",
+	"passkey_removed": "Passkey Removed",
+	"disable_animations": "Disable Animations",
+	"turn_off_ui_animations": "Turn off animations throughout the UI.",
+	"user_disabled": "Account Disabled",
+	"disabled_users_cannot_log_in_or_use_services": "Disabled users cannot log in or use services.",
+	"user_disabled_successfully": "User has been disabled successfully.",
+	"user_enabled_successfully": "User has been enabled successfully.",
+	"status": "Status",
+	"disable_firstname_lastname": "Disable {firstName} {lastName}",
+	"are_you_sure_you_want_to_disable_this_user": "Are you sure you want to disable this user? They will not be able to log in or access any services.",
+	"ldap_soft_delete_users": "Keep disabled users from LDAP.",
+	"ldap_soft_delete_users_description": "When enabled, users removed from LDAP will be disabled rather than deleted from the system.",
+	"login_code_email_success": "The login code has been sent to the user.",
+	"send_email": "Send Email",
+	"show_code": "Show Code",
+	"callback_url_description": "URL(s) provided by your client. Will be automatically added if left blank. Wildcards (*) are supported, but best avoided for better security.",
+	"logout_callback_url_description": "URL(s) provided by your client for logout. Wildcards (*) are supported, but best avoided for better security.",
+	"api_key_expiration": "API Key Expiration",
+	"send_an_email_to_the_user_when_their_api_key_is_about_to_expire": "Send an email to the user when their API key is about to expire.",
+	"authorize_device": "Authorize Device",
+	"the_device_has_been_authorized": "The device has been authorized.",
+	"enter_code_displayed_in_previous_step": "Enter the code that was displayed in the previous step.",
+	"authorize": "Authorize",
+	"federated_client_credentials": "Federated Client Credentials",
+	"federated_client_credentials_description": "Using federated client credentials, you can authenticate OIDC clients using JWT tokens issued by third-party authorities.",
+	"add_federated_client_credential": "Add Federated Client Credential",
+	"add_another_federated_client_credential": "Add another federated client credential",
+	"oidc_allowed_group_count": "Allowed Group Count",
+	"unrestricted": "Unrestricted",
+	"show_advanced_options": "Show Advanced Options",
+	"hide_advanced_options": "Hide Advanced Options",
+	"oidc_data_preview": "OIDC Data Preview",
+	"preview_the_oidc_data_that_would_be_sent_for_different_users": "Preview the OIDC data that would be sent for different users",
+	"id_token": "ID Token",
+	"access_token": "Access Token",
+	"userinfo": "Userinfo",
+	"id_token_payload": "ID Token Payload",
+	"access_token_payload": "Access Token Payload",
+	"userinfo_endpoint_response": "Userinfo Endpoint Response",
+	"copy": "Copy",
+	"no_preview_data_available": "No preview data available",
+	"copy_all": "Copy All",
+	"preview": "Preview",
+	"preview_for_user": "Preview for {name}",
+	"preview_the_oidc_data_that_would_be_sent_for_this_user": "Preview the OIDC data that would be sent for this user",
+	"show": "Show",
+	"select_an_option": "Select an option",
+	"select_user": "Select User",
+	"error": "Error",
+	"select_an_accent_color_to_customize_the_appearance_of_pocket_id": "Select an accent color to customize the appearance of Pocket ID.",
+	"accent_color": "Accent Color",
+	"custom_accent_color": "Custom Accent Color",
+	"custom_accent_color_description": "Enter a custom color using valid CSS color formats (e.g., hex, rgb, hsl).",
+	"color_value": "Color Value",
+	"apply": "Apply",
+	"signup_token": "Signup Token",
