Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1492 commits
Select commit Hold shift + click to select a range
d4e9d54
Merge pull request #4286 from dexidp/dependabot/go_modules/api/v2/goo…
sagikazarmark Aug 27, 2025
e1da164
build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
dependabot[bot] Aug 28, 2025
ad912d0
build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0
dependabot[bot] Aug 28, 2025
f10f4d6
build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
dependabot[bot] Aug 29, 2025
d95db82
Merge pull request #4295 from rackerlabs/avoid-hardcoded-image
sagikazarmark Aug 29, 2025
33f0619
Merge pull request #4296 from dexidp/dependabot/github_actions/action…
sagikazarmark Aug 29, 2025
8aa4684
Merge pull request #4293 from dexidp/dependabot/github_actions/aquase…
sagikazarmark Aug 29, 2025
2dce750
Merge pull request #4292 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Aug 29, 2025
f845e74
build(deps): bump github.com/dexidp/dex/api/v2 in /examples
dependabot[bot] Sep 3, 2025
3313195
build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1
dependabot[bot] Sep 3, 2025
18970bb
build(deps): bump actions/setup-go from 5.5.0 to 6.0.0
dependabot[bot] Sep 4, 2025
6ef6797
build(deps): bump aquasecurity/trivy-action from 0.33.0 to 0.33.1
dependabot[bot] Sep 4, 2025
54b5207
build(deps): bump golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22
dependabot[bot] Sep 8, 2025
da0ce73
build(deps): bump github.com/prometheus/client_golang
dependabot[bot] Sep 8, 2025
4acd4ef
build(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0
dependabot[bot] Sep 8, 2025
d1d4f40
build(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 in /examples
dependabot[bot] Sep 8, 2025
9a9a900
Example app pkce (#4284)
nabokihms Sep 8, 2025
ed49b9e
build(deps): bump distroless/static-debian12 from `a9f88e0` to `e8a4044`
dependabot[bot] Sep 9, 2025
ac709a4
build(deps): bump oras-project/setup-oras from 1.2.3 to 1.2.4
dependabot[bot] Sep 9, 2025
2f6ec82
build(deps): bump tonistiigi/xx from 1.6.1 to 1.7.0
dependabot[bot] Sep 10, 2025
af872f2
build(deps): bump github/codeql-action from 3.29.11 to 3.30.3
dependabot[bot] Sep 11, 2025
f6f906d
build(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0
dependabot[bot] Sep 15, 2025
796f5ce
ADOPTERS: Update Elastisys entry for product rename
Zash Sep 15, 2025
25d7061
Merge pull request #4327 from Zash/welkin
sagikazarmark Sep 18, 2025
40c20c3
Merge pull request #4299 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Sep 22, 2025
595babf
Merge pull request #4304 from dexidp/dependabot/github_actions/action…
sagikazarmark Sep 22, 2025
4d1ba88
Merge pull request #4305 from dexidp/dependabot/github_actions/aquase…
sagikazarmark Sep 22, 2025
84a009c
Merge pull request #4307 from dexidp/dependabot/docker/golang-1.25.1-…
sagikazarmark Sep 22, 2025
32c77d6
Merge pull request #4313 from dexidp/dependabot/docker/distroless/sta…
sagikazarmark Sep 22, 2025
5091567
Merge pull request #4314 from dexidp/dependabot/github_actions/oras-p…
sagikazarmark Sep 22, 2025
7cca78d
Merge pull request #4320 from dexidp/dependabot/github_actions/github…
sagikazarmark Sep 22, 2025
0726feb
Merge pull request #4324 from dexidp/dependabot/github_actions/sigsto…
sagikazarmark Sep 22, 2025
8e1d68a
Merge pull request #4302 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Sep 22, 2025
d56447e
Merge pull request #4309 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Sep 22, 2025
614ff0b
Merge pull request #4317 from dexidp/dependabot/docker/tonistiigi/xx-…
sagikazarmark Sep 22, 2025
