Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS configure for OIDC connector #1632

Merged
merged 14 commits into from
Nov 7, 2022
Merged

TLS configure for OIDC connector #1632

merged 14 commits into from
Nov 7, 2022

Conversation

xtremerui
Copy link

This PR adds two configurable fiels RootCAs and InsecureSkipVerify to OIDC connector. When openning a connection to OIDC connect provider, it will use a httpclient based on these two fields.

@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from e91e176 to 94a3e6c Compare January 20, 2020 17:36
@xtremerui xtremerui mentioned this pull request Jan 20, 2020
Open
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 94a3e6c to a0ea1b4 Compare January 20, 2020 17:44
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch 3 times, most recently from 8b6ec60 to 732eb22 Compare September 28, 2020 19:39
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch 4 times, most recently from 9e80f0b to 5bc7733 Compare October 5, 2020 20:51
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 5bc7733 to bbbfd15 Compare October 16, 2020 16:43
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 99c2dc8 to 7c621d3 Compare November 5, 2020 04:22
@xtremerui
Copy link
Author

@sagikazarmark just a quick raincheck here to see if this PR falls in the path. I am seeing some connectors providing TLS config (more or less). For example,

Github:

dex/connector/github/github.go

Lines 99 to 108 in 6cdbb59

if c.RootCA != "" {
if c.HostName == "" {
return nil, errors.New("invalid connector config: Host name field required for a root certificate file")
}
g.rootCA = c.RootCA
var err error
if g.httpClient, err = newHTTPClient(g.rootCA); err != nil {
return nil, fmt.Errorf("failed to create HTTP client: %v", err)
}

LDAP:

dex/connector/ldap/ldap.go

Lines 255 to 269 in 6cdbb59

tlsConfig := &tls.Config{ServerName: host, InsecureSkipVerify: c.InsecureSkipVerify}
if c.RootCA != "" || len(c.RootCAData) != 0 {
data := c.RootCAData
if len(data) == 0 {
var err error
if data, err = ioutil.ReadFile(c.RootCA); err != nil {
return nil, fmt.Errorf("ldap: read ca file: %v", err)
}
}
rootCAs := x509.NewCertPool()
if !rootCAs.AppendCertsFromPEM(data) {
return nil, fmt.Errorf("ldap: no certs found in ca file")
}
tlsConfig.RootCAs = rootCAs
}

openshift:

dex/connector/openshift/openshift.go

Lines 81 to 84 in 6cdbb59

if openshiftConnector.httpClient, err = newHTTPClient(c.InsecureCA, c.RootCA); err != nil {
cancel()
return nil, fmt.Errorf("failed to create HTTP client: %v", err)
}

Thank you for your time!

@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 7c621d3 to ced8d9d Compare December 15, 2020 16:34
@muntac muntac force-pushed the pr/oidc-CA-configure-sync branch from ced8d9d to 14970ac Compare March 16, 2021 18:34
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 14970ac to bd81b08 Compare March 20, 2021 20:06
@xtremerui
Copy link
Author

Hi could I get some feedbacks on thie PR? Thx @sagikazarmark

@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from bd81b08 to 7724ee0 Compare February 9, 2022 16:22
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 7724ee0 to f98aae9 Compare March 22, 2022 14:15
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from f98aae9 to 9460b5d Compare May 26, 2022 16:08
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 38a8196 to cc399f7 Compare August 2, 2022 18:01
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 0f9c3a5 to a3df4f9 Compare September 16, 2022 05:28
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from a3df4f9 to b3f0835 Compare October 3, 2022 16:05
sagikazarmark
sagikazarmark requested changes Oct 3, 2022
View reviewed changes
Copy link
Member

@sagikazarmark sagikazarmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for the delay on this one.

I had a couple notes, but looks OK overall.

connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated
@@ -166,6 +188,40 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
}, nil
}

func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to create a common function in an internal package? Haven't checked how this is used in different packages, but unless there are significant differences, it might make sense to reuse.

