e572cd46c8
build(deps): bump github.com/prometheus/client_golang ( #4257 )
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.22.0...v1.23.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-version: 1.23.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
038049a7f9
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.1 to 4.1.2 ( #4255 )
...
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.1...v4.1.2 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-version: 4.1.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
c121d47506
authproxy connector: add support for specifying group header separator ( #3745 )
...
Signed-off-by: a-buck <5923598+a-buck@users.noreply.github.com>
Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com>
Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com>
Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com>
Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>
7 months ago
10fdc15ad9
build(deps): bump docker/login-action from 3.4.0 to 3.5.0 ( #4254 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072
7 months ago
07da7a0403
build(deps): bump google.golang.org/api from 0.243.0 to 0.244.0 ( #4247 )
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.243.0 to 0.244.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.243.0...v0.244.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.244.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
bb8d2428e9
build(deps): bump github/codeql-action from 3.29.4 to 3.29.5 ( #4244 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e828ff8d4...51f77329af
7 months ago
461cef5969
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.29 to 1.14.30 ( #4249 )
...
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3 ) from 1.14.29 to 1.14.30.
- [Release notes](https://github.com/mattn/go-sqlite3/releases )
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.29...v1.14.30 )
---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
dependency-version: 1.14.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
be7158c11e
build(deps): bump docker/metadata-action from 5.7.0 to 5.8.0 ( #4252 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5.7.0 to 5.8.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](902fa8ec7d...c1e51972af
7 months ago
02701f21f6
build(deps): bump distroless/static-debian12 from `627d6c5` to `cdf4daa` ( #4253 )
...
Bumps distroless/static-debian12 from `627d6c5` to `cdf4daa`.
---
updated-dependencies:
- dependency-name: distroless/static-debian12
dependency-version: nonroot
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
7a3acf0c30
build(deps): bump the etcd group with 2 updates ( #4243 )
...
Bumps the etcd group with 2 updates: [go.etcd.io/etcd/client/pkg/v3](https://github.com/etcd-io/etcd ) and [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd ).
Updates `go.etcd.io/etcd/client/pkg/v3` from 3.6.3 to 3.6.4
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.3...v3.6.4 )
Updates `go.etcd.io/etcd/client/v3` from 3.6.3 to 3.6.4
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.3...v3.6.4 )
---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/pkg/v3
dependency-version: 3.6.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: etcd
- dependency-name: go.etcd.io/etcd/client/v3
dependency-version: 3.6.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: etcd
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
790fcd2ce5
build(deps): bump github.com/coreos/go-oidc/v3 in /examples ( #4246 )
...
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc ) from 3.14.1 to 3.15.0.
- [Release notes](https://github.com/coreos/go-oidc/releases )
- [Commits](https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0 )
---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
dependency-version: 3.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
a19948154f
Merge pull request #4227 from dexidp/dependabot/go_modules/golang.org/x/net-0.42.0
...
build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0
8 months ago
40ec718dfc
Merge pull request #4234 from dexidp/dependabot/go_modules/google.golang.org/api-0.243.0
...
build(deps): bump google.golang.org/api from 0.238.0 to 0.243.0
8 months ago
473742e042
build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0
...
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
fe11136e8c
build(deps): bump google.golang.org/api from 0.238.0 to 0.243.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.238.0 to 0.243.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.238.0...v0.243.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-version: 0.243.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
f0e3c63d1b
Merge pull request #4229 from dexidp/dependabot/github_actions/anchore/sbom-action-0.20.4
...
build(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4
8 months ago
de6da9fb11
Merge pull request #4232 from dexidp/dependabot/go_modules/examples/google.golang.org/grpc-1.74.2
...
build(deps): bump google.golang.org/grpc from 1.74.0 to 1.74.2 in /examples
8 months ago
1da221450c
Merge pull request #4233 from dexidp/dependabot/go_modules/etcd-1b84d77219
...
build(deps): bump the etcd group with 2 updates
8 months ago
81255ab0ad
Merge pull request #4235 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.74.2
...
build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2
8 months ago
ebb923a35c
Merge pull request #4238 from dexidp/dependabot/github_actions/github/codeql-action-3.29.4
...
build(deps): bump github/codeql-action from 3.29.0 to 3.29.4
8 months ago
7ad7917cb6
Merge pull request #4239 from dexidp/dependabot/go_modules/github.com/mattn/go-sqlite3-1.14.29
...
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29
8 months ago
55a687ba81
Merge pull request #4204 from rackerlabs/fix-device-code-response
...
fix: device code pending HTTP response
8 months ago
9bfee6dedd
Merge pull request #4203 from rackerlabs/fix-device-code
...
fix: device code should not require scope
8 months ago
f844169cc7
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29
...
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3 ) from 1.14.28 to 1.14.29.
- [Release notes](https://github.com/mattn/go-sqlite3/releases )
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.28...v1.14.29 )
---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
dependency-version: 1.14.29
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
76c109c0f2
build(deps): bump github/codeql-action from 3.29.0 to 3.29.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.0 to 3.29.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...4e828ff8d4
8 months ago
72dd34bcf7
build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.73.0 to 1.74.2.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.73.0...v1.74.2 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.74.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
6701dcb3f6
build(deps): bump the etcd group with 2 updates
...
Bumps the etcd group with 2 updates: [go.etcd.io/etcd/client/pkg/v3](https://github.com/etcd-io/etcd ) and [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd ).
