Merge remote-tracking branch 'origin/master' into feat-settings-ui

docs/content/en/blog/pre-release-notes-4.38/index.md

@@ -42,16 +42,64 @@ specific scenarios._
 The following contains information on getting access to the pre-production builds of 4.38.0.
 
 _**Note:** We strongly recommend people who wish to try the beta builds make backups of their proxy configuration,
-authelia configuration, and authelia database prior to attempting to do so._
+Authelia configuration, and Authelia database prior to attempting to do so._
+
+### 4.38.0-beta2
+
+This is a quick release before we start merging the TOTP and WebAuthn improvements. Once these are merged another beta
+will be released and then shortly after the release will be officially published.
+
+Notable Missing Features from this build:
+
+- Multi-Device Webauthn
+- Device Registration OTP
+
+Actual Builds:
+
+- Container Images:
+  - [docker.io/authelia/authelia:v4.38.0-beta2](https://hub.docker.com/layers/authelia/authelia/v4.38.0-beta2/images/sha256-e02b645853db2cbd371c6bc8a80333718c830dcf7f3b5ec8c14d8178ea04cb78?context=explore)
+  - [ghcr.io/authelia/authelia:v4.38.0-beta2](https://github.com/authelia/authelia/pkgs/container/authelia/85646062?tag=v4.38.0-beta2)
+- [Binaries](https://buildkite.com/authelia/authelia/builds/19741)
+- [Documentation](https://deploy-preview-5250--authelia-staging.netlify.app/)
+
+Major Documentation Changes:
+
+- [LDAP](https://deploy-preview-5250--authelia-staging.netlify.app/configuration/first-factor/ldap/)
+  - [Reference Guide](https://deploy-preview-5250--authelia-staging.netlify.app/reference/guides/ldap/)
+- [Server](https://deploy-preview-5250--authelia-staging.netlify.app/configuration/miscellaneous/server/)
+  - [Authz Endpoints](https://deploy-preview-5250--authelia-staging.netlify.app/configuration/miscellaneous/server-endpoints-authz/)
+    - [Reference Guide](https://deploy-preview-5250--authelia-staging.netlify.app/reference/guides/proxy-authorization/)
+- [Session](https://deploy-preview-5250--authelia-staging.netlify.app/configuration/session/introduction/)
+- [Configuration Files](https://deploy-preview-5250--authelia-staging.netlify.app/configuration/methods/files/)
+- [Proxy Integration](https://deploy-preview-5250--authelia-staging.netlify.app/integration/proxies/introduction/)
+  - [Caddy](https://deploy-preview-5250--authelia-staging.netlify.app/integration/proxies/caddy/)
+  - [Envoy](https://deploy-preview-5250--authelia-staging.netlify.app/integration/proxies/envoy/)
+  - [HAProxy](https://deploy-preview-5250--authelia-staging.netlify.app/integration/proxies/haproxy/)
+  - [NGINX](https://deploy-preview-5250--authelia-staging.netlify.app/integration/proxies/nginx/)
+  - [Traefik](https://deploy-preview-5250--authelia-staging.netlify.app/integration/proxies/traefik/)
+- [Kubernetes Integration](https://deploy-preview-5250--authelia-staging.netlify.app/integration/kubernetes/introduction/)
+  - [Traefik Ingress](https://deploy-preview-5250--authelia-staging.netlify.app/integration/kubernetes/traefik-ingress/)
+  - [Istio](https://deploy-preview-5250--authelia-staging.netlify.app/integration/kubernetes/istio/)
+  - [NGINX Ingress](https://deploy-preview-5250--authelia-staging.netlify.app/integration/kubernetes/nginx-ingress/)
+- [Templating Reference Guide](https://deploy-preview-5250--authelia-staging.netlify.app/reference/guides/templating/)
 
 ### 4.38.0-beta1
 
 Notable Missing Features from this build:
 
-- OpenID Connect 1.0 PAR
+- OpenID Connect 1.0
+  - Pushed Authorization Requests
+  - Client Authentication Modes
+  - Additional Client Validations
 - Multi-Device WebAuthn
 - Device Registration OTP
 
