The Howard project, named after "The Godfather of Clouds" Luke Howard, orchestrates the Kubernetes-based cloud infrastructure for the Canadian Food Inspection Agency's AI lab, managing applications like Nachet, Finesse, and Louis. It prioritizes robustness, security and efficiency
dexidp/dex (ghcr.io/dexidp/dex)
### [`v2.39.1`](https://togithub.com/dexidp/dex/releases/tag/v2.39.1)
[Compare Source](https://togithub.com/dexidp/dex/compare/v2.39.0...v2.39.1)
The official container image for this release can be pulled from
ghcr.io/dexidp/dex:v2.39.1
##### Bug Fixes 🐛
- Update max length of Kubernetes object to fit Kubernetes policy by [@RomanenkoDenys](https://togithub.com/RomanenkoDenys) in [https://github.com/dexidp/dex/pull/3439](https://togithub.com/dexidp/dex/pull/3439) (fix regression for Kubernetes storage)
- Do not escape password for LDAP connectors by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3470](https://togithub.com/dexidp/dex/pull/3470) (changes introduced in v2.39.0 were reverted)
### [`v2.39.0`](https://togithub.com/dexidp/dex/releases/tag/v2.39.0)
[Compare Source](https://togithub.com/dexidp/dex/compare/v2.38.0...v2.39.0)
The official container image for this release can be pulled from
ghcr.io/dexidp/dex:v2.39.0
#### Know before update
> \[!WARNING]
> The validation of username and password in the LDAP connector is much more strict now.
> As of today, Dex uses the [`EscapeFilter`](https://pkg.go.dev/gopkg.in/ldap.v1#EscapeFilter) function to check for special characters in credentials and prevent injections by denying such requests.
> the special characters in the set `()*\` and those out of the range 0 < c < 0x80, as defined in RFC4515
#### What's Changed
##### Enhancements 🚀
- Also set the username in authproxy connector by [@ppacher](https://togithub.com/ppacher) in [https://github.com/dexidp/dex/pull/3307](https://togithub.com/dexidp/dex/pull/3307)
- Log failed login attempt by [@i-amelia](https://togithub.com/i-amelia) in [https://github.com/dexidp/dex/pull/2454](https://togithub.com/dexidp/dex/pull/2454)
- Update ent by [@sagikazarmark](https://togithub.com/sagikazarmark) in [https://github.com/dexidp/dex/pull/3379](https://togithub.com/dexidp/dex/pull/3379)
- Add sanitizer to LDAP account and password by [@hsinhoyeh](https://togithub.com/hsinhoyeh) in [https://github.com/dexidp/dex/pull/3372](https://togithub.com/dexidp/dex/pull/3372)
- Add headers control to Dex web server by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3339](https://togithub.com/dexidp/dex/pull/3339)
- OIDC connector: Allow specifying empty prompt type by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3373](https://togithub.com/dexidp/dex/pull/3373)
- Set read-only permissions to the check job by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3415](https://togithub.com/dexidp/dex/pull/3415)
##### Bug Fixes 🐛
- Use the correct token type for userInfo requests while Token Exchange by [@MrDeerly](https://togithub.com/MrDeerly) in [https://github.com/dexidp/dex/pull/3336](https://togithub.com/dexidp/dex/pull/3336)
- Do not evaluate skipApproval on the approval page by [@MM53](https://togithub.com/MM53) in [https://github.com/dexidp/dex/pull/3086](https://togithub.com/dexidp/dex/pull/3086)
##### Dependency Updates ⬆️
- build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3314](https://togithub.com/dexidp/dex/pull/3314)
- build(deps): bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.22 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3328](https://togithub.com/dexidp/dex/pull/3328)
- build(deps): bump github/codeql-action from 3.23.1 to 3.24.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3327](https://togithub.com/dexidp/dex/pull/3327)
- build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3325](https://togithub.com/dexidp/dex/pull/3325)
- build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.11 to 3.5.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3323](https://togithub.com/dexidp/dex/pull/3323)
- build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3317](https://togithub.com/dexidp/dex/pull/3317)
- build(deps): bump alpine from 3.19.0 to 3.19.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3311](https://togithub.com/dexidp/dex/pull/3311)
- build(deps): bump golang from `3bd4475` to `3354c3a` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3310](https://togithub.com/dexidp/dex/pull/3310)
- build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3308](https://togithub.com/dexidp/dex/pull/3308)
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3324](https://togithub.com/dexidp/dex/pull/3324)
- build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.11 to 3.5.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3321](https://togithub.com/dexidp/dex/pull/3321)
