Update dexidp/dex Docker tag to v2.39.0
This MR contains the following updates:
Package | Type | Update | Change |
---|---|---|---|
dexidp/dex | minor |
v2.38.0 -> v2.39.0
|
|
dexidp/dex | ironbank-docker | minor |
v2.38.0 -> v2.39.0
|
dexidp/dex | stage | minor |
v2.38.0 -> v2.39.0
|
Release Notes
dexidp/dex (dexidp/dex)
v2.39.0
The official container image for this release can be pulled from
ghcr.io/dexidp/dex:v2.39.0
Know before release
The validation of username and password in the LDAP connector is much more strict now.
As of today, Dex uses the EscapeFilter
function to check for special characters in credentials and prevent injections by denying such requests.
the special characters in the set
()*\
and those out of the range 0 < c < 0x80, as defined in RFC4515
What's Changed
🚀
Enhancements - Also set the username in authproxy connector by @ppacher in https://github.com/dexidp/dex/pull/3307
- Log failed login attempt by @i-amelia in https://github.com/dexidp/dex/pull/2454
- Update ent by @sagikazarmark in https://github.com/dexidp/dex/pull/3379
- Add sanitizer to LDAP account and password by @hsinhoyeh in https://github.com/dexidp/dex/pull/3372
- Add headers control to Dex web server by @nabokihms in https://github.com/dexidp/dex/pull/3339
- OIDC connector: Allow specifying empty prompt type by @nabokihms in https://github.com/dexidp/dex/pull/3373
- Set read-only permissions to the check job by @nabokihms in https://github.com/dexidp/dex/pull/3415
🐛
Bug Fixes - Use the correct token type for userInfo requests while Token Exchange by @MrDeerly in https://github.com/dexidp/dex/pull/3336
- Do not evaluate skipApproval on the approval page by @MM53 in https://github.com/dexidp/dex/pull/3086
⬆ ️
Dependency Updates - build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by @dependabot in https://github.com/dexidp/dex/pull/3314
- build(deps): bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.22 by @dependabot in https://github.com/dexidp/dex/pull/3328
- build(deps): bump github/codeql-action from 3.23.1 to 3.24.0 by @dependabot in https://github.com/dexidp/dex/pull/3327
- build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 by @dependabot in https://github.com/dexidp/dex/pull/3325
- build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.11 to 3.5.12 by @dependabot in https://github.com/dexidp/dex/pull/3323
- build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by @dependabot in https://github.com/dexidp/dex/pull/3317
- build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in https://github.com/dexidp/dex/pull/3311
- build(deps): bump golang from
3bd4475
to3354c3a
by @dependabot in https://github.com/dexidp/dex/pull/3310 - build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by @dependabot in https://github.com/dexidp/dex/pull/3308
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by @dependabot in https://github.com/dexidp/dex/pull/3324
- build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.11 to 3.5.12 by @dependabot in https://github.com/dexidp/dex/pull/3321
- build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3340
- build(deps): bump tonistiigi/xx from 1.3.0 to 1.4.0 by @dependabot in https://github.com/dexidp/dex/pull/3333
- build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in https://github.com/dexidp/dex/pull/3341
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3352
- build(deps): bump distroless/static from
9be3fcc
toa43abc8
by @dependabot in https://github.com/dexidp/dex/pull/3350 - build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in https://github.com/dexidp/dex/pull/3332
- build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in https://github.com/dexidp/dex/pull/3330
- build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by @dependabot in https://github.com/dexidp/dex/pull/3347
- build(deps): bump helm/kind-action from 1.8.0 to 1.9.0 by @dependabot in https://github.com/dexidp/dex/pull/3345
- build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in https://github.com/dexidp/dex/pull/3360
- build(deps): bump google.golang.org/api from 0.161.0 to 0.165.0 by @dependabot in https://github.com/dexidp/dex/pull/3355
- build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in https://github.com/dexidp/dex/pull/3359
- build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in https://github.com/dexidp/dex/pull/3377
- build(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 by @dependabot in https://github.com/dexidp/dex/pull/3376
- build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in https://github.com/dexidp/dex/pull/3375
- build(deps): bump distroless/static from
a43abc8
to072d78b
by @dependabot in https://github.com/dexidp/dex/pull/3374 - build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3368
- build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in https://github.com/dexidp/dex/pull/3363
- build(deps): bump haya14busa/action-cond from 1.1.1 to 1.2.1 by @dependabot in https://github.com/dexidp/dex/pull/3346
- build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by @dependabot in https://github.com/dexidp/dex/pull/3334
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 by @dependabot in https://github.com/dexidp/dex/pull/3367
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 in /api/v2 by @dependabot in https://github.com/dexidp/dex/pull/3365
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in https://github.com/dexidp/dex/pull/3405
- build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in https://github.com/dexidp/dex/pull/3380
- build(deps): bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by @dependabot in https://github.com/dexidp/dex/pull/3398
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3406
- build(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 by @dependabot in https://github.com/dexidp/dex/pull/3407
- Update jose by @nabokihms in https://github.com/dexidp/dex/pull/3409
- build(deps): bump distroless/static from
072d78b
to9235ad9
by @dependabot in https://github.com/dexidp/dex/pull/3381 - build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/dexidp/dex/pull/3382
- build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in https://github.com/dexidp/dex/pull/3384
- build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in https://github.com/dexidp/dex/pull/3386
- build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in https://github.com/dexidp/dex/pull/3397
- build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @dependabot in https://github.com/dexidp/dex/pull/3393
- build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3394
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3401
- build(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 by @dependabot in https://github.com/dexidp/dex/pull/3414
- build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in https://github.com/dexidp/dex/pull/3413
- build(deps): bump distroless/static from
9235ad9
to7e5c6a2
by @dependabot in https://github.com/dexidp/dex/pull/3410 - build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in https://github.com/dexidp/dex/pull/3411
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in https://github.com/dexidp/dex/pull/3412
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in https://github.com/dexidp/dex/pull/3389
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in https://github.com/dexidp/dex/pull/3417
- build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 by @dependabot in https://github.com/dexidp/dex/pull/3422
- build(deps): bump google.golang.org/api from 0.169.0 to 0.171.0 by @dependabot in https://github.com/dexidp/dex/pull/3426
- build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in https://github.com/dexidp/dex/pull/3418
- build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 in /examples by @dependabot in https://github.com/dexidp/dex/pull/3424
- build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by @dependabot in https://github.com/dexidp/dex/pull/3425
- build(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in https://github.com/dexidp/dex/pull/3420
- build(deps): bump golang from
010f3b3
toede158f
by @dependabot in https://github.com/dexidp/dex/pull/3421 - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /api/v2 by @dependabot in https://github.com/dexidp/dex/pull/3399
- build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /api/v2 by @dependabot in https://github.com/dexidp/dex/pull/3400
New Contributors
- @ppacher made their first contribution in https://github.com/dexidp/dex/pull/3307
- @MrDeerly made their first contribution in https://github.com/dexidp/dex/pull/3336
- @i-amelia made their first contribution in https://github.com/dexidp/dex/pull/2454
- @hsinhoyeh made their first contribution in https://github.com/dexidp/dex/pull/3372
Full Changelog: https://github.com/dexidp/dex/compare/v2.38.0...v2.39.0
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.