+Known Bugs:
+
+- WebAuthn doesn't work. Fixed in master or 4.38.0-beta2
+
+Actual Builds:
+
 - Container Images:
   - [docker.io/authelia/authelia:v4.38.0-beta1](https://hub.docker.com/layers/authelia/authelia/v4.38.0-beta1/images/sha256-53faae6b6a0616f71f1f77069237d92969433b0037b9825be12852e013812bd0?context=explore)
   - [ghcr.io/authelia/authelia:v4.38.0-beta1](https://github.com/authelia/authelia/pkgs/container/authelia/65909221?tag=v4.38.0-beta1)
@@ -67,12 +115,10 @@ Major Documentation Changes:
     - [Reference Guide](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/reference/guides/proxy-authorization/)
 - [Session](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/configuration/session/introduction/)
 - [Configuration Files](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/configuration/methods/files/)
-- [Configuration Files](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/configuration/methods/files/)
 - [Proxy Integration](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/introduction/)
   - [Caddy](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/caddy/)
   - [Envoy](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/envoy/)
   - [HAProxy](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/haproxy/)
-  - [HAProxy](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/haproxy/)
   - [NGINX](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/nginx/)
   - [Traefik](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/proxies/traefik/)
 - [Kubernetes Integration](https://63d20934fa12200009e12cbf--authelia-staging.netlify.app/integration/kubernetes/introduction/)
@@ -137,6 +183,17 @@ These features combined with our requirement for the HTTPS scheme are very power
 [OpenID Connect 1.0]: https://openid.net/
 [Pushed Authorization Requests]: https://oauth.net/2/pushed-authorization-requests/
 
+##### Client Authentication Method (Token Endpoint)
+
+This release will allow administrators to optionally configure the Client Authentication Method for the Token Endpoint,
+restricting the client usage of the token endpoint and paving the way to more advanced Client Authentication Methods.
+
+##### Additional Client Validations
+
+This release will add additional client configuration validations for various elements which are not technically
+compatible. It's important to note that these likely will become errors but are currently just warnings.
+
+
 ## Multi-Domain Protection
 
 In this release we are releasing the main implementation of the Multi-Domain Protection roadmap item.

docs/content/en/configuration/identity-providers/open-id-connect.md

@@ -375,7 +375,7 @@ The shared secret between Authelia and the application consuming this client. Th
 configured in the application.
 
 This secret must be generated by the administrator and can be done by following the
-[Generating Client Secrets](../../integration/openid-connect/specific-information.md#generating-client-secrets) guide.
+[How Do I Generate Client Secrets](../../integration/openid-connect/frequently-asked-questions.md#how-do-i-generate-client-secrets) FAQ.
 
 This must be provided when the client is a confidential client type, and must be blank when using the public client
 type. To set the client type to public see the [public](#public) configuration option.

docs/content/en/integration/openid-connect/frequently-asked-questions.md

@@ -1,7 +1,7 @@
 ---
-title: "Specific Information"
+title: "Frequently Asked Questions"
-description: "Specific information regarding integrating the Authelia OpenID Connect Provider with an OpenID Connect relying party"
+description: "Frequently Asked Questions regarding integrating the Authelia OpenID Connect Provider with an OpenID Connect relying party"
-lead: "Specific information regarding integrating the Authelia OpenID Connect Provider with an OpenID Connect relying party."
+lead: "Frequently Asked Questions regarding integrating the Authelia OpenID Connect Provider with an OpenID Connect relying party."
 date: 2022-10-20T15:27:09+11:00
 draft: false
 images: []
@@ -12,7 +12,7 @@ weight: 615
 toc: true
 ---
 
-## Generating Client Secrets
+## How do I generate client secrets?
 
 We strongly recommend the following guidelines for generating client secrets:
 
@@ -26,9 +26,12 @@ We strongly recommend the following guidelines for generating client secrets:
    when using it to access the token endpoint.
 