Copy link
Author

@xtremerui xtremerui Oct 8, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have extract the func out to a package named httpclient. The test of it requires some test certs as you can see. The instruction for regenerate the test certs are in the readme. Test certs are set to expired in 10 years.

@sagikazarmark please let me know if you want to set up the test differently. Thank you!

@sagikazarmark sagikazarmark added this to the v2.36.0 milestone Oct 3, 2022
sagikazarmark and others added 3 commits October 4, 2022 09:07
@sagikazarmark
Revert "fix: check for no serviceAccountFilePath and no email (dexidp…
19b3aab 
…#2679)"

This reverts commit 4947772.

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
@sagikazarmark
fix(connector/google): make admin email optional for default creds
261adee 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
@sagikazarmark
Merge pull request dexidp#2696 from dexidp/backport-2694
2027413 
Backport dexidp#2694 to v2.35.x
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from b3f0835 to ed39c34 Compare October 4, 2022 10:34
dependabot bot and others added 4 commits October 5, 2022 12:39
@dependabot @sagikazarmark
build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16
24401fd 
Bumps golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@sagikazarmark
Merge pull request dexidp#2698 from dexidp/backport-go-update
8e2bce3 
Backport Go update to v2.35.x
@sagikazarmark
fix(connector/google): only initialize admin service if necessary
829444d 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
@sagikazarmark
Merge pull request dexidp#2702 from dexidp/backport-2700
9063c79 
Backport dexidp#2700 to v2.35.x
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from ccdc4d0 to e73567b Compare October 8, 2022 01:39
nabokihms and others added 2 commits October 10, 2022 13:25
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch 2 times, most recently from 2cb57bb to 9b00836 Compare October 11, 2022 21:08
vito and others added 4 commits October 31, 2022 15:02
@vito
allow configuring CAs/skip verify for OIDC
ac3d07f 
Signed-off-by: Alex Suraci <suraci.alex@gmail.com>
Co-authored-by: Rui Yang <ruiya@vmware.com>
Fix io/ioutil deprecation error
eb3dbfc 
Signed-off-by: Rui Yang <ruiya@vmware.com>
refactor newHTTPClient func
3eff26c 
* extract common newHTTPClient func out to its own package
* add test for testing root CAs in the constructor.
* test certs are set to expired in 10 years

Signed-off-by: Rui Yang <ruiya@vmware.com>
remove unused HostedDomains
67d9142 
Signed-off-by: Rui Yang <ruiya@vmware.com>
@xtremerui xtremerui force-pushed the pr/oidc-CA-configure-sync branch from 9b00836 to 67d9142 Compare October 31, 2022 15:02
@nabokihms
Copy link
Member

@xtremerui Thanks for your work, and sorry for this PR being delayed for so long. My apologies.

I am ready to merge this. Could you please fix the conflicts?

@nabokihms nabokihms self-requested a review November 4, 2022 12:49
Merge branch 'master' into pr/oidc-CA-configure-sync
df80649 
Signed-off-by: Rui Yang <ruiya@vmware.com>
@xtremerui
Copy link
Author

@nabokihms thx its done.

nabokihms
nabokihms approved these changes Nov 7, 2022
View reviewed changes
Copy link
Member

@nabokihms nabokihms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nabokihms nabokihms merged commit 54345b6 into dexidp:master Nov 7, 2022
iamazzeez added a commit to chef/dex-1 that referenced this pull request Nov 22, 2022
@iamazzeez @dependabot
@nabokihms @sagikazarmark @dhaus67 @MattiasGees @techknowlogick @tsl0922 @cisco-abrandel @kellyma2 @ShivanshVij @bobcallaway @chancez @josephtknight @bbusse @mayurwaghmode @JoooostB @PoudNL @mclavel @ichbinfrog @erwinvaneyk @jannfis @pinpox
sync forked master with base master (#115)
1be39ab 
* feat: Add acr_values support for OIDC

