Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package dex-oidc for openSUSE:Factory 
checked in at 2022-10-15 16:37:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dex-oidc (Old)
 and      /work/SRC/openSUSE:Factory/.dex-oidc.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "dex-oidc"

Sat Oct 15 16:37:44 2022 rev:9 rq:1010997 version:2.35.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/dex-oidc/dex-oidc.changes        2022-08-27 
11:48:24.933627235 +0200
+++ /work/SRC/openSUSE:Factory/.dex-oidc.new.2275/dex-oidc.changes      
2022-10-15 16:40:32.958599215 +0200
@@ -1,0 +2,50 @@
+Fri Oct 14 15:08:39 UTC 2022 - mich...@stroeder.com
+
+- Update to version 2.35.3:
+  * Security fixes
+    - Update gomplate version to 3.11.3 fix CVE-2022-27665
+    - security fix for GHSA-vh7g-p26c-j2cw:
+      Backchannel attack allows an attacker to fetch an ID token through an 
intercepted authorization code
+  * 2.35.0:
+    + Enhancements
+      - Reduce HTTP client creations in the Keystone connector by @erwinvaneyk 
in #2659
+    + Bug Fixes
+      - fix for issue 2670; check for no serviceAccountFilePath and no email 
by @bobcallaway in #2679
+      - supply HMACKey in test case by @bobcallaway in #2683
+      - fix: refresh token only once for all concurrent requests by @nabokihms 
in #2692
+    + Dependency Updates
+      - build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by 
@dependabot in #2677
+      - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by 
@dependabot in #2666
+      - build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by 
@dependabot in #2682
+      - build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot 
in #2681
+      - build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in 
#2684
+      - Update golang.org/x packages by @sagikazarmark in #2688
+  * 2.34.0:
+    + Exciting New Features
+      - updated gomplate version and added ppc64le support by @mayurwaghmode 
in #2620
+    + Enhancements
+      - fix: Fallback when group claim is a string instead of an array of 
strings by @JoooostB in #2639
+      - feat(connector/authproxy): support multiple groups by @mclavel in #2643
+      - Implement Application Default Credentials for the google connector by 
@ichbinfrog in #2530
+      - build: bump Go version to 1.19 in Nix by @sagikazarmark in #2648
+    + Dependency Updates
+      - build(deps): bump alpine from 3.16.1 to 3.16.2 by @dependabot in #2624
+      - build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 
1.13.0 by @dependabot in #2623
+      - build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 by 
@dependabot in #2632
+      - build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15 
by @dependabot in #2634
+      - build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 by 
@dependabot in #2635
+      - build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 by 
@dependabot in #2633
+      - build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 by 
@dependabot in #2637
+      - chore: Bump ent to 0.11.2 by @nabokihms in #2640
+      - chore: Bump Go to 1.19 by @nabokihms in #2641
+      - build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 by 
@dependabot in #2646
+      - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 by 
@dependabot in #2636
+      - build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in 
/api/v2 by @dependabot in #2611
+      - build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15 
by @dependabot in #2650
+      - chore: update alpine version in Go image by @sagikazarmark in #2656
+      - build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 by 
@dependabot in #2651
+      - build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 by 
@dependabot in #2652
+      - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 in 
/api/v2 by @dependabot in #2638
+      - build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 by 
@dependabot in #2658
+
+-------------------------------------------------------------------

Old:
----
  dex-2.33.0.tar.xz

New:
----
  dex-2.35.3.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dex-oidc.spec ++++++
--- /var/tmp/diff_new_pack.OSUE2C/_old  2022-10-15 16:40:33.790601214 +0200
+++ /var/tmp/diff_new_pack.OSUE2C/_new  2022-10-15 16:40:33.794601225 +0200
@@ -20,7 +20,7 @@
 %define go_version 1.16
 
 Name:           dex-oidc
-Version:        2.33.0
+Version:        2.35.3
 Release:        0
 Summary:        OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with 
Pluggable Connectors
 License:        Apache-2.0

++++++ _service ++++++
--- /var/tmp/diff_new_pack.OSUE2C/_old  2022-10-15 16:40:33.822601292 +0200
+++ /var/tmp/diff_new_pack.OSUE2C/_new  2022-10-15 16:40:33.826601302 +0200
@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="filename">dex</param>
     <param name="exclude">.git</param>
-    <param name="revision">v2.33.0</param>
+    <param name="revision">v2.35.3</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.+)</param>
     <param name="changesgenerate">enable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.OSUE2C/_old  2022-10-15 16:40:33.842601339 +0200
+++ /var/tmp/diff_new_pack.OSUE2C/_new  2022-10-15 16:40:33.846601350 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/dexidp/dex.git</param>
-              <param 
name="changesrevision">4bcdcf8e1ee07203b46ad771fca6491ef0d160ae</param></service></servicedata>
+              <param 
name="changesrevision">54c9e8231fb8305875f4ee0f7bf1f5090e82e4ad</param></service></servicedata>
 (No newline at EOF)
 

++++++ dex-2.33.0.tar.xz -> dex-2.35.3.tar.xz ++++++
++++ 1058797 lines of diff (skipped)

++++++ vendor.tar.xz ++++++
++++ 84930 lines of diff (skipped)

Reply via email to