 Authelia provides an easy way to perform such actions via the [Generating a Random Password Hash] guide. Users can
-perform a command such as `authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72` command to
+perform a command such as
+`authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random-charset rfc3986` command to
 both generate a client secret with 72 characters which is printed and is to be used with the relying party and hash it
-using PBKDF2 which can be stored in the Authelia configuration.
+using PBKDF2 which can be stored in the Authelia configuration. This random command also avoids issues with a relying
+party / client application encoding the characters correctly as it uses the
+[RFC3986 Unreserved Characters](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3).
 
 [Generating a Random Password Hash]: ../../reference/guides/generating-secure-values.md#generating-a-random-password-hash
 
@@ -46,19 +49,16 @@ which case the secret should be encrypted and not be stored in plaintext. The mo
 client configurations will be stored in the database with the secret both salted and peppered.
 
 Authelia currently does not implement any of the specifications or protocols which require secrets being accessible in
-the clear such as most notibly the `client_secret_jwt` grant and currently we no plans to implement any of these. As
+the clear such as most notably the `client_secret_jwt` grant, we will however likely soon implement `client_secret_jwt`.
-such it's *__strongly discouraged and heavily deprecated__* and we instead recommended that users remove this from their
+We are however *__strongly discouraging__* and formally deprecating the use of plaintext client secrets for purposes
-configuration entirely and use the [Generating Client Secrets](#generating-client-secrets) guide. At such a time as we
+outside those required by specifications. We instead recommended that users remove this from their configuration
-support one of these protocols we will very likely only allow plaintext for clients configured expressly for this
+entirely and use the [How Do I Generate Client Secrets](#how-do-i-generate-client-secrets) FAQ.
-purpose i.e. a client that only allows `client_secret_jwt` and no other grants.
 
 Plaintext is either denoted by the `$plaintext$` prefix where everything after the prefix is the secret. In addition if
 the secret does not start with the `$` character it's considered as a plaintext secret for the time being but is
 deprecated as is the `$plaintext$` prefix.
 
-## Frequently Asked Questions
+## Why isn't my application able to retrieve the token even though I've consented?
-
-### Why isn't my application able to retrieve the token even though I've consented?
 
 The most common cause for this issue is when the affected application can not make requests to the Token [Endpoint].
 This becomes obvious when the log level is set to `debug` or `trace` and a presence of requests to the Authorization

docs/content/en/integration/openid-connect/nextcloud/index.md

@@ -33,6 +33,11 @@ This example makes the following assumptions:
 * __Client ID:__ `nextcloud`
 * __Client Secret:__ `insecure_secret`
 
+*__Important Note:__ it has been reported that some of the [Nextcloud] plugins do not properly encode the client secret.
+as such it's important to only use alphanumeric characters as well as the other
+[RFC3986 Unreserved Characters](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3). We recommend using the
+generating client secrets guidance above.*
+
 ## Configuration
 
 ### Application

docs/content/en/reference/guides/branding.md

@@ -15,17 +15,19 @@ toc: true
 ## Usage
 
 The images are currently licensed under the same [Apache 2.0](https://github.com/authelia/authelia/blob/master/LICENSE)
-as everything else in the repository. It is kindly requested however that with all of our branding that users only make
+as everything else in the repository. It is kindly requested however that with all of our branding that without explicit
-modifications that are in harmony with the following rules which are not intended to restrict usage unreasonably and are
+contrary permission users only use the images and only make modifications that are in harmony with the following rules
-only intended to preserve the Authelia branding identity:
+which are not intended to restrict usage unreasonably and are only intended to preserve the Authelia branding identity:
 
 1. They do not unreasonably alter the quality of the branding:
-    - Image size changes should be done only when the size is appropriate for the intended display scenario.
+   - Image size changes should be done only when the size is appropriate for the intended display scenario.
-    - Compression should not be applied overly aggressively for the intended display scenario.
+   - Compression should not be applied overly aggressively for the intended display scenario.
 2. The changes do not unreasonably alter the design of the branding and should fit one or more of the following
    categories:
    - Layout
    - Format
+3. They are not used in a way that would indicate affiliation or endorsement by Authelia.
+4. They are not used in exchange for trade or financial reimbursement as they are intellectual property of Authelia.
 