Signed-off-by: Engin Diri <engin.diri@mail.schwarz>

* build(deps): bump golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14

Bumps golang from 1.17.7-alpine3.14 to 1.17.8-alpine3.14.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Implicit Grant discovery

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump alpine from 3.15.0 to 3.15.1

Bumps alpine from 3.15.0 to 3.15.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update alpine version

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump alpine from 3.15.1 to 3.15.3

Bumps alpine from 3.15.1 to 3.15.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.70.0 to 0.74.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.70.0 to 0.74.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.70.0...v0.74.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump alpine from 3.15.3 to 3.15.4

Bumps alpine from 3.15.3 to 3.15.4.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: update entgo library

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* feat: update generated storage files

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* feat: use the new atlas engine for migrations

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix: define milisecond precision for postgres

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* revert: atlas and precision change

Looks like Atlas (the new migration library under Ent) cannot
handle precision properly.

An issue has been reported to Ent: https://github.com/ent/ent/issues/2454

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump aquasecurity/trivy-action from 0.2.2 to 0.2.3

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.2...0.2.3)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump actions/setup-go from 2 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: enable profiling endpoints

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Create setting to allow to trust the system root CAs

Previously, when rootCA was set, the trusted system root CAs were ignored. Now, allow for both being able to be configured and used

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* Remove external setting, enable injection of HTTP client to config.

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* Bump Alpine to latest version

Signed-off-by: Mattias Gees <mattias.gees@gmail.com>

* ci: new docker image build

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: wait for container images with container scan

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: update trivy scan job

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build: help dependabot detect base image versions

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: build distroless images

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: disable Docker job on push

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix: log only errors on refreshing

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* ci: only enable the necessary platforms for emulation

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump aquasecurity/trivy-action from 0.2.4 to 0.2.5

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.4 to 0.2.5.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.4...0.2.5)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Feature: groups in Gitea

Signed-off-by: techknowlogick <techknowlogick@gitea.io>

* revert: docker matrix build

Apparently matrix builds don't work with the docker action.

Only reference I found about the topic: https://github.com/docker/build-push-action/issues/130

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* revert: move container scan back to the container build step

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* ci: add docker metadata action

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* Add numeric user ID support for oauth connector

Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>

* ci: use docker metadata for build input

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix unparam lint error in oauth_test

Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>

* Remove google specific hd / hosted domain claim config

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>

* chore: do not use caching for docker build

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Add support for IDPs that do not send ID tokens in the reply when using a refresh grant. Add tests for the aforementioned functionality.

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>

* Fix issues to make the linter happy

Signed-off-by: Anthony Brandelli <abrandel@cisco.com>

* feat: add enhancement template

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Apply suggestions from code review

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* fix: Move enhancements to the docs folder

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump docker/build-push-action from 2 to 3

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/metadata-action from 3 to 4

Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/setup-qemu-action from 1 to 2

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/login-action from 1 to 2

Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump docker/setup-buildx-action from 1 to 2

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump lint timeout to reduce the number of failed executions

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* fix: prevent cross-site scripting for the device flow

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Limit the amount of objects we attempt to GC on each cycle

If something causes the number k8s resources to increase beyond a
certain threshold, garbage collection can fail because the query to
retrieve those resources will time out, resulting in a perpetual cycle
of being unable to garbage collect resources.

In lieu of trying to get *every* object each cycle, we can limit the
number of resources retrieved per GC cycle to some reasonable number.