Updates `go.etcd.io/etcd/client/pkg/v3` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.2...v3.6.3 )
Updates `go.etcd.io/etcd/client/v3` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.2...v3.6.3 )
---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/pkg/v3
dependency-version: 3.6.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: etcd
- dependency-name: go.etcd.io/etcd/client/v3
dependency-version: 3.6.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: etcd
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
3c45dc4a7c
build(deps): bump google.golang.org/grpc in /examples
...
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.74.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
8ae3665b5d
build(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.2 to 0.20.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](cee1b8e05a...7b36ad622f
8 months ago
745e1114f3
build(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 ( #4199 )
...
Bumps [github.com/oklog/run](https://github.com/oklog/run ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/oklog/run/releases )
- [Commits](https://github.com/oklog/run/compare/v1.1.0...v1.2.0 )
---
updated-dependencies:
- dependency-name: github.com/oklog/run
dependency-version: 1.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
a829066558
Resolve CVE by updating gomplate to 4.3.3 ( #4224 )
...
Signed-off-by: Phil Brown <pbrown2@atlassian.com>
8 months ago
8bed0f6e16
build(deps): bump the etcd group with 2 updates ( #4213 )
...
Bumps the etcd group with 2 updates: [go.etcd.io/etcd/client/pkg/v3](https://github.com/etcd-io/etcd ) and [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd ).
Updates `go.etcd.io/etcd/client/pkg/v3` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.1...v3.6.2 )
Updates `go.etcd.io/etcd/client/v3` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/etcd-io/etcd/releases )
- [Commits](https://github.com/etcd-io/etcd/compare/v3.6.1...v3.6.2 )
---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/pkg/v3
dependency-version: 3.6.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: etcd
- dependency-name: go.etcd.io/etcd/client/v3
dependency-version: 3.6.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: etcd
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
f7d34b2b0f
feat: Add ModifyGroupNames claimMutation to oidc connector ( #4144 )
...
Signed-off-by: Mathias Petermann <mathias.petermann@swisscom.com>
8 months ago
28d4f3f068
build(deps): bump alpine from 3.22.0 to 3.22.1 ( #4217 )
...
Bumps alpine from 3.22.0 to 3.22.1.
---
updated-dependencies:
- dependency-name: alpine
dependency-version: 3.22.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
6e57370364
build(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 ( #4214 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/crypto/compare/v0.39.0...v0.40.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-version: 0.40.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
92dcd86dbd
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 ( #4196 )
...
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.0...v4.1.1 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-version: 4.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
1cb23728b1
build(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 ( #4210 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.31.0 to 0.32.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](76071ef0d7...dc5a429b52
8 months ago
cb3d7651d7
build(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 ( #4225 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.0 to 3.9.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](fb28c2b633...d58896d6a1
8 months ago
356524e4ef
build(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 ( #4205 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...cee1b8e05a
8 months ago
260c087b27
build(deps): bump google.golang.org/grpc in /examples ( #4219 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.73.0 to 1.74.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.73.0...v1.74.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.74.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
3ed215890b
build(deps): bump mheap/github-action-required-labels ( #4190 )
...
Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels ) from 5.5.0 to 5.5.1.
- [Release notes](https://github.com/mheap/github-action-required-labels/releases )
- [Commits](388fd6af37...8afbe8ae6a
8 months ago
67b4228595
[oidc] pass httpClient to the TokenIdentity context ( #4223 )
...
Signed-off-by: Vasily Maryutenkov <vasily.maryutenkov@flant.com>
8 months ago
d6237a8a6e
fix: device code should not require scope
...
As per RFC8628 section 3.1, https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
the scope is optional. Since dex always requires at least 'openid',
default the value to comply with the RFC.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
9 months ago
fbcc76f779
fix: device code pending HTTP response
...
As per RFC8628 section 3.5, https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
the authorization_pending response should extend RFC6749 section 5.2,
https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 which
specifies that the HTTP response code should be 400, Bad Request.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
9 months ago
7208747072
Add LDAP parent groups search, Active Directory Hierarchy ( #4113 )
...
This commit enables universal nested group search support across a
variety of LDAP server implementations. It updates the code to allow
recursive group membership discovery during user authentication and
provides CI tests to validate the functionality.
Based on @paroque’s original https://github.com/dexidp/dex/pull/1058
PR.
- Removed `Recursive` boolean flag from config and logic
- Made recursion behavior dependant on presence of `RecursionGroupAttr`
- Updated log messages to reflect changes and follow `slog` structured format
Signed-off-by: Ethan Dieterich <ethandieterich@gmail.com>
9 months ago
56cca05998
build(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 ( #4189 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.11.0 to 3.11.1.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](18ce135bb5...e468171a9d
9 months ago
ac0446537c
Merge pull request #4170 from dexidp/dependabot/go_modules/api/v2/google.golang.org/grpc-1.73.0
...
build(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2
9 months ago
1a11f66526
build(deps): bump google.golang.org/grpc in /api/v2
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.72.1 to 1.73.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.72.1...v1.73.0 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-version: 1.73.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
f372fdf7e6
Merge pull request #4163 from dexidp/dependabot/docker/alpine-3.22.0
...
build(deps): bump alpine from 3.21.3 to 3.22.0
9 months ago
2e1aab66f1
Merge pull request #4175 from dexidp/dependabot/go_modules/etcd-02511abee6
...
build(deps): bump the etcd group with 2 updates
9 months ago
dependabot[bot]
Alex B
Márk Sági-Kazár
Phil Brown
Mathias Petermann
Vasily Maryutenkov
Doug Goldstein
EthanDieterich