 Examples of changes which fit these categories include:
 

docs/content/en/reference/guides/frequently-asked-questions.md

@@ -14,4 +14,4 @@ toc: true
 
 ## Identity Providers
 
-- [OpenID Connect 1.0 Integration](../../integration/openid-connect/specific-information.md#frequently-asked-questions)
+- [OpenID Connect 1.0 Integration](../../integration/openid-connect/frequently-asked-questions.md)

docs/layouts/shortcodes/oidc-common.html

@@ -1,5 +1,5 @@
-{{ $specificinfo := "../specific-information/" }}{{ $config := "../../../configuration/identity-providers/open-id-connect.md" }}
+{{ $faq := "../frequently-asked-questions/" }}{{ $config := "../../../configuration/identity-providers/open-id-connect.md" }}
-{{- with .Get "specificinfo" }}{{ $specificinfo = . }}{{ end }}
+{{- with .Get "faq" }}{{ $faq = . }}{{ end }}
 {{- with .Get "config" }}{{ $config = . }}{{ end }}
 ### Common Notes
 
@@ -10,9 +10,9 @@
 2. The [OpenID Connect 1.0](https://openid.net/specs/openid-connect-core-1_0.html) `secret` parameter:
     1. The value used in this guide is merely for demonstration purposes and you *__should absolutely not__* use this in
        production and should instead utilize the
-       [Generating Client Secrets]({{ $specificinfo }}#generating-client-secrets) guide.
+       [How Do I Generate Client Secrets]({{ $faq }}#how-do-i-generate-client-secrets) FAQ.
     2. This string may be stored as plaintext in the Authelia configuration but this behaviour is deprecated and is not
-       guaranteed to be supported in the future. See the [Plaintext]({{ $specificinfo }}#plaintext) guide for more
+       guaranteed to be supported in the future. See the [Plaintext]({{ $faq }}#plaintext) guide for more
        information.
 3. The Configuration example for Authelia is only a portion of the required configuration and it should be used as a
    guide in conjunction with the standard [OpenID Connect 1.0 Configuration]({{ $config }}) guide.

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/fasthttp/session/v2 v2.4.17
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/go-asn1-ber/asn1-ber v1.5.4
-	github.com/go-crypt/crypt v0.2.6
+	github.com/go-crypt/crypt v0.2.7
 	github.com/go-ldap/ldap/v3 v3.4.4
 	github.com/go-rod/rod v0.112.8
 	github.com/go-sql-driver/mysql v1.7.0
@@ -70,7 +70,7 @@ require (
 	github.com/ecordell/optgen v0.0.6 // indirect
 	github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 // indirect
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/go-crypt/x v0.1.13 // indirect
+	github.com/go-crypt/x v0.2.0 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
 	github.com/go-webauthn/revoke v0.1.9 // indirect
 	github.com/golang/glog v1.0.0 // indirect

go.sum

@@ -126,10 +126,10 @@ github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrt
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
 github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
-github.com/go-crypt/crypt v0.2.6 h1:OlCSHwqbYnvcemB5N6uL/FlUJJAlQvmIWcJnodIZ1wU=
+github.com/go-crypt/crypt v0.2.7 h1:Ir6E59c1wrskJhpJXMqaynHA2xAxpGN7nQXlLkbpzR0=
-github.com/go-crypt/crypt v0.2.6/go.mod h1:rnVxiaVafgL1VsN/Pgt+mc2sn2wEozYUr4vS/94rHoI=
+github.com/go-crypt/crypt v0.2.7/go.mod h1:ulieouNs4qwFCq4wF61oyTQYXAXSoOv995EU4hcHwMU=
-github.com/go-crypt/x v0.1.13 h1:kQPfAfudCnpwSL6fS9d637v/QwEwnA6HEkE91yvzIC4=
+github.com/go-crypt/x v0.2.0 h1:rHMiKRAu6kFc+xAnQywDb3iHGpvrFbIGXnP3IfCZ+2U=
-github.com/go-crypt/x v0.1.13/go.mod h1:vKR4KobuL9RFa+Rts0zItk+u77AFyrvZSD/xQZ4zCpw=
+github.com/go-crypt/x v0.2.0/go.mod h1:uLo5o+Cc8nvahDASQpntR1g3ZMUoq2LM/859PkhykC4=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=

internal/configuration/decode_hooks.go

@@ -260,7 +260,7 @@ func StringToAddressHookFunc() mapstructure.DecodeHookFuncType {
 