Signed-off-by: Michael Kelly <mkelly@arista.com>

* build(deps): bump aquasecurity/trivy-action from 0.2.5 to 0.3.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.2.5 to 0.3.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.2.5...0.3.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump alpine from 3.15.4 to 3.16.0

Bumps alpine from 3.15.4 to 3.16.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Go mod update 1.17

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.4

Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.2 to 3.5.4.
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.5.2...v3.5.4)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.46.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/prometheus/client_golang

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3

Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: github.com/felixge/httpsnoop
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.74.0 to 0.81.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.74.0...v0.81.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/grpc in /api/v2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.46.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: upgrade Go to 1.18

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: upgrade linter

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump google.golang.org/protobuf in /api/v2

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: fix lint violations

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15

Bumps golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: release note configuration

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* Add the comment about groups request notification

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Fixes https://github.com/dexidp/dex/issues/2537

Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>

* Updating test cases

Fixes https://github.com/dexidp/dex/issues/2537

Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>

* build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15

Bumps golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.81.0...v0.82.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): update grpc

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* chore: update gitignore

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* s/getUrl/getURL

golang prefers URL not Url

Signed-off-by: Michael Kelly <mkelly@arista.com>

* Tweaks based on review comments

Signed-off-by: Michael Kelly <mkelly@arista.com>

* Fix formatting

Signed-off-by: Michael Kelly <mkelly@arista.com>

* build(deps): bump helm/kind-action from 1.2.0 to 1.3.0

Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump mheap/github-action-required-labels from 1 to 2

Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 1 to 2.
- [Release notes](https://github.com/mheap/github-action-required-labels/releases)
- [Commits](https://github.com/mheap/github-action-required-labels/compare/v1...v2)

---
updated-dependencies:
- dependency-name: mheap/github-action-required-labels
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.82.0 to 0.86.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.82.0 to 0.86.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.82.0...v0.86.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump aquasecurity/trivy-action from 0.4.0 to 0.5.1

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.4.0 to 0.5.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.4.0...0.5.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/spf13/cobra from 1.4.0 to 1.5.0

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Add expiry.refreshToken settings to config.yaml.dist

Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>

* Use GitLab's refresh_token during Refresh. (#2352)

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* build(deps): bump aquasecurity/trivy-action from 0.5.1 to 0.6.0 (#2602)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.5.1 to 0.6.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.5.1...0.6.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump alpine from 3.16.0 to 3.16.1 (#2598)

Bumps alpine from 3.16.0 to 3.16.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15 (#2592)

Bumps golang from 1.18.3-alpine3.15 to 1.18.4-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add domainHint parameter to Microsoft Connector (#2586)

Signed-off-by: Joe Knight <josephtknight@users.noreply.github.com>

* grpc-client: Do not crash on empty response (#2584)

Signed-off-by: Björn Busse <bj.rn@baerlin.eu>

* build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#2599)

Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add PKCE support to device code flow (#2575)

Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>

* add config to explicitly set scopes for microsoft connector (#2582)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.2 to 3.4.4 (#2606)

Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.2 to 3.4.4.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.4.2...v3.4.4)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/api from 0.86.0 to 0.89.0 (#2605)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.86.0 to 0.89.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.86.0...v0.89.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump aquasecurity/trivy-action from 0.6.0 to 0.6.1 (#2604)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.6.0...0.6.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add HMAC protection on /approval endpoint

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump alpine from 3.16.1 to 3.16.2

Bumps alpine from 3.16.1 to 3.16.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/prometheus/client_golang (#2623)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.2...v1.13.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* updated gomplate version and added ppc64le support

Signed-off-by: mayurwaghmode <waghmodemayur17@gmail.com>

* build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.6.1 to 0.7.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.6.1...0.7.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.89.0 to 0.93.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.89.0...v0.93.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.11 to 1.14.15.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.11...v1.14.15)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.7.0...0.7.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: Fallback when group claim is a string instead of an array of strings (#2639)

Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
Co-authored-by: Michiel van Pouderoijen <michiel@pouderoijen.nl>

* build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 (#2637)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.93.0 to 0.94.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.93.0...v0.94.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/protobuf in /api/v2

