From f346d2da5b3ac370b5761e747496aa37903e3692 Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 10:18:20 +0200
Subject: [PATCH 1/9] move cert wizard pages

---
 .../SettingsCoreCertificateWizardPage.tsx     |  6 ++--
 ...rtificateWizardInternalUrlSettingsStep.tsx | 33 ++++++++++---------
 ...tificateWizardInternalUrlSslConfigStep.tsx | 22 ++++++-------
 ...ttingsCoreCertificateWizardSummaryStep.tsx | 12 +++----
 .../style.scss                                |  0
 .../types.ts                                  |  0
 .../useSettingsCoreCertificateWizardStore.ts  |  2 +-
 .../SettingsEdgeCertificateWizardPage.tsx     |  6 ++--
 ...rtificateWizardExternalUrlSettingsStep.tsx | 33 ++++++++++---------
 ...tificateWizardExternalUrlSslConfigStep.tsx | 28 ++++++++--------
 ...ttingsEdgeCertificateWizardSummaryStep.tsx | 12 +++----
 .../style.scss                                |  0
 .../types.ts                                  |  0
 .../useSettingsEdgeCertificateWizardStore.ts  |  2 +-
 .../SettingsCertificatesPage/utils.ts         | 10 ++++++
 .../_wizard/settings-core-certificate.tsx     |  2 +-
 .../_wizard/settings-edge-certificate.tsx     |  2 +-
 17 files changed, 91 insertions(+), 79 deletions(-)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx (92%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx (81%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx (68%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx (75%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/style.scss (100%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/types.ts (100%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts (95%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx (92%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx (83%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx (90%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx (75%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/style.scss (100%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/types.ts (100%)
 rename web/src/pages/{ => settings/SettingsCertificatesPage}/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts (95%)
 create mode 100644 web/src/pages/settings/SettingsCertificatesPage/utils.ts

diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx
similarity index 92%
rename from web/src/pages/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx
index f52d78efe..910b69fe6 100644
--- a/web/src/pages/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage.tsx
@@ -1,8 +1,8 @@
 import { useNavigate } from '@tanstack/react-router';
 import { type ReactNode, useEffect, useMemo } from 'react';
-import { m } from '../../paraglide/messages';
-import type { WizardPageStep } from '../../shared/components/wizard/types';
-import { WizardPage } from '../../shared/components/wizard/WizardPage/WizardPage';
+import { m } from '../../../../paraglide/messages';
+import type { WizardPageStep } from '../../../../shared/components/wizard/types';
+import { WizardPage } from '../../../../shared/components/wizard/WizardPage/WizardPage';
 import { SettingsCoreCertificateWizardInternalUrlSettingsStep } from './steps/SettingsCoreCertificateWizardInternalUrlSettingsStep';
 import { SettingsCoreCertificateWizardInternalUrlSslConfigStep } from './steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep';
 import { SettingsCoreCertificateWizardSummaryStep } from './steps/SettingsCoreCertificateWizardSummaryStep';
diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx
similarity index 81%
rename from web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx
index 967bc26a3..7d94ff3c9 100644
--- a/web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSettingsStep.tsx
@@ -1,20 +1,21 @@
 import { useMutation } from '@tanstack/react-query';
 import z from 'zod';
-import { m } from '../../../paraglide/messages';
-import api from '../../../shared/api/api';
-import type { InternalSslType } from '../../../shared/api/types';
-import { Controls } from '../../../shared/components/Controls/Controls';
-import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
-import { Button } from '../../../shared/defguard-ui/components/Button/Button';
-import { Divider } from '../../../shared/defguard-ui/components/Divider/Divider';
-import { Helper } from '../../../shared/defguard-ui/components/Helper/Helper';
-import { Radio } from '../../../shared/defguard-ui/components/Radio/Radio';
-import { SizedBox } from '../../../shared/defguard-ui/components/SizedBox/SizedBox';
-import { Snackbar } from '../../../shared/defguard-ui/providers/snackbar/snackbar';
-import { ThemeSpacing } from '../../../shared/defguard-ui/types';
-import { useAppForm } from '../../../shared/form';
-import { formChangeLogic } from '../../../shared/formLogic';
-import '../../SetupPage/autoAdoption/steps/style.scss';
+import { m } from '../../../../../paraglide/messages';
+import api from '../../../../../shared/api/api';
+import type { InternalSslType } from '../../../../../shared/api/types';
+import { Controls } from '../../../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
+import { Button } from '../../../../../shared/defguard-ui/components/Button/Button';
+import { Divider } from '../../../../../shared/defguard-ui/components/Divider/Divider';
+import { Helper } from '../../../../../shared/defguard-ui/components/Helper/Helper';
+import { Radio } from '../../../../../shared/defguard-ui/components/Radio/Radio';
+import { SizedBox } from '../../../../../shared/defguard-ui/components/SizedBox/SizedBox';
+import { Snackbar } from '../../../../../shared/defguard-ui/providers/snackbar/snackbar';
+import { ThemeSpacing } from '../../../../../shared/defguard-ui/types';
+import { useAppForm } from '../../../../../shared/form';
+import { formChangeLogic } from '../../../../../shared/formLogic';
+import '../../../../SetupPage/autoAdoption/steps/style.scss';
+import { getApiErrorMessage } from '../../utils';
 import { SettingsCoreCertificateWizardStep } from '../types';
 import { useSettingsCoreCertificateWizardStore } from '../useSettingsCoreCertificateWizardStore';
 
@@ -43,7 +44,7 @@ export const SettingsCoreCertificateWizardInternalUrlSettingsStep = () => {
       });
     },
     onError: (error) => {
-      Snackbar.error(m.settings_msg_save_failed());
+      Snackbar.error(getApiErrorMessage(error) ?? m.settings_msg_save_failed());
       console.error('Failed to save core internal URL settings:', error);
     },
   });
diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
similarity index 68%
rename from web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
index 68615ed19..5a6105376 100644
--- a/web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
@@ -1,16 +1,16 @@
 import { useQuery } from '@tanstack/react-query';
 import { useEffect } from 'react';
-import { m } from '../../../paraglide/messages';
-import api from '../../../shared/api/api';
-import { Controls } from '../../../shared/components/Controls/Controls';
-import { InternalSslResult } from '../../../shared/components/certificates/InternalSslResult/InternalSslResult';
-import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
-import { Button } from '../../../shared/defguard-ui/components/Button/Button';
-import { SizedBox } from '../../../shared/defguard-ui/components/SizedBox/SizedBox';
-import { ThemeSpacing } from '../../../shared/defguard-ui/types';
-import { downloadFile } from '../../../shared/utils/download';
-import caIcon from '../../SetupPage/assets/ca.png';
-import '../../SetupPage/autoAdoption/steps/style.scss';
+import { m } from '../../../../../paraglide/messages';
+import api from '../../../../../shared/api/api';
+import { Controls } from '../../../../../shared/components/Controls/Controls';
+import { InternalSslResult } from '../../../../../shared/components/certificates/InternalSslResult/InternalSslResult';
+import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
+import { Button } from '../../../../../shared/defguard-ui/components/Button/Button';
+import { SizedBox } from '../../../../../shared/defguard-ui/components/SizedBox/SizedBox';
+import { ThemeSpacing } from '../../../../../shared/defguard-ui/types';
+import { downloadFile } from '../../../../../shared/utils/download';
+import caIcon from '../../../../SetupPage/assets/ca.png';
+import '../../../../SetupPage/autoAdoption/steps/style.scss';
 import { SettingsCoreCertificateWizardStep } from '../types';
 import { useSettingsCoreCertificateWizardStore } from '../useSettingsCoreCertificateWizardStore';
 
diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
similarity index 75%
rename from web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
index 347883393..d0484929b 100644
--- a/web/src/pages/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
@@ -1,11 +1,11 @@
 import { useQueryClient } from '@tanstack/react-query';
 import { useNavigate } from '@tanstack/react-router';
-import { m } from '../../../paraglide/messages';
-import { Controls } from '../../../shared/components/Controls/Controls';
-import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
-import { Button } from '../../../shared/defguard-ui/components/Button/Button';
-import { SizedBox } from '../../../shared/defguard-ui/components/SizedBox/SizedBox';
-import { ThemeSpacing } from '../../../shared/defguard-ui/types';
+import { m } from '../../../../../paraglide/messages';
+import { Controls } from '../../../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
+import { Button } from '../../../../../shared/defguard-ui/components/Button/Button';
+import { SizedBox } from '../../../../../shared/defguard-ui/components/SizedBox/SizedBox';
+import { ThemeSpacing } from '../../../../../shared/defguard-ui/types';
 import { useSettingsCoreCertificateWizardStore } from '../useSettingsCoreCertificateWizardStore';
 import '../style.scss';
 
diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/style.scss b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/style.scss
similarity index 100%
rename from web/src/pages/SettingsCoreCertificateWizardPage/style.scss
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/style.scss
diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/types.ts b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/types.ts
similarity index 100%
rename from web/src/pages/SettingsCoreCertificateWizardPage/types.ts
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/types.ts
diff --git a/web/src/pages/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts
similarity index 95%
rename from web/src/pages/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts
index 44148f12b..3cec0c1f6 100644
--- a/web/src/pages/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/useSettingsCoreCertificateWizardStore.ts
@@ -1,5 +1,5 @@
 import { create } from 'zustand';
-import type { CertInfo, InternalSslType } from '../../shared/api/types';
+import type { CertInfo, InternalSslType } from '../../../../shared/api/types';
 import {
   SettingsCoreCertificateWizardStep,
   type SettingsCoreCertificateWizardStepValue,
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx
similarity index 92%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx
index 349110d0b..a53362b18 100644
--- a/web/src/pages/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage.tsx
@@ -1,8 +1,8 @@
 import { useNavigate } from '@tanstack/react-router';
 import { type ReactNode, useEffect, useMemo } from 'react';
-import { m } from '../../paraglide/messages';
-import type { WizardPageStep } from '../../shared/components/wizard/types';
-import { WizardPage } from '../../shared/components/wizard/WizardPage/WizardPage';
+import { m } from '../../../../paraglide/messages';
+import type { WizardPageStep } from '../../../../shared/components/wizard/types';
+import { WizardPage } from '../../../../shared/components/wizard/WizardPage/WizardPage';
 import { SettingsEdgeCertificateWizardExternalUrlSettingsStep } from './steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep';
 import { SettingsEdgeCertificateWizardExternalUrlSslConfigStep } from './steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep';
 import { SettingsEdgeCertificateWizardSummaryStep } from './steps/SettingsEdgeCertificateWizardSummaryStep';
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx
similarity index 83%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx
index f6928dc63..9ae62d3b2 100644
--- a/web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSettingsStep.tsx
@@ -1,20 +1,21 @@
 import { useMutation } from '@tanstack/react-query';
 import z from 'zod';
-import { m } from '../../../paraglide/messages';
-import api from '../../../shared/api/api';
-import type { ExternalSslType } from '../../../shared/api/types';
-import { Controls } from '../../../shared/components/Controls/Controls';
-import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
-import { Button } from '../../../shared/defguard-ui/components/Button/Button';
-import { Divider } from '../../../shared/defguard-ui/components/Divider/Divider';
-import { Helper } from '../../../shared/defguard-ui/components/Helper/Helper';
-import { Radio } from '../../../shared/defguard-ui/components/Radio/Radio';
-import { SizedBox } from '../../../shared/defguard-ui/components/SizedBox/SizedBox';
-import { Snackbar } from '../../../shared/defguard-ui/providers/snackbar/snackbar';
-import { ThemeSpacing } from '../../../shared/defguard-ui/types';
-import { useAppForm } from '../../../shared/form';
-import { formChangeLogic } from '../../../shared/formLogic';
-import '../../SetupPage/autoAdoption/steps/style.scss';
+import { m } from '../../../../../paraglide/messages';
+import api from '../../../../../shared/api/api';
+import type { ExternalSslType } from '../../../../../shared/api/types';
+import { Controls } from '../../../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
+import { Button } from '../../../../../shared/defguard-ui/components/Button/Button';
+import { Divider } from '../../../../../shared/defguard-ui/components/Divider/Divider';
+import { Helper } from '../../../../../shared/defguard-ui/components/Helper/Helper';
+import { Radio } from '../../../../../shared/defguard-ui/components/Radio/Radio';
+import { SizedBox } from '../../../../../shared/defguard-ui/components/SizedBox/SizedBox';
+import { Snackbar } from '../../../../../shared/defguard-ui/providers/snackbar/snackbar';
+import { ThemeSpacing } from '../../../../../shared/defguard-ui/types';
+import { useAppForm } from '../../../../../shared/form';
+import { formChangeLogic } from '../../../../../shared/formLogic';
+import '../../../../SetupPage/autoAdoption/steps/style.scss';
+import { getApiErrorMessage } from '../../utils';
 import { SettingsEdgeCertificateWizardStep } from '../types';
 import { useSettingsEdgeCertificateWizardStore } from '../useSettingsEdgeCertificateWizardStore';
 
@@ -43,7 +44,7 @@ export const SettingsEdgeCertificateWizardExternalUrlSettingsStep = () => {
       });
     },
     onError: (error) => {
-      Snackbar.error(m.settings_msg_save_failed());
+      Snackbar.error(getApiErrorMessage(error) ?? m.settings_msg_save_failed());
       console.error('Failed to save edge external URL settings:', error);
     },
   });
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
similarity index 90%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
index ea03ce288..a871a0a5e 100644
--- a/web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
@@ -1,19 +1,19 @@
 import { useQuery } from '@tanstack/react-query';
 import { useCallback, useEffect, useState } from 'react';
-import { m } from '../../../paraglide/messages';
-import api from '../../../shared/api/api';
-import { Controls } from '../../../shared/components/Controls/Controls';
-import { LoadingStep } from '../../../shared/components/LoadingStep/LoadingStep';
-import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
-import { Button } from '../../../shared/defguard-ui/components/Button/Button';
-import { CodeCard } from '../../../shared/defguard-ui/components/CodeCard/CodeCard';
-import { Divider } from '../../../shared/defguard-ui/components/Divider/Divider';
-import { SizedBox } from '../../../shared/defguard-ui/components/SizedBox/SizedBox';
-import { ThemeSpacing } from '../../../shared/defguard-ui/types';
-import { useSSEController } from '../../../shared/hooks/useSSEController';
-import { downloadFile } from '../../../shared/utils/download';
-import caIcon from '../../SetupPage/assets/ca.png';
-import '../../SetupPage/autoAdoption/steps/style.scss';
+import { m } from '../../../../../paraglide/messages';
+import api from '../../../../../shared/api/api';
+import { Controls } from '../../../../../shared/components/Controls/Controls';
+import { LoadingStep } from '../../../../../shared/components/LoadingStep/LoadingStep';
+import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
+import { Button } from '../../../../../shared/defguard-ui/components/Button/Button';
+import { CodeCard } from '../../../../../shared/defguard-ui/components/CodeCard/CodeCard';
+import { Divider } from '../../../../../shared/defguard-ui/components/Divider/Divider';
+import { SizedBox } from '../../../../../shared/defguard-ui/components/SizedBox/SizedBox';
+import { ThemeSpacing } from '../../../../../shared/defguard-ui/types';
+import { useSSEController } from '../../../../../shared/hooks/useSSEController';
+import { downloadFile } from '../../../../../shared/utils/download';
+import caIcon from '../../../../SetupPage/assets/ca.png';
+import '../../../../SetupPage/autoAdoption/steps/style.scss';
 import { SettingsEdgeCertificateWizardStep } from '../types';
 import { useSettingsEdgeCertificateWizardStore } from '../useSettingsEdgeCertificateWizardStore';
 
