search

ai-cfia / howard

The Howard project, named after "The Godfather of Clouds" Luke Howard, orchestrates the Kubernetes-based cloud infrastructure for the Canadian Food Inspection Agency's AI lab, managing applications like Nachet, Finesse, and Louis. It prioritizes robustness, security and efficiency
https://ai-cfia.github.io/howard/
MIT License
3 stars 0 forks source link

Update ghcr.io/dexidp/dex Docker tag to v2.39.1 #192

Closed renovate[bot] closed 1 month ago

renovate[bot] commented 2 months ago

Mend Renovate

This PR contains the following updates:

Package Update Change
ghcr.io/dexidp/dex minor v2.38.0 -> v2.39.1

Release Notes

dexidp/dex (ghcr.io/dexidp/dex) ### [`v2.39.1`](https://togithub.com/dexidp/dex/releases/tag/v2.39.1) [Compare Source](https://togithub.com/dexidp/dex/compare/v2.39.0...v2.39.1) The official container image for this release can be pulled from ghcr.io/dexidp/dex:v2.39.1 ##### Bug Fixes 🐛 - Update max length of Kubernetes object to fit Kubernetes policy by [@​RomanenkoDenys](https://togithub.com/RomanenkoDenys) in [https://github.com/dexidp/dex/pull/3439](https://togithub.com/dexidp/dex/pull/3439) (fix regression for Kubernetes storage) - Do not escape password for LDAP connectors by [@​nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3470](https://togithub.com/dexidp/dex/pull/3470) (changes introduced in v2.39.0 were reverted) ### [`v2.39.0`](https://togithub.com/dexidp/dex/releases/tag/v2.39.0) [Compare Source](https://togithub.com/dexidp/dex/compare/v2.38.0...v2.39.0) The official container image for this release can be pulled from ghcr.io/dexidp/dex:v2.39.0 #### Know before update > \[!WARNING] > The validation of username and password in the LDAP connector is much more strict now. > As of today, Dex uses the [`EscapeFilter`](https://pkg.go.dev/gopkg.in/ldap.v1#EscapeFilter) function to check for special characters in credentials and prevent injections by denying such requests. > the special characters in the set `()*\` and those out of the range 0 < c < 0x80, as defined in RFC4515 #### What's Changed ##### Enhancements 🚀 - Also set the username in authproxy connector by [@​ppacher](https://togithub.com/ppacher) in [https://github.com/dexidp/dex/pull/3307](https://togithub.com/dexidp/dex/pull/3307) - Log failed login attempt by [@​i-amelia](https://togithub.com/i-amelia) in [https://github.com/dexidp/dex/pull/2454](https://togithub.com/dexidp/dex/pull/2454) - Update ent by [@​sagikazarmark](https://togithub.com/sagikazarmark) in [https://github.com/dexidp/dex/pull/3379](https://togithub.com/dexidp/dex/pull/3379) - Add sanitizer to LDAP account and password by [@​hsinhoyeh](https://togithub.com/hsinhoyeh) in [https://github.com/dexidp/dex/pull/3372](https://togithub.com/dexidp/dex/pull/3372) - Add headers control to Dex web server by [@​nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3339](https://togithub.com/dexidp/dex/pull/3339) - OIDC connector: Allow specifying empty prompt type by [@​nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3373](https://togithub.com/dexidp/dex/pull/3373) - Set read-only permissions to the check job by [@​nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3415](https://togithub.com/dexidp/dex/pull/3415) ##### Bug Fixes 🐛 - Use the correct token type for userInfo requests while Token Exchange by [@​MrDeerly](https://togithub.com/MrDeerly) in [https://github.com/dexidp/dex/pull/3336](https://togithub.com/dexidp/dex/pull/3336) - Do not evaluate skipApproval on the approval page by [@​MM53](https://togithub.com/MM53) in [https://github.com/dexidp/dex/pull/3086](https://togithub.com/dexidp/dex/pull/3086) ##### Dependency Updates ⬆️ - build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3314](https://togithub.com/dexidp/dex/pull/3314) - build(deps): bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.22 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3328](https://togithub.com/dexidp/dex/pull/3328) - build(deps): bump github/codeql-action from 3.23.1 to 3.24.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3327](https://togithub.com/dexidp/dex/pull/3327) - build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3325](https://togithub.com/dexidp/dex/pull/3325) - build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.11 to 3.5.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3323](https://togithub.com/dexidp/dex/pull/3323) - build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3317](https://togithub.com/dexidp/dex/pull/3317) - build(deps): bump alpine from 3.19.0 to 3.19.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3311](https://togithub.com/dexidp/dex/pull/3311) - build(deps): bump golang from `3bd4475` to `3354c3a` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3310](https://togithub.com/dexidp/dex/pull/3310) - build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3308](https://togithub.com/dexidp/dex/pull/3308) - build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3324](https://togithub.com/dexidp/dex/pull/3324) - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.11 to 3.5.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3321](https://togithub.com/dexidp/dex/pull/3321) - build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3340](https://togithub.com/dexidp/dex/pull/3340) - build(deps): bump tonistiigi/xx from 1.3.0 to 1.4.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3333](https://togithub.com/dexidp/dex/pull/3333) - build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3341](https://togithub.com/dexidp/dex/pull/3341) - build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3352](https://togithub.com/dexidp/dex/pull/3352) - build(deps): bump distroless/static from `9be3fcc` to `a43abc8` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3350](https://togithub.com/dexidp/dex/pull/3350) - build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3332](https://togithub.com/dexidp/dex/pull/3332) - build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3330](https://togithub.com/dexidp/dex/pull/3330) - build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3347](https://togithub.com/dexidp/dex/pull/3347) - build(deps): bump helm/kind-action from 1.8.0 to 1.9.