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.0...v1.28.1)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Bump ent to 0.11.2 (#2640)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* chore: Bump Go 1.19 (#2641)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* feat(connector/authproxy): support multiple groups (#2643)

Signed-off-by: Marcelo Clavel <mclavel00@gmail.com>

* build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 (#2646)

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.49.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.49.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build: bump Go version to 1.19 in Nix

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15

Bumps golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.94.0 to 0.95.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.94.0...v0.95.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Implement Application Default Credentials for the google connector (#2530)

Signed-off-by: Trung <trung.hoang@pricehubble.com>

* chore: update alpine version in Go image

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0

Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 (#2651)

Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.5 to 1.10.7.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.5...v1.10.7)

---
updated-dependencies:
- dependency-name: github.com/lib/pq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/grpc in /api/v2

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.47.0 to 1.49.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.47.0...v1.49.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Reduce HTTP client creations in the Keystone connector (#2659)

Signed-off-by: erwinvaneyk <erwinvaneyk@gmail.com>

* build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 (#2677)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.95.0 to 0.97.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.95.0...v0.97.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5

Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.4 to 3.5.5.
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Changelog](https://github.com/etcd-io/etcd/blob/main/Dockerfile-release.amd64)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.5.4...v3.5.5)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump helm/kind-action from 1.3.0 to 1.4.0

Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* address review comments

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.97.0 to 0.98.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.97.0...v0.98.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: check for no serviceAccountFilePath and no email (#2679)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix: supply HMACKey in test case (#2683)

Signed-off-by: Bob Callaway <bcallaway@google.com>

* build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3

Bumps [entgo.io/ent](https://github.com/ent/ent) from 0.11.2 to 0.11.3.
- [Release notes](https://github.com/ent/ent/releases)
- [Commits](https://github.com/ent/ent/compare/v0.11.2...v0.11.3)

---
updated-dependencies:
- dependency-name: entgo.io/ent
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(deps): update golang.org/x packages

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* Add Argo CD to list of Dex adopters

Signed-off-by: Jann Fischer <jfischer@redhat.com>

* fix: refresh token only once for all concurrent requests

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Revert "fix: check for no serviceAccountFilePath and no email (#2679)"

This reverts commit 49477729ce24448c2895ec8c98f2c61c646de884.

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix(connector/google): make admin email optional for default creds

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16

Bumps golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(connector/google): only initialize admin service if necessary

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>

* fix: Update gomplate version to 3.11.3 fix CVE-2022-27665 (#2705)

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2708)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#2715)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google.golang.org/api from 0.98.0 to 0.101.0 (#2720)

Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.98.0 to 0.101.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.98.0...v0.101.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 (#2721)

Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.15 to 1.14.16.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.15...v1.14.16)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 (#2723)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.7.1 to 0.8.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.7.1...0.8.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#2718)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16 (#2724)

Bumps golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* TLS configure for OIDC connector (#1632)

Signed-off-by: Rui Yang <ruiya@vmware.com>

* Add icon for gitea (#2733)