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx
similarity index 75%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx
index 1c6c4c811..afe566208 100644
--- a/web/src/pages/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardSummaryStep.tsx
@@ -1,11 +1,11 @@
 import { useQueryClient } from '@tanstack/react-query';
 import { useNavigate } from '@tanstack/react-router';
-import { m } from '../../../paraglide/messages';
-import { Controls } from '../../../shared/components/Controls/Controls';
-import { WizardCard } from '../../../shared/components/wizard/WizardCard/WizardCard';
-import { Button } from '../../../shared/defguard-ui/components/Button/Button';
-import { SizedBox } from '../../../shared/defguard-ui/components/SizedBox/SizedBox';
-import { ThemeSpacing } from '../../../shared/defguard-ui/types';
+import { m } from '../../../../../paraglide/messages';
+import { Controls } from '../../../../../shared/components/Controls/Controls';
+import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
+import { Button } from '../../../../../shared/defguard-ui/components/Button/Button';
+import { SizedBox } from '../../../../../shared/defguard-ui/components/SizedBox/SizedBox';
+import { ThemeSpacing } from '../../../../../shared/defguard-ui/types';
 import { useSettingsEdgeCertificateWizardStore } from '../useSettingsEdgeCertificateWizardStore';
 import '../style.scss';
 
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/style.scss b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/style.scss
similarity index 100%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/style.scss
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/style.scss
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/types.ts b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/types.ts
similarity index 100%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/types.ts
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/types.ts
diff --git a/web/src/pages/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts
similarity index 95%
rename from web/src/pages/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts
rename to web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts
index 8dc123b11..1a36eca44 100644
--- a/web/src/pages/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/useSettingsEdgeCertificateWizardStore.ts
@@ -1,5 +1,5 @@
 import { create } from 'zustand';
-import type { CertInfo, ExternalSslType } from '../../shared/api/types';
+import type { CertInfo, ExternalSslType } from '../../../../shared/api/types';
 import {
   SettingsEdgeCertificateWizardStep,
   type SettingsEdgeCertificateWizardStepValue,
diff --git a/web/src/pages/settings/SettingsCertificatesPage/utils.ts b/web/src/pages/settings/SettingsCertificatesPage/utils.ts
new file mode 100644
index 000000000..40b11b6b7
--- /dev/null
+++ b/web/src/pages/settings/SettingsCertificatesPage/utils.ts
@@ -0,0 +1,10 @@
+import axios from 'axios';
+
+export const getApiErrorMessage = (error: unknown): string | null => {
+  if (axios.isAxiosError(error)) {
+    const message = error.response?.data?.msg;
+    return typeof message === 'string' ? message : null;
+  }
+
+  return null;
+};
diff --git a/web/src/routes/_authorized/_wizard/settings-core-certificate.tsx b/web/src/routes/_authorized/_wizard/settings-core-certificate.tsx
index 2aa4e8066..ec2d11e7c 100644
--- a/web/src/routes/_authorized/_wizard/settings-core-certificate.tsx
+++ b/web/src/routes/_authorized/_wizard/settings-core-certificate.tsx
@@ -1,5 +1,5 @@
 import { createFileRoute } from '@tanstack/react-router';
-import { SettingsCoreCertificateWizardPage } from '../../../pages/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage';
+import { SettingsCoreCertificateWizardPage } from '../../../pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/SettingsCoreCertificateWizardPage';
 
 export const Route = createFileRoute('/_authorized/_wizard/settings-core-certificate')({
   component: SettingsCoreCertificateWizardPage,
diff --git a/web/src/routes/_authorized/_wizard/settings-edge-certificate.tsx b/web/src/routes/_authorized/_wizard/settings-edge-certificate.tsx
index a05af6bc1..c7d43e1e4 100644
--- a/web/src/routes/_authorized/_wizard/settings-edge-certificate.tsx
+++ b/web/src/routes/_authorized/_wizard/settings-edge-certificate.tsx
@@ -1,5 +1,5 @@
 import { createFileRoute } from '@tanstack/react-router';
-import { SettingsEdgeCertificateWizardPage } from '../../../pages/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage';
+import { SettingsEdgeCertificateWizardPage } from '../../../pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/SettingsEdgeCertificateWizardPage';
 
 export const Route = createFileRoute('/_authorized/_wizard/settings-edge-certificate')({
   component: SettingsEdgeCertificateWizardPage,

From b4d35621529f9e7ebf3834cb9d5c5dbdcf2d8191 Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 10:43:23 +0200
Subject: [PATCH 2/9] validate dates when uploading a certificate

---
 crates/defguard_core/src/cert_settings.rs     | 97 ++++++++++++-------
 .../tests/integration/api/common/mod.rs       | 12 +++
 .../tests/integration/api/core_certs.rs       | 35 +++++--
 .../tests/integration/api/proxy_certs.rs      | 33 +++++--
 4 files changed, 122 insertions(+), 55 deletions(-)

diff --git a/crates/defguard_core/src/cert_settings.rs b/crates/defguard_core/src/cert_settings.rs
index 586468e68..b418c9c9f 100644
--- a/crates/defguard_core/src/cert_settings.rs
+++ b/crates/defguard_core/src/cert_settings.rs
@@ -1,7 +1,7 @@
 use axum_server::tls_rustls::RustlsConfig;
 use defguard_certs::{
-    CertificateAuthority, CertificateInfo, Csr, DnType, PemLabel, der_to_pem, generate_key_pair,
-    parse_pem_certificate,
+	CertificateAuthority, CertificateInfo, Csr, DnType, PemLabel, der_to_pem, generate_key_pair,
+	parse_pem_certificate,
 };
 use defguard_common::db::models::{
     Certificates, CoreCertSource, ProxyCertSource, settings::update_current_settings,
@@ -12,14 +12,43 @@ use utoipa::ToSchema;
 
 use crate::error::WebError;
 
-/// Ensures cert & key pair are valid to avoid bricking the web server after restart.
-async fn validate_uploaded_cert_pair(cert_pem: &str, key_pem: &str) -> Result<(), WebError> {
-    let _ = rustls::crypto::ring::default_provider().install_default();
+fn validate_cert_validity(info: &CertificateInfo) -> Result<(), WebError> {
+	let now = chrono::Utc::now().naive_utc();
 
-    RustlsConfig::from_pem(cert_pem.as_bytes().to_vec(), key_pem.as_bytes().to_vec())
-        .await
-        .map(|_| ())
-        .map_err(|_| WebError::BadRequest("Invalid certificate or private key PEM".to_string()))
+	if info.not_after <= info.not_before {
+		return Err(WebError::BadRequest(
+			"Certificate validity period is invalid".to_string(),
+		));
+	}
+
+	if info.not_after <= now {
+		return Err(WebError::BadRequest(
+			"Certificate has expired".to_string(),
+		));
+	}
+
+	if info.not_before > now {
+		return Err(WebError::BadRequest(
+			"Certificate is not valid yet".to_string(),
+		));
+	}
+
+	Ok(())
+}
+
+/// Parses an uploaded certificate, validates its key pair, and rejects invalid validity windows.
+async fn parse_cert(cert_pem: &str, key_pem: &str) -> Result<CertificateInfo, WebError> {
+	let _ = rustls::crypto::ring::default_provider().install_default();
+
+	RustlsConfig::from_pem(cert_pem.as_bytes().to_vec(), key_pem.as_bytes().to_vec())
+		.await
+		.map_err(|_| WebError::BadRequest("Invalid certificate or private key PEM".to_string()))?;
+
+	let cert_der = parse_pem_certificate(cert_pem)?;
+	let info = CertificateInfo::from_der(cert_der.as_ref())?;
+	validate_cert_validity(&info)?;
+
+	Ok(info)
 }
 
 /// SSL configuration type for Defguard's internal (core) web server.
@@ -142,20 +171,17 @@ pub async fn apply_internal_url_settings(
                 not_after: info.not_after.to_string(),
             })
         }
-        InternalSslType::OwnCert => {
-            let cert_pem_str = config.cert_pem.ok_or_else(|| {
-                WebError::BadRequest("cert_pem is required for own_cert".to_string())
-            })?;
-            let key_pem_str = config.key_pem.ok_or_else(|| {
-                WebError::BadRequest("key_pem is required for own_cert".to_string())
-            })?;
-
-            validate_uploaded_cert_pair(&cert_pem_str, &key_pem_str).await?;
-
-            let cert_der = parse_pem_certificate(&cert_pem_str)?;
-            let info = CertificateInfo::from_der(cert_der.as_ref())?;
-            let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
-            let expiry = info.not_after;
+		InternalSslType::OwnCert => {
+			let cert_pem_str = config.cert_pem.ok_or_else(|| {
+				WebError::BadRequest("cert_pem is required for own_cert".to_string())
+			})?;
+			let key_pem_str = config.key_pem.ok_or_else(|| {
+				WebError::BadRequest("key_pem is required for own_cert".to_string())
+			})?;
+
+			let info = parse_cert(&cert_pem_str, &key_pem_str).await?;
+			let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
+			let expiry = info.not_after;
 
             certs.core_http_cert_source = CoreCertSource::Custom;
             certs.core_http_cert_pem = Some(cert_pem_str);
@@ -267,20 +293,17 @@ pub async fn apply_external_url_settings(
                 not_after: info.not_after.to_string(),
             })
         }
-        ExternalSslType::OwnCert => {
-            let cert_pem_str = config.cert_pem.ok_or_else(|| {
-                WebError::BadRequest("cert_pem is required for own_cert".to_string())
-            })?;
-            let key_pem_str = config.key_pem.ok_or_else(|| {
-                WebError::BadRequest("key_pem is required for own_cert".to_string())
-            })?;
-
-            validate_uploaded_cert_pair(&cert_pem_str, &key_pem_str).await?;
-
-            let cert_der = parse_pem_certificate(&cert_pem_str)?;
-            let info = CertificateInfo::from_der(cert_der.as_ref())?;
-            let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
-            let expiry = info.not_after;
+		ExternalSslType::OwnCert => {
+			let cert_pem_str = config.cert_pem.ok_or_else(|| {
+				WebError::BadRequest("cert_pem is required for own_cert".to_string())
+			})?;
+			let key_pem_str = config.key_pem.ok_or_else(|| {
+				WebError::BadRequest("key_pem is required for own_cert".to_string())
+			})?;
+
+			let info = parse_cert(&cert_pem_str, &key_pem_str).await?;
+			let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
+			let expiry = info.not_after;
 
             certs.proxy_http_cert_source = ProxyCertSource::Custom;
             certs.acme_domain = None;
diff --git a/crates/defguard_core/tests/integration/api/common/mod.rs b/crates/defguard_core/tests/integration/api/common/mod.rs
index 700924dc2..495f193bb 100644
--- a/crates/defguard_core/tests/integration/api/common/mod.rs
+++ b/crates/defguard_core/tests/integration/api/common/mod.rs
@@ -261,6 +261,18 @@ pub(crate) fn generate_test_cert_pem(common_name: &str) -> (String, String) {
     (cert_pem, key_pem)
 }
 
+pub(crate) fn generate_expired_test_cert_pem(common_name: &str) -> (String, String) {
+	let ca = CertificateAuthority::new("Test CA", "test@example.com", 365).unwrap();
+	let key_pair = generate_key_pair().unwrap();
+	let san = vec![common_name.to_string()];
+	let dn = vec![(DnType::CommonName, common_name)];
+	let csr = Csr::new(&key_pair, &san, dn).unwrap();
+	let cert = ca.sign_csr_with_validity(&csr, 0).unwrap();
+	let cert_pem = der_to_pem(cert.der(), PemLabel::Certificate).unwrap();
+	let key_pem = der_to_pem(key_pair.serialize_der().as_slice(), PemLabel::PrivateKey).unwrap();
+	(cert_pem, key_pem)
+}
+
 /// Set minimal SMTP fields on a [`Settings`] so that `smtp_configured()` returns `true`.
 pub(crate) fn configure_smtp(settings: &mut Settings) {
     settings.smtp_server = Some("smtp.example.com".into());
diff --git a/crates/defguard_core/tests/integration/api/core_certs.rs b/crates/defguard_core/tests/integration/api/core_certs.rs
index a46aae51e..d9b537c63 100644
--- a/crates/defguard_core/tests/integration/api/core_certs.rs
+++ b/crates/defguard_core/tests/integration/api/core_certs.rs
@@ -7,7 +7,9 @@ use reqwest::StatusCode;
 use serde_json::json;
 use sqlx::postgres::{PgConnectOptions, PgPoolOptions};
 
-use super::common::{generate_test_cert_pem, make_test_client, setup_pool};
+use super::common::{
+	generate_expired_test_cert_pem, generate_test_cert_pem, make_test_client, setup_pool,
+};
 
 async fn seed_ca(pool: &sqlx::PgPool) {
     let ca = CertificateAuthority::new("Test CA", "test@example.com", 365).unwrap();
@@ -78,10 +80,10 @@ async fn test_internal_url_settings_endpoint(_: PgPoolOptions, options: PgConnec
     );
 
     let (cert_pem, key_pem) = generate_test_cert_pem("uploaded.example.com");
-    let response = client
-        .post("/api/v1/core/cert/internal_url_settings")
-        .json(&json!({
-            "ssl_type": "own_cert",
+	let response = client
+		.post("/api/v1/core/cert/internal_url_settings")
+		.json(&json!({
+			"ssl_type": "own_cert",
             "cert_pem": cert_pem,
             "key_pem": key_pem
         }))
@@ -113,8 +115,23 @@ async fn test_internal_url_settings_endpoint(_: PgPoolOptions, options: PgConnec
         .json(&json!({
             "ssl_type": "own_cert",
             "cert_pem": "-----BEGIN CERTIFICATE-----\nfake\n-----END CERTIFICATE-----\n"
-        }))
-        .send()
-        .await;
-    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+		}))
+		.send()
+		.await;
+	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+
+	let (expired_cert_pem, expired_key_pem) =
+		generate_expired_test_cert_pem("expired.example.com");
+	let response = client
+		.post("/api/v1/core/cert/internal_url_settings")
+		.json(&json!({
+			"ssl_type": "own_cert",
+			"cert_pem": expired_cert_pem,
+			"key_pem": expired_key_pem
+		}))
+		.send()
+		.await;
+	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+	let body: serde_json::Value = response.json().await;
+	assert_eq!(body["msg"], "Certificate has expired");
 }
diff --git a/crates/defguard_core/tests/integration/api/proxy_certs.rs b/crates/defguard_core/tests/integration/api/proxy_certs.rs
index 619906077..d4038c00d 100644
--- a/crates/defguard_core/tests/integration/api/proxy_certs.rs
+++ b/crates/defguard_core/tests/integration/api/proxy_certs.rs
@@ -48,7 +48,7 @@ use tokio::{
     },
 };
 
-use super::common::{client::TestClient, generate_test_cert_pem};
+use super::common::{client::TestClient, generate_expired_test_cert_pem, generate_test_cert_pem};
 use crate::common::{init_config, initialize_users};
 
 // Mock: captures messages sent to the proxy manager channel.
@@ -276,10 +276,10 @@ async fn test_external_url_settings_endpoint(_: PgPoolOptions, opts: PgConnectOp
     let (cert_pem, key_pem) = generate_test_cert_pem("uploaded-edge.example.com");
     let expected_cert_pem = cert_pem.clone();
     let expected_key_pem = key_pem.clone();
-    let response = client
-        .post("/api/v1/proxy/cert/external_url_settings")
-        .json(&json!({
-            "ssl_type": "own_cert",
+	let response = client
+		.post("/api/v1/proxy/cert/external_url_settings")
+		.json(&json!({
+			"ssl_type": "own_cert",
             "cert_pem": cert_pem,
             "key_pem": key_pem
         }))
@@ -320,8 +320,23 @@ async fn test_external_url_settings_endpoint(_: PgPoolOptions, opts: PgConnectOp
         .json(&json!({
             "ssl_type": "own_cert",
             "cert_pem": "-----BEGIN CERTIFICATE-----\nfake\n-----END CERTIFICATE-----\n"
-        }))
-        .send()
-        .await;
-    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+		}))
+		.send()
+		.await;
+	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+
+	let (expired_cert_pem, expired_key_pem) =
+		generate_expired_test_cert_pem("expired-edge.example.com");
+	let response = client
+		.post("/api/v1/proxy/cert/external_url_settings")
+		.json(&json!({
+			"ssl_type": "own_cert",
+			"cert_pem": expired_cert_pem,
+			"key_pem": expired_key_pem
+		}))
+		.send()
+		.await;
+	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+	let body: serde_json::Value = response.json().await;
+	assert_eq!(body["msg"], "Certificate has expired");
 }