4f62237
Merge pull request #4310 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Sep 22, 2025
ea20d6e
Merge pull request #4311 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Sep 22, 2025
50bf779
build(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6
dependabot[bot] Sep 23, 2025
1fa6594
build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0
dependabot[bot] Sep 23, 2025
65b4f82
build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9
dependabot[bot] Sep 23, 2025
d277f65
build(deps): bump github/codeql-action from 3.30.3 to 3.30.4
dependabot[bot] Sep 26, 2025
a07da5c
Merge pull request #4339 from dexidp/dependabot/github_actions/github…
sagikazarmark Sep 26, 2025
d242c9d
Merge pull request #4335 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Sep 26, 2025
bfe2375
Merge pull request #4334 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Sep 26, 2025
d768071
Merge pull request #4332 from dexidp/dependabot/github_actions/anchor…
sagikazarmark Sep 26, 2025
7d7d21a
build(deps): bump actions/cache from 4.2.4 to 4.3.0
dependabot[bot] Sep 26, 2025
ecaa916
build(deps): bump the etcd group with 2 updates
dependabot[bot] Sep 26, 2025
accd2bf
build(deps): bump docker/login-action from 3.5.0 to 3.6.0
dependabot[bot] Sep 30, 2025
4c682b5
build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3
dependabot[bot] Oct 1, 2025
53c2511
build(deps): bump google.golang.org/grpc in /examples
dependabot[bot] Oct 7, 2025
9ab8d96
build(deps): bump google.golang.org/api from 0.248.0 to 0.252.0
dependabot[bot] Oct 8, 2025
e4c4289
build(deps): bump github/codeql-action from 3.30.4 to 4.30.8
dependabot[bot] Oct 13, 2025
79a5ea4
build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.1
dependabot[bot] Oct 13, 2025
41ef064
build(deps): bump golang from 1.25.1-alpine3.22 to 1.25.3-alpine3.22
dependabot[bot] Oct 14, 2025
fdb70c9
Merge pull request #4368 from dexidp/dependabot/docker/golang-1.25.3-…
sagikazarmark Oct 15, 2025
087d91e
Merge pull request #4366 from dexidp/dependabot/github_actions/action…
sagikazarmark Oct 15, 2025
5a2d773
build(deps): bump alpine from 3.22.1 to 3.22.2
dependabot[bot] Oct 15, 2025
d4fd87c
Merge pull request #4365 from dexidp/dependabot/github_actions/github…
sagikazarmark Oct 15, 2025
6fd11e4
Merge pull request #4360 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Oct 15, 2025
1818fb8
Merge pull request #4357 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Oct 15, 2025
2b428f5
build(deps): bump github.com/coreos/go-oidc/v3 in /examples
dependabot[bot] Oct 15, 2025
6cfddab
Merge pull request #4350 from dexidp/dependabot/github_actions/ossf/s…
sagikazarmark Oct 15, 2025
001447c
Merge pull request #4348 from dexidp/dependabot/github_actions/docker…
sagikazarmark Oct 15, 2025
592bdf8
Merge pull request #4338 from dexidp/dependabot/github_actions/action…
sagikazarmark Oct 15, 2025
7c80f49
Merge pull request #4333 from dexidp/dependabot/go_modules/etcd-0a9fe…
sagikazarmark Oct 15, 2025
59abb28
Merge pull request #4361 from dexidp/dependabot/docker/alpine-3.22.2
sagikazarmark Oct 15, 2025
c56c12a
build(deps): bump google.golang.org/grpc from 1.75.0 to 1.76.0
dependabot[bot] Oct 15, 2025
93fbd90
Merge pull request #4354 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Oct 15, 2025
5426f17
build(deps): bump golang.org/x/oauth2 from 0.31.0 to 0.32.0 in /examples
dependabot[bot] Oct 15, 2025
4a4e970
Merge pull request #4355 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Oct 15, 2025
9207486
Merge pull request #4362 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Oct 15, 2025