 // StringToX509CertificateHookFunc decodes strings to x509.Certificate's.
 func StringToX509CertificateHookFunc() mapstructure.DecodeHookFuncType {
-	return func(f reflect.Type, t reflect.Type, data any) (value interface{}, err error) {
+	return func(f reflect.Type, t reflect.Type, data any) (value any, err error) {
 		if f.Kind() != reflect.String {
 			return data, nil
 		}
@@ -283,7 +283,7 @@ func StringToX509CertificateHookFunc() mapstructure.DecodeHookFuncType {
 			return result, nil
 		}
 
-		var i interface{}
+		var i any
 
 		if i, err = utils.ParseX509FromPEM([]byte(dataStr)); err != nil {
 			return nil, fmt.Errorf(errFmtDecodeHookCouldNotParseBasic, "*", expectedType, err)
@@ -300,7 +300,7 @@ func StringToX509CertificateHookFunc() mapstructure.DecodeHookFuncType {
 
 // StringToX509CertificateChainHookFunc decodes strings to schema.X509CertificateChain's.
 func StringToX509CertificateChainHookFunc() mapstructure.DecodeHookFuncType {
-	return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) {
+	return func(f reflect.Type, t reflect.Type, data any) (value any, err error) {
 		var ptr bool
 
 		if f.Kind() != reflect.String {
@@ -348,7 +348,7 @@ func StringToX509CertificateChainHookFunc() mapstructure.DecodeHookFuncType {
 
 // StringToTLSVersionHookFunc decodes strings to schema.TLSVersion's.
 func StringToTLSVersionHookFunc() mapstructure.DecodeHookFuncType {
-	return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) {
+	return func(f reflect.Type, t reflect.Type, data any) (value any, err error) {
 		var ptr bool
 
 		if f.Kind() != reflect.String {
@@ -388,7 +388,7 @@ func StringToTLSVersionHookFunc() mapstructure.DecodeHookFuncType {
 
 // StringToCryptoPrivateKeyHookFunc decodes strings to schema.CryptographicPrivateKey's.
 func StringToCryptoPrivateKeyHookFunc() mapstructure.DecodeHookFuncType {
-	return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) {
+	return func(f reflect.Type, t reflect.Type, data any) (value any, err error) {
 		if f.Kind() != reflect.String {
 			return data, nil
 		}
@@ -418,7 +418,7 @@ func StringToCryptoPrivateKeyHookFunc() mapstructure.DecodeHookFuncType {
 
 // StringToPrivateKeyHookFunc decodes strings to rsa.PrivateKey's.
 func StringToPrivateKeyHookFunc() mapstructure.DecodeHookFuncType {
-	return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) {
+	return func(f reflect.Type, t reflect.Type, data any) (value any, err error) {
 		if f.Kind() != reflect.String {
 			return data, nil
 		}
@@ -487,7 +487,7 @@ func StringToPrivateKeyHookFunc() mapstructure.DecodeHookFuncType {
 
 // StringToPasswordDigestHookFunc decodes a string into a crypt.Digest.
 func StringToPasswordDigestHookFunc() mapstructure.DecodeHookFuncType {
-	return func(f reflect.Type, t reflect.Type, data interface{}) (value interface{}, err error) {
+	return func(f reflect.Type, t reflect.Type, data any) (value any, err error) {
 		var ptr bool
 
 		if f.Kind() != reflect.String {

internal/configuration/koanf_provider_filtered_file.go

@@ -50,7 +50,7 @@ func (f *FilteredFile) ReadBytes() (data []byte, err error) {
 }
 