From 5456b7277fb9eadc14dac95624e55e9e791f890e Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 10:58:31 +0200
Subject: [PATCH 3/9] refactor cert validation

---
 crates/defguard_core/src/cert_settings.rs | 102 ++++++++++------------
 1 file changed, 48 insertions(+), 54 deletions(-)

diff --git a/crates/defguard_core/src/cert_settings.rs b/crates/defguard_core/src/cert_settings.rs
index b418c9c9f..00777d7f6 100644
--- a/crates/defguard_core/src/cert_settings.rs
+++ b/crates/defguard_core/src/cert_settings.rs
@@ -1,7 +1,7 @@
 use axum_server::tls_rustls::RustlsConfig;
 use defguard_certs::{
-	CertificateAuthority, CertificateInfo, Csr, DnType, PemLabel, der_to_pem, generate_key_pair,
-	parse_pem_certificate,
+    CertificateAuthority, CertificateInfo, Csr, DnType, PemLabel, der_to_pem, generate_key_pair,
+    parse_pem_certificate,
 };
 use defguard_common::db::models::{
     Certificates, CoreCertSource, ProxyCertSource, settings::update_current_settings,
@@ -12,43 +12,37 @@ use utoipa::ToSchema;
 
 use crate::error::WebError;
 
-fn validate_cert_validity(info: &CertificateInfo) -> Result<(), WebError> {
-	let now = chrono::Utc::now().naive_utc();
+/// Parses an uploaded certificate, validates its key pair, and rejects invalid validity windows.
+async fn parse_cert(cert_pem: &str, key_pem: &str) -> Result<CertificateInfo, WebError> {
+    let _ = rustls::crypto::ring::default_provider().install_default();
 
-	if info.not_after <= info.not_before {
-		return Err(WebError::BadRequest(
-			"Certificate validity period is invalid".to_string(),
-		));
-	}
+    RustlsConfig::from_pem(cert_pem.as_bytes().to_vec(), key_pem.as_bytes().to_vec())
+        .await
+        .map_err(|_| WebError::BadRequest("Invalid certificate or private key PEM".to_string()))?;
 
-	if info.not_after <= now {
-		return Err(WebError::BadRequest(
-			"Certificate has expired".to_string(),
-		));
-	}
+    let cert_der = parse_pem_certificate(cert_pem)?;
+    let info = CertificateInfo::from_der(cert_der.as_ref())?;
 
-	if info.not_before > now {
-		return Err(WebError::BadRequest(
-			"Certificate is not valid yet".to_string(),
-		));
-	}
+    // Validate cert dates
+    let now = chrono::Utc::now().naive_utc();
 
-	Ok(())
-}
+    if info.not_after <= info.not_before {
+        return Err(WebError::BadRequest(
+            "Certificate validity period is invalid".to_string(),
+        ));
+    }
 
-/// Parses an uploaded certificate, validates its key pair, and rejects invalid validity windows.
-async fn parse_cert(cert_pem: &str, key_pem: &str) -> Result<CertificateInfo, WebError> {
-	let _ = rustls::crypto::ring::default_provider().install_default();
-
-	RustlsConfig::from_pem(cert_pem.as_bytes().to_vec(), key_pem.as_bytes().to_vec())
-		.await
-		.map_err(|_| WebError::BadRequest("Invalid certificate or private key PEM".to_string()))?;
+    if info.not_after <= now {
+        return Err(WebError::BadRequest("Certificate has expired".to_string()));
+    }
 
-	let cert_der = parse_pem_certificate(cert_pem)?;
-	let info = CertificateInfo::from_der(cert_der.as_ref())?;
-	validate_cert_validity(&info)?;
+    if info.not_before > now {
+        return Err(WebError::BadRequest(
+            "Certificate is not valid yet".to_string(),
+        ));
+    }
 
-	Ok(info)
+    Ok(info)
 }
 
 /// SSL configuration type for Defguard's internal (core) web server.
@@ -171,17 +165,17 @@ pub async fn apply_internal_url_settings(
                 not_after: info.not_after.to_string(),
             })
         }
-		InternalSslType::OwnCert => {
-			let cert_pem_str = config.cert_pem.ok_or_else(|| {
-				WebError::BadRequest("cert_pem is required for own_cert".to_string())
-			})?;
-			let key_pem_str = config.key_pem.ok_or_else(|| {
-				WebError::BadRequest("key_pem is required for own_cert".to_string())
-			})?;
-
-			let info = parse_cert(&cert_pem_str, &key_pem_str).await?;
-			let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
-			let expiry = info.not_after;
+        InternalSslType::OwnCert => {
+            let cert_pem_str = config.cert_pem.ok_or_else(|| {
+                WebError::BadRequest("cert_pem is required for own_cert".to_string())
+            })?;
+            let key_pem_str = config.key_pem.ok_or_else(|| {
+                WebError::BadRequest("key_pem is required for own_cert".to_string())
+            })?;
+
+            let info = parse_cert(&cert_pem_str, &key_pem_str).await?;
+            let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
+            let expiry = info.not_after;
 
             certs.core_http_cert_source = CoreCertSource::Custom;
             certs.core_http_cert_pem = Some(cert_pem_str);
@@ -293,17 +287,17 @@ pub async fn apply_external_url_settings(
                 not_after: info.not_after.to_string(),
             })
         }
-		ExternalSslType::OwnCert => {
-			let cert_pem_str = config.cert_pem.ok_or_else(|| {
-				WebError::BadRequest("cert_pem is required for own_cert".to_string())
-			})?;
-			let key_pem_str = config.key_pem.ok_or_else(|| {
-				WebError::BadRequest("key_pem is required for own_cert".to_string())
-			})?;
-
-			let info = parse_cert(&cert_pem_str, &key_pem_str).await?;
-			let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
-			let expiry = info.not_after;
+        ExternalSslType::OwnCert => {
+            let cert_pem_str = config.cert_pem.ok_or_else(|| {
+                WebError::BadRequest("cert_pem is required for own_cert".to_string())
+            })?;
+            let key_pem_str = config.key_pem.ok_or_else(|| {
+                WebError::BadRequest("key_pem is required for own_cert".to_string())
+            })?;
+
+            let info = parse_cert(&cert_pem_str, &key_pem_str).await?;
+            let valid_for_days = (info.not_after.and_utc() - chrono::Utc::now()).num_days();
+            let expiry = info.not_after;
 
             certs.proxy_http_cert_source = ProxyCertSource::Custom;
             certs.acme_domain = None;

From ab651bd1184fe01bf91083acb73b62f628cc2474 Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 11:04:49 +0200
Subject: [PATCH 4/9] remove back buttons

---
 ...ettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx | 5 -----
 ...ettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx | 6 ------
 2 files changed, 11 deletions(-)

diff --git a/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
index 5a6105376..684b3d65b 100644
--- a/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardInternalUrlSslConfigStep.tsx
@@ -53,11 +53,6 @@ export const SettingsCoreCertificateWizardInternalUrlSslConfigStep = () => {
       />
       <SizedBox height={ThemeSpacing.Xl3} />
       <Controls>
-        <Button
-          text={m.controls_back()}
-          variant="outlined"
-          onClick={() => useSettingsCoreCertificateWizardStore.getState().back()}
-        />
         <div className="right">
           <Button
             text={m.controls_continue()}
diff --git a/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
index a871a0a5e..c06b30bcd 100644
--- a/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsEdgeCertificateWizardPage/steps/SettingsEdgeCertificateWizardExternalUrlSslConfigStep.tsx
@@ -307,12 +307,6 @@ export const SettingsEdgeCertificateWizardExternalUrlSslConfigStep = () => {
       {renderContent()}
       <SizedBox height={ThemeSpacing.Xl3} />
       <Controls>
-        <Button
-          text={m.controls_back()}
-          variant="outlined"
-          onClick={() => useSettingsEdgeCertificateWizardStore.getState().back()}
-          disabled={isLetsEncryptProcessing}
-        />
         <div className="right">
           <Button
             text={m.controls_continue()}

From 1490290cc5964078b0e2ab6ab16980bf5839d7ed Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 11:17:21 +0200
Subject: [PATCH 5/9] pnpm update

---
 web/package.json   |  18 +--
 web/pnpm-lock.yaml | 363 +++++++++++++++++++--------------------------
 2 files changed, 159 insertions(+), 222 deletions(-)

diff --git a/web/package.json b/web/package.json
index fb7361751..e225adc7a 100644
--- a/web/package.json
+++ b/web/package.json
@@ -23,9 +23,9 @@
     "@shortercode/webzip": "1.1.1-0",
     "@stablelib/base64": "^2.0.1",
     "@stablelib/x25519": "^2.0.1",
-    "@tanstack/react-form": "^1.28.6",
-    "@tanstack/react-query": "^5.97.0",
-    "@tanstack/react-router": "^1.168.10",
+    "@tanstack/react-form": "^1.29.0",
+    "@tanstack/react-query": "^5.99.0",
+    "@tanstack/react-router": "^1.168.21",
     "@tanstack/react-table": "^8.21.3",
     "@tanstack/react-virtual": "^3.13.23",
     "@uidotdev/usehooks": "^2.4.1",
@@ -58,9 +58,9 @@
     "@inlang/paraglide-js": "2.15.0",
     "@tanstack/devtools-vite": "^0.6.0",
     "@tanstack/react-devtools": "^0.10.2",
-    "@tanstack/react-query-devtools": "^5.97.0",
-    "@tanstack/react-router-devtools": "^1.166.11",
-    "@tanstack/router-plugin": "^1.167.12",
+    "@tanstack/react-query-devtools": "^5.99.0",
+    "@tanstack/react-router-devtools": "^1.166.13",
+    "@tanstack/router-plugin": "^1.167.22",
     "@types/byte-size": "^8.1.2",
     "@types/humanize-duration": "^3.27.4",
     "@types/lodash-es": "^4.17.12",
@@ -70,12 +70,12 @@
     "@types/react-dom": "^19.2.3",
     "@vitejs/plugin-react": "^6.0.1",
     "@vitest/ui": "^4.1.4",
-    "autoprefixer": "^10.4.27",
-    "globals": "^17.4.0",
+    "autoprefixer": "^10.5.0",
+    "globals": "^17.5.0",
     "prettier": "^3.8.2",
     "sass": "^1.99.0",
     "sharp": "^0.34.5",
-    "stylelint": "^17.6.0",
+    "stylelint": "^17.7.0",
     "stylelint-config-standard-scss": "^17.0.0",
     "stylelint-scss": "^7.0.0",
     "typescript": "~5.9.3",
diff --git a/web/pnpm-lock.yaml b/web/pnpm-lock.yaml
index b251f8678..e3ea0354d 100644
--- a/web/pnpm-lock.yaml
+++ b/web/pnpm-lock.yaml
@@ -30,14 +30,14 @@ importers:
         specifier: ^2.0.1
         version: 2.0.1
       '@tanstack/react-form':
-        specifier: ^1.28.6
-        version: 1.28.6(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+        specifier: ^1.29.0
+        version: 1.29.0(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
       '@tanstack/react-query':
-        specifier: ^5.97.0
-        version: 5.97.0(react@19.2.5)
+        specifier: ^5.99.0
+        version: 5.99.0(react@19.2.5)
       '@tanstack/react-router':
-        specifier: ^1.168.10
-        version: 1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+        specifier: ^1.168.21
+        version: 1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
       '@tanstack/react-table':
         specifier: ^8.21.3
         version: 8.21.3(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
@@ -127,14 +127,14 @@ importers:
         specifier: ^0.10.2
         version: 0.10.2(@types/react-dom@19.2.3(@types/react@19.2.14))(@types/react@19.2.14)(csstype@3.2.3)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)(solid-js@1.9.9)
       '@tanstack/react-query-devtools':
-        specifier: ^5.97.0
-        version: 5.97.0(@tanstack/react-query@5.97.0(react@19.2.5))(react@19.2.5)
+        specifier: ^5.99.0
+        version: 5.99.0(@tanstack/react-query@5.99.0(react@19.2.5))(react@19.2.5)
       '@tanstack/react-router-devtools':
-        specifier: ^1.166.11
-        version: 1.166.11(@tanstack/react-router@1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(@tanstack/router-core@1.168.9)(csstype@3.2.3)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+        specifier: ^1.166.13
+        version: 1.166.13(@tanstack/react-router@1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(@tanstack/router-core@1.168.15)(csstype@3.2.3)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
       '@tanstack/router-plugin':
-        specifier: ^1.167.12
-        version: 1.167.12(@tanstack/react-router@1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(vite@8.0.8(@types/node@25.6.0)(esbuild@0.27.7)(sass@1.99.0)(tsx@4.21.0))
+        specifier: ^1.167.22
+        version: 1.167.22(@tanstack/react-router@1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(vite@8.0.8(@types/node@25.6.0)(esbuild@0.27.7)(sass@1.99.0)(tsx@4.21.0))
       '@types/byte-size':
         specifier: ^8.1.2
         version: 8.1.2
@@ -163,11 +163,11 @@ importers:
         specifier: ^4.1.4
         version: 4.1.4(vitest@4.1.4)
       autoprefixer:
-        specifier: ^10.4.27
-        version: 10.4.27(postcss@8.5.9)
+        specifier: ^10.5.0
+        version: 10.5.0(postcss@8.5.9)
       globals:
-        specifier: ^17.4.0
-        version: 17.4.0
+        specifier: ^17.5.0
+        version: 17.5.0
       prettier:
         specifier: ^3.8.2
         version: 3.8.2
@@ -178,14 +178,14 @@ importers:
         specifier: ^0.34.5
         version: 0.34.5
       stylelint:
-        specifier: ^17.6.0
-        version: 17.6.0(typescript@5.9.3)
+        specifier: ^17.7.0
+        version: 17.7.0(typescript@5.9.3)
       stylelint-config-standard-scss:
         specifier: ^17.0.0
-        version: 17.0.0(postcss@8.5.9)(stylelint@17.6.0(typescript@5.9.3))
+        version: 17.0.0(postcss@8.5.9)(stylelint@17.7.0(typescript@5.9.3))
       stylelint-scss:
         specifier: ^7.0.0
-        version: 7.0.0(stylelint@17.6.0(typescript@5.9.3))
+        version: 7.0.0(stylelint@17.7.0(typescript@5.9.3))
       typescript:
         specifier: ~5.9.3
         version: 5.9.3
@@ -312,28 +312,24 @@ packages:
     engines: {node: '>=14.21.3'}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@biomejs/cli-linux-arm64@2.4.7':
     resolution: {integrity: sha512-om6FugwmibzfP/6ALj5WRDVSND4H2G9X0nkI1HZpp2ySf9lW2j0X68oQSaHEnls6666oy4KDsc5RFjT4m0kV0w==}
     engines: {node: '>=14.21.3'}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@biomejs/cli-linux-x64-musl@2.4.7':
     resolution: {integrity: sha512-00kx4YrBMU8374zd2wHuRV5wseh0rom5HqRND+vDldJPrWwQw+mzd/d8byI9hPx926CG+vWzq6AeiT7Yi5y59g==}
     engines: {node: '>=14.21.3'}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@biomejs/cli-linux-x64@2.4.7':
     resolution: {integrity: sha512-bV8/uo2Tj+gumnk4sUdkerWyCPRabaZdv88IpbmDWARQQoA/Q0YaqPz1a+LSEDIL7OfrnPi9Hq1Llz4ZIGyIQQ==}
     engines: {node: '>=14.21.3'}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@biomejs/cli-win32-arm64@2.4.7':
     resolution: {integrity: sha512-hOUHBMlFCvDhu3WCq6vaBoG0dp0LkWxSEnEEsxxXvOa9TfT6ZBnbh72A/xBM7CBYB7WgwqboetzFEVDnMxelyw==}
@@ -353,8 +349,8 @@ packages:
   '@cacheable/utils@2.4.1':
     resolution: {integrity: sha512-eiFgzCbIneyMlLOmNG4g9xzF7Hv3Mga4LjxjcSC/ues6VYq2+gUbQI8JqNuw/ZM8tJIeIaBGpswAsqV2V7ApgA==}
 