72cffab
build(deps): bump google.golang.org/grpc in /api/v2
dependabot[bot] Oct 15, 2025
53bbcce
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.2 to 4.1.3
dependabot[bot] Oct 16, 2025
a396240
build(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0
dependabot[bot] Oct 16, 2025
73c37c9
build(deps): bump tonistiigi/xx from 1.7.0 to 1.8.0
dependabot[bot] Oct 20, 2025
7e2225c
Do not wrap Kubernetes Address in brackets (#4363)
nabokihms Oct 23, 2025
3273c3b
build(deps): bump anchore/sbom-action from 0.20.6 to 0.20.9
dependabot[bot] Oct 24, 2025
8646644
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0
dependabot[bot] Oct 27, 2025
74a66cb
build(deps): bump github/codeql-action from 4.30.8 to 4.31.2
dependabot[bot] Oct 31, 2025
ce6ace5
Merge pull request #4398 from dexidp/dependabot/github_actions/github…
sagikazarmark Nov 3, 2025
451d281
Merge pull request #4395 from dexidp/dependabot/github_actions/action…
sagikazarmark Nov 3, 2025
e7fcced
Merge pull request #4393 from dexidp/dependabot/github_actions/anchor…
sagikazarmark Nov 3, 2025
fead09d
Merge pull request #4386 from dexidp/dependabot/docker/tonistiigi/xx-…
sagikazarmark Nov 3, 2025
9a27a4a
build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0
dependabot[bot] Nov 3, 2025
523a2ff
build(deps): bump golang from `20ee0b6` to `aee43c3`
dependabot[bot] Nov 3, 2025
7b43080
Merge pull request #4376 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Nov 3, 2025
b2d9028
build(deps): bump golang.org/x/net from 0.44.0 to 0.46.0
dependabot[bot] Nov 3, 2025
7360083
Merge pull request #4356 from dexidp/dependabot/go_modules/api/v2/goo…
sagikazarmark Nov 3, 2025
9d3c17d
Merge pull request #4380 from dexidp/dependabot/github_actions/sigsto…
sagikazarmark Nov 3, 2025
b652b55
Merge pull request #4374 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Nov 3, 2025
b0a321e
Merge pull request #4373 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Nov 3, 2025
f9d257a
Merge pull request #4371 from dexidp/dependabot/docker/golang-aee43c3
sagikazarmark Nov 3, 2025
a51ccea
build(deps): bump golang.org/x/oauth2 from 0.31.0 to 0.32.0
dependabot[bot] Nov 3, 2025
a498511
build(deps): bump github.com/spf13/cobra in /examples
dependabot[bot] Nov 3, 2025
4206407
build(deps): bump google.golang.org/protobuf in /api/v2
dependabot[bot] Nov 3, 2025
9355759
fix(storage/kubernetes): Only wrap IPv6 addresses in brackets (#4388)
rene-dekker Nov 3, 2025
e551db9
Merge pull request #4300 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Nov 3, 2025
788bc19
Merge pull request #4375 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Nov 3, 2025
1d3b2b5
Add Terrakube to Adopters (#4316)
shurup Nov 3, 2025
e35542e
Merge pull request #4352 from dexidp/dependabot/go_modules/api/v2/goo…
sagikazarmark Nov 3, 2025
ae58fdd
build(deps): bump helm/kind-action from 1.12.0 to 1.13.0
dependabot[bot] Nov 4, 2025
c425652
build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.11 to 3.4.12
dependabot[bot] Nov 4, 2025
5be29e9
build(deps): bump docker/metadata-action from 5.8.0 to 5.9.0
dependabot[bot] Nov 5, 2025
7869639
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0
dependabot[bot] Nov 6, 2025
0705d28
build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2
dependabot[bot] Nov 11, 2025
ac3ccad
build(deps): bump github/codeql-action from 4.31.2 to 4.31.3
dependabot[bot] Nov 14, 2025
df0b519
build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0
dependabot[bot] Nov 20, 2025
7300d82
build(deps): bump distroless/static-debian12 from `e8a4044` to `2b7c93f`
