Update dependency istio-ecosystem/authservice to v1.0.1
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| istio-ecosystem/authservice | patch |
1.0.0 -> v1.0.1
|
|
| istio-ecosystem/authservice | ironbank-github | patch |
v1.0.0 -> v1.0.1
|
Release Notes
istio-ecosystem/authservice (istio-ecosystem/authservice)
v1.0.1
This is a bugfix release that includes fixes for several CVEs as well as fixes for small regressions introduced in v1.0.0.
In addition to the bug fixes, it also comes with the following added features:
- Reduces the number of requests to the OIDC well-known endpoint.
- Added support for retrieving the end-session endpoint from the OIDC Discovery endpoint.
- Enhanced identity Provider logging. Starting on
v1.0.1you can enable theidplogger atdebuglevel to show all the requests and responses exchanged with the identity Provider in the authservice logs. Use with caution and only for debugging purposes, as these logs may contain sensitive information. - Added examples to help getting started with authservice and Istio.
- Configured a nightly vulnerability scan job to report new vulnerabilities to the GitHub Code Scanning page.
Detailed changelog
- Allow customizing the Istio version to use in the e2e tests by @nacx in https://github.com/istio-ecosystem/authservice/pull/243
- Upgrade Go to 1.22.2 to get rid of CVE-2023-45288 by @nacx in https://github.com/istio-ecosystem/authservice/pull/244
- Configure nightly vulnerability scans and report upload by @nacx in https://github.com/istio-ecosystem/authservice/pull/245
- Infer the JWS signing algorithm name by looking at the provided key by @erik-h in https://github.com/istio-ecosystem/authservice/pull/247
- Use the OIDC Discovery end session endpoint if present by @nacx in https://github.com/istio-ecosystem/authservice/pull/249
- Add a logger to log the calls to the Identity Provider by @nacx in https://github.com/istio-ecosystem/authservice/pull/250
- Cache well-known responses to avoid making too much calls to the IdP by @nacx in https://github.com/istio-ecosystem/authservice/pull/251
- Add minimal examples to make it easier to get started by @nacx in https://github.com/istio-ecosystem/authservice/pull/252
- Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in https://github.com/istio-ecosystem/authservice/pull/253
- Fix scan job configuration by @nacx in https://github.com/istio-ecosystem/authservice/pull/254
- Update code owners by @nacx in https://github.com/istio-ecosystem/authservice/pull/248
- Update protoc-gen-go comment to fix
make checkby @sergicastro in https://github.com/istio-ecosystem/authservice/pull/257 - Validate token_type case-insensitively by @jojonium in https://github.com/istio-ecosystem/authservice/pull/256
- Fix flaky file watcher test by @sergicastro in https://github.com/istio-ecosystem/authservice/pull/258
New Contributors
We want to thank our new contributors for taking the time to report issues, implement, and contribute the fixes. Thank you!
- @erik-h made their first contribution in https://github.com/istio-ecosystem/authservice/pull/247
- @jojonium made their first contribution in https://github.com/istio-ecosystem/authservice/pull/256
Full Changelog: https://github.com/istio-ecosystem/authservice/compare/v1.0.0...v1.0.1
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.