Commit graph

2154 commits

Author SHA1 Message Date
Márk Sági-Kazár
1cc26fab2f
Merge pull request #2468 from flant/cwe-79-device-code
fix: prevent cross-site scripting for the device flow
2022-06-30 22:52:33 +03:00
Márk Sági-Kazár
c538f3d6a2
Merge pull request #2557 from dexidp/dependabot/github_actions/aquasecurity/trivy-action-0.4.0
build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0
2022-06-16 18:41:20 +02:00
dependabot[bot]
33483aa179
build(deps): bump aquasecurity/trivy-action from 0.3.0 to 0.4.0
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-16 04:06:00 +00:00
Maksim Nabokikh
b6c4112c88
Merge pull request #2555 from dexidp/dependabot/github_actions/helm/kind-action-1.3.0
build(deps): bump helm/kind-action from 1.2.0 to 1.3.0
2022-06-15 20:00:30 +04:00
dependabot[bot]
60228d8fd8
build(deps): bump helm/kind-action from 1.2.0 to 1.3.0
Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](https://github.com/helm/kind-action/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-15 04:05:46 +00:00
Maksim Nabokikh
b07c8b1d8d
Merge pull request #2524 from aristanetworks/mkelly-limit-gc-size
Limit the amount of objects we attempt to GC on each cycle
2022-06-10 09:22:00 +04:00
Michael Kelly
9079c31637
Fix formatting
Signed-off-by: Michael Kelly <mkelly@arista.com>
2022-06-09 08:21:13 -07:00
Michael Kelly
a51d12056f
Tweaks based on review comments
Signed-off-by: Michael Kelly <mkelly@arista.com>
2022-06-09 08:21:03 -07:00
Michael Kelly
6c99a9b99d
s/getUrl/getURL
golang prefers URL not Url

Signed-off-by: Michael Kelly <mkelly@arista.com>
2022-06-09 08:20:48 -07:00
Mark Sagi-Kazar
3836196af2
chore: update gitignore
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-06-07 13:39:54 +02:00
Márk Sági-Kazár
b578e4d8e5
Merge pull request #2551 from dexidp/update-grpc
chore(deps): update grpc
2022-06-07 13:38:13 +02:00
Mark Sagi-Kazar
8360cbfbde
chore(deps): update grpc
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-06-07 12:53:03 +02:00
Márk Sági-Kazár
465be883a3
Merge pull request #2550 from dexidp/dependabot/go_modules/github.com/stretchr/testify-1.7.2
build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
2022-06-07 12:50:39 +02:00
dependabot[bot]
870395971e
build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-07 04:06:47 +00:00
Márk Sági-Kazár
ebb27418c4
Merge pull request #2548 from dexidp/dependabot/docker/golang-1.18.3-alpine3.15
build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15
2022-06-03 10:25:27 +02:00
dependabot[bot]
15a516684b
Merge pull request #2543 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.47.0 2022-06-02 10:28:35 +00:00
dependabot[bot]
dcb25d0c3d
build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-02 09:54:02 +00:00
dependabot[bot]
59b69352e0
Merge pull request #2549 from dexidp/dependabot/go_modules/google.golang.org/api-0.82.0 2022-06-02 09:53:09 +00:00
dependabot[bot]
89d1c51e9b
build(deps): bump google.golang.org/api from 0.81.0 to 0.82.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.81.0...v0.82.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-02 04:06:00 +00:00
dependabot[bot]
a0fd469e47
build(deps): bump golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15
Bumps golang from 1.18.2-alpine3.15 to 1.18.3-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-02 04:05:41 +00:00
Maksim Nabokikh
b6cc099305
Merge pull request #2290 from bobcallaway/issue2289
correctly handle path escaping for connector IDs
2022-05-31 16:03:12 +04:00
Bob Callaway
6eeba947f1 Merge remote-tracking branch 'upstream/master' into issue2289 2022-05-30 11:52:05 -04:00
Maksim Nabokikh
a858ffbcf2
Merge pull request #2538 from loopholelabs/2537-fix-json-response
Device Code Flow does not return application/json in Content-Type header
2022-05-30 17:55:24 +04:00
Shivansh Vij
65592d0b5a
Updating test cases
Fixes https://github.com/dexidp/dex/issues/2537

Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
2022-05-26 15:54:54 -04:00
Shivansh Vij
cbf158bcc0
Fixes https://github.com/dexidp/dex/issues/2537
Signed-off-by: Shivansh Vij <shivanshvij@outlook.com>
2022-05-26 15:49:49 -04:00
Maksim Nabokikh
6da5187b47
Merge pull request #2482 from flant/profiling-endpoint
feat: enable profiling endpoints
2022-05-25 20:55:05 +04:00
Maksim Nabokikh
957def7928
Merge pull request #2533 from flant/notify-groups-access
fix: add notification about groups access to the Grant Access page
2022-05-25 18:20:30 +04:00
Márk Sági-Kazár
ec4ac04c41
Merge pull request #2463 from dexidp/release-config
Release note configuration
2022-05-25 16:04:47 +02:00
m.nabokikh
bdfb10137a Add the comment about groups request notification
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2022-05-25 17:50:12 +04:00
dependabot[bot]
e9d17888d8
Merge pull request #2535 from dexidp/dependabot/docker/golang-1.18.2-alpine3.15 2022-05-25 12:13:35 +00:00
Mark Sagi-Kazar
b4ccd92d65
chore: release note configuration
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-05-25 13:46:28 +02:00
dependabot[bot]
505726e7d5
build(deps): bump golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15
Bumps golang from 1.18.0-alpine3.15 to 1.18.2-alpine3.15.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 11:40:20 +00:00
Márk Sági-Kazár
70e6cc2205
Merge pull request #2441 from dexidp/go118
feat: upgrade Go to 1.18
2022-05-25 13:39:37 +02:00
dependabot[bot]
3df9cf2cb9
Merge pull request #2452 from dexidp/dependabot/go_modules/api/v2/google.golang.org/protobuf-1.28.0 2022-05-25 09:46:13 +00:00
Mark Sagi-Kazar
a02f2e8fac
chore: fix lint violations
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-05-25 11:17:34 +02:00
dependabot[bot]
55d963ac77
build(deps): bump google.golang.org/protobuf in /api/v2
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 09:09:15 +00:00
dependabot[bot]
c2f3bea207
Merge pull request #2517 from dexidp/dependabot/go_modules/api/v2/google.golang.org/grpc-1.46.2 2022-05-25 09:08:30 +00:00
Mark Sagi-Kazar
1736f95024
chore: upgrade linter
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-05-25 10:58:20 +02:00
Mark Sagi-Kazar
ab02a2d714
feat: upgrade Go to 1.18
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-05-25 10:47:38 +02:00
dependabot[bot]
a3dfe30a12
build(deps): bump google.golang.org/grpc in /api/v2
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.44.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.44.0...v1.46.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 08:39:38 +00:00
dependabot[bot]
1884705b87
Merge pull request #2534 from dexidp/dependabot/go_modules/google.golang.org/api-0.81.0 2022-05-25 08:39:09 +00:00
dependabot[bot]
8e6d123772
build(deps): bump google.golang.org/api from 0.74.0 to 0.81.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.74.0 to 0.81.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.74.0...v0.81.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-25 04:07:33 +00:00
dependabot[bot]
999d3855c1
Merge pull request #2527 from dexidp/dependabot/go_modules/github.com/felixge/httpsnoop-1.0.3 2022-05-24 12:17:52 +00:00
dependabot[bot]
81818b9afe
build(deps): bump github.com/felixge/httpsnoop from 1.0.2 to 1.0.3
Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.2...v1.0.3)

---
updated-dependencies:
- dependency-name: github.com/felixge/httpsnoop
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 11:15:22 +00:00
dependabot[bot]
2baf728d1f
Merge pull request #2529 from dexidp/dependabot/go_modules/github.com/prometheus/client_golang-1.12.2 2022-05-24 11:14:49 +00:00
dependabot[bot]
7071480c2a
Merge pull request #2526 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.46.2 2022-05-24 11:14:37 +00:00
dependabot[bot]
071969f172
Merge pull request #2528 from dexidp/dependabot/go_modules/github.com/coreos/go-oidc/v3-3.2.0 2022-05-24 11:13:43 +00:00
dependabot[bot]
f881fb4b2e
build(deps): bump github.com/prometheus/client_golang
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 10:13:11 +00:00
dependabot[bot]
bbb3bba01a
build(deps): bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 10:13:11 +00:00
dependabot[bot]
97c7f2491b
build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.2
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.46.2)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-24 10:13:10 +00:00