dependabot[bot] Dec 5, 2025
3e09c4a
build(deps): bump tonistiigi/xx from 1.8.0 to 1.9.0
dependabot[bot] Dec 8, 2025
a72ac95
build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.34.0 in /examples
dependabot[bot] Dec 9, 2025
356f207
Merge pull request #4430 from dexidp/dependabot/docker/tonistiigi/xx-…
sagikazarmark Dec 9, 2025
bf77fcf
Merge pull request #4427 from dexidp/dependabot/docker/distroless/sta…
sagikazarmark Dec 9, 2025
c301f78
build(deps): bump golang from 1.25.3-alpine3.22 to 1.25.5-alpine3.22
dependabot[bot] Dec 9, 2025
cfa31c4
build(deps): bump alpine from 3.22.2 to 3.23.0
dependabot[bot] Dec 9, 2025
719e405
Merge pull request #4419 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Dec 9, 2025
24cd880
Merge pull request #4414 from dexidp/dependabot/github_actions/github…
sagikazarmark Dec 9, 2025
7fd0ba9
Merge pull request #4411 from dexidp/dependabot/github_actions/action…
sagikazarmark Dec 9, 2025
1dac07d
Merge pull request #4405 from dexidp/dependabot/github_actions/docker…
sagikazarmark Dec 9, 2025
a1e5d58
Merge pull request #4402 from dexidp/dependabot/github_actions/docker…
sagikazarmark Dec 9, 2025
7b3063d
build(deps): bump google.golang.org/api from 0.252.0 to 0.256.0
dependabot[bot] Dec 9, 2025
30b1d6e
Merge pull request #4399 from dexidp/dependabot/github_actions/helm/k…
sagikazarmark Dec 9, 2025
f9d49f7
Merge pull request #4425 from dexidp/dependabot/docker/alpine-3.23.0
sagikazarmark Dec 9, 2025
1fa99f3
Merge pull request #4424 from dexidp/dependabot/docker/golang-1.25.5-…
sagikazarmark Dec 9, 2025
a6b3152
Merge pull request #4413 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Dec 9, 2025
06c5a3d
build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0
dependabot[bot] Dec 9, 2025
9a93f64
build(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0
dependabot[bot] Dec 9, 2025
93a3732
Merge pull request #4409 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Dec 9, 2025
be38c21
Merge pull request #4412 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Dec 9, 2025
99df040
Merge pull request #4401 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Dec 9, 2025
7953b07
Merge pull request #4431 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Dec 9, 2025
c0c4408
build(deps): bump google.golang.org/grpc in /examples
dependabot[bot] Dec 9, 2025
c71068f
build(deps): bump google.golang.org/grpc in /api/v2
dependabot[bot] Dec 9, 2025
8b10369
Merge pull request #4417 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Dec 9, 2025
31cfdd7
Merge pull request #4416 from dexidp/dependabot/go_modules/api/v2/goo…
sagikazarmark Dec 9, 2025
cfdf8d4
build(deps): bump github.com/spf13/cobra in /examples
dependabot[bot] Dec 9, 2025
8ab38eb
Merge pull request #4426 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Dec 9, 2025
c13246c
build(deps): bump github.com/coreos/go-oidc/v3 in /examples
dependabot[bot] Dec 9, 2025
2da2a22
build(deps): bump actions/setup-go from 6.0.0 to 6.1.0
dependabot[bot] Dec 10, 2025
4d1d54c
build(deps): bump docker/metadata-action from 5.9.0 to 5.10.0
dependabot[bot] Dec 10, 2025
3dea4ba
build(deps): bump anchore/sbom-action from 0.20.9 to 0.20.11
dependabot[bot] Dec 10, 2025
71b893e
build(deps): bump actions/checkout from 5.0.0 to 6.0.1
dependabot[bot] Dec 10, 2025
95bf3d0
build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0
dependabot[bot] Dec 10, 2025
ab8306c
build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2
dependabot[bot] Dec 10, 2025
78363ec
build(deps): bump github/codeql-action from 4.31.3 to 4.31.7