Signed-off-by: Pablo Ovelleiro Corral <mail@pablo.tools>

Signed-off-by: Engin Diri <engin.diri@mail.schwarz>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Signed-off-by: Daniel Haus <dhaus@redhat.com>
Signed-off-by: Mattias Gees <mattias.gees@gmail.com>
Signed-off-by: techknowlogick <techknowlogick@gitea.io>
Signed-off-by: Shuanglei Tao <tsl0922@gmail.com>
Signed-off-by: Anthony Brandelli <abrandel@cisco.com>
Signed-off-by: Michael Kelly <mkelly@arista.com>
Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>
Signed-off-by: Joe Knight <josephtknight@users.noreply.github.com>
Signed-off-by: Björn Busse <bj.rn@baerlin.eu>
Signed-off-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Signed-off-by: Bob Callaway <bcallaway@google.com>
Signed-off-by: mayurwaghmode <waghmodemayur17@gmail.com>
Signed-off-by: Joost Buskermolen <joost@buskervezel.nl>
Signed-off-by: Marcelo Clavel <mclavel00@gmail.com>
Signed-off-by: Trung <trung.hoang@pricehubble.com>
Signed-off-by: erwinvaneyk <erwinvaneyk@gmail.com>
Signed-off-by: Jann Fischer <jfischer@redhat.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
Signed-off-by: Pablo Ovelleiro Corral <mail@pablo.tools>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Engin Diri <engin.diri@mail.schwarz>
Co-authored-by: Maksim Nabokikh <maksim.nabokikh@flant.com>
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Co-authored-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
Co-authored-by: Daniel Haus <dhaus@redhat.com>
Co-authored-by: Mattias Gees <mattias.gees@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Shuanglei Tao <tsl0922@gmail.com>
Co-authored-by: Anthony Brandelli <abrandel@cisco.com>
Co-authored-by: Maksim Nabokikh <max.nabokih@gmail.com>
Co-authored-by: Michael Kelly <mkelly@arista.com>
Co-authored-by: Shivansh Vij <shivanshvij@loopholelabs.io>
Co-authored-by: Bob Callaway <bcallaway@google.com>
Co-authored-by: Chance Zibolski <chance.zibolski@gmail.com>
Co-authored-by: Joe Knight <knightjp@mail.uc.edu>
Co-authored-by: Björn Busse <bj.rn@baerlin.eu>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>
Co-authored-by: mayurwaghmode <waghmodemayur17@gmail.com>
Co-authored-by: Joost Buskermolen <joostbuskermolen@hotmail.com>
Co-authored-by: Michiel van Pouderoijen <michiel@pouderoijen.nl>
Co-authored-by: Marcelo Clavel <mclavel00@gmail.com>
Co-authored-by: Hoang Quoc Trung <quoctrunghoang1998@gmail.com>
Co-authored-by: Erwin van Eyk <erwinvaneyk@gmail.com>
Co-authored-by: Jann Fischer <jfischer@redhat.com>
Co-authored-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Pablo Ovelleiro Corral <github@pablo.tools>
@nabokihms nabokihms mentioned this pull request Jan 10, 2023
Merged
@xtremerui xtremerui deleted the pr/oidc-CA-configure-sync branch May 25, 2023 15:40
xtremerui pushed a commit to concourse/dex that referenced this pull request May 25, 2023
upstream dex release: v2.36.0
2ab05af 
The official container image for this release can be pulled from
```
ghcr.io/dexidp/dex:v2.36.0
```

<!-- Release notes generated using configuration in .github/release.yml at v2.36.0 -->