- build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3340](https://togithub.com/dexidp/dex/pull/3340)
- build(deps): bump tonistiigi/xx from 1.3.0 to 1.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3333](https://togithub.com/dexidp/dex/pull/3333)
- build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3341](https://togithub.com/dexidp/dex/pull/3341)
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3352](https://togithub.com/dexidp/dex/pull/3352)
- build(deps): bump distroless/static from `9be3fcc` to `a43abc8` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3350](https://togithub.com/dexidp/dex/pull/3350)
- build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3332](https://togithub.com/dexidp/dex/pull/3332)
- build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3330](https://togithub.com/dexidp/dex/pull/3330)
- build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3347](https://togithub.com/dexidp/dex/pull/3347)
- build(deps): bump helm/kind-action from 1.8.0 to 1.9.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3345](https://togithub.com/dexidp/dex/pull/3345)
- build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3360](https://togithub.com/dexidp/dex/pull/3360)
- build(deps): bump google.golang.org/api from 0.161.0 to 0.165.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3355](https://togithub.com/dexidp/dex/pull/3355)
- build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3359](https://togithub.com/dexidp/dex/pull/3359)
- build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3377](https://togithub.com/dexidp/dex/pull/3377)
- build(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3376](https://togithub.com/dexidp/dex/pull/3376)
- build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3375](https://togithub.com/dexidp/dex/pull/3375)
- build(deps): bump distroless/static from `a43abc8` to `072d78b` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3374](https://togithub.com/dexidp/dex/pull/3374)
- build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3368](https://togithub.com/dexidp/dex/pull/3368)
- build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3363](https://togithub.com/dexidp/dex/pull/3363)
- build(deps): bump haya14busa/action-cond from 1.1.1 to 1.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3346](https://togithub.com/dexidp/dex/pull/3346)
- build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3334](https://togithub.com/dexidp/dex/pull/3334)
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3367](https://togithub.com/dexidp/dex/pull/3367)
- build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 in /api/v2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3365](https://togithub.com/dexidp/dex/pull/3365)
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3405](https://togithub.com/dexidp/dex/pull/3405)
- build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3380](https://togithub.com/dexidp/dex/pull/3380)
- build(deps): bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3398](https://togithub.com/dexidp/dex/pull/3398)
- build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3406](https://togithub.com/dexidp/dex/pull/3406)
- build(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3407](https://togithub.com/dexidp/dex/pull/3407)
- Update jose by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3409](https://togithub.com/dexidp/dex/pull/3409)
- build(deps): bump distroless/static from `072d78b` to `9235ad9` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3381](https://togithub.com/dexidp/dex/pull/3381)
- build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3382](https://togithub.com/dexidp/dex/pull/3382)
- build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3384](https://togithub.com/dexidp/dex/pull/3384)
- build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3386](https://togithub.com/dexidp/dex/pull/3386)
- build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3397](https://togithub.com/dexidp/dex/pull/3397)
- build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3393](https://togithub.com/dexidp/dex/pull/3393)
- build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3394](https://togithub.com/dexidp/dex/pull/3394)
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3401](https://togithub.com/dexidp/dex/pull/3401)
- build(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3414](https://togithub.com/dexidp/dex/pull/3414)
- build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3413](https://togithub.com/dexidp/dex/pull/3413)
- build(deps): bump distroless/static from `9235ad9` to `7e5c6a2` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3410](https://togithub.com/dexidp/dex/pull/3410)