dependabot[bot] Dec 10, 2025
8be9fc3
build(deps): bump github.com/coreos/go-oidc/v3 from 3.14.1 to 3.17.0
dependabot[bot] Dec 10, 2025
a023784
build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11
dependabot[bot] Dec 15, 2025
2c5f06e
build(deps): bump google.golang.org/grpc in /examples
dependabot[bot] Dec 24, 2025
895a748
Update distroless base image to debian13 (#4453)
loosebazooka Jan 13, 2026
dcbb7bb
fix: device callback URL needs to handle a / (#4448)
cardoe Jan 13, 2026
2d7ecd3
build(deps): bump alpine from 3.23.0 to 3.23.2 (#4455)
dependabot[bot] Jan 13, 2026
d1b2722
feat: support groups and preferred_username for staticPasswords (#4456)
Jabejixo Jan 13, 2026
debcb5c
fix: hide internal server error details from users
Jabejixo Dec 23, 2025
b0a6ee9
fix: hide internal server error details from users
Jabejixo Jan 13, 2026
701c83a
Merge pull request #4457 from Jabejixo/fix/hide-internal-500-error-de…
sagikazarmark Jan 13, 2026
6a65189
Merge pull request #4460 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Jan 13, 2026
e8f5eeb
Merge pull request #4449 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Jan 13, 2026
30d89fd
Merge pull request #4440 from dexidp/dependabot/github_actions/github…
sagikazarmark Jan 13, 2026
3b06f75
Merge pull request #4439 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Jan 13, 2026
2b15108
Merge pull request #4438 from dexidp/dependabot/go_modules/golang.org…
sagikazarmark Jan 13, 2026
1c0c0b0
Merge pull request #4437 from dexidp/dependabot/github_actions/action…
sagikazarmark Jan 13, 2026
a03588a
Merge pull request #4435 from dexidp/dependabot/github_actions/anchor…
sagikazarmark Jan 13, 2026
4646f9f
Merge pull request #4434 from dexidp/dependabot/github_actions/docker…
sagikazarmark Jan 13, 2026
0257f55
Merge pull request #4433 from dexidp/dependabot/github_actions/action…
sagikazarmark Jan 13, 2026
4bd5919
build(deps): bump google.golang.org/protobuf in /api/v2
dependabot[bot] Jan 13, 2026
bce74e7
fix: failing go-oidc test after 3.15
sagikazarmark Jan 13, 2026
8fc1f97
Merge pull request #4441 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Jan 13, 2026
4ffb7a2
Merge pull request #4450 from dexidp/dependabot/go_modules/api/v2/goo…
sagikazarmark Jan 13, 2026
adf3c82
Merge pull request #4420 from dexidp/dependabot/go_modules/examples/g…
sagikazarmark Jan 13, 2026
c44f771
build(deps): bump the etcd group with 2 updates
dependabot[bot] Jan 13, 2026
e674097
Merge pull request #4436 from dexidp/dependabot/go_modules/etcd-4fbb4…
sagikazarmark Jan 13, 2026
5cd3432
build(deps): bump golang from 1.25.5-alpine3.22 to 1.25.6-alpine3.22 …
dependabot[bot] Jan 21, 2026
ecdd0b8
build(deps): bump distroless/static-debian13 from `b5b9fd0` to `f9f84…
dependabot[bot] Jan 21, 2026
7942817
build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#4476)
dependabot[bot] Jan 21, 2026
a956bf3
build(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 (#4472)
dependabot[bot] Jan 21, 2026
9ed6bf7
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.32 to 1.14.33…
dependabot[bot] Jan 21, 2026
281c177
build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 (#4475)
dependabot[bot] Jan 21, 2026
09fee7f
build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 (#4469)
dependabot[bot] Jan 21, 2026
f0a9fa4
build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4477)
dependabot[bot] Jan 21, 2026
1a49fc3
build(deps): bump actions/cache from 4.3.0 to 5.0.1 (#4473)
dependabot[bot] Jan 21, 2026
9f199ac
build(deps): bump github/codeql-action from 4.31.7 to 4.31.10 (#4470)