+	"create_a_signup_token_to_allow_new_user_registration": "Create a signup token to allow new user registration.",
+	"usage_limit": "Usage Limit",
+	"number_of_times_token_can_be_used": "Number of times the signup token can be used.",
+	"expires": "Expires",
+	"signup": "Sign Up",
+	"user_creation": "User Creation",
+	"configure_user_creation": "Manage user creation settings, including signup methods and default permissions for new users.",
+	"user_creation_groups_description": "Assign these groups automatically to new users upon signup.",
+	"user_creation_claims_description": "Assign these custom claims automatically to new users upon signup.",
+	"user_creation_updated_successfully": "User creation settings updated successfully.",
+	"signup_disabled_description": "User signups are completely disabled. Only administrators can create new user accounts.",
+	"signup_requires_valid_token": "A valid signup token is required to create an account",
+	"validating_signup_token": "Validating signup token",
+	"go_to_login": "Go to login",
+	"signup_to_appname": "Sign Up to {appName}",
+	"create_your_account_to_get_started": "Create your account to get started.",
+	"initial_account_creation_description": "Please create your account to get started. You will be able to set up a passkey later.",
+	"setup_your_passkey": "Set up your passkey",
+	"create_a_passkey_to_securely_access_your_account": "Create a passkey to securely access your account. This will be your primary way to sign in.",
+	"skip_for_now": "Skip for now",
+	"account_created": "Account Created",
+	"enable_user_signups": "Enable User Signups",
+	"enable_user_signups_description": "Decide how users can sign up for new accounts in Pocket ID.",
+	"user_signups_are_disabled": "User signups are currently disabled",
+	"create_signup_token": "Create Signup Token",
+	"view_active_signup_tokens": "View Active Signup Tokens",
+	"manage_signup_tokens": "Manage Signup Tokens",
+	"view_and_manage_active_signup_tokens": "View and manage active signup tokens.",
+	"signup_token_deleted_successfully": "Signup token deleted successfully.",
+	"expired": "Expired",
+	"used_up": "Used Up",
+	"active": "Active",
+	"usage": "Usage",
+	"created": "Created",
+	"token": "Token",
+	"loading": "Loading",
+	"delete_signup_token": "Delete Signup Token",
+	"are_you_sure_you_want_to_delete_this_signup_token": "Are you sure you want to delete this signup token? This action cannot be undone.",
+	"signup_with_token": "Signup with token",
+	"signup_with_token_description": "Users can only sign up using a valid signup token created by an administrator.",
+	"signup_open": "Open Signup",
+	"signup_open_description": "Anyone can create a new account without restrictions.",
+	"of": "of",
+	"skip_passkey_setup": "Skip Passkey Setup",
+	"skip_passkey_setup_description": "It's highly recommended to set up a passkey because without one, you will be locked out of your account as soon as the session expires.",
+	"my_apps": "My Apps",
+	"no_apps_available": "No apps available",
+	"contact_your_administrator_for_app_access": "Contact your administrator to get access to applications.",
+	"launch": "Launch",
+	"client_launch_url": "Client Launch URL",
+	"client_launch_url_description": "The URL that will be opened when a user launches the app from the My Apps page.",
+	"client_name_description": "The name of the client that shows in the Pocket ID UI.",
+	"revoke_access": "Revoke Access",
+	"revoke_access_description": "Revoke access to <b>{clientName}</b>. <b>{clientName}</b> will no longer be able to access your account information.",