- build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3411](https://togithub.com/dexidp/dex/pull/3411)
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3412](https://togithub.com/dexidp/dex/pull/3412)
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3389](https://togithub.com/dexidp/dex/pull/3389)
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3417](https://togithub.com/dexidp/dex/pull/3417)
- build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3422](https://togithub.com/dexidp/dex/pull/3422)
- build(deps): bump google.golang.org/api from 0.169.0 to 0.171.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3426](https://togithub.com/dexidp/dex/pull/3426)
- build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3418](https://togithub.com/dexidp/dex/pull/3418)
- build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3424](https://togithub.com/dexidp/dex/pull/3424)
- build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3425](https://togithub.com/dexidp/dex/pull/3425)
- build(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3420](https://togithub.com/dexidp/dex/pull/3420)
- build(deps): bump golang from `010f3b3` to `ede158f` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3421](https://togithub.com/dexidp/dex/pull/3421)
- build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /api/v2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3399](https://togithub.com/dexidp/dex/pull/3399)
- build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /api/v2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3400](https://togithub.com/dexidp/dex/pull/3400)
#### New Contributors
- [@ppacher](https://togithub.com/ppacher) made their first contribution in [https://github.com/dexidp/dex/pull/3307](https://togithub.com/dexidp/dex/pull/3307)
- [@MrDeerly](https://togithub.com/MrDeerly) made their first contribution in [https://github.com/dexidp/dex/pull/3336](https://togithub.com/dexidp/dex/pull/3336)
- [@i-amelia](https://togithub.com/i-amelia) made their first contribution in [https://github.com/dexidp/dex/pull/2454](https://togithub.com/dexidp/dex/pull/2454)
- [@hsinhoyeh](https://togithub.com/hsinhoyeh) made their first contribution in [https://github.com/dexidp/dex/pull/3372](https://togithub.com/dexidp/dex/pull/3372)
**Full Changelog**: https://github.com/dexidp/dex/compare/v2.38.0...v2.39.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v2.38.0
->v2.39.1
Release Notes
dexidp/dex (ghcr.io/dexidp/dex)
### [`v2.39.1`](https://togithub.com/dexidp/dex/releases/tag/v2.39.1) [Compare Source](https://togithub.com/dexidp/dex/compare/v2.39.0...v2.39.1) The official container image for this release can be pulled from ghcr.io/dexidp/dex:v2.39.1 ##### Bug Fixes 🐛 - Update max length of Kubernetes object to fit Kubernetes policy by [@RomanenkoDenys](https://togithub.com/RomanenkoDenys) in [https://github.com/dexidp/dex/pull/3439](https://togithub.com/dexidp/dex/pull/3439) (fix regression for Kubernetes storage) - Do not escape password for LDAP connectors by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3470](https://togithub.com/dexidp/dex/pull/3470) (changes introduced in v2.39.0 were reverted) ### [`v2.39.0`](https://togithub.com/dexidp/dex/releases/tag/v2.39.0) [Compare Source](https://togithub.com/dexidp/dex/compare/v2.38.0...v2.39.0) The official container image for this release can be pulled from ghcr.io/dexidp/dex:v2.39.0 #### Know before update > \[!WARNING] > The validation of username and password in the LDAP connector is much more strict now. > As of today, Dex uses the [`EscapeFilter`](https://pkg.go.dev/gopkg.in/ldap.v1#EscapeFilter) function to check for special characters in credentials and prevent injections by denying such requests. > the special characters in the set `()*\` and those out of the range 0 < c < 0x80, as defined in RFC4515 #### What's Changed ##### Enhancements 🚀 - Also set the username in authproxy connector by [@ppacher](https://togithub.com/ppacher) in [https://github.com/dexidp/dex/pull/3307](https://togithub.com/dexidp/dex/pull/3307) - Log failed login attempt by [@i-amelia](https://togithub.com/i-amelia) in [https://github.com/dexidp/dex/pull/2454](https://togithub.com/dexidp/dex/pull/2454) - Update ent by [@sagikazarmark](https://togithub.com/sagikazarmark) in [https://github.com/dexidp/dex/pull/3379](https://togithub.com/dexidp/dex/pull/3379) - Add sanitizer to LDAP account and password by [@hsinhoyeh](https://togithub.com/hsinhoyeh) in [https://github.com/dexidp/dex/pull/3372](https://togithub.com/dexidp/dex/pull/3372) - Add headers control to Dex web server by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3339](https://togithub.com/dexidp/dex/pull/3339) - OIDC connector: Allow specifying empty prompt type by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3373](https://togithub.com/dexidp/dex/pull/3373) - Set read-only permissions to the check job by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3415](https://togithub.com/dexidp/dex/pull/3415) ##### Bug Fixes 🐛 - Use the correct token type for userInfo requests while Token Exchange by [@MrDeerly](https://togithub.com/MrDeerly) in [https://github.com/dexidp/dex/pull/3336](https://togithub.com/dexidp/dex/pull/3336) - Do not evaluate skipApproval on the approval page by [@MM53](https://togithub.com/MM53) in [https://github.com/dexidp/dex/pull/3086](https://togithub.com/dexidp/dex/pull/3086) ##### Dependency Updates ⬆️ - build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3314](https://togithub.com/dexidp/dex/pull/3314) - build(deps): bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.22 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3328](https://togithub.com/dexidp/dex/pull/3328) - build(deps): bump github/codeql-action from 3.23.1 to 3.24.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3327](https://togithub.com/dexidp/dex/pull/3327) - build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3325](https://togithub.com/dexidp/dex/pull/3325) - build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.11 to 3.5.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3323](https://togithub.com/dexidp/dex/pull/3323) - build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3317](https://togithub.com/dexidp/dex/pull/3317) - build(deps): bump alpine from 3.19.0 to 3.19.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3311](https://togithub.com/dexidp/dex/pull/3311) - build(deps): bump golang from `3bd4475` to `3354c3a` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3310](https://togithub.com/dexidp/dex/pull/3310) - build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3308](https://togithub.com/dexidp/dex/pull/3308) - build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3324](https://togithub.com/dexidp/dex/pull/3324) - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.11 to 3.5.12 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3321](https://togithub.com/dexidp/dex/pull/3321) - build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3340](https://togithub.com/dexidp/dex/pull/3340) - build(deps): bump tonistiigi/xx from 1.3.0 to 1.4.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3333](https://togithub.com/dexidp/dex/pull/3333) - build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3341](https://togithub.com/dexidp/dex/pull/3341) - build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3352](https://togithub.com/dexidp/dex/pull/3352) - build(deps): bump distroless/static from `9be3fcc` to `a43abc8` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3350](https://togithub.com/dexidp/dex/pull/3350) - build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3332](https://togithub.com/dexidp/dex/pull/3332) - build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3330](https://togithub.com/dexidp/dex/pull/3330) - build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3347](https://togithub.com/dexidp/dex/pull/3347) - build(deps): bump helm/kind-action from 1.8.0 to 1.9.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3345](https://togithub.com/dexidp/dex/pull/3345) - build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3360](https://togithub.com/dexidp/dex/pull/3360) - build(deps): bump google.golang.org/api from 0.161.0 to 0.165.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3355](https://togithub.com/dexidp/dex/pull/3355) - build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3359](https://togithub.com/dexidp/dex/pull/3359) - build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3377](https://togithub.com/dexidp/dex/pull/3377) - build(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3376](https://togithub.com/dexidp/dex/pull/3376) - build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3375](https://togithub.com/dexidp/dex/pull/3375) - build(deps): bump distroless/static from `a43abc8` to `072d78b` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3374](https://togithub.com/dexidp/dex/pull/3374) - build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3368](https://togithub.com/dexidp/dex/pull/3368) - build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3363](https://togithub.com/dexidp/dex/pull/3363) - build(deps): bump haya14busa/action-cond from 1.1.1 to 1.2.