dependabot[bot] Jan 21, 2026
2725903
build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#…
dependabot[bot] Jan 21, 2026
da180b9
build(deps): bump google.golang.org/api from 0.257.0 to 0.259.0 (#4478)
dependabot[bot] Jan 21, 2026
4d103d6
build(deps): bump google.golang.org/grpc in /api/v2 (#4459)
dependabot[bot] Jan 21, 2026
5f0c542
build(deps): bump actions/cache from 5.0.1 to 5.0.2 (#4484)
dependabot[bot] Jan 28, 2026
47f2040
build(deps): bump golang from `d9c983d` to `ad295fc` (#4493)
dependabot[bot] Jan 28, 2026
25d62b7
build(deps): bump actions/attest-build-provenance from 3.0.0 to 3.1.0…
dependabot[bot] Jan 28, 2026
dcbaa9d
build(deps): bump anchore/sbom-action from 0.20.11 to 0.22.0 (#4487)
dependabot[bot] Jan 28, 2026
d8acc5a
build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#4489)
dependabot[bot] Jan 28, 2026
b13e020
build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 (#4492)
dependabot[bot] Jan 28, 2026
45b1941
build(deps): bump google.golang.org/api from 0.260.0 to 0.263.0 (#4494)
dependabot[bot] Jan 28, 2026
06b3079
build(deps): bump alpine from 3.23.2 to 3.23.3
dependabot[bot] Jan 29, 2026
227aeb8
build(deps): bump anchore/sbom-action from 0.22.0 to 0.22.1
dependabot[bot] Jan 29, 2026
f817d8b
build(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0
dependabot[bot] Jan 29, 2026
c78b28b
build(deps): bump github/codeql-action from 4.31.11 to 4.32.0
dependabot[bot] Jan 29, 2026
9362179
build(deps): bump actions/cache from 5.0.2 to 5.0.3
dependabot[bot] Jan 30, 2026
0e97ad5
build(deps): bump github.com/lib/pq from 1.10.9 to 1.11.1
dependabot[bot] Jan 30, 2026
f7691ce
gitlab: support custom rootCAData (#4496)
Jabejixo Jan 30, 2026
a522202
Merge pull request #4505 from dexidp/dependabot/go_modules/github.com…
sagikazarmark Feb 5, 2026
5f6d1b1
Merge pull request #4504 from dexidp/dependabot/github_actions/action…
sagikazarmark Feb 5, 2026
228deee
Merge pull request #4502 from dexidp/dependabot/github_actions/github…
sagikazarmark Feb 5, 2026
f976660
Merge pull request #4501 from dexidp/dependabot/github_actions/action…
sagikazarmark Feb 5, 2026
087d4bd
Merge pull request #4499 from dexidp/dependabot/github_actions/anchor…
sagikazarmark Feb 5, 2026
743730f
Merge pull request #4498 from dexidp/dependabot/docker/alpine-3.23.3
sagikazarmark Feb 5, 2026
f3a24b2
build(deps): bump google.golang.org/api from 0.263.0 to 0.265.0
dependabot[bot] Feb 5, 2026
a15c4a6
Merge pull request #4508 from dexidp/dependabot/go_modules/google.gol…
sagikazarmark Feb 5, 2026
1997f63
build(deps): bump docker/login-action from 3.6.0 to 3.7.0
dependabot[bot] Feb 5, 2026
167ea52
Merge pull request #4503 from dexidp/dependabot/github_actions/docker…
sagikazarmark Feb 5, 2026
ec564f2
Enable ContinueOnConnectorFailure feature flag (#4495)
manojVivek Feb 6, 2026
4bdb4f2
chore: extend example configs for idEnv and public (#4443)
cardoe Feb 9, 2026
be791c0
feat: add unprivileged user setup in Dockerfile (#4517)
nabokihms Feb 9, 2026
e0268e2
build(deps): bump golang from 1.25.6-alpine3.22 to 1.25.7-alpine3.22 …
dependabot[bot] Feb 9, 2026
894af72
build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 (#4515)
dependabot[bot] Feb 9, 2026
cee32d6
build(deps): bump github/codeql-action from 4.32.0 to 4.32.2 (#4509)
dependabot[bot] Feb 9, 2026
246124e
build(deps): bump anchore/sbom-action from 0.22.1 to 0.22.2 (#4510)
dependabot[bot] Feb 9, 2026
4c94d8a
build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 in /examp…
dependabot[bot] Feb 9, 2026
b09a9e7
build(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 (#4518)