## What's Changed
### Enhancements 🚀
* TLS configure for OIDC connector by @xtremerui in dexidp#1632
* Add icon for gitea by @pinpox in dexidp#2733
* fix: Do not use connector data from the refresh token field by @nabokihms in dexidp#2729
* Add preferredEmailDomain config option for GitHub connector by @nobuyo in dexidp#2740
* Move unique functionality into getGroups to reduce calls to google by @snuggie12 in dexidp#2628
* fix: prevent server-side request forgery using Kubernetes storage by @nabokihms in dexidp#2479
* fix: return 401 if password is invalid by @nabokihms in dexidp#2796
* feat: Add default robots.txt by @nabokihms in dexidp#2834
* Skip redirection to approval when it is not required (dexidp#2686) by @nobuyo in dexidp#2805
* feat: Bump dependencies and Makefile refactoring by @nabokihms in dexidp#2844
### Bug Fixes 🐛
* Make admin email optional when no service account path is configured by @sagikazarmark in dexidp#2695
* Only initialize google admin service if necessary by @sagikazarmark in dexidp#2700
### Dependency Updates ⬆️
* build(deps): bump golang from 1.19.1-alpine3.16 to 1.19.2-alpine3.16 by @dependabot in dexidp#2697
* fix: Update gomplate version to 3.11.3 fix CVE-2022-27665 by @nabokihms in dexidp#2705
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in dexidp#2708
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in dexidp#2715
* build(deps): bump google.golang.org/api from 0.98.0 to 0.101.0 by @dependabot in dexidp#2720
* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 by @dependabot in dexidp#2721
* build(deps): bump aquasecurity/trivy-action from 0.7.1 to 0.8.0 by @dependabot in dexidp#2723
* build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in dexidp#2718
* build(deps): bump golang from 1.19.2-alpine3.16 to 1.19.3-alpine3.16 by @dependabot in dexidp#2724
* build(deps): bump alpine from 3.16.2 to 3.17.0 by @dependabot in dexidp#2746
* build(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 by @dependabot in dexidp#2735
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.5 to 3.5.6 by @dependabot in dexidp#2744
* build(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 by @dependabot in dexidp#2751
* build(deps): bump golang from 1.19.3-alpine3.16 to 1.19.4-alpine3.16 by @dependabot in dexidp#2750
* build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 by @dependabot in dexidp#2755
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.5 to 3.5.6 by @dependabot in dexidp#2743
* build(deps): bump github.com/go-sql-driver/mysql from 1.6.0 to 1.7.0 by @dependabot in dexidp#2754
* build(deps): bump helm/kind-action from 1.4.0 to 1.5.0 by @dependabot in dexidp#2758
* build(deps): bump google.golang.org/grpc from 1.50.1 to 1.51.0 by @dependabot in dexidp#2741
* build(deps): bump google.golang.org/api from 0.101.0 to 0.104.0 by @dependabot in dexidp#2753
* build(deps): bump google.golang.org/grpc from 1.49.0 to 1.51.0 in /api/v2 by @dependabot in dexidp#2742
* build(deps): bump golang.org/x/net from 0.3.0 to 0.4.0 by @dependabot in dexidp#2761
* build(deps): bump entgo.io/ent from 0.11.3 to 0.11.4 by @dependabot in dexidp#2725
* build(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 by @dependabot in dexidp#2760
* build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 by @dependabot in dexidp#2774
* build(deps): bump google.golang.org/api from 0.105.0 to 0.106.0 by @dependabot in dexidp#2772
* build(deps): bump github.com/coreos/go-oidc/v3 from 3.4.0 to 3.5.0 by @dependabot in dexidp#2770
* build(deps): bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in dexidp#2773
* build(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 by @dependabot in dexidp#2777
* build(deps): bump entgo.io/ent from 0.11.4 to 0.11.5 by @dependabot in dexidp#2779
* build(deps): bump alpine from 3.17.0 to 3.17.1 by @dependabot in dexidp#2780
* build(deps): bump mheap/github-action-required-labels from 2 to 3 by @dependabot in dexidp#2769
* build(deps): bump google.golang.org/api from 0.106.0 to 0.107.0 by @dependabot in dexidp#2788
* build(deps): bump golang from 1.19.4-alpine3.16 to 1.19.5-alpine3.16 by @dependabot in dexidp#2782