+	"revoke_access_successful": "The access to {clientName} has been successfully revoked.",
+	"last_signed_in_ago": "Last signed in {time} ago",
+	"invalid_client_id": "Client ID can only contain letters, numbers, underscores, and hyphens",
+	"custom_client_id_description": "Set a custom client ID if this is required by your application. Otherwise, leave it blank to generate a random one.",
+	"generated": "Generated",
+	"administration": "Administration",
+	"group_rdn_attribute_description": "The attribute used in the groups distinguished name (DN).",
+	"display_name_attribute": "Display Name Attribute",
+	"display_name": "Display Name",
+	"configure_application_images": "Configure Application Images",
+	"ui_config_disabled_info_title": "UI Configuration Disabled",
+	"ui_config_disabled_info_description": "The UI configuration is disabled because the application configuration settings are managed through environment variables. Some settings may not be editable.",
+	"logo_from_url_description": "Paste a direct image URL (svg, png, webp). Find icons at <link  href=\"https://selfh.st/icons\">Selfh.st Icons</link> or <link href=\"https://dashboardicons.com\">Dashboard Icons</link>.",
+	"invalid_url": "Invalid URL",
+	"require_user_email": "Require Email Address",
+	"require_user_email_description": "Requires users to have an email address. If disabled, the users without an email address won't be able to use features that require an email address.",
+	"view": "View",
+	"toggle_columns": "Toggle columns",
+	"locale": "Locale",
+	"ldap_id": "LDAP ID",
+	"reauthentication": "Re-authentication",
+	"clear_filters": "Clear Filters",
+	"default_profile_picture": "Default Profile Picture",
+	"light": "Light",
+	"dark": "Dark",
+	"system": "System"
+}
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Connexion par jeton",
 	"client_authorization": "Autorisation client",
 	"new_client_authorization": "Nouvelle autorisation client",
+	"device_code_authorization": "Autorisation du code de l'appareil",
+	"new_device_code_authorization": "Autorisation du code du nouvel appareil",
+	"passkey_added": "Clé d'accès ajoutée",
+	"passkey_removed": "Clé d'accès supprimée",
 	"disable_animations": "Désactiver les animations",
 	"turn_off_ui_animations": "Désactiver les animations dans toute l'interface.",
 	"user_disabled": "Compte désactivé",
--- a/frontend/messages/it.json
+++ b/frontend/messages/it.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Accesso con token",
 	"client_authorization": "Autorizzazione client",
 	"new_client_authorization": "Nuova autorizzazione client",
+	"device_code_authorization": "Autorizzazione codice dispositivo",
+	"new_device_code_authorization": "Autorizzazione codice nuovo dispositivo",
+	"passkey_added": "Passkey aggiunto",
+	"passkey_removed": "Passkey rimosso",
 	"disable_animations": "Disabilita animazioni",
 	"turn_off_ui_animations": "Disattiva tutte le animazioni della UI.",
 	"user_disabled": "Account disabilitato",
--- a/frontend/messages/ja.json
+++ b/frontend/messages/ja.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "トークンサインイン",
 	"client_authorization": "Client Authorization",
 	"new_client_authorization": "New Client Authorization",
+	"device_code_authorization": "デバイスコード認証",
+	"new_device_code_authorization": "新規デバイス認証コード",
+	"passkey_added": "パスキー追加",
+	"passkey_removed": "パスキー削除済み",
 	"disable_animations": "アニメーションの無効化",
 	"turn_off_ui_animations": "Turn off animations throughout the UI.",
 	"user_disabled": "アカウントの無効化",
--- a/frontend/messages/ko.json
+++ b/frontend/messages/ko.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "토큰 로그인",