dependabot[bot] Feb 10, 2026
79e28f5
build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 (#4519)
dependabot[bot] Feb 10, 2026
56958b1
feat: Add Vault signer for JWT (#4512)
nabokihms Feb 10, 2026
2f6a185
test: Add conformance tests for Vault signer integration (#4520)
nabokihms Feb 12, 2026
c016300
build(deps): bump google.golang.org/api from 0.265.0 to 0.266.0 (#4523)
dependabot[bot] Feb 12, 2026
9e37771
feat: add name and emailVerified fields for static passwords (#4526)
Jabejixo Feb 12, 2026
27b5f29
build(deps): bump docker/build-push-action from 6.18.0 to 6.19.1 (#4530)
dependabot[bot] Feb 12, 2026
52c243f
build(deps): bump golang from 1.25.7-alpine3.22 to 1.26.0-alpine3.22 …
dependabot[bot] Feb 12, 2026
5c32fad
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.33 to 1.14.34…
dependabot[bot] Feb 12, 2026
1855a9a
build(deps): bump github.com/lib/pq from 1.11.1 to 1.11.2 (#4525)
dependabot[bot] Feb 12, 2026
9bee0b0
build(deps): bump google.golang.org/grpc in /examples (#4537)
dependabot[bot] Feb 13, 2026
f2c2526
build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 (#4534)
dependabot[bot] Feb 13, 2026
4955d43
build(deps): bump docker/build-push-action from 6.19.1 to 6.19.2 (#4535)
dependabot[bot] Feb 13, 2026
76d7ed4
build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 (#4…
dependabot[bot] Feb 13, 2026
489e37d
fix: suppress deprecation warning for userAttr when not set (#4539)
nabokihms Feb 13, 2026
d90827c
fix: use correct id value for label (#4541)
loganripplinger Feb 15, 2026
7850337
feat: refactor signer configuration with local and vault options (#4532)
nabokihms Feb 15, 2026
ad3a83e
build(gomplate): update gomplate version to v5.0.0 and add update scr…
nabokihms Feb 15, 2026
9bee809
feat(crd): add CRD handling behavior and configuration options (#4543)
nabokihms Feb 15, 2026
a5f4956
Add permissions section to trivydb-cache workflow (#4544)
nabokihms Feb 15, 2026
7c74dd8
build(deps): bump distroless/static-debian13 from `f9f84bd` to `01e55…
dependabot[bot] Feb 16, 2026
2976b23
build(deps): bump google.golang.org/grpc in /examples (#4551)
dependabot[bot] Feb 16, 2026
e640a40
build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 (#4549)
dependabot[bot] Feb 16, 2026
c331bb9
build(deps): bump the etcd group with 2 updates (#4548)
dependabot[bot] Feb 16, 2026
5593fb7
build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 (#4547)
dependabot[bot] Feb 16, 2026
eb9f04b
Debug trivy scans (#4545)
nabokihms Feb 16, 2026
adec8b4
Add steps to fetch and extract OCI image tarball (#4552)
nabokihms Feb 16, 2026
955142b
feat: enhance git-version script to generate pseudo-versions with tim…
nabokihms Feb 16, 2026
dce4638
build(deps): update gRPC to v1.79.1 and other dependencies (#4554)
nabokihms Feb 17, 2026
be13b1f
build(deps): bump helm/kind-action from 1.13.0 to 1.14.0 (#4557)
dependabot[bot] Feb 18, 2026
69f9b7e
build(deps): bump google.golang.org/api from 0.266.0 to 0.267.0 (#4558)
dependabot[bot] Feb 18, 2026
29c7b6f
feat: validate redirect URIs and safely append parameters (#4559)
nabokihms Feb 18, 2026
548b0f5
build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#4562)
dependabot[bot] Feb 19, 2026
0108be9
feat: add skopeo copy command to transfer image from OCI layout (#4564)
nabokihms Feb 20, 2026
49c8228
build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.…
dependabot[bot] Feb 20, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,2 @@
.github/
.gitpod.yml
bin/
tmp/
3 changes: 3 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,6 @@ indent_style = tab