* build(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 by @dependabot in dexidp#2783
* build(deps): bump google.golang.org/api from 0.107.0 to 0.108.0 by @dependabot in dexidp#2793
* build(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 in /api/v2 by @dependabot in dexidp#2784
* chore: Upgrade golangci-lint to v1.50.1 from v1.46.0 by @dlipovetsky in dexidp#2790
* ci: Use go 1.19 by @dlipovetsky in dexidp#2791
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.6 to 3.5.7 by @dependabot in dexidp#2798
* build(deps): bump docker/build-push-action from 3 to 4 by @dependabot in dexidp#2807
* build(deps): bump golang from 1.19.5-alpine3.16 to 1.20.0-alpine3.16 by @dependabot in dexidp#2811
* build(deps): bump aquasecurity/trivy-action from 0.8.0 to 0.9.0 by @dependabot in dexidp#2810
* build(deps): bump alpine from 3.17.1 to 3.17.2 by @dependabot in dexidp#2821
* build(deps): bump aquasecurity/trivy-action from 0.9.0 to 0.9.1 by @dependabot in dexidp#2822
* build(deps): bump entgo.io/ent from 0.11.5 to 0.11.8 by @dependabot in dexidp#2823
* build(deps): bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in dexidp#2818
* build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in dexidp#2828
* build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 in /api/v2 by @dependabot in dexidp#2832
* build(deps): bump golang.org/x/sys from 0.0.0-20220114195835-da31bd327af9 to 0.1.0 in /examples by @dependabot in dexidp#2837
* build(deps): bump golang.org/x/net from 0.0.0-20220114011407-0dd24b26b47d to 0.7.0 in /examples by @dependabot in dexidp#2846
* build(deps): bump golang from 1.20.0-alpine3.16 to 1.20.1-alpine3.16 by @dependabot in dexidp#2827
* build(deps): bump aquasecurity/trivy-action from 0.9.1 to 0.9.2 by @dependabot in dexidp#2850
* build(deps): bump golang from 1.20.1-alpine3.16 to 1.20.2-alpine3.16 by @dependabot in dexidp#2849
* feat: Bump gomplate 3.11.4 by @nabokihms in dexidp#2840
* build(deps): bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in dexidp#2856
* build(deps): bump golang.org/x/oauth2 from 0.4.0 to 0.6.0 by @dependabot in dexidp#2847
* build(deps): bump google.golang.org/api from 0.108.0 to 0.112.0 by @dependabot in dexidp#2853
* build(deps): bump google.golang.org/api from 0.112.0 to 0.114.0 by @dependabot in dexidp#2869
* build(deps): bump actions/setup-go from 3 to 4 by @dependabot in dexidp#2863
* build(deps): bump github.com/russellhaering/goxmldsig from 1.2.0 to 1.3.0 by @dependabot in dexidp#2862
* build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 by @dependabot in dexidp#2866
* build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 in /api/v2 by @dependabot in dexidp#2867
* build(deps): bump golang.org/x/crypto from 0.0.0-20220112180741-5e0467b6c7ce to 0.1.0 in /examples by @dependabot in dexidp#2845
* build(deps): bump google.golang.org/grpc from 1.52.0 to 1.53.0 in /api/v2 by @dependabot in dexidp#2816
* chore: upgrade tools by @sagikazarmark in dexidp#2870
### Other Changes
* Bump image in examples/k8s/dex.yaml to v2.32.0 by @stealthybox in dexidp#2569

## New Contributors
* @pinpox made their first contribution in dexidp#2733
* @nobuyo made their first contribution in dexidp#2740
* @dlipovetsky made their first contribution in dexidp#2790
* @seankhliao made their first contribution in dexidp#2812
* @stealthybox made their first contribution in dexidp#2569

**Full Changelog**: dexidp/dex@v2.35.3...v2.36.0
palexster pushed a commit to palexster/dex that referenced this pull request Oct 4, 2023
TLS configure for OIDC connector (dexidp#1632)
ff4953c 
Signed-off-by: Rui Yang <ruiya@vmware.com>
michaelliau pushed a commit to FlockFreight/dex that referenced this pull request Oct 4, 2023
@michaelliau
TLS configure for OIDC connector (dexidp#1632)
fcd23cc 
Signed-off-by: Rui Yang <ruiya@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sagikazarmark sagikazarmark sagikazarmark requested changes

@nabokihms nabokihms nabokihms approved these changes

Assignees
No one assigned
Labels
kind/enhancement
Projects
None yet
Milestone
v2.36.0
Development

Successfully merging this pull request may close these issues.
4 participants
@xtremerui @nabokihms @sagikazarmark @vito