 	"client_authorization": "클라이언트 승인",
 	"new_client_authorization": "새로운 클라이언트 승인",
+	"device_code_authorization": "기기 코드 인증",
+	"new_device_code_authorization": "신규 장치 코드 인증",
+	"passkey_added": "패스키 추가됨",
+	"passkey_removed": "패스키 제거됨",
 	"disable_animations": "애니메이션 비활성화",
 	"turn_off_ui_animations": "UI 전체의 애니메이션을 비활성화합니다.",
 	"user_disabled": "계정 비활성화",
@@ -463,7 +467,7 @@
 	"reauthentication": "재인증",
 	"clear_filters": "필터 지우기",
 	"default_profile_picture": "기본 프로필 사진",
-	"light": "빛",
-	"dark": "어둠",
+	"light": "라이트",
+	"dark": "다크",
 	"system": "시스템"
 }
--- a/frontend/messages/nl.json
+++ b/frontend/messages/nl.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Inloggen met token",
 	"client_authorization": "Client autorisatie",
 	"new_client_authorization": "Nieuwe clientautorisatie",
+	"device_code_authorization": "Autorisatie van apparaatcode",
+	"new_device_code_authorization": "Nieuwe apparaatcode autoriseren",
+	"passkey_added": "Toegangscode toegevoegd",
+	"passkey_removed": "Toegangssleutel verwijderd",
 	"disable_animations": "Animaties uitzetten",
 	"turn_off_ui_animations": "Zet alle animaties in de gebruikersinterface uit.",
 	"user_disabled": "Account uitgeschakeld",
--- a/frontend/messages/pl.json
+++ b/frontend/messages/pl.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Logowanie za pomocą tokena",
 	"client_authorization": "Autoryzacja klienta",
 	"new_client_authorization": "Nowa autoryzacja klienta",
+	"device_code_authorization": "Autoryzacja kodu urządzenia",
+	"new_device_code_authorization": "Autoryzacja nowego kodu urządzenia",
+	"passkey_added": "Dodano klucz dostępu",
+	"passkey_removed": "Klucz dostępu usunięty",
 	"disable_animations": "Wyłącz animacje",
 	"turn_off_ui_animations": "Wyłącz animacje w całym interfejsie użytkownika.",
 	"user_disabled": "Konto wyłączone",
--- a/frontend/messages/pt-BR.json
+++ b/frontend/messages/pt-BR.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Entrar com token",
 	"client_authorization": "Autorização do cliente",
 	"new_client_authorization": "Autorização de novo cliente",
+	"device_code_authorization": "Autorização do código do dispositivo",
+	"new_device_code_authorization": "Autorização de novo código de dispositivo",
+	"passkey_added": "Chave de acesso adicionada",
+	"passkey_removed": "Chave de acesso removida",
 	"disable_animations": "Desativar animações",
 	"turn_off_ui_animations": "Desligue as animações em toda a interface do usuário.",
 	"user_disabled": "Conta desativada",
--- a/frontend/messages/ru.json
+++ b/frontend/messages/ru.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Вход с помощью токена",
 	"client_authorization": "Авторизация клиента",
 	"new_client_authorization": "Авторизация нового клиента",
+	"device_code_authorization": "Авторизация кода устройства",
+	"new_device_code_authorization": "Авторизация нового кода устройства",
+	"passkey_added": "Добавлен пароль",
+	"passkey_removed": "Удален ключ доступа",
 	"disable_animations": "Отключить анимации",
 	"turn_off_ui_animations": "Отключить все анимации в интерфейсе.",
 	"user_disabled": "Учетная запись отключена",
--- a/frontend/messages/sv.json
+++ b/frontend/messages/sv.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Token-inloggning",
 	"client_authorization": "Godkännande av klient",
 	"new_client_authorization": "Ny klientauktorisation",
+	"device_code_authorization": "Enhetskodsgodkännande",
+	"new_device_code_authorization": "Auktorisering av ny enhetskod",
+	"passkey_added": "Passord tillagt",
+	"passkey_removed": "Passord borttaget",