 // Read is not supported by the filtered file koanf.Provider.
-func (f *FilteredFile) Read() (map[string]interface{}, error) {
+func (f *FilteredFile) Read() (map[string]any, error) {
 	return nil, errors.New("filtered file provider does not support this method")
 }
 

internal/configuration/koanf_util.go

@@ -53,15 +53,15 @@ func koanfRemapKeys(val *schema.StructValidator, ko *koanf.Koanf, ds map[string]
 	return final, nil
 }
 
-func koanfRemapKeysStandard(keys map[string]any, val *schema.StructValidator, ds map[string]Deprecation) (keysFinal map[string]interface{}) {
+func koanfRemapKeysStandard(keys map[string]any, val *schema.StructValidator, ds map[string]Deprecation) (keysFinal map[string]any) {
 	var (
 		ok    bool
 		d     Deprecation
 		key   string
-		value interface{}
+		value any
 	)
 
-	keysFinal = make(map[string]interface{})
+	keysFinal = make(map[string]any)
 
 	for key, value = range keys {
 		if d, ok = ds[key]; ok {
@@ -93,35 +93,35 @@ func koanfRemapKeysStandard(keys map[string]any, val *schema.StructValidator, ds
 	return keysFinal
 }
 
-func koanfRemapKeysMapped(keys map[string]interface{}, val *schema.StructValidator, ds map[string]Deprecation) (keysFinal map[string]interface{}) {
+func koanfRemapKeysMapped(keys map[string]any, val *schema.StructValidator, ds map[string]Deprecation) (keysFinal map[string]any) {
 	var (
 		key           string
-		value         interface{}
+		value         any
-		slc, slcFinal []interface{}
+		slc, slcFinal []any
 		ok            bool
-		m             map[string]interface{}
+		m             map[string]any
 		d             Deprecation
 	)
 
-	keysFinal = make(map[string]interface{})
+	keysFinal = make(map[string]any)
 
 	for key, value = range keys {
-		if slc, ok = value.([]interface{}); !ok {
+		if slc, ok = value.([]any); !ok {
 			keysFinal[key] = value
 
 			continue
 		}
 
-		slcFinal = make([]interface{}, len(slc))
+		slcFinal = make([]any, len(slc))
 
 		for i, item := range slc {
-			if m, ok = item.(map[string]interface{}); !ok {
+			if m, ok = item.(map[string]any); !ok {
 				slcFinal[i] = item
 
 				continue
 			}
 
-			itemFinal := make(map[string]interface{})
+			itemFinal := make(map[string]any)
 
 			for subkey, element := range m {
 				prefix := fmt.Sprintf("%s[].", key)

internal/logging/printf.go

@@ -13,7 +13,7 @@ type PrintfLogger struct {
 }
 
 // Printf is the implementation of the interface.
-func (l *PrintfLogger) Printf(format string, args ...interface{}) {
+func (l *PrintfLogger) Printf(format string, args ...any) {
 	l.logrus.Logf(l.level, format, args...)
 }
 
@@ -24,6 +24,6 @@ type CtxPrintfLogger struct {
 }
 
 // Printf is the implementation of the interface.
-func (l *CtxPrintfLogger) Printf(_ context.Context, format string, args ...interface{}) {
+func (l *CtxPrintfLogger) Printf(_ context.Context, format string, args ...any) {
 	l.logrus.Logf(l.level, format, args...)
 }

internal/session/encrypting_serializer_test.go

@@ -9,7 +9,7 @@ import (
 )
 
 func TestShouldEncryptAndDecrypt(t *testing.T) {
-	payload := session.Dict{KV: map[string]interface{}{"key": "value"}}
+	payload := session.Dict{KV: map[string]any{"key": "value"}}
 
 	dst, err := payload.MarshalMsg(nil)
 	require.NoError(t, err)
@@ -28,7 +28,7 @@ func TestShouldEncryptAndDecrypt(t *testing.T) {
 }
 
 func TestShouldNotSupportUnencryptedSessionForBackwardCompatibility(t *testing.T) {
-	payload := session.Dict{KV: map[string]interface{}{"key": "value"}}
+	payload := session.Dict{KV: map[string]any{"key": "value"}}
 