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3346](https://togithub.com/dexidp/dex/pull/3346) - build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3334](https://togithub.com/dexidp/dex/pull/3334) - build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3367](https://togithub.com/dexidp/dex/pull/3367) - build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 in /api/v2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3365](https://togithub.com/dexidp/dex/pull/3365) - build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3405](https://togithub.com/dexidp/dex/pull/3405) - build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3380](https://togithub.com/dexidp/dex/pull/3380) - build(deps): bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3398](https://togithub.com/dexidp/dex/pull/3398) - build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3406](https://togithub.com/dexidp/dex/pull/3406) - build(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3407](https://togithub.com/dexidp/dex/pull/3407) - Update jose by [@nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3409](https://togithub.com/dexidp/dex/pull/3409) - build(deps): bump distroless/static from `072d78b` to `9235ad9` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3381](https://togithub.com/dexidp/dex/pull/3381) - build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3382](https://togithub.com/dexidp/dex/pull/3382) - build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3384](https://togithub.com/dexidp/dex/pull/3384) - build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3386](https://togithub.com/dexidp/dex/pull/3386) - build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3397](https://togithub.com/dexidp/dex/pull/3397) - build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3393](https://togithub.com/dexidp/dex/pull/3393) - build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3394](https://togithub.com/dexidp/dex/pull/3394) - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3401](https://togithub.com/dexidp/dex/pull/3401) - build(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3414](https://togithub.com/dexidp/dex/pull/3414) - build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3413](https://togithub.com/dexidp/dex/pull/3413) - build(deps): bump distroless/static from `9235ad9` to `7e5c6a2` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3410](https://togithub.com/dexidp/dex/pull/3410) - build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3411](https://togithub.com/dexidp/dex/pull/3411) - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3412](https://togithub.com/dexidp/dex/pull/3412) - build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3389](https://togithub.com/dexidp/dex/pull/3389) - build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3417](https://togithub.com/dexidp/dex/pull/3417) - build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3422](https://togithub.com/dexidp/dex/pull/3422) - build(deps): bump google.golang.org/api from 0.169.0 to 0.171.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3426](https://togithub.com/dexidp/dex/pull/3426) - build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3418](https://togithub.com/dexidp/dex/pull/3418) - build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 in /examples by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3424](https://togithub.com/dexidp/dex/pull/3424) - build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3425](https://togithub.com/dexidp/dex/pull/3425) - build(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3420](https://togithub.com/dexidp/dex/pull/3420) - build(deps): bump golang from `010f3b3` to `ede158f` by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3421](https://togithub.com/dexidp/dex/pull/3421) - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /api/v2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3399](https://togithub.com/dexidp/dex/pull/3399) - build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /api/v2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3400](https://togithub.com/dexidp/dex/pull/3400) #### New Contributors - [@ppacher](https://togithub.com/ppacher) made their first contribution in [https://github.com/dexidp/dex/pull/3307](https://togithub.com/dexidp/dex/pull/3307) - [@MrDeerly](https://togithub.com/MrDeerly) made their first contribution in [https://github.com/dexidp/dex/pull/3336](https://togithub.com/dexidp/dex/pull/3336) - [@i-amelia](https://togithub.com/i-amelia) made their first contribution in [https://github.com/dexidp/dex/pull/2454](https://togithub.com/dexidp/dex/pull/2454) - [@hsinhoyeh](https://togithub.com/hsinhoyeh) made their first contribution in [https://github.com/dexidp/dex/pull/3372](https://togithub.com/dexidp/dex/pull/3372) **Full Changelog**: https://github.com/dexidp/dex/compare/v2.38.0...v2.39.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.