-  '@csstools/css-calc@3.1.1':
-    resolution: {integrity: sha512-HJ26Z/vmsZQqs/o3a6bgKslXGFAungXGbinULZO3eMsOyNJHeBBZfup5FiZInOghgoM4Hwnmw+OgbJCNg1wwUQ==}
+  '@csstools/css-calc@3.2.0':
+    resolution: {integrity: sha512-bR9e6o2BDB12jzN/gIbjHa5wLJ4UjD1CB9pM7ehlc0ddk6EBz+yYS1EV2MF55/HUxrHcB/hehAyt5vhsA3hx7w==}
     engines: {node: '>=20.19.0'}
     peerDependencies:
       '@csstools/css-parser-algorithms': ^4.0.0
@@ -366,8 +362,8 @@ packages:
     peerDependencies:
       '@csstools/css-tokenizer': ^4.0.0
 
-  '@csstools/css-syntax-patches-for-csstree@1.1.2':
-    resolution: {integrity: sha512-5GkLzz4prTIpoyeUiIu3iV6CSG3Plo7xRVOFPKI7FVEJ3mZ0A8SwK0XU3Gl7xAkiQ+mDyam+NNp875/C5y+jSA==}
+  '@csstools/css-syntax-patches-for-csstree@1.1.3':
+    resolution: {integrity: sha512-SH60bMfrRCJF3morcdk57WklujF4Jr/EsQUzqkarfHXEFcAR1gg7fS/chAE922Sehgzc1/+Tz5H3Ypa1HiEKrg==}
     peerDependencies:
       css-tree: ^3.2.1
     peerDependenciesMeta:
@@ -613,105 +609,89 @@ packages:
     resolution: {integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-arm@1.2.4':
     resolution: {integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-ppc64@1.2.4':
     resolution: {integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-riscv64@1.2.4':
     resolution: {integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-s390x@1.2.4':
     resolution: {integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-x64@1.2.4':
     resolution: {integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linuxmusl-arm64@1.2.4':
     resolution: {integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-libvips-linuxmusl-x64@1.2.4':
     resolution: {integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-linux-arm64@0.34.5':
     resolution: {integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-arm@0.34.5':
     resolution: {integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-ppc64@0.34.5':
     resolution: {integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-riscv64@0.34.5':
     resolution: {integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-s390x@0.34.5':
     resolution: {integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-x64@0.34.5':
     resolution: {integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linuxmusl-arm64@0.34.5':
     resolution: {integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-linuxmusl-x64@0.34.5':
     resolution: {integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-wasm32@0.34.5':
     resolution: {integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==}
@@ -829,42 +809,36 @@ packages:
     engines: {node: '>= 10.0.0'}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@parcel/watcher-linux-arm-musl@2.5.6':
     resolution: {integrity: sha512-Ve3gUCG57nuUUSyjBq/MAM0CzArtuIOxsBdQ+ftz6ho8n7s1i9E1Nmk/xmP323r2YL0SONs1EuwqBp2u1k5fxg==}
     engines: {node: '>= 10.0.0'}
     cpu: [arm]
     os: [linux]
-    libc: [musl]
 
   '@parcel/watcher-linux-arm64-glibc@2.5.6':
     resolution: {integrity: sha512-f2g/DT3NhGPdBmMWYoxixqYr3v/UXcmLOYy16Bx0TM20Tchduwr4EaCbmxh1321TABqPGDpS8D/ggOTaljijOA==}
     engines: {node: '>= 10.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@parcel/watcher-linux-arm64-musl@2.5.6':
     resolution: {integrity: sha512-qb6naMDGlbCwdhLj6hgoVKJl2odL34z2sqkC7Z6kzir8b5W65WYDpLB6R06KabvZdgoHI/zxke4b3zR0wAbDTA==}
     engines: {node: '>= 10.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@parcel/watcher-linux-x64-glibc@2.5.6':
     resolution: {integrity: sha512-kbT5wvNQlx7NaGjzPFu8nVIW1rWqV780O7ZtkjuWaPUgpv2NMFpjYERVi0UYj1msZNyCzGlaCWEtzc+exjMGbQ==}
     engines: {node: '>= 10.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@parcel/watcher-linux-x64-musl@2.5.6':
     resolution: {integrity: sha512-1JRFeC+h7RdXwldHzTsmdtYR/Ku8SylLgTU/reMuqdVD7CtLwf0VR1FqeprZ0eHQkO0vqsbvFLXUmYm/uNKJBg==}
     engines: {node: '>= 10.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@parcel/watcher-win32-arm64@2.5.6':
     resolution: {integrity: sha512-3ukyebjc6eGlw9yRt678DxVF7rjXatWiHvTXqphZLvo7aC5NdEgFufVwjFfY51ijYEWpXbqF5jtrK275z52D4Q==}
@@ -952,42 +926,36 @@ packages:
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@rolldown/binding-linux-arm64-musl@1.0.0-rc.15':
     resolution: {integrity: sha512-ZvRYMGrAklV9PEkgt4LQM6MjQX2P58HPAuecwYObY2DhS2t35R0I810bKi0wmaYORt6m/2Sm+Z+nFgb0WhXNcQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@rolldown/binding-linux-ppc64-gnu@1.0.0-rc.15':
     resolution: {integrity: sha512-VDpgGBzgfg5hLg+uBpCLoFG5kVvEyafmfxGUV0UHLcL5irxAK7PKNeC2MwClgk6ZAiNhmo9FLhRYgvMmedLtnQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@rolldown/binding-linux-s390x-gnu@1.0.0-rc.15':
     resolution: {integrity: sha512-y1uXY3qQWCzcPgRJATPSOUP4tCemh4uBdY7e3EZbVwCJTY3gLJWnQABgeUetvED+bt1FQ01OeZwvhLS2bpNrAQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@rolldown/binding-linux-x64-gnu@1.0.0-rc.15':
     resolution: {integrity: sha512-023bTPBod7J3Y/4fzAN6QtpkSABR0rigtrwaP+qSEabUh5zf6ELr9Nc7GujaROuPY3uwdSIXWrvhn1KxOvurWA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@rolldown/binding-linux-x64-musl@1.0.0-rc.15':
     resolution: {integrity: sha512-witB2O0/hU4CgfOOKUoeFgQ4GktPi1eEbAhaLAIpgD6+ZnhcPkUtPsoKKHRzmOoWPZue46IThdSgdo4XneOLYw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@rolldown/binding-openharmony-arm64@1.0.0-rc.15':
     resolution: {integrity: sha512-UCL68NJ0Ud5zRipXZE9dF5PmirzJE4E4BCIOOssEnM7wLDsxjc6Qb0sGDxTNRTP53I6MZpygyCpY8Aa8sPfKPg==}
@@ -1125,8 +1093,8 @@ packages:
     peerDependencies:
       solid-js: '>=1.9.7'
 
-  '@tanstack/form-core@1.28.6':
-    resolution: {integrity: sha512-4zroxL6VDj5O+w7l3dYZnUeL/h30KtNSV7UWzKAL7cl+8clMFdISPDlDlluS37As7oqvPVKo8B83VlIBvgmRog==}
+  '@tanstack/form-core@1.29.0':
+    resolution: {integrity: sha512-uyeKEdJBfbj0bkBSwvSYVRtWLOaXvfNX3CeVw1HqGOXVLxpBBGAqWdYLc+UoX/9xcoFwFXrjR9QqMPzvwm2yyQ==}
 
   '@tanstack/history@1.161.6':
     resolution: {integrity: sha512-NaOGLRrddszbQj9upGat6HG/4TKvXLvu+osAIgfxPYA+eIvYKv8GKDJOrY2D3/U9MRnKfMWD7bU4jeD4xmqyIg==}
@@ -1136,11 +1104,11 @@ packages:
     resolution: {integrity: sha512-y/xtNPNt/YeyoVxE/JCx+T7yjEzpezmbb+toK8DDD1P4m7Kzs5YR956+7OKexG3f8aXgC3rLZl7b1V+yNUSy5w==}
     engines: {node: '>=18'}
 
-  '@tanstack/query-core@5.97.0':
-    resolution: {integrity: sha512-QdpLP5VzVMgo4VtaPppRA2W04UFjIqX+bxke/ZJhE5cfd5UPkRzqIAJQt9uXkQJjqE8LBOMbKv7f8HCsZltXlg==}
+  '@tanstack/query-core@5.99.0':
+    resolution: {integrity: sha512-3Jv3WQG0BCcH7G+7lf/bP8QyBfJOXeY+T08Rin3GZ1bshvwlbPt7NrDHMEzGdKIOmOzvIQmxjk28YEQX60k7pQ==}
 
-  '@tanstack/query-devtools@5.97.0':
-    resolution: {integrity: sha512-ZMjAuYhQCKwKLKFMrD+HJDehHwWBVTGOuWBf4vEjR9unO+UGUjQ1mw2TuVbQKoLN/eRwB7qtlPsWBqobBoRBMQ==}
+  '@tanstack/query-devtools@5.99.0':
+    resolution: {integrity: sha512-m4ufXaJ8FjWXw7xDtyzE/6fkZAyQFg9WrbMrUpt8ZecRJx58jiFOZ2lxZMphZdIpAnIeto/S8stbwLKLusyckQ==}
 
   '@tanstack/react-devtools@0.10.2':
     resolution: {integrity: sha512-1BmZyxOrI5SqmRJ5MgkYZNNdnlLsJxQRI2YgorrAvcF2MxK6x5RcuStvD8+YlXoMw3JtNukPxoITirKAnKYDQA==}
@@ -1151,8 +1119,8 @@ packages:
       react: '>=16.8'
       react-dom: '>=16.8'
 
-  '@tanstack/react-form@1.28.6':
-    resolution: {integrity: sha512-dRxwKeNW3uuJvf0sXsIQ2compFMnIJNk9B436Lx0fqkqK+CBvA1tNmEdX+faoCpuQ5Wua3c8ahVibJ65cpkijA==}
+  '@tanstack/react-form@1.29.0':
+    resolution: {integrity: sha512-jj425NNX0QKqbUzqSNiYI3HCPHSk2df47acXCJyXczWOTmG81ECZGkgofgqamFsSU9kMiH6Di5RLUnftrlhWSw==}
     peerDependencies:
       '@tanstack/react-start': '*'
       react: ^17.0.0 || ^18.0.0 || ^19.0.0
@@ -1160,31 +1128,31 @@ packages:
       '@tanstack/react-start':
         optional: true
 
-  '@tanstack/react-query-devtools@5.97.0':
-    resolution: {integrity: sha512-X4/VZKCbBIRj8cVD/oZCKTwwPmFXrY1VOfwUT5qI/+/JZYAUS+8vGNMqwBXbaAu1ZsVzzDzkT/wtBE/5OtQYGg==}
+  '@tanstack/react-query-devtools@5.99.0':
+    resolution: {integrity: sha512-CqqX7LCU9yOfCY/vBURSx2YSD83ryfX+QkfkaKionTfg1s2Hdm572Ro99gW3QPoJjzvsj1HM4pnN4nbDy3MXKA==}
     peerDependencies:
-      '@tanstack/react-query': ^5.97.0
+      '@tanstack/react-query': ^5.99.0
       react: ^18 || ^19
 
-  '@tanstack/react-query@5.97.0':
-    resolution: {integrity: sha512-y4So4eGcQoK2WVMAcDNZE9ofB/p5v1OlKvtc1F3uqHwrtifobT7q+ZnXk2mRkc8E84HKYSlAE9z6HXl2V0+ySQ==}
+  '@tanstack/react-query@5.99.0':
+    resolution: {integrity: sha512-OY2bCqPemT1LlqJ8Y2CUau4KELnIhhG9Ol3ZndPbdnB095pRbPo1cHuXTndg8iIwtoHTgwZjyaDnQ0xD0mYwAw==}
     peerDependencies:
       react: ^18 || ^19
 
-  '@tanstack/react-router-devtools@1.166.11':
-    resolution: {integrity: sha512-WYR3q4Xui5yPT/5PXtQh8i03iUA7q8dONBjWpV3nsGdM8Cs1FxpfhLstW0wZO1dOvSyElscwTRCJ6nO5N8r3Lg==}
+  '@tanstack/react-router-devtools@1.166.13':
+    resolution: {integrity: sha512-6yKRFFJrEEOiGp5RAAuGCYsl81M4XAhJmLcu9PKj+HZle4A3dsP60lwHoqQYWHMK9nKKFkdXR+D8qxzxqtQbEA==}
     engines: {node: '>=20.19'}
     peerDependencies:
-      '@tanstack/react-router': ^1.168.2
-      '@tanstack/router-core': ^1.168.2
+      '@tanstack/react-router': ^1.168.15
+      '@tanstack/router-core': ^1.168.11
       react: '>=18.0.0 || >=19.0.0'
       react-dom: '>=18.0.0 || >=19.0.0'
     peerDependenciesMeta:
       '@tanstack/router-core':
         optional: true
 
-  '@tanstack/react-router@1.168.10':
-    resolution: {integrity: sha512-/RmDlOwDkCug609KdPB3U+U1zmrtadJpvsmRg2zEn8TRCKRNri7dYZIjQZbNg8PgUiRL4T6njrZBV1ChzblNaA==}
+  '@tanstack/react-router@1.168.21':
+    resolution: {integrity: sha512-slnitYiHHmU52eMWtW8JbV9EMT5q6mRMbTA5yepBmJAnj5WZDrDRsLY/TuUrdD97A4W7/25tEQRoqc1G2X0oCw==}
     engines: {node: '>=20.19'}
     peerDependencies:
       react: '>=18.0.0 || >=19.0.0'
@@ -1209,34 +1177,34 @@ packages:
       react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
       react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
 
-  '@tanstack/router-core@1.168.9':
-    resolution: {integrity: sha512-18oeEwEDyXOIuO1VBP9ACaK7tYHZUjynGDCoUh/5c/BNhia9vCJCp9O0LfhZXOorDc/PmLSgvmweFhVmIxF10g==}
+  '@tanstack/router-core@1.168.15':
+    resolution: {integrity: sha512-Wr0424NDtD8fT/uALobMZ9DdcfsTyXtW5IPR++7zvW8/7RaIOeaqXpVDId8ywaGtqPWLWOfaUg2zUtYtukoXYA==}
     engines: {node: '>=20.19'}
     hasBin: true
 
-  '@tanstack/router-devtools-core@1.167.1':
-    resolution: {integrity: sha512-ECMM47J4KmifUvJguGituSiBpfN8SyCUEoxQks5RY09hpIBfR2eswCv2e6cJimjkKwBQXOVTPkTUk/yRvER+9w==}
+  '@tanstack/router-devtools-core@1.167.3':
+    resolution: {integrity: sha512-fJ1VMhyQgnoashTrP763c2HRc9kofgF61L7Jb3F6eTHAmCKtGVx8BRtiFt37sr3U0P0jmaaiiSPGP6nT5JtVNg==}
     engines: {node: '>=20.19'}
     peerDependencies:
-      '@tanstack/router-core': ^1.168.2
+      '@tanstack/router-core': ^1.168.11
       csstype: ^3.0.10
     peerDependenciesMeta:
       csstype:
         optional: true
 
