Skip to content

v2.39.0

Compare
Choose a tag to compare
@nabokihms nabokihms released this 22 Mar 20:32
· 1 commit to v2.39.x since this release
f611470

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.39.0

Know before update

Warning

The validation of username and password in the LDAP connector is much more strict now.
As of today, Dex uses the EscapeFilter function to check for special characters in credentials and prevent injections by denying such requests.

the special characters in the set ()*\ and those out of the range 0 < c < 0x80, as defined in RFC4515

What's Changed

Enhancements 🚀

Bug Fixes 🐛

  • Use the correct token type for userInfo requests while Token Exchange by @MrDeerly in #3336
  • Do not evaluate skipApproval on the approval page by @MM53 in #3086

Dependency Updates ⬆️

  • build(deps): bump anchore/sbom-action from 0.15.5 to 0.15.6 by @dependabot in #3314
  • build(deps): bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.22 by @dependabot in #3328
  • build(deps): bump github/codeql-action from 3.23.1 to 3.24.0 by @dependabot in #3327
  • build(deps): bump anchore/sbom-action from 0.15.6 to 0.15.8 by @dependabot in #3325
  • build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.11 to 3.5.12 by @dependabot in #3323
  • build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by @dependabot in #3317
  • build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in #3311
  • build(deps): bump golang from 3bd4475 to 3354c3a by @dependabot in #3310
  • build(deps): bump mheap/github-action-required-labels from 5.1.0 to 5.2.0 by @dependabot in #3308
  • build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by @dependabot in #3324
  • build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.11 to 3.5.12 by @dependabot in #3321
  • build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 in /examples by @dependabot in #3340
  • build(deps): bump tonistiigi/xx from 1.3.0 to 1.4.0 by @dependabot in #3333
  • build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #3341
  • build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 in /examples by @dependabot in #3352
  • build(deps): bump distroless/static from 9be3fcc to a43abc8 by @dependabot in #3350
  • build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #3332
  • build(deps): bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in #3330
  • build(deps): bump mheap/github-action-required-labels from 5.2.0 to 5.3.0 by @dependabot in #3347
  • build(deps): bump helm/kind-action from 1.8.0 to 1.9.0 by @dependabot in #3345
  • build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @dependabot in #3360
  • build(deps): bump google.golang.org/api from 0.161.0 to 0.165.0 by @dependabot in #3355
  • build(deps): bump actions/dependency-review-action from 4.0.0 to 4.1.0 by @dependabot in #3359
  • build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in #3377
  • build(deps): bump google.golang.org/api from 0.165.0 to 0.167.0 by @dependabot in #3376
  • build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in #3375
  • build(deps): bump distroless/static from a43abc8 to 072d78b by @dependabot in #3374
  • build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /examples by @dependabot in #3368
  • build(deps): bump actions/dependency-review-action from 4.1.0 to 4.1.3 by @dependabot in #3363
  • build(deps): bump haya14busa/action-cond from 1.1.1 to 1.2.1 by @dependabot in #3346
  • build(deps): bump golang from 1.21.6-alpine3.18 to 1.22.0-alpine3.18 by @dependabot in #3334
  • build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 by @dependabot in #3367
  • build(deps): bump google.golang.org/grpc from 1.61.0 to 1.62.0 in /api/v2 by @dependabot in #3365
  • build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #3405
  • build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #3380
  • build(deps): bump golang from 1.22.0-alpine3.18 to 1.22.1-alpine3.18 by @dependabot in #3398
  • build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /examples by @dependabot in #3406
  • build(deps): bump google.golang.org/api from 0.167.0 to 0.169.0 by @dependabot in #3407
  • Update jose by @nabokihms in #3409
  • build(deps): bump distroless/static from 072d78b to 9235ad9 by @dependabot in #3381
  • build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #3382
  • build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #3384
  • build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #3386
  • build(deps): bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #3397
  • build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 by @dependabot in #3393
  • build(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 in /examples by @dependabot in #3394
  • build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /examples by @dependabot in #3401
  • build(deps): bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 by @dependabot in #3414
  • build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #3413
  • build(deps): bump distroless/static from 9235ad9 to 7e5c6a2 by @dependabot in #3410
  • build(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #3411
  • build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in #3412
  • build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #3389
  • build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #3417
  • build(deps): bump github/codeql-action from 3.24.6 to 3.24.8 by @dependabot in #3422
  • build(deps): bump google.golang.org/api from 0.169.0 to 0.171.0 by @dependabot in #3426
  • build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #3418
  • build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 in /examples by @dependabot in #3424
  • build(deps): bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0 by @dependabot in #3425
  • build(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #3420
  • build(deps): bump golang from 010f3b3 to ede158f by @dependabot in #3421
  • build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 in /api/v2 by @dependabot in #3399
  • build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /api/v2 by @dependabot in #3400

New Contributors

Full Changelog: v2.38.0...v2.39.0