⚠️ This release fixes a major vulnerability in Dex. We advise everyone to upgrade as soon as possible! ⚠️
If you use the Google connector, please upgrade to 2.35.1 instead.
The official container image for this release can be pulled from
ghcr.io/dexidp/dex:v2.35.0
What's Changed
Enhancements 🚀
- Reduce HTTP client creations in the Keystone connector by @erwinvaneyk in #2659
Bug Fixes 🐛
- fix for issue 2670; check for no serviceAccountFilePath and no email by @bobcallaway in #2679
- supply HMACKey in test case by @bobcallaway in #2683
- fix: refresh token only once for all concurrent requests by @nabokihms in #2692
Dependency Updates ⬆️
- build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by @dependabot in #2677
- build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by @dependabot in #2666
- build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by @dependabot in #2682
- build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot in #2681
- build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in #2684
- Update golang.org/x packages by @sagikazarmark in #2688
New Contributors
Full Changelog: v2.34.0...v2.35.0