-  '@tanstack/router-generator@1.166.24':
-    resolution: {integrity: sha512-vdaGKwuH+r+DPe6R1mjk+TDDmDH6NTG7QqwxHqGEvOH4aGf9sPjhmRKNJZqQr8cPIbfp6u5lXyZ1TeDcSNMVEA==}
+  '@tanstack/router-generator@1.166.32':
+    resolution: {integrity: sha512-VuusKwEXcgKq+myq1JQfZogY8scTXIIeFls50dJ/UXgCXWp5n14iFreYNlg41wURcak2oA3M+t2TVfD0xUUD6g==}
     engines: {node: '>=20.19'}
 
-  '@tanstack/router-plugin@1.167.12':
-    resolution: {integrity: sha512-StEHcctCuFI5taSjO+lhR/yQ+EK63BdyYa+ne6FoNQPB3MMrOUrz2ZVnbqILRLkh2b+p2EfBKt65sgAKdKygPQ==}
+  '@tanstack/router-plugin@1.167.22':
+    resolution: {integrity: sha512-wYPzIvBK8bcmXVUpZfSgGBXOrfBAdF4odKevz6rejio5rEd947NtKDF5R7eYdwlAOmRqYpLJnJ1QHkc5t8bY4w==}
     engines: {node: '>=20.19'}
     hasBin: true
     peerDependencies:
       '@rsbuild/core': '>=1.0.2'
-      '@tanstack/react-router': ^1.168.10
-      vite: '>=5.0.0 || >=6.0.0 || >=7.0.0'
-      vite-plugin-solid: ^2.11.10
+      '@tanstack/react-router': ^1.168.21
+      vite: '>=5.0.0 || >=6.0.0 || >=7.0.0 || >=8.0.0'
+      vite-plugin-solid: ^2.11.10 || ^3.0.0-0
       webpack: '>=5.92.0'
     peerDependenciesMeta:
       '@rsbuild/core':
@@ -1457,10 +1425,6 @@ packages:
     resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
     engines: {node: '>=12'}
 
-  ast-types@0.16.1:
-    resolution: {integrity: sha512-6t10qk83GOG8p0vKmaCr8eiilZwO171AvbROMtvvNiwrTly62t+7XkA8RdIIVbpMhCASAsxgAzdRSwh6nw/5Dg==}
-    engines: {node: '>=4'}
-
   astral-regex@2.0.0:
     resolution: {integrity: sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==}
     engines: {node: '>=8'}
@@ -1468,8 +1432,8 @@ packages:
   asynckit@0.4.0:
     resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==}
 
-  autoprefixer@10.4.27:
-    resolution: {integrity: sha512-NP9APE+tO+LuJGn7/9+cohklunJsXWiaWEfV3si4Gi/XHDwVNgkwr1J3RQYFIvPy76GmJ9/bW8vyoU1LcxwKHA==}
+  autoprefixer@10.5.0:
+    resolution: {integrity: sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==}
     engines: {node: ^10 || ^12 || >=14}
     hasBin: true
     peerDependencies:
@@ -1484,8 +1448,8 @@ packages:
   bail@2.0.2:
     resolution: {integrity: sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==}
 
-  baseline-browser-mapping@2.10.17:
-    resolution: {integrity: sha512-HdrkN8eVG2CXxeifv/VdJ4A4RSra1DTW8dc/hdxzhGHN8QePs6gKaWM9pHPcpCoxYZJuOZ8drHmbdpLHjCYjLA==}
+  baseline-browser-mapping@2.10.18:
+    resolution: {integrity: sha512-VSnGQAOLtP5mib/DPyg2/t+Tlv65NTBz83BJBJvmLVHHuKJVaDOBvJJykiT5TR++em5nfAySPccDZDa4oSrn8A==}
     engines: {node: '>=6.0.0'}
     hasBin: true
 
@@ -1526,8 +1490,8 @@ packages:
     resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==}
     engines: {node: '>=6'}
 
-  caniuse-lite@1.0.30001787:
-    resolution: {integrity: sha512-mNcrMN9KeI68u7muanUpEejSLghOKlVhRqS/Za2IeyGllJ9I9otGpR9g3nsw7n4W378TE/LyIteA0+/FOZm4Kg==}
+  caniuse-lite@1.0.30001788:
+    resolution: {integrity: sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==}
 
   ccount@2.0.1:
     resolution: {integrity: sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==}
@@ -1596,8 +1560,8 @@ packages:
   convert-source-map@2.0.0:
     resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
 
-  cookie-es@2.0.1:
-    resolution: {integrity: sha512-aVf4A4hI2w70LnF7GG+7xDQUkliwiXWXFvTjkip4+b64ygDQ2sJPRSKFDHbxn8o0xu9QzPkMuuiWIXyFSE2slA==}
+  cookie-es@3.1.1:
+    resolution: {integrity: sha512-UaXxwISYJPTr9hwQxMFYZ7kNhSXboMXP+Z3TRX6f1/NyaGPfuNUZOWP1pUEb75B2HjfklIYLVRfWiFZJyC6Npg==}
 
   cosmiconfig@9.0.1:
     resolution: {integrity: sha512-hr4ihw+DBqcvrsEDioRO31Z17x71pUYoNe/4h6Z0wB72p7MU7/9gH8Q3s12NFhHPfYBBOV3qyfUxmr/Yn3shnQ==}
@@ -1720,8 +1684,8 @@ packages:
   easy-file-picker@1.2.0:
     resolution: {integrity: sha512-GJxOW5s+g/pBr8Ha86a768yx0UZ6fYw+iAOrxK5HOzQ8q9hZxEJF0C8ztdAsH0mcze58FSpzv/d9flRCAuUKHg==}
 
-  electron-to-chromium@1.5.334:
-    resolution: {integrity: sha512-mgjZAz7Jyx1SRCwEpy9wefDS7GvNPazLthHg8eQMJ76wBdGQQDW33TCrUTvQ4wzpmOrv2zrFoD3oNufMdyMpog==}
+  electron-to-chromium@1.5.336:
+    resolution: {integrity: sha512-AbH9q9J455r/nLmdNZes0G0ZKcRX73FicwowalLs6ijwOmCJSRRrLX63lcAlzy9ux3dWK1w1+1nsBJEWN11hcQ==}
 
   emoji-regex@8.0.0:
     resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==}
@@ -1831,8 +1795,8 @@ packages:
   flatted@3.4.2:
     resolution: {integrity: sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==}
 
-  follow-redirects@1.15.11:
-    resolution: {integrity: sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==}
+  follow-redirects@1.16.0:
+    resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==}
     engines: {node: '>=4.0'}
     peerDependencies:
       debug: '*'
@@ -1900,8 +1864,8 @@ packages:
     resolution: {integrity: sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==}
     engines: {node: '>=6'}
 
-  globals@17.4.0:
-    resolution: {integrity: sha512-hjrNztw/VajQwOLsMNT1cbJiH2muO3OROCHnbehc8eY5JyD2gqz4AcMHPqgaOR59DjgUjYAYLeH699g/eWi2jw==}
+  globals@17.5.0:
+    resolution: {integrity: sha512-qoV+HK2yFl/366t2/Cb3+xxPUo5BuMynomoDmiaZBIdbs+0pYbjfZU+twLhGKp4uCZ/+NbtpVepH5bGCxRyy2g==}
     engines: {node: '>=18'}
 
   globby@16.2.0:
@@ -2065,8 +2029,8 @@ packages:
     resolution: {integrity: sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==}
     engines: {node: '>=0.10.0'}
 
-  isbot@5.1.37:
-    resolution: {integrity: sha512-5bcicX81xf6NlTEV8rWdg7Pk01LFizDetuYGHx6d/f6y3lR2/oo8IfxjzJqn1UdDEyCcwT9e7NRloj8DwCYujQ==}
+  isbot@5.1.38:
+    resolution: {integrity: sha512-Cus2702JamTNMEY4zTP+TShgq/3qzjvGcBC4XMOV45BLaxD4iUFENkqu7ZhFeSzwNsCSZLjnGlihDQznnpnEEA==}
     engines: {node: '>=18'}
 
   isexe@2.0.0:
@@ -2108,8 +2072,8 @@ packages:
   known-css-properties@0.37.0:
     resolution: {integrity: sha512-JCDrsP4Z1Sb9JwG0aJ8Eo2r7k4Ou5MwmThS/6lcIe1ICyb7UBJKGRIUUdqc2ASdE/42lgz6zFUnzAIhtXnBVrQ==}
 
-  kysely@0.28.15:
-    resolution: {integrity: sha512-r2clcf7HLWvDXaVUEvQymXJY4i3bSOIV3xsL/Upy3ZfSv5HeKsk9tsqbBptLvth5qHEIhxeHTA2jNLyQABkLBA==}
+  kysely@0.28.16:
+    resolution: {integrity: sha512-3i5pmOiZvMDj00qhrIVbH0AnioVTx22DMP7Vn5At4yJO46iy+FM8Y/g61ltenLVSo3fiO8h8Q3QOFgf/gQ72ww==}
     engines: {node: '>=20.0.0'}
 
   launch-editor@2.13.2:
@@ -2150,28 +2114,24 @@ packages:
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   lightningcss-linux-arm64-musl@1.32.0:
     resolution: {integrity: sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg==}
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   lightningcss-linux-x64-gnu@1.32.0:
     resolution: {integrity: sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   lightningcss-linux-x64-musl@1.32.0:
     resolution: {integrity: sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   lightningcss-win32-arm64-msvc@1.32.0:
     resolution: {integrity: sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw==}
@@ -2241,6 +2201,9 @@ packages:
   mdn-data@2.27.1:
     resolution: {integrity: sha512-9Yubnt3e8A0OKwxYSXyhLymGW4sCufcLG6VdiDdUGVkPhpqLxlvP5vl1983gQjJl3tqbrM731mjaZaP68AgosQ==}
 
+  mdn-data@2.28.0:
+    resolution: {integrity: sha512-uy9AS1yt+wW5eUEefgE3lOpqPghanUttycV0GXKbiXyBjwvbeE8XPj4u1C+voRfz7dEjwU4NDHTMfZ/s/JtZrQ==}
+
   meow@14.1.0:
     resolution: {integrity: sha512-EDYo6VlmtnumlcBCbh1gLJ//9jvM/ndXHfVXIFrZVr6fGcwTUyCTFNTLCKuY3ffbK8L/+3Mzqnd58RojiZqHVw==}
     engines: {node: '>=20'}
@@ -2514,10 +2477,6 @@ packages:
     resolution: {integrity: sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==}
     engines: {node: '>= 14.18.0'}
 
-  recast@0.23.11:
-    resolution: {integrity: sha512-YTUo+Flmw4ZXiWfQKGcwwc11KnoRAYgzAE2E7mXKCjSviTKShtxBsN6YUUBB2gtaBzKzeKunxhUwNHQuRryhWA==}
-    engines: {node: '>= 4'}
-
   recharts@3.8.1:
     resolution: {integrity: sha512-mwzmO1s9sFL0TduUpwndxCUNoXsBw3u3E/0+A+cLcrSfQitSG62L32N69GhqUrrT5qKcAE3pCGVINC6pqkBBQg==}
     engines: {node: '>=18'}
@@ -2659,14 +2618,6 @@ packages:
     resolution: {integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==}
     engines: {node: '>=0.10.0'}
 
-  source-map@0.6.1:
-    resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==}
-    engines: {node: '>=0.10.0'}
-
-  source-map@0.7.6:
-    resolution: {integrity: sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ==}
-    engines: {node: '>= 12'}
-
   space-separated-tokens@2.0.2:
     resolution: {integrity: sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==}
 
@@ -2744,8 +2695,8 @@ packages:
     peerDependencies:
       stylelint: ^16.8.2 || ^17.0.0
 
-  stylelint@17.6.0:
-    resolution: {integrity: sha512-tokrsMIVAR9vAQ/q3UVEr7S0dGXCi7zkCezPRnS2kqPUulvUh5Vgfwngrk4EoAoW7wnrThqTdnTFN5Ra7CaxIg==}
+  stylelint@17.7.0:
+    resolution: {integrity: sha512-n/+4RheCRl+cecGnF+S/Adz59iCRaK9BVznJYB+a7GOksfwNzjiOPnYv17pTO0HgRse9IiqbMtekGNhOb2tVYQ==}
     engines: {node: '>=20.19.0'}
     hasBin: true
 
@@ -3265,7 +3216,7 @@ snapshots:
       hashery: 1.5.1
       keyv: 5.6.0
 
-  '@csstools/css-calc@3.1.1(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)':
+  '@csstools/css-calc@3.2.0(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)':
     dependencies:
       '@csstools/css-parser-algorithms': 4.0.0(@csstools/css-tokenizer@4.0.0)
       '@csstools/css-tokenizer': 4.0.0
@@ -3274,7 +3225,7 @@ snapshots:
     dependencies:
       '@csstools/css-tokenizer': 4.0.0
 
-  '@csstools/css-syntax-patches-for-csstree@1.1.2(css-tree@3.2.1)':
+  '@csstools/css-syntax-patches-for-csstree@1.1.3(css-tree@3.2.1)':
     optionalDependencies:
       css-tree: 3.2.1
 
@@ -3528,8 +3479,8 @@ snapshots:
     dependencies:
       '@lix-js/sdk': 0.4.9
       '@sinclair/typebox': 0.31.28
-      kysely: 0.28.15
-      sqlite-wasm-kysely: 0.3.0(kysely@0.28.15)
+      kysely: 0.28.16
+      sqlite-wasm-kysely: 0.3.0(kysely@0.28.16)
       uuid: 13.0.0
     transitivePeerDependencies:
       - babel-plugin-macros
@@ -3567,8 +3518,8 @@ snapshots:
       dedent: 1.5.1
       human-id: 4.1.3
       js-sha256: 0.11.1
-      kysely: 0.28.15
-      sqlite-wasm-kysely: 0.3.0(kysely@0.28.15)
+      kysely: 0.28.16
+      sqlite-wasm-kysely: 0.3.0(kysely@0.28.16)
       uuid: 10.0.0
     transitivePeerDependencies:
       - babel-plugin-macros
@@ -3867,7 +3818,7 @@ snapshots:
       - csstype
       - utf-8-validate
 
-  '@tanstack/form-core@1.28.6':
+  '@tanstack/form-core@1.29.0':
     dependencies:
       '@tanstack/devtools-event-client': 0.4.3
       '@tanstack/pacer-lite': 0.1.1
@@ -3877,9 +3828,9 @@ snapshots:
 
   '@tanstack/pacer-lite@0.1.1': {}
 
-  '@tanstack/query-core@5.97.0': {}
+  '@tanstack/query-core@5.99.0': {}
 
-  '@tanstack/query-devtools@5.97.0': {}
+  '@tanstack/query-devtools@5.99.0': {}
 
   '@tanstack/react-devtools@0.10.2(@types/react-dom@19.2.3(@types/react@19.2.14))(@types/react@19.2.14)(csstype@3.2.3)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)(solid-js@1.9.9)':
     dependencies:
@@ -3894,42 +3845,42 @@ snapshots:
       - solid-js
       - utf-8-validate
 
-  '@tanstack/react-form@1.28.6(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+  '@tanstack/react-form@1.29.0(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
     dependencies:
-      '@tanstack/form-core': 1.28.6
+      '@tanstack/form-core': 1.29.0
       '@tanstack/react-store': 0.9.3(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
       react: 19.2.5
     transitivePeerDependencies:
       - react-dom
 
-  '@tanstack/react-query-devtools@5.97.0(@tanstack/react-query@5.97.0(react@19.2.5))(react@19.2.5)':
+  '@tanstack/react-query-devtools@5.99.0(@tanstack/react-query@5.99.0(react@19.2.5))(react@19.2.5)':
     dependencies:
-      '@tanstack/query-devtools': 5.97.0
-      '@tanstack/react-query': 5.97.0(react@19.2.5)
+      '@tanstack/query-devtools': 5.99.0
+      '@tanstack/react-query': 5.99.0(react@19.2.5)
       react: 19.2.5
 
