Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dex-oidc for openSUSE:Factory
checked in at 2022-10-15 16:37:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dex-oidc (Old)
and /work/SRC/openSUSE:Factory/.dex-oidc.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dex-oidc"
Sat Oct 15 16:37:44 2022 rev:9 rq:1010997 version:2.35.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/dex-oidc/dex-oidc.changes 2022-08-27
11:48:24.933627235 +0200
+++ /work/SRC/openSUSE:Factory/.dex-oidc.new.2275/dex-oidc.changes
2022-10-15 16:40:32.958599215 +0200
@@ -1,0 +2,50 @@
+Fri Oct 14 15:08:39 UTC 2022 - mich...@stroeder.com
+
+- Update to version 2.35.3:
+ * Security fixes
+ - Update gomplate version to 3.11.3 fix CVE-2022-27665
+ - security fix for GHSA-vh7g-p26c-j2cw:
+ Backchannel attack allows an attacker to fetch an ID token through an
intercepted authorization code
+ * 2.35.0:
+ + Enhancements
+ - Reduce HTTP client creations in the Keystone connector by @erwinvaneyk
in #2659
+ + Bug Fixes
+ - fix for issue 2670; check for no serviceAccountFilePath and no email
by @bobcallaway in #2679
+ - supply HMACKey in test case by @bobcallaway in #2683
+ - fix: refresh token only once for all concurrent requests by @nabokihms
in #2692
+ + Dependency Updates
+ - build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by
@dependabot in #2677
+ - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by
@dependabot in #2666
+ - build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by
@dependabot in #2682
+ - build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot
in #2681
+ - build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in
#2684
+ - Update golang.org/x packages by @sagikazarmark in #2688
+ * 2.34.0:
+ + Exciting New Features
+ - updated gomplate version and added ppc64le support by @mayurwaghmode
in #2620
+ + Enhancements
+ - fix: Fallback when group claim is a string instead of an array of
strings by @JoooostB in #2639
+ - feat(connector/authproxy): support multiple groups by @mclavel in #2643
+ - Implement Application Default Credentials for the google connector by
@ichbinfrog in #2530
+ - build: bump Go version to 1.19 in Nix by @sagikazarmark in #2648
+ + Dependency Updates
+ - build(deps): bump alpine from 3.16.1 to 3.16.2 by @dependabot in #2624
+ - build(deps): bump github.com/prometheus/client_golang from 1.12.2 to
1.13.0 by @dependabot in #2623
+ - build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 by
@dependabot in #2632
+ - build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15
by @dependabot in #2634
+ - build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 by
@dependabot in #2635
+ - build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 by
@dependabot in #2633
+ - build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 by
@dependabot in #2637
+ - chore: Bump ent to 0.11.2 by @nabokihms in #2640
+ - chore: Bump Go to 1.19 by @nabokihms in #2641
+ - build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 by
@dependabot in #2646
+ - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 by
@dependabot in #2636
+ - build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in
/api/v2 by @dependabot in #2611
+ - build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15
by @dependabot in #2650
+ - chore: update alpine version in Go image by @sagikazarmark in #2656
+ - build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 by
@dependabot in #2651
+ - build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 by
@dependabot in #2652
+ - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 in
/api/v2 by @dependabot in #2638
+ - build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 by
@dependabot in #2658
+
+-------------------------------------------------------------------
Old:
----
dex-2.33.0.tar.xz
New:
----
dex-2.35.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dex-oidc.spec ++++++
--- /var/tmp/diff_new_pack.OSUE2C/_old 2022-10-15 16:40:33.790601214 +0200
+++ /var/tmp/diff_new_pack.OSUE2C/_new 2022-10-15 16:40:33.794601225 +0200
@@ -20,7 +20,7 @@
%define go_version 1.16
Name: dex-oidc
-Version: 2.33.0
+Version: 2.35.3
Release: 0
Summary: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with
Pluggable Connectors
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.OSUE2C/_old 2022-10-15 16:40:33.822601292 +0200
+++ /var/tmp/diff_new_pack.OSUE2C/_new 2022-10-15 16:40:33.826601302 +0200
@@ -4,7 +4,7 @@
<param name="scm">git</param>
<param name="filename">dex</param>
<param name="exclude">.git</param>
- <param name="revision">v2.33.0</param>
+ <param name="revision">v2.35.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.+)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.OSUE2C/_old 2022-10-15 16:40:33.842601339 +0200
+++ /var/tmp/diff_new_pack.OSUE2C/_new 2022-10-15 16:40:33.846601350 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/dexidp/dex.git</param>
- <param
name="changesrevision">4bcdcf8e1ee07203b46ad771fca6491ef0d160ae</param></service></servicedata>
+ <param
name="changesrevision">54c9e8231fb8305875f4ee0f7bf1f5090e82e4ad</param></service></servicedata>
(No newline at EOF)
++++++ dex-2.33.0.tar.xz -> dex-2.35.3.tar.xz ++++++
++++ 1058797 lines of diff (skipped)
++++++ vendor.tar.xz ++++++
++++ 84930 lines of diff (skipped)
