Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dex-oidc for openSUSE:Factory checked in at 2022-10-15 16:37:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dex-oidc (Old) and /work/SRC/openSUSE:Factory/.dex-oidc.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dex-oidc" Sat Oct 15 16:37:44 2022 rev:9 rq:1010997 version:2.35.3 Changes: -------- --- /work/SRC/openSUSE:Factory/dex-oidc/dex-oidc.changes 2022-08-27 11:48:24.933627235 +0200 +++ /work/SRC/openSUSE:Factory/.dex-oidc.new.2275/dex-oidc.changes 2022-10-15 16:40:32.958599215 +0200 @@ -1,0 +2,50 @@ +Fri Oct 14 15:08:39 UTC 2022 - mich...@stroeder.com + +- Update to version 2.35.3: + * Security fixes + - Update gomplate version to 3.11.3 fix CVE-2022-27665 + - security fix for GHSA-vh7g-p26c-j2cw: + Backchannel attack allows an attacker to fetch an ID token through an intercepted authorization code + * 2.35.0: + + Enhancements + - Reduce HTTP client creations in the Keystone connector by @erwinvaneyk in #2659 + + Bug Fixes + - fix for issue 2670; check for no serviceAccountFilePath and no email by @bobcallaway in #2679 + - supply HMACKey in test case by @bobcallaway in #2683 + - fix: refresh token only once for all concurrent requests by @nabokihms in #2692 + + Dependency Updates + - build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by @dependabot in #2677 + - build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by @dependabot in #2666 + - build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by @dependabot in #2682 + - build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot in #2681 + - build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in #2684 + - Update golang.org/x packages by @sagikazarmark in #2688 + * 2.34.0: + + Exciting New Features + - updated gomplate version and added ppc64le support by @mayurwaghmode in #2620 + + Enhancements + - fix: Fallback when group claim is a string instead of an array of strings by @JoooostB in #2639 + - feat(connector/authproxy): support multiple groups by @mclavel in #2643 + - Implement Application Default Credentials for the google connector by @ichbinfrog in #2530 + - build: bump Go version to 1.19 in Nix by @sagikazarmark in #2648 + + Dependency Updates + - build(deps): bump alpine from 3.16.1 to 3.16.2 by @dependabot in #2624 + - build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #2623 + - build(deps): bump aquasecurity/trivy-action from 0.6.1 to 0.7.0 by @dependabot in #2632 + - build(deps): bump github.com/mattn/go-sqlite3 from 1.14.11 to 1.14.15 by @dependabot in #2634 + - build(deps): bump aquasecurity/trivy-action from 0.7.0 to 0.7.1 by @dependabot in #2635 + - build(deps): bump google.golang.org/api from 0.89.0 to 0.93.0 by @dependabot in #2633 + - build(deps): bump google.golang.org/api from 0.93.0 to 0.94.0 by @dependabot in #2637 + - chore: Bump ent to 0.11.2 by @nabokihms in #2640 + - chore: Bump Go to 1.19 by @nabokihms in #2641 + - build(deps): bump github.com/coreos/go-oidc/v3 from 3.2.0 to 3.3.0 by @dependabot in #2646 + - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 by @dependabot in #2636 + - build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /api/v2 by @dependabot in #2611 + - build(deps): bump golang from 1.19.0-alpine3.15 to 1.19.1-alpine3.15 by @dependabot in #2650 + - chore: update alpine version in Go image by @sagikazarmark in #2656 + - build(deps): bump github.com/lib/pq from 1.10.5 to 1.10.7 by @dependabot in #2651 + - build(deps): bump google.golang.org/api from 0.94.0 to 0.95.0 by @dependabot in #2652 + - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.49.0 in /api/v2 by @dependabot in #2638 + - build(deps): bump github.com/coreos/go-oidc/v3 from 3.3.0 to 3.4.0 by @dependabot in #2658 + +------------------------------------------------------------------- Old: ---- dex-2.33.0.tar.xz New: ---- dex-2.35.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dex-oidc.spec ++++++ --- /var/tmp/diff_new_pack.OSUE2C/_old 2022-10-15 16:40:33.790601214 +0200 +++ /var/tmp/diff_new_pack.OSUE2C/_new 2022-10-15 16:40:33.794601225 +0200 @@ -20,7 +20,7 @@ %define go_version 1.16 Name: dex-oidc -Version: 2.33.0 +Version: 2.35.3 Release: 0 Summary: OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.OSUE2C/_old 2022-10-15 16:40:33.822601292 +0200 +++ /var/tmp/diff_new_pack.OSUE2C/_new 2022-10-15 16:40:33.826601302 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="filename">dex</param> <param name="exclude">.git</param> - <param name="revision">v2.33.0</param> + <param name="revision">v2.35.3</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.+)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.OSUE2C/_old 2022-10-15 16:40:33.842601339 +0200 +++ /var/tmp/diff_new_pack.OSUE2C/_new 2022-10-15 16:40:33.846601350 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/dexidp/dex.git</param> - <param name="changesrevision">4bcdcf8e1ee07203b46ad771fca6491ef0d160ae</param></service></servicedata> + <param name="changesrevision">54c9e8231fb8305875f4ee0f7bf1f5090e82e4ad</param></service></servicedata> (No newline at EOF) ++++++ dex-2.33.0.tar.xz -> dex-2.35.3.tar.xz ++++++ ++++ 1058797 lines of diff (skipped) ++++++ vendor.tar.xz ++++++ ++++ 84930 lines of diff (skipped)