-  '@tanstack/react-query@5.97.0(react@19.2.5)':
+  '@tanstack/react-query@5.99.0(react@19.2.5)':
     dependencies:
-      '@tanstack/query-core': 5.97.0
+      '@tanstack/query-core': 5.99.0
       react: 19.2.5
 
-  '@tanstack/react-router-devtools@1.166.11(@tanstack/react-router@1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(@tanstack/router-core@1.168.9)(csstype@3.2.3)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+  '@tanstack/react-router-devtools@1.166.13(@tanstack/react-router@1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(@tanstack/router-core@1.168.15)(csstype@3.2.3)(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
     dependencies:
-      '@tanstack/react-router': 1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
-      '@tanstack/router-devtools-core': 1.167.1(@tanstack/router-core@1.168.9)(csstype@3.2.3)
+      '@tanstack/react-router': 1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@tanstack/router-devtools-core': 1.167.3(@tanstack/router-core@1.168.15)(csstype@3.2.3)
       react: 19.2.5
       react-dom: 19.2.5(react@19.2.5)
     optionalDependencies:
-      '@tanstack/router-core': 1.168.9
+      '@tanstack/router-core': 1.168.15
     transitivePeerDependencies:
       - csstype
 
-  '@tanstack/react-router@1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
+  '@tanstack/react-router@1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5)':
     dependencies:
       '@tanstack/history': 1.161.6
       '@tanstack/react-store': 0.9.3(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
-      '@tanstack/router-core': 1.168.9
-      isbot: 5.1.37
+      '@tanstack/router-core': 1.168.15
+      isbot: 5.1.38
       react: 19.2.5
       react-dom: 19.2.5(react@19.2.5)
 
@@ -3952,35 +3903,35 @@ snapshots:
       react: 19.2.5
       react-dom: 19.2.5(react@19.2.5)
 
-  '@tanstack/router-core@1.168.9':
+  '@tanstack/router-core@1.168.15':
     dependencies:
       '@tanstack/history': 1.161.6
-      cookie-es: 2.0.1
+      cookie-es: 3.1.1
       seroval: 1.5.2
       seroval-plugins: 1.5.2(seroval@1.5.2)
 
-  '@tanstack/router-devtools-core@1.167.1(@tanstack/router-core@1.168.9)(csstype@3.2.3)':
+  '@tanstack/router-devtools-core@1.167.3(@tanstack/router-core@1.168.15)(csstype@3.2.3)':
     dependencies:
-      '@tanstack/router-core': 1.168.9
+      '@tanstack/router-core': 1.168.15
       clsx: 2.1.1
       goober: 2.1.18(csstype@3.2.3)
     optionalDependencies:
       csstype: 3.2.3
 
-  '@tanstack/router-generator@1.166.24':
+  '@tanstack/router-generator@1.166.32':
     dependencies:
-      '@tanstack/router-core': 1.168.9
+      '@babel/types': 7.29.0
+      '@tanstack/router-core': 1.168.15
       '@tanstack/router-utils': 1.161.6
       '@tanstack/virtual-file-routes': 1.161.7
+      magic-string: 0.30.21
       prettier: 3.8.2
-      recast: 0.23.11
-      source-map: 0.7.6
       tsx: 4.21.0
       zod: 3.25.76
     transitivePeerDependencies:
       - supports-color
 
-  '@tanstack/router-plugin@1.167.12(@tanstack/react-router@1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(vite@8.0.8(@types/node@25.6.0)(esbuild@0.27.7)(sass@1.99.0)(tsx@4.21.0))':
+  '@tanstack/router-plugin@1.167.22(@tanstack/react-router@1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5))(vite@8.0.8(@types/node@25.6.0)(esbuild@0.27.7)(sass@1.99.0)(tsx@4.21.0))':
     dependencies:
       '@babel/core': 7.29.0
       '@babel/plugin-syntax-jsx': 7.28.6(@babel/core@7.29.0)
@@ -3988,15 +3939,15 @@ snapshots:
       '@babel/template': 7.28.6
       '@babel/traverse': 7.29.0
       '@babel/types': 7.29.0
-      '@tanstack/router-core': 1.168.9
-      '@tanstack/router-generator': 1.166.24
+      '@tanstack/router-core': 1.168.15
+      '@tanstack/router-generator': 1.166.32
       '@tanstack/router-utils': 1.161.6
       '@tanstack/virtual-file-routes': 1.161.7
       chokidar: 3.6.0
       unplugin: 2.3.11
       zod: 3.25.76
     optionalDependencies:
-      '@tanstack/react-router': 1.168.10(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
+      '@tanstack/react-router': 1.168.21(react-dom@19.2.5(react@19.2.5))(react@19.2.5)
       vite: 8.0.8(@types/node@25.6.0)(esbuild@0.27.7)(sass@1.99.0)(tsx@4.21.0)
     transitivePeerDependencies:
       - supports-color
@@ -4205,18 +4156,14 @@ snapshots:
 
   assertion-error@2.0.1: {}
 
-  ast-types@0.16.1:
-    dependencies:
-      tslib: 2.8.1
-
   astral-regex@2.0.0: {}
 
   asynckit@0.4.0: {}
 
-  autoprefixer@10.4.27(postcss@8.5.9):
+  autoprefixer@10.5.0(postcss@8.5.9):
     dependencies:
       browserslist: 4.28.2
-      caniuse-lite: 1.0.30001787
+      caniuse-lite: 1.0.30001788
       fraction.js: 5.3.4
       picocolors: 1.1.1
       postcss: 8.5.9
@@ -4224,7 +4171,7 @@ snapshots:
 
   axios@1.15.0:
     dependencies:
-      follow-redirects: 1.15.11
+      follow-redirects: 1.16.0
       form-data: 4.0.5
       proxy-from-env: 2.1.0
     transitivePeerDependencies:
@@ -4241,7 +4188,7 @@ snapshots:
 
   bail@2.0.2: {}
 
-  baseline-browser-mapping@2.10.17: {}
+  baseline-browser-mapping@2.10.18: {}
 
   binary-extensions@2.3.0: {}
 
@@ -4251,9 +4198,9 @@ snapshots:
 
   browserslist@4.28.2:
     dependencies:
-      baseline-browser-mapping: 2.10.17
-      caniuse-lite: 1.0.30001787
-      electron-to-chromium: 1.5.334
+      baseline-browser-mapping: 2.10.18
+      caniuse-lite: 1.0.30001788
+      electron-to-chromium: 1.5.336
       node-releases: 2.0.37
       update-browserslist-db: 1.2.3(browserslist@4.28.2)
 
@@ -4279,7 +4226,7 @@ snapshots:
 
   callsites@3.1.0: {}
 
-  caniuse-lite@1.0.30001787: {}
+  caniuse-lite@1.0.30001788: {}
 
   ccount@2.0.1: {}
 
@@ -4338,7 +4285,7 @@ snapshots:
 
   convert-source-map@2.0.0: {}
 
-  cookie-es@2.0.1: {}
+  cookie-es@3.1.1: {}
 
   cosmiconfig@9.0.1(typescript@5.9.3):
     dependencies:
@@ -4432,7 +4379,7 @@ snapshots:
 
   easy-file-picker@1.2.0: {}
 
-  electron-to-chromium@1.5.334: {}
+  electron-to-chromium@1.5.336: {}
 
   emoji-regex@8.0.0: {}
 
@@ -4548,7 +4495,7 @@ snapshots:
 
   flatted@3.4.2: {}
 
-  follow-redirects@1.15.11: {}
+  follow-redirects@1.16.0: {}
 
   form-data@4.0.5:
     dependencies:
@@ -4614,7 +4561,7 @@ snapshots:
       kind-of: 6.0.3
       which: 1.3.1
 
-  globals@17.4.0: {}
+  globals@17.5.0: {}
 
   globby@16.2.0:
     dependencies:
@@ -4792,7 +4739,7 @@ snapshots:
 
   is-plain-object@5.0.0: {}
 
-  isbot@5.1.37: {}
+  isbot@5.1.38: {}
 
   isexe@2.0.0: {}
 
@@ -4820,7 +4767,7 @@ snapshots:
 
   known-css-properties@0.37.0: {}
 
-  kysely@0.28.15: {}
+  kysely@0.28.16: {}
 
   launch-editor@2.13.2:
     dependencies:
@@ -4987,6 +4934,8 @@ snapshots:
 
   mdn-data@2.27.1: {}
 
+  mdn-data@2.28.0: {}
+
   meow@14.1.0: {}
 
   merge2@1.4.1: {}
@@ -5298,14 +5247,6 @@ snapshots:
 
   readdirp@4.1.2: {}
 
-  recast@0.23.11:
-    dependencies:
-      ast-types: 0.16.1
-      esprima: 4.0.1
-      source-map: 0.6.1
-      tiny-invariant: 1.3.3
-      tslib: 2.8.1
-
   recharts@3.8.1(@types/react@19.2.14)(react-dom@19.2.5(react@19.2.5))(react-is@19.2.0)(react@19.2.5)(redux@5.0.1):
     dependencies:
       '@reduxjs/toolkit': 2.11.2(react-redux@9.2.0(@types/react@19.2.14)(react@19.2.5)(redux@5.0.1))(react@19.2.5)
@@ -5507,16 +5448,12 @@ snapshots:
 
   source-map-js@1.2.1: {}
 
-  source-map@0.6.1: {}
-
-  source-map@0.7.6: {}
-
   space-separated-tokens@2.0.2: {}
 
-  sqlite-wasm-kysely@0.3.0(kysely@0.28.15):
+  sqlite-wasm-kysely@0.3.0(kysely@0.28.16):
     dependencies:
       '@sqlite.org/sqlite-wasm': 3.48.0-build4
-      kysely: 0.28.15
+      kysely: 0.28.16
 
   stackback@0.0.2: {}
 
@@ -5554,49 +5491,49 @@ snapshots:
     dependencies:
       inline-style-parser: 0.2.7
 
-  stylelint-config-recommended-scss@17.0.1(postcss@8.5.9)(stylelint@17.6.0(typescript@5.9.3)):
+  stylelint-config-recommended-scss@17.0.1(postcss@8.5.9)(stylelint@17.7.0(typescript@5.9.3)):
     dependencies:
       postcss-scss: 4.0.9(postcss@8.5.9)
-      stylelint: 17.6.0(typescript@5.9.3)
-      stylelint-config-recommended: 18.0.0(stylelint@17.6.0(typescript@5.9.3))
-      stylelint-scss: 7.0.0(stylelint@17.6.0(typescript@5.9.3))
+      stylelint: 17.7.0(typescript@5.9.3)
+      stylelint-config-recommended: 18.0.0(stylelint@17.7.0(typescript@5.9.3))
+      stylelint-scss: 7.0.0(stylelint@17.7.0(typescript@5.9.3))
     optionalDependencies:
       postcss: 8.5.9
 
-  stylelint-config-recommended@18.0.0(stylelint@17.6.0(typescript@5.9.3)):
+  stylelint-config-recommended@18.0.0(stylelint@17.7.0(typescript@5.9.3)):
     dependencies:
-      stylelint: 17.6.0(typescript@5.9.3)
+      stylelint: 17.7.0(typescript@5.9.3)
 
-  stylelint-config-standard-scss@17.0.0(postcss@8.5.9)(stylelint@17.6.0(typescript@5.9.3)):
+  stylelint-config-standard-scss@17.0.0(postcss@8.5.9)(stylelint@17.7.0(typescript@5.9.3)):
     dependencies:
-      stylelint: 17.6.0(typescript@5.9.3)
-      stylelint-config-recommended-scss: 17.0.1(postcss@8.5.9)(stylelint@17.6.0(typescript@5.9.3))
-      stylelint-config-standard: 40.0.0(stylelint@17.6.0(typescript@5.9.3))
+      stylelint: 17.7.0(typescript@5.9.3)
+      stylelint-config-recommended-scss: 17.0.1(postcss@8.5.9)(stylelint@17.7.0(typescript@5.9.3))
+      stylelint-config-standard: 40.0.0(stylelint@17.7.0(typescript@5.9.3))
     optionalDependencies:
       postcss: 8.5.9
 
-  stylelint-config-standard@40.0.0(stylelint@17.6.0(typescript@5.9.3)):
+  stylelint-config-standard@40.0.0(stylelint@17.7.0(typescript@5.9.3)):
     dependencies:
-      stylelint: 17.6.0(typescript@5.9.3)
-      stylelint-config-recommended: 18.0.0(stylelint@17.6.0(typescript@5.9.3))
+      stylelint: 17.7.0(typescript@5.9.3)
+      stylelint-config-recommended: 18.0.0(stylelint@17.7.0(typescript@5.9.3))
 
-  stylelint-scss@7.0.0(stylelint@17.6.0(typescript@5.9.3)):
+  stylelint-scss@7.0.0(stylelint@17.7.0(typescript@5.9.3)):
     dependencies:
       css-tree: 3.2.1
       is-plain-object: 5.0.0
       known-css-properties: 0.37.0
-      mdn-data: 2.27.1
+      mdn-data: 2.28.0
       postcss-media-query-parser: 0.2.3
       postcss-resolve-nested-selector: 0.1.6
       postcss-selector-parser: 7.1.1
       postcss-value-parser: 4.2.0
-      stylelint: 17.6.0(typescript@5.9.3)
+      stylelint: 17.7.0(typescript@5.9.3)
 
-  stylelint@17.6.0(typescript@5.9.3):
+  stylelint@17.7.0(typescript@5.9.3):
     dependencies:
-      '@csstools/css-calc': 3.1.1(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)
+      '@csstools/css-calc': 3.2.0(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)
       '@csstools/css-parser-algorithms': 4.0.0(@csstools/css-tokenizer@4.0.0)
-      '@csstools/css-syntax-patches-for-csstree': 1.1.2(css-tree@3.2.1)
+      '@csstools/css-syntax-patches-for-csstree': 1.1.3(css-tree@3.2.1)
       '@csstools/css-tokenizer': 4.0.0
       '@csstools/media-query-list-parser': 5.0.0(@csstools/css-parser-algorithms@4.0.0(@csstools/css-tokenizer@4.0.0))(@csstools/css-tokenizer@4.0.0)
       '@csstools/selector-resolve-nested': 4.0.0(postcss-selector-parser@7.1.1)

From 2ca19a23aa6e01029d84cf8ab8cc0bf6ef47a834 Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 11:22:14 +0200
Subject: [PATCH 6/9] redirect to appropriate url after cert changes

---
 .../SettingsCoreCertificateWizardSummaryStep.tsx   | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
index d0484929b..3023dd863 100644
--- a/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
@@ -1,5 +1,3 @@
-import { useQueryClient } from '@tanstack/react-query';
-import { useNavigate } from '@tanstack/react-router';
 import { m } from '../../../../../paraglide/messages';
 import { Controls } from '../../../../../shared/components/Controls/Controls';
 import { WizardCard } from '../../../../../shared/components/wizard/WizardCard/WizardCard';
@@ -10,14 +8,14 @@ import { useSettingsCoreCertificateWizardStore } from '../useSettingsCoreCertifi
 import '../style.scss';
 
 export const SettingsCoreCertificateWizardSummaryStep = () => {
-  const navigate = useNavigate();
-  const queryClient = useQueryClient();
+  const sslType = useSettingsCoreCertificateWizardStore((s) => s.internal_ssl_type);
+
+  const handleFinish = () => {
+    const targetUrl = new URL('/settings/certs', window.location.href);
+    targetUrl.protocol = sslType === 'none' ? 'http:' : 'https:';
 
