dexidp/dex v2.35.0

on GitHub

⚠️ This release fixes a major vulnerability in Dex. We advise everyone to upgrade as soon as possible! ⚠️

If you use the Google connector, please upgrade to 2.35.1 instead.

The official container image for this release can be pulled from

ghcr.io/dexidp/dex:v2.35.0

What's Changed

Enhancements 🚀

• Reduce HTTP client creations in the Keystone connector by @erwinvaneyk in #2659

Bug Fixes 🐛

• fix for issue 2670; check for no serviceAccountFilePath and no email by @bobcallaway in #2679
• supply HMACKey in test case by @bobcallaway in #2683
• fix: refresh token only once for all concurrent requests by @nabokihms in #2692

Dependency Updates ⬆️

• build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by @dependabot in #2677
• build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by @dependabot in #2666
• build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by @dependabot in #2682
• build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot in #2681
• build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in #2684
• Update golang.org/x packages by @sagikazarmark in #2688

New Contributors

• @jannfis made their first contribution in #2691

Full Changelog: v2.34.0...v2.35.0