 	"disable_animations": "Stäng av animationer",
 	"turn_off_ui_animations": "Stäng av animationer i hela användargränssnittet.",
 	"user_disabled": "Konto inaktiverat",
--- a/frontend/messages/tr.json
+++ b/frontend/messages/tr.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Token ile Giriş",
 	"client_authorization": "İstemci Yetkilendirmesi",
 	"new_client_authorization": "Yeni İstemci Yetkilendirmesi",
+	"device_code_authorization": "Cihaz Kodu Yetkilendirme",
+	"new_device_code_authorization": "Yeni Cihaz Kodu Yetkilendirmesi",
+	"passkey_added": "Anahtar Eklendi",
+	"passkey_removed": "Geçiş Anahtarı Kaldırıldı",
 	"disable_animations": "Animasyonları Devre Dışı Bırak",
 	"turn_off_ui_animations": "Kullanıcı arayüzü animasyonlarını kapatın.",
 	"user_disabled": "Hesap Devre Dışı",
--- a/frontend/messages/uk.json
+++ b/frontend/messages/uk.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Вхід за допомогою токена",
 	"client_authorization": "Авторизація клієнта",
 	"new_client_authorization": "Нова авторизація клієнта",
+	"device_code_authorization": "Авторизація коду пристрою",
+	"new_device_code_authorization": "Авторизація нового коду пристрою",
+	"passkey_added": "Додано пароль",
+	"passkey_removed": "Ключ доступу видалено",
 	"disable_animations": "Вимкнути анімацію",
 	"turn_off_ui_animations": "Вимкнути анімації у всьому інтерфейсі.",
 	"user_disabled": "Обліковий запис вимкнено",
--- a/frontend/messages/vi.json
+++ b/frontend/messages/vi.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Đăng nhập bằng token",
 	"client_authorization": "Xác thực client",
 	"new_client_authorization": "Xác thực client mới",
+	"device_code_authorization": "Xác thực mã thiết bị",
+	"new_device_code_authorization": "Xác thực mã thiết bị mới",
+	"passkey_added": "Thêm khóa truy cập",
+	"passkey_removed": "Khóa truy cập đã bị xóa",
 	"disable_animations": "Tắt hiệu ứng động",
 	"turn_off_ui_animations": "Tắt các hiệu ứng động trong giao diện người dùng.",
 	"user_disabled": "Tài khoản bị vô hiệu hóa",
--- a/frontend/messages/zh-CN.json
+++ b/frontend/messages/zh-CN.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Token 登录",
 	"client_authorization": "客户端授权",
 	"new_client_authorization": "首次客户端授权",
+	"device_code_authorization": "设备代码授权",
+	"new_device_code_authorization": "新设备代码授权",
+	"passkey_added": "密钥已添加",
+	"passkey_removed": "密钥已移除",
 	"disable_animations": "关闭动画",
 	"turn_off_ui_animations": "关闭界面中的所有动画效果。",
 	"user_disabled": "账户已禁用",
--- a/frontend/messages/zh-TW.json
+++ b/frontend/messages/zh-TW.json
@@ -331,6 +331,10 @@
 	"token_sign_in": "Token 登入",
 	"client_authorization": "客戶端授權",
 	"new_client_authorization": "新客戶端授權",
+	"device_code_authorization": "裝置代碼授權",
+	"new_device_code_authorization": "新裝置代碼授權",
+	"passkey_added": "通行密鑰已添加",
+	"passkey_removed": "通行密鑰已移除",
 	"disable_animations": "停用動畫",
 	"turn_off_ui_animations": "關閉整個 UI 的動畫。",
 	"user_disabled": "帳號已停用",
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -15,49 +15,49 @@
  },
  "dependencies": {
    "@simplewebauthn/browser": "^13.2.2",
-    "@tailwindcss/vite": "^4.1.16",
-    "axios": "^1.12.2",
+    "@tailwindcss/vite": "^4.1.17",
+    "axios": "^1.13.2",
    "clsx": "^2.1.1",
    "date-fns": "^4.1.0",
-    "jose": "^5.10.0",
+    "jose": "^6.1.2",
    "qrcode": "^1.5.4",
-    "runed": "^0.31.1",
-    "sveltekit-superforms": "^2.28.0",
-    "tailwind-merge": "^3.3.1",
-    "zod": "^4.1.12"
+    "runed": "^0.36.0",
+    "sveltekit-superforms": "^2.28.1",
+    "tailwind-merge": "^3.4.0",
+    "zod": "^4.1.13"
  },
  "devDependencies": {