-  const handleFinish = async () => {
-    await queryClient.invalidateQueries({ queryKey: ['core', 'cert', 'certs'] });
-    await queryClient.invalidateQueries({ queryKey: ['core', 'cert', 'ca'] });
     useSettingsCoreCertificateWizardStore.getState().reset();
-    await navigate({ to: '/settings/certs' });
+    window.location.replace(targetUrl.toString());
   };
 
   return (

From 48e0523f4b9dd1eb75e02e66655b07dafa97c2dd Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 11:45:34 +0200
Subject: [PATCH 7/9] remove popup before redirect

---
 .../steps/SettingsCoreCertificateWizardSummaryStep.tsx          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
index 3023dd863..70a7a7376 100644
--- a/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
+++ b/web/src/pages/settings/SettingsCertificatesPage/SettingsCoreCertificateWizardPage/steps/SettingsCoreCertificateWizardSummaryStep.tsx
@@ -13,7 +13,7 @@ export const SettingsCoreCertificateWizardSummaryStep = () => {
   const handleFinish = () => {
     const targetUrl = new URL('/settings/certs', window.location.href);
     targetUrl.protocol = sslType === 'none' ? 'http:' : 'https:';
-
+    window.onbeforeunload = null;
     useSettingsCoreCertificateWizardStore.getState().reset();
     window.location.replace(targetUrl.toString());
   };

From 146814d301b40a3c3953832e472c5928d1c2618a Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 12:01:50 +0200
Subject: [PATCH 8/9] update e2e deps

---
 e2e/package.json   |   6 +-
 e2e/pnpm-lock.yaml | 162 ++++++++++++++++++++++-----------------------
 2 files changed, 81 insertions(+), 87 deletions(-)

diff --git a/e2e/package.json b/e2e/package.json
index fab1edc20..016ecc3d0 100644
--- a/e2e/package.json
+++ b/e2e/package.json
@@ -17,8 +17,8 @@
     "@prettier/plugin-oxc": "^0.0.4",
     "@types/node": "^22.19.17",
     "@types/totp-generator": "^0.0.8",
-    "@typescript-eslint/eslint-plugin": "^8.58.1",
-    "@typescript-eslint/parser": "^8.58.1",
+    "@typescript-eslint/eslint-plugin": "^8.58.2",
+    "@typescript-eslint/parser": "^8.58.2",
     "eslint": "^9.39.4",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-import": "^2.32.0",
@@ -33,7 +33,7 @@
     "@types/lodash": "^4.17.24",
     "@types/pg": "^8.20.0",
     "axios": "^1.15.0",
-    "dotenv": "^17.4.1",
+    "dotenv": "^17.4.2",
     "lodash": "^4.18.1",
     "pg": "^8.20.0",
     "playwright": "^1.59.1",
diff --git a/e2e/pnpm-lock.yaml b/e2e/pnpm-lock.yaml
index bf165de65..350725ca1 100644
--- a/e2e/pnpm-lock.yaml
+++ b/e2e/pnpm-lock.yaml
@@ -27,8 +27,8 @@ importers:
         specifier: ^1.15.0
         version: 1.15.0
       dotenv:
-        specifier: ^17.4.1
-        version: 17.4.1
+        specifier: ^17.4.2
+        version: 17.4.2
       lodash:
         specifier: ^4.18.1
         version: 4.18.1
@@ -61,11 +61,11 @@ importers:
         specifier: ^0.0.8
         version: 0.0.8
       '@typescript-eslint/eslint-plugin':
-        specifier: ^8.58.1
-        version: 8.58.1(@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4)(typescript@5.8.2)
+        specifier: ^8.58.2
+        version: 8.58.2(@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4)(typescript@5.8.2)
       '@typescript-eslint/parser':
-        specifier: ^8.58.1
-        version: 8.58.1(eslint@9.39.4)(typescript@5.8.2)
+        specifier: ^8.58.2
+        version: 8.58.2(eslint@9.39.4)(typescript@5.8.2)
       eslint:
         specifier: ^9.39.4
         version: 9.39.4
@@ -74,7 +74,7 @@ importers:
         version: 10.1.8(eslint@9.39.4)
       eslint-plugin-import:
         specifier: ^2.32.0
-        version: 2.32.0(@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4)
+        version: 2.32.0(@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4)
       eslint-plugin-prettier:
         specifier: ^5.5.5
         version: 5.5.5(eslint-config-prettier@10.1.8(eslint@9.39.4))(eslint@9.39.4)(prettier@3.8.2)
@@ -207,42 +207,36 @@ packages:
     engines: {node: '>=20.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@oxc-parser/binding-linux-arm64-musl@0.74.0':
     resolution: {integrity: sha512-AMY30z/C77HgiRRJX7YtVUaelKq1ex0aaj28XoJu4SCezdS8i0IftUNTtGS1UzGjGZB8zQz5SFwVy4dRu4GLwg==}
     engines: {node: '>=20.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@oxc-parser/binding-linux-riscv64-gnu@0.74.0':
     resolution: {integrity: sha512-/RZAP24TgZo4vV/01TBlzRqs0R7E6xvatww4LnmZEBBulQBU/SkypDywfriFqWuFoa61WFXPV7sLcTjJGjim/w==}
     engines: {node: '>=20.0.0'}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@oxc-parser/binding-linux-s390x-gnu@0.74.0':
     resolution: {integrity: sha512-620J1beNAlGSPBD+Msb3ptvrwxu04B8iULCH03zlf0JSLy/5sqlD6qBs0XUVkUJv1vbakUw1gfVnUQqv0UTuEg==}
     engines: {node: '>=20.0.0'}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@oxc-parser/binding-linux-x64-gnu@0.74.0':
     resolution: {integrity: sha512-WBFgQmGtFnPNzHyLKbC1wkYGaRIBxXGofO0+hz1xrrkPgbxbJS1Ukva1EB8sPaVBBQ52Bdc2GjLSp721NWRvww==}
     engines: {node: '>=20.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@oxc-parser/binding-linux-x64-musl@0.74.0':
     resolution: {integrity: sha512-y4mapxi0RGqlp3t6Sm+knJlAEqdKDYrEue2LlXOka/F2i4sRN0XhEMPiSOB3ppHmvK4I2zY2XBYTsX1Fel0fAg==}
     engines: {node: '>=20.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@oxc-parser/binding-wasm32-wasi@0.74.0':
     resolution: {integrity: sha512-yDS9bRDh5ymobiS2xBmjlrGdUuU61IZoJBaJC5fELdYT5LJNBXlbr3Yc6m2PWfRJwkH6Aq5fRvxAZ4wCbkGa8w==}
@@ -307,63 +301,63 @@ packages:
   '@types/totp-generator@0.0.8':
     resolution: {integrity: sha512-NAiruWgCYxW1sd2LjpTT/sVarogTjjQoUyLiiL/e2DZOz9eovKxzEx5BiH8YgZoKUDZql1VXiIzgDBK7VzOmNw==}
 
-  '@typescript-eslint/eslint-plugin@8.58.1':
-    resolution: {integrity: sha512-eSkwoemjo76bdXl2MYqtxg51HNwUSkWfODUOQ3PaTLZGh9uIWWFZIjyjaJnex7wXDu+TRx+ATsnSxdN9YWfRTQ==}
+  '@typescript-eslint/eslint-plugin@8.58.2':
+    resolution: {integrity: sha512-aC2qc5thQahutKjP+cl8cgN9DWe3ZUqVko30CMSZHnFEHyhOYoZSzkGtAI2mcwZ38xeImDucI4dnqsHiOYuuCw==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
-      '@typescript-eslint/parser': ^8.58.1
+      '@typescript-eslint/parser': ^8.58.2
       eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/parser@8.58.1':
-    resolution: {integrity: sha512-gGkiNMPqerb2cJSVcruigx9eHBlLG14fSdPdqMoOcBfh+vvn4iCq2C8MzUB89PrxOXk0y3GZ1yIWb9aOzL93bw==}
+  '@typescript-eslint/parser@8.58.2':
+    resolution: {integrity: sha512-/Zb/xaIDfxeJnvishjGdcR4jmr7S+bda8PKNhRGdljDM+elXhlvN0FyPSsMnLmJUrVG9aPO6dof80wjMawsASg==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/project-service@8.58.1':
-    resolution: {integrity: sha512-gfQ8fk6cxhtptek+/8ZIqw8YrRW5048Gug8Ts5IYcMLCw18iUgrZAEY/D7s4hkI0FxEfGakKuPK/XUMPzPxi5g==}
+  '@typescript-eslint/project-service@8.58.2':
+    resolution: {integrity: sha512-Cq6UfpZZk15+r87BkIh5rDpi38W4b+Sjnb8wQCPPDDweS/LRCFjCyViEbzHk5Ck3f2QDfgmlxqSa7S7clDtlfg==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/scope-manager@8.58.1':
-    resolution: {integrity: sha512-TPYUEqJK6avLcEjumWsIuTpuYODTTDAtoMdt8ZZa93uWMTX13Nb8L5leSje1NluammvU+oI3QRr5lLXPgihX3w==}
+  '@typescript-eslint/scope-manager@8.58.2':
+    resolution: {integrity: sha512-SgmyvDPexWETQek+qzZnrG6844IaO02UVyOLhI4wpo82dpZJY9+6YZCKAMFzXb7qhx37mFK1QcPQ18tud+vo6Q==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  '@typescript-eslint/tsconfig-utils@8.58.1':
-    resolution: {integrity: sha512-JAr2hOIct2Q+qk3G+8YFfqkqi7sC86uNryT+2i5HzMa2MPjw4qNFvtjnw1IiA1rP7QhNKVe21mSSLaSjwA1Olw==}
+  '@typescript-eslint/tsconfig-utils@8.58.2':
+    resolution: {integrity: sha512-3SR+RukipDvkkKp/d0jP0dyzuls3DbGmwDpVEc5wqk5f38KFThakqAAO0XMirWAE+kT00oTauTbzMFGPoAzB0A==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/type-utils@8.58.1':
-    resolution: {integrity: sha512-HUFxvTJVroT+0rXVJC7eD5zol6ID+Sn5npVPWoFuHGg9Ncq5Q4EYstqR+UOqaNRFXi5TYkpXXkLhoCHe3G0+7w==}
+  '@typescript-eslint/type-utils@8.58.2':
+    resolution: {integrity: sha512-Z7EloNR/B389FvabdGeTo2XMs4W9TjtPiO9DAsmT0yom0bwlPyRjkJ1uCdW1DvrrrYP50AJZ9Xc3sByZA9+dcg==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/types@8.58.1':
-    resolution: {integrity: sha512-io/dV5Aw5ezwzfPBBWLoT+5QfVtP8O7q4Kftjn5azJ88bYyp/ZMCsyW1lpKK46EXJcaYMZ1JtYj+s/7TdzmQMw==}
+  '@typescript-eslint/types@8.58.2':
+    resolution: {integrity: sha512-9TukXyATBQf/Jq9AMQXfvurk+G5R2MwfqQGDR2GzGz28HvY/lXNKGhkY+6IOubwcquikWk5cjlgPvD2uAA7htQ==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
-  '@typescript-eslint/typescript-estree@8.58.1':
-    resolution: {integrity: sha512-w4w7WR7GHOjqqPnvAYbazq+Y5oS68b9CzasGtnd6jIeOIeKUzYzupGTB2T4LTPSv4d+WPeccbxuneTFHYgAAWg==}
+  '@typescript-eslint/typescript-estree@8.58.2':
+    resolution: {integrity: sha512-ELGuoofuhhoCvNbQjFFiobFcGgcDCEm0ThWdmO4Z0UzLqPXS3KFvnEZ+SHewwOYHjM09tkzOWXNTv9u6Gqtyuw==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/utils@8.58.1':
-    resolution: {integrity: sha512-Ln8R0tmWC7pTtLOzgJzYTXSCjJ9rDNHAqTaVONF4FEi2qwce8mD9iSOxOpLFFvWp/wBFlew0mjM1L1ihYWfBdQ==}
+  '@typescript-eslint/utils@8.58.2':
+    resolution: {integrity: sha512-QZfjHNEzPY8+l0+fIXMvuQ2sJlplB4zgDZvA+NmvZsZv3EQwOcc1DuIU1VJUTWZ/RKouBMhDyNaBMx4sWvrzRA==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
     peerDependencies:
       eslint: ^8.57.0 || ^9.0.0 || ^10.0.0
       typescript: '>=4.8.4 <6.1.0'
 
-  '@typescript-eslint/visitor-keys@8.58.1':
-    resolution: {integrity: sha512-y+vH7QE8ycjoa0bWciFg7OpFcipUuem1ujhrdLtq1gByKwfbC7bPeKsiny9e0urg93DqwGcHey+bGRKCnF1nZQ==}
+  '@typescript-eslint/visitor-keys@8.58.2':
+    resolution: {integrity: sha512-f1WO2Lx8a9t8DARmcWAUPJbu0G20bJlj8L4z72K00TMeJAoyLr/tHhI/pzYBLrR4dXWkcxO1cWYZEOX8DKHTqA==}
     engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}
 
   acorn-jsx@5.3.2:
@@ -431,8 +425,8 @@ packages:
     resolution: {integrity: sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==}
     engines: {node: 18 || 20 || >=22}
 
-  brace-expansion@1.1.13:
-    resolution: {integrity: sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==}
+  brace-expansion@1.1.14:
+    resolution: {integrity: sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==}
 
   brace-expansion@5.0.5:
     resolution: {integrity: sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==}
@@ -524,8 +518,8 @@ packages:
     resolution: {integrity: sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==}
     engines: {node: '>=0.10.0'}
 
-  dotenv@17.4.1:
-    resolution: {integrity: sha512-k8DaKGP6r1G30Lx8V4+pCsLzKr8vLmV2paqEj1Y55GdAgJuIqpRp5FfajGF8KtwMxCz9qJc6wUIJnm053d/WCw==}
+  dotenv@17.4.2:
+    resolution: {integrity: sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==}
     engines: {node: '>=12'}
 
   dunder-proto@1.0.1:
@@ -705,8 +699,8 @@ packages:
   flatted@3.4.2:
     resolution: {integrity: sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==}
 
-  follow-redirects@1.15.11:
-    resolution: {integrity: sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==}
+  follow-redirects@1.16.0:
+    resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==}
     engines: {node: '>=4.0'}
     peerDependencies:
       debug: '*'
@@ -1518,14 +1512,14 @@ snapshots:
 
   '@types/totp-generator@0.0.8': {}
 
-  '@typescript-eslint/eslint-plugin@8.58.1(@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4)(typescript@5.8.2)':
+  '@typescript-eslint/eslint-plugin@8.58.2(@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4)(typescript@5.8.2)':
     dependencies:
       '@eslint-community/regexpp': 4.12.2
-      '@typescript-eslint/parser': 8.58.1(eslint@9.39.4)(typescript@5.8.2)
-      '@typescript-eslint/scope-manager': 8.58.1
-      '@typescript-eslint/type-utils': 8.58.1(eslint@9.39.4)(typescript@5.8.2)
-      '@typescript-eslint/utils': 8.58.1(eslint@9.39.4)(typescript@5.8.2)
-      '@typescript-eslint/visitor-keys': 8.58.1
+      '@typescript-eslint/parser': 8.58.2(eslint@9.39.4)(typescript@5.8.2)
+      '@typescript-eslint/scope-manager': 8.58.2
+      '@typescript-eslint/type-utils': 8.58.2(eslint@9.39.4)(typescript@5.8.2)
+      '@typescript-eslint/utils': 8.58.2(eslint@9.39.4)(typescript@5.8.2)
+      '@typescript-eslint/visitor-keys': 8.58.2
       eslint: 9.39.4
       ignore: 7.0.5
       natural-compare: 1.4.0
@@ -1534,41 +1528,41 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2)':
+  '@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2)':
     dependencies:
-      '@typescript-eslint/scope-manager': 8.58.1
-      '@typescript-eslint/types': 8.58.1
-      '@typescript-eslint/typescript-estree': 8.58.1(typescript@5.8.2)
-      '@typescript-eslint/visitor-keys': 8.58.1
+      '@typescript-eslint/scope-manager': 8.58.2
+      '@typescript-eslint/types': 8.58.2
+      '@typescript-eslint/typescript-estree': 8.58.2(typescript@5.8.2)
+      '@typescript-eslint/visitor-keys': 8.58.2
       debug: 4.4.3
       eslint: 9.39.4
       typescript: 5.8.2
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/project-service@8.58.1(typescript@5.8.2)':
+  '@typescript-eslint/project-service@8.58.2(typescript@5.8.2)':
     dependencies:
-      '@typescript-eslint/tsconfig-utils': 8.58.1(typescript@5.8.2)
-      '@typescript-eslint/types': 8.58.1
+      '@typescript-eslint/tsconfig-utils': 8.58.2(typescript@5.8.2)
+      '@typescript-eslint/types': 8.58.2
       debug: 4.4.3
       typescript: 5.8.2
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/scope-manager@8.58.1':
+  '@typescript-eslint/scope-manager@8.58.2':
     dependencies:
-      '@typescript-eslint/types': 8.58.1
-      '@typescript-eslint/visitor-keys': 8.58.1
+      '@typescript-eslint/types': 8.58.2
+      '@typescript-eslint/visitor-keys': 8.58.2
 