 	dst, err := payload.MarshalMsg(nil)
 	require.NoError(t, err)

internal/utils/crypto_test.go

@@ -325,7 +325,7 @@ func TestShouldParseCurves(t *testing.T) {
 	}
 }
 
-func testMustBuildPrivateKey(b PrivateKeyBuilder) interface{} {
+func testMustBuildPrivateKey(b PrivateKeyBuilder) any {
 	k, err := b.Build()
 	if err != nil {
 		panic(err)
@@ -337,8 +337,8 @@ func testMustBuildPrivateKey(b PrivateKeyBuilder) interface{} {
 func TestPublicKeyFromPrivateKey(t *testing.T) {
 	testCases := []struct {
 		Name       string
-		PrivateKey interface{}
+		PrivateKey any
-		Expected   interface{}
+		Expected   any
 	}{
 		{
 			Name:       "RSA2048",

web/package.json

@@ -97,7 +97,7 @@
     "eslint-plugin-prettier": "4.2.1",
     "eslint-plugin-react": "7.32.2",
     "eslint-plugin-react-hooks": "4.6.0",
-    "happy-dom": "9.6.1",
+    "happy-dom": "9.7.1",
     "husky": "8.0.3",
     "prettier": "2.8.7",
     "react-test-renderer": "18.2.0",

web/pnpm-lock.yaml

@@ -157,8 +157,8 @@ devDependencies:
     specifier: 4.6.0
     version: 4.6.0(eslint@8.38.0)
   happy-dom:
-    specifier: 9.6.1
+    specifier: 9.7.1
-    version: 9.6.1
+    version: 9.7.1
   husky:
     specifier: 8.0.3
     version: 8.0.3
@@ -188,7 +188,7 @@ devDependencies:
     version: 4.2.0(typescript@5.0.4)(vite@4.2.1)
   vitest:
     specifier: 0.30.1
-    version: 0.30.1(happy-dom@9.6.1)
+    version: 0.30.1(happy-dom@9.7.1)
   vitest-preview:
     specifier: 0.0.1
     version: 0.0.1
@@ -3092,7 +3092,7 @@ packages:
       istanbul-lib-source-maps: 4.0.1
       istanbul-reports: 3.1.5
       test-exclude: 6.0.0
-      vitest: 0.30.1(happy-dom@9.6.1)
+      vitest: 0.30.1(happy-dom@9.7.1)
     transitivePeerDependencies:
       - supports-color
     dev: true
@@ -5095,8 +5095,8 @@ packages:
     resolution: {integrity: sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==}
     dev: true
 
-  /happy-dom@9.6.1:
+  /happy-dom@9.7.1:
-    resolution: {integrity: sha512-lbRsmw8toqKUCwMIZQtoTW/F3XGOovazC+sdTf+gire4ITx9mPUx2TrdCr/JbB1CF4QplCwdn3+p1/2O5slWDw==}
+    resolution: {integrity: sha512-C5KQXt5JA3Og1qNf32Zqg65Oj5DKe/IeeGo8269DKE4VFK8NZpOEBY1R6ofJLCqsaPppu1t73okYuh7CPJUB6A==}
     dependencies:
       css.escape: 1.5.1
       he: 1.2.0
@@ -7482,7 +7482,7 @@ packages:
       - terser
     dev: true
 
-  /vitest@0.30.1(happy-dom@9.6.1):
+  /vitest@0.30.1(happy-dom@9.7.1):
     resolution: {integrity: sha512-y35WTrSTlTxfMLttgQk4rHcaDkbHQwDP++SNwPb+7H8yb13Q3cu2EixrtHzF27iZ8v0XCciSsLg00RkPAzB/aA==}
     engines: {node: '>=v14.18.0'}
     peerDependencies:
@@ -7526,7 +7526,7 @@ packages:
       chai: 4.3.7
       concordance: 5.0.4
       debug: 4.3.4
-      happy-dom: 9.6.1
+      happy-dom: 9.7.1
       local-pkg: 0.4.3
       magic-string: 0.30.0
       pathe: 1.1.0