-    "@inlang/paraglide-js": "^2.4.0",
+    "@inlang/paraglide-js": "^2.5.0",
    "@inlang/plugin-m-function-matcher": "^2.1.0",
    "@inlang/plugin-message-format": "^4.0.0",
    "@internationalized/date": "^3.10.0",
-    "@lucide/svelte": "^0.525.0",
+    "@lucide/svelte": "^0.554.0",
    "@sveltejs/adapter-static": "^3.0.10",
-    "@sveltejs/kit": "^2.47.3",
+    "@sveltejs/kit": "^2.49.0",
    "@sveltejs/vite-plugin-svelte": "^6.2.1",
    "@types/eslint": "^9.6.1",
-    "@types/node": "^22.18.12",
+    "@types/node": "^24.10.1",
    "@types/qrcode": "^1.5.6",
-    "bits-ui": "^2.14.1",
-    "eslint": "^9.38.0",
+    "bits-ui": "^2.14.4",
+    "eslint": "^9.39.1",
    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-svelte": "^3.12.5",
+    "eslint-plugin-svelte": "^3.13.0",
    "formsnap": "^2.0.1",
-    "globals": "^16.4.0",
+    "globals": "^16.5.0",
    "mode-watcher": "^1.1.0",
    "prettier": "^3.6.2",
    "prettier-plugin-svelte": "^3.4.0",
-    "prettier-plugin-tailwindcss": "^0.6.14",
-    "rollup": "^4.52.5",
-    "svelte": "^5.41.3",
-    "svelte-check": "^4.3.3",
-    "svelte-sonner": "^1.0.5",
-    "tailwind-variants": "^1.0.0",
-    "tailwindcss": "^4.1.16",
+    "prettier-plugin-tailwindcss": "^0.7.1",
+    "rollup": "^4.53.3",
+    "svelte": "^5.44.0",
+    "svelte-check": "^4.3.4",
+    "svelte-sonner": "^1.0.6",
+    "tailwind-variants": "^3.2.2",
+    "tailwindcss": "^4.1.17",
    "tslib": "^2.8.1",
    "tw-animate-css": "^1.4.0",
    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.46.2",
-    "vite": "^7.1.12"
+    "typescript-eslint": "^8.48.0",
+    "vite": "^7.2.4"
  }
 }
--- a/frontend/project.inlang/settings.json
+++ b/frontend/project.inlang/settings.json
@@ -7,6 +7,7 @@
 		"de",
 		"en",
 		"es",
+		"fi",
 		"fr",
 		"it",
 		"ko",
--- a/frontend/src/routes/settings/account/locale-picker.svelte
+++ b/frontend/src/routes/settings/account/locale-picker.svelte
@@ -14,6 +14,7 @@
 		de: 'Deutsch',
 		en: 'English',
 		es: 'Español',
+		fi: 'Suomi',
 		fr: 'Français',
 		it: 'Italiano',
 		ja: '日本語',
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/tests/package.json
+++ b/tests/package.json
@@ -7,10 +7,10 @@
 		"format": "prettier --write ."
 	},
 	"devDependencies": {
-		"@playwright/test": "^1.56.1",
-		"@types/node": "^22.18.12",
-		"dotenv": "^16.6.1",
-		"jose": "^6.1.0",
+		"@playwright/test": "^1.57.0",
+		"@types/node": "^24.10.1",
+		"dotenv": "^17.2.3",
+		"jose": "^6.1.2",
 		"prettier": "^3.6.2"
 	}
 }
--- a/tests/specs/account-settings.spec.ts
+++ b/tests/specs/account-settings.spec.ts
@@ -66,7 +66,7 @@ test('Change Locale', async ({ page }) => {
 	// Check if the validation messages are translated because they are provided by Zod
 	await page.getByRole('textbox', { name: 'Voornaam' }).fill('');
 	await page.getByRole('button', { name: 'Opslaan' }).click();
-	await expect(page.getByText('Te kort: verwacht dat string')).toBeVisible();
+	await expect(page.getByText('Te klein: verwacht dat string te hebben >=1 tekens')).toBeVisible();

 	// Clear all cookies and sign in again to check if the language is still set to Dutch
 	await page.context().clearCookies();
@@ -76,7 +76,7 @@ test('Change Locale', async ({ page }) => {

 	await page.getByRole('textbox', { name: 'Voornaam' }).fill('');
 	await page.getByRole('button', { name: 'Opslaan' }).click();
-	await expect(page.getByText('Te kort: verwacht dat string')).toBeVisible();
+	await expect(page.getByText('Te klein: verwacht dat string te hebben >=1 tekens')).toBeVisible();
 });

 test('Add passkey to an account', async ({ page }) => {