-  '@typescript-eslint/tsconfig-utils@8.58.1(typescript@5.8.2)':
+  '@typescript-eslint/tsconfig-utils@8.58.2(typescript@5.8.2)':
     dependencies:
       typescript: 5.8.2
 
-  '@typescript-eslint/type-utils@8.58.1(eslint@9.39.4)(typescript@5.8.2)':
+  '@typescript-eslint/type-utils@8.58.2(eslint@9.39.4)(typescript@5.8.2)':
     dependencies:
-      '@typescript-eslint/types': 8.58.1
-      '@typescript-eslint/typescript-estree': 8.58.1(typescript@5.8.2)
-      '@typescript-eslint/utils': 8.58.1(eslint@9.39.4)(typescript@5.8.2)
+      '@typescript-eslint/types': 8.58.2
+      '@typescript-eslint/typescript-estree': 8.58.2(typescript@5.8.2)
+      '@typescript-eslint/utils': 8.58.2(eslint@9.39.4)(typescript@5.8.2)
       debug: 4.4.3
       eslint: 9.39.4
       ts-api-utils: 2.5.0(typescript@5.8.2)
@@ -1576,14 +1570,14 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/types@8.58.1': {}
+  '@typescript-eslint/types@8.58.2': {}
 
-  '@typescript-eslint/typescript-estree@8.58.1(typescript@5.8.2)':
+  '@typescript-eslint/typescript-estree@8.58.2(typescript@5.8.2)':
     dependencies:
-      '@typescript-eslint/project-service': 8.58.1(typescript@5.8.2)
-      '@typescript-eslint/tsconfig-utils': 8.58.1(typescript@5.8.2)
-      '@typescript-eslint/types': 8.58.1
-      '@typescript-eslint/visitor-keys': 8.58.1
+      '@typescript-eslint/project-service': 8.58.2(typescript@5.8.2)
+      '@typescript-eslint/tsconfig-utils': 8.58.2(typescript@5.8.2)
+      '@typescript-eslint/types': 8.58.2
+      '@typescript-eslint/visitor-keys': 8.58.2
       debug: 4.4.3
       minimatch: 10.2.5
       semver: 7.7.4
@@ -1593,20 +1587,20 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/utils@8.58.1(eslint@9.39.4)(typescript@5.8.2)':
+  '@typescript-eslint/utils@8.58.2(eslint@9.39.4)(typescript@5.8.2)':
     dependencies:
       '@eslint-community/eslint-utils': 4.9.1(eslint@9.39.4)
-      '@typescript-eslint/scope-manager': 8.58.1
-      '@typescript-eslint/types': 8.58.1
-      '@typescript-eslint/typescript-estree': 8.58.1(typescript@5.8.2)
+      '@typescript-eslint/scope-manager': 8.58.2
+      '@typescript-eslint/types': 8.58.2
+      '@typescript-eslint/typescript-estree': 8.58.2(typescript@5.8.2)
       eslint: 9.39.4
       typescript: 5.8.2
     transitivePeerDependencies:
       - supports-color
 
-  '@typescript-eslint/visitor-keys@8.58.1':
+  '@typescript-eslint/visitor-keys@8.58.2':
     dependencies:
-      '@typescript-eslint/types': 8.58.1
+      '@typescript-eslint/types': 8.58.2
       eslint-visitor-keys: 5.0.1
 
   acorn-jsx@5.3.2(acorn@8.16.0):
@@ -1688,7 +1682,7 @@ snapshots:
 
   axios@1.15.0:
     dependencies:
-      follow-redirects: 1.15.11
+      follow-redirects: 1.16.0
       form-data: 4.0.5
       proxy-from-env: 2.1.0
     transitivePeerDependencies:
@@ -1698,7 +1692,7 @@ snapshots:
 
   balanced-match@4.0.4: {}
 
-  brace-expansion@1.1.13:
+  brace-expansion@1.1.14:
     dependencies:
       balanced-match: 1.0.2
       concat-map: 0.0.1
@@ -1795,7 +1789,7 @@ snapshots:
     dependencies:
       esutils: 2.0.3
 
-  dotenv@17.4.1: {}
+  dotenv@17.4.2: {}
 
   dunder-proto@1.0.1:
     dependencies:
@@ -1899,17 +1893,17 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  eslint-module-utils@2.12.1(@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2))(eslint-import-resolver-node@0.3.10)(eslint@9.39.4):
+  eslint-module-utils@2.12.1(@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2))(eslint-import-resolver-node@0.3.10)(eslint@9.39.4):
     dependencies:
       debug: 3.2.7
     optionalDependencies:
-      '@typescript-eslint/parser': 8.58.1(eslint@9.39.4)(typescript@5.8.2)
+      '@typescript-eslint/parser': 8.58.2(eslint@9.39.4)(typescript@5.8.2)
       eslint: 9.39.4
       eslint-import-resolver-node: 0.3.10
     transitivePeerDependencies:
       - supports-color
 
-  eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4):
+  eslint-plugin-import@2.32.0(@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2))(eslint@9.39.4):
     dependencies:
       '@rtsao/scc': 1.1.0
       array-includes: 3.1.9
@@ -1920,7 +1914,7 @@ snapshots:
       doctrine: 2.1.0
       eslint: 9.39.4
       eslint-import-resolver-node: 0.3.10
-      eslint-module-utils: 2.12.1(@typescript-eslint/parser@8.58.1(eslint@9.39.4)(typescript@5.8.2))(eslint-import-resolver-node@0.3.10)(eslint@9.39.4)
+      eslint-module-utils: 2.12.1(@typescript-eslint/parser@8.58.2(eslint@9.39.4)(typescript@5.8.2))(eslint-import-resolver-node@0.3.10)(eslint@9.39.4)
       hasown: 2.0.2
       is-core-module: 2.16.1
       is-glob: 4.0.3
@@ -1932,7 +1926,7 @@ snapshots:
       string.prototype.trimend: 1.0.9
       tsconfig-paths: 3.15.0
     optionalDependencies:
-      '@typescript-eslint/parser': 8.58.1(eslint@9.39.4)(typescript@5.8.2)
+      '@typescript-eslint/parser': 8.58.2(eslint@9.39.4)(typescript@5.8.2)
     transitivePeerDependencies:
       - eslint-import-resolver-typescript
       - eslint-import-resolver-webpack
@@ -2047,7 +2041,7 @@ snapshots:
 
   flatted@3.4.2: {}
 
-  follow-redirects@1.15.11: {}
+  follow-redirects@1.16.0: {}
 
   for-each@0.3.5:
     dependencies:
@@ -2312,7 +2306,7 @@ snapshots:
 
   minimatch@3.1.5:
     dependencies:
-      brace-expansion: 1.1.13
+      brace-expansion: 1.1.14
 
   minimist@1.2.8: {}
 

From 85f0d23f01de90d17f5edccceb3d6f7a4bfd7ab4 Mon Sep 17 00:00:00 2001
From: Jacek Chmielewski <jacek@defguard.net>
Date: Tue, 14 Apr 2026 12:08:13 +0200
Subject: [PATCH 9/9] cargo fmt

---
 .../tests/integration/api/common/mod.rs       | 18 +++----
 .../tests/integration/api/core_certs.rs       | 47 +++++++++----------
 .../tests/integration/api/proxy_certs.rs      | 46 +++++++++---------
 3 files changed, 55 insertions(+), 56 deletions(-)

diff --git a/crates/defguard_core/tests/integration/api/common/mod.rs b/crates/defguard_core/tests/integration/api/common/mod.rs
index 495f193bb..738f693b9 100644
--- a/crates/defguard_core/tests/integration/api/common/mod.rs
+++ b/crates/defguard_core/tests/integration/api/common/mod.rs
@@ -262,15 +262,15 @@ pub(crate) fn generate_test_cert_pem(common_name: &str) -> (String, String) {
 }
 
 pub(crate) fn generate_expired_test_cert_pem(common_name: &str) -> (String, String) {
-	let ca = CertificateAuthority::new("Test CA", "test@example.com", 365).unwrap();
-	let key_pair = generate_key_pair().unwrap();
-	let san = vec![common_name.to_string()];
-	let dn = vec![(DnType::CommonName, common_name)];
-	let csr = Csr::new(&key_pair, &san, dn).unwrap();
-	let cert = ca.sign_csr_with_validity(&csr, 0).unwrap();
-	let cert_pem = der_to_pem(cert.der(), PemLabel::Certificate).unwrap();
-	let key_pem = der_to_pem(key_pair.serialize_der().as_slice(), PemLabel::PrivateKey).unwrap();
-	(cert_pem, key_pem)
+    let ca = CertificateAuthority::new("Test CA", "test@example.com", 365).unwrap();
+    let key_pair = generate_key_pair().unwrap();
+    let san = vec![common_name.to_string()];
+    let dn = vec![(DnType::CommonName, common_name)];
+    let csr = Csr::new(&key_pair, &san, dn).unwrap();
+    let cert = ca.sign_csr_with_validity(&csr, 0).unwrap();
+    let cert_pem = der_to_pem(cert.der(), PemLabel::Certificate).unwrap();
+    let key_pem = der_to_pem(key_pair.serialize_der().as_slice(), PemLabel::PrivateKey).unwrap();
+    (cert_pem, key_pem)
 }
 
 /// Set minimal SMTP fields on a [`Settings`] so that `smtp_configured()` returns `true`.
diff --git a/crates/defguard_core/tests/integration/api/core_certs.rs b/crates/defguard_core/tests/integration/api/core_certs.rs
index d9b537c63..f2d3ab6b4 100644
--- a/crates/defguard_core/tests/integration/api/core_certs.rs
+++ b/crates/defguard_core/tests/integration/api/core_certs.rs
@@ -8,7 +8,7 @@ use serde_json::json;
 use sqlx::postgres::{PgConnectOptions, PgPoolOptions};
 
 use super::common::{
-	generate_expired_test_cert_pem, generate_test_cert_pem, make_test_client, setup_pool,
+    generate_expired_test_cert_pem, generate_test_cert_pem, make_test_client, setup_pool,
 };
 
 async fn seed_ca(pool: &sqlx::PgPool) {
@@ -80,10 +80,10 @@ async fn test_internal_url_settings_endpoint(_: PgPoolOptions, options: PgConnec
     );
 
     let (cert_pem, key_pem) = generate_test_cert_pem("uploaded.example.com");
-	let response = client
-		.post("/api/v1/core/cert/internal_url_settings")
-		.json(&json!({
-			"ssl_type": "own_cert",
+    let response = client
+        .post("/api/v1/core/cert/internal_url_settings")
+        .json(&json!({
+            "ssl_type": "own_cert",
             "cert_pem": cert_pem,
             "key_pem": key_pem
         }))
@@ -115,23 +115,22 @@ async fn test_internal_url_settings_endpoint(_: PgPoolOptions, options: PgConnec
         .json(&json!({
             "ssl_type": "own_cert",
             "cert_pem": "-----BEGIN CERTIFICATE-----\nfake\n-----END CERTIFICATE-----\n"
-		}))
-		.send()
-		.await;
-	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
-
-	let (expired_cert_pem, expired_key_pem) =
-		generate_expired_test_cert_pem("expired.example.com");
-	let response = client
-		.post("/api/v1/core/cert/internal_url_settings")
-		.json(&json!({
-			"ssl_type": "own_cert",
-			"cert_pem": expired_cert_pem,
-			"key_pem": expired_key_pem
-		}))
-		.send()
-		.await;
-	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
-	let body: serde_json::Value = response.json().await;
-	assert_eq!(body["msg"], "Certificate has expired");
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+
+    let (expired_cert_pem, expired_key_pem) = generate_expired_test_cert_pem("expired.example.com");
+    let response = client
+        .post("/api/v1/core/cert/internal_url_settings")
+        .json(&json!({
+            "ssl_type": "own_cert",
+            "cert_pem": expired_cert_pem,
+            "key_pem": expired_key_pem
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+    let body: serde_json::Value = response.json().await;
+    assert_eq!(body["msg"], "Certificate has expired");
 }
diff --git a/crates/defguard_core/tests/integration/api/proxy_certs.rs b/crates/defguard_core/tests/integration/api/proxy_certs.rs
index d4038c00d..d498eb5d5 100644
--- a/crates/defguard_core/tests/integration/api/proxy_certs.rs
+++ b/crates/defguard_core/tests/integration/api/proxy_certs.rs
@@ -276,10 +276,10 @@ async fn test_external_url_settings_endpoint(_: PgPoolOptions, opts: PgConnectOp
     let (cert_pem, key_pem) = generate_test_cert_pem("uploaded-edge.example.com");
     let expected_cert_pem = cert_pem.clone();
     let expected_key_pem = key_pem.clone();
-	let response = client
-		.post("/api/v1/proxy/cert/external_url_settings")
-		.json(&json!({
-			"ssl_type": "own_cert",
+    let response = client
+        .post("/api/v1/proxy/cert/external_url_settings")
+        .json(&json!({
+            "ssl_type": "own_cert",
             "cert_pem": cert_pem,
             "key_pem": key_pem
         }))
@@ -320,23 +320,23 @@ async fn test_external_url_settings_endpoint(_: PgPoolOptions, opts: PgConnectOp
         .json(&json!({
             "ssl_type": "own_cert",
             "cert_pem": "-----BEGIN CERTIFICATE-----\nfake\n-----END CERTIFICATE-----\n"
-		}))
-		.send()
-		.await;
-	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
-
-	let (expired_cert_pem, expired_key_pem) =
-		generate_expired_test_cert_pem("expired-edge.example.com");
-	let response = client
-		.post("/api/v1/proxy/cert/external_url_settings")
-		.json(&json!({
-			"ssl_type": "own_cert",
-			"cert_pem": expired_cert_pem,
-			"key_pem": expired_key_pem
-		}))
-		.send()
-		.await;
-	assert_eq!(response.status(), StatusCode::BAD_REQUEST);
-	let body: serde_json::Value = response.json().await;
-	assert_eq!(body["msg"], "Certificate has expired");
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+
+    let (expired_cert_pem, expired_key_pem) =
+        generate_expired_test_cert_pem("expired-edge.example.com");
+    let response = client
+        .post("/api/v1/proxy/cert/external_url_settings")
+        .json(&json!({
+            "ssl_type": "own_cert",
+            "cert_pem": expired_cert_pem,
+            "key_pem": expired_key_pem
+        }))
+        .send()
+        .await;
+    assert_eq!(response.status(), StatusCode::BAD_REQUEST);
+    let body: serde_json::Value = response.json().await;
+    assert_eq!(body["msg"], "Certificate has expired");
 }