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3345](https://togithub.com/dexidp/dex/pull/3345) - build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3360](https://togithub.com/dexidp/dex/pull/3360) - build(deps): bump google.golang.org/api from 0.161.0 to 0.165.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3355](https://togithub.com/dexidp/dex/pull/3355) - build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3359](https://togithub.com/dexidp/dex/pull/3359) - build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3377](https://togithub.com/dexidp/dex/pull/3377) - build(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3376](https://togithub.com/dexidp/dex/pull/3376) - build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3375](https://togithub.com/dexidp/dex/pull/3375) - build(deps): bump distroless/static from `a43abc8` to `072d78b` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3374](https://togithub.com/dexidp/dex/pull/3374) - build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3368](https://togithub.com/dexidp/dex/pull/3368) - build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3363](https://togithub.com/dexidp/dex/pull/3363) - build(deps): bump haya14busa/action-cond from 1.1.1 to 1.2.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3346](https://togithub.com/dexidp/dex/pull/3346) - build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3334](https://togithub.com/dexidp/dex/pull/3334) - build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3367](https://togithub.com/dexidp/dex/pull/3367) - build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 in /api/v2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3365](https://togithub.com/dexidp/dex/pull/3365) - build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3405](https://togithub.com/dexidp/dex/pull/3405) - build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3380](https://togithub.com/dexidp/dex/pull/3380) - build(deps): bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3398](https://togithub.com/dexidp/dex/pull/3398) - build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3406](https://togithub.com/dexidp/dex/pull/3406) - build(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3407](https://togithub.com/dexidp/dex/pull/3407) - Update jose by [@​nabokihms](https://togithub.com/nabokihms) in [https://github.com/dexidp/dex/pull/3409](https://togithub.com/dexidp/dex/pull/3409) - build(deps): bump distroless/static from `072d78b` to `9235ad9` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3381](https://togithub.com/dexidp/dex/pull/3381) - build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3382](https://togithub.com/dexidp/dex/pull/3382) - build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3384](https://togithub.com/dexidp/dex/pull/3384) - build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3386](https://togithub.com/dexidp/dex/pull/3386) - build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3397](https://togithub.com/dexidp/dex/pull/3397) - build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3393](https://togithub.com/dexidp/dex/pull/3393) - build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3394](https://togithub.com/dexidp/dex/pull/3394) - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3401](https://togithub.com/dexidp/dex/pull/3401) - build(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3414](https://togithub.com/dexidp/dex/pull/3414) - build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3413](https://togithub.com/dexidp/dex/pull/3413) - build(deps): bump distroless/static from `9235ad9` to `7e5c6a2` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3410](https://togithub.com/dexidp/dex/pull/3410) - build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3411](https://togithub.com/dexidp/dex/pull/3411) - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3412](https://togithub.com/dexidp/dex/pull/3412) - build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3389](https://togithub.com/dexidp/dex/pull/3389) - build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3417](https://togithub.com/dexidp/dex/pull/3417) - build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3422](https://togithub.com/dexidp/dex/pull/3422) - build(deps): bump google.golang.org/api from 0.169.0 to 0.171.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3426](https://togithub.com/dexidp/dex/pull/3426) - build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3418](https://togithub.com/dexidp/dex/pull/3418) - build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 in /examples by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3424](https://togithub.com/dexidp/dex/pull/3424) - build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3425](https://togithub.com/dexidp/dex/pull/3425) - build(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3420](https://togithub.com/dexidp/dex/pull/3420) - build(deps): bump golang from `010f3b3` to `ede158f` by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3421](https://togithub.com/dexidp/dex/pull/3421) - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /api/v2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3399](https://togithub.com/dexidp/dex/pull/3399) - build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /api/v2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/dexidp/dex/pull/3400](https://togithub.com/dexidp/dex/pull/3400) #### New Contributors - [@​ppacher](https://togithub.com/ppacher) made their first contribution in [https://github.com/dexidp/dex/pull/3307](https://togithub.com/dexidp/dex/pull/3307) - [@​MrDeerly](https://togithub.com/MrDeerly) made their first contribution in [https://github.com/dexidp/dex/pull/3336](https://togithub.com/dexidp/dex/pull/3336) - [@​i-amelia](https://togithub.com/i-amelia) made their first contribution in [https://github.com/dexidp/dex/pull/2454](https://togithub.com/dexidp/dex/pull/2454) - [@​hsinhoyeh](https://togithub.com/hsinhoyeh) made their first contribution in [https://github.com/dexidp/dex/pull/3372](https://togithub.com/dexidp/dex/pull/3372) **Full Changelog**: https://github.com/dexidp/dex/compare/v2.38.0...v2.39.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.