[{config.yaml.dist,config.dev.yaml}]
indent_size = 2

[.golangci.yaml]
indent_size = 2
6 changes: 3 additions & 3 deletions .envrc
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
if ! has nix_direnv_version || ! nix_direnv_version 1.5.0; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/1.5.0/direnvrc" "sha256-carKk9aUFHMuHt+IWh74hFj58nY4K3uywpZbwXX0BTI="
if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
fi
use flake
use flake . --impure

dotenv_if_exists
6 changes: 5 additions & 1 deletion .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
blank_issues_enabled: false
contact_links:
- name: 📖 Documentation enhancement
url: https://github.com/dexidp/website/issues
about: Suggest an improvement to the documentation

- name: ❓ Ask a question
url: https://github.com/dexidp/dex/discussions/new?category=q-a
about: Ask and discuss questions with other Dex community members
Expand All @@ -13,5 +17,5 @@ contact_links:
about: Please ask and answer questions here

- name: 💡 Dex Enhancement Proposal
url: https://github.com/dexidp/dex/tree/master/enhancements/README.md
url: https://github.com/dexidp/dex/tree/master/docs/enhancements/README.md
about: Open a proposal for significant architectural change
12 changes: 0 additions & 12 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,3 @@ Thank you for sending a pull request! Here are some tips for contributors:
-->

#### Special notes for your reviewer

#### Does this PR introduce a user-facing change?

<!--
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->

```release-note

```
4 changes: 2 additions & 2 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ to confirm receipt of the issue.
## Review Process

Once a maintainer has confirmed the relevance of the report, a draft security
advisory will be created on Github. The draft advisory will be used to discuss
advisory will be created on GitHub. The draft advisory will be used to discuss
the issue with maintainers, the reporter(s).
If the reporter(s) wishes to participate in this discussion, then provide
reporter Github username(s) to be invited to the discussion. If the reporter(s)
reporter GitHub username(s) to be invited to the discussion. If the reporter(s)
does not wish to participate directly in the discussion, then the reporter(s)
can request to be updated regularly via email.

Expand Down
11 changes: 11 additions & 0 deletions .github/dependabot.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ updates:
- "area/dependencies"
schedule:
interval: "daily"
groups:
etcd:
patterns:
- "go.etcd.io/*"

- package-ecosystem: "gomod"
directory: "/api/v2"
Expand All @@ -15,6 +19,13 @@ updates:
schedule:
interval: "daily"

- package-ecosystem: "gomod"
directory: "/examples"
labels:
- "area/dependencies"
schedule:
interval: "daily"

- package-ecosystem: "docker"
directory: "/"
labels:
Expand Down
47 changes: 47 additions & 0 deletions .github/workflows/analysis-scorecard.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: OpenSSF Scorecard

on:
branch_protection_rule:
push:
branches: [ main ]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scorecard workflow targets main instead of master

Low Severity

The new analysis-scorecard.yaml workflow triggers on pushes to branches: [ main ], but this fork's default branch is master (as seen in ci.yaml). The scorecard push trigger will never fire. The workflow only runs on the weekly schedule and branch_protection_rule events, which may not be the intent.

Fix in Cursor Fix in Web

schedule:
- cron: '30 0 * * 5'

permissions:
contents: read

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

permissions:
actions: read
contents: read
id-token: write
security-events: write

steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false

- name: Run analysis
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
publish_results: true

- name: Upload results as artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: OpenSSF Scorecard results
path: results.sarif
retention-days: 5

- name: Upload results to GitHub Security tab
uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v3.29.5
with:
sarif_file: results.sarif
Loading