{"id":13856,"name":"dexidp/dex","ecosystem":"docker","repository_url":null,"issues_count":19,"created_at":"2025-06-06T23:35:19.495Z","updated_at":"2025-06-06T23:35:19.495Z","purl":"pkg:docker/dexidp/dex","metadata":{"id":11771899,"name":"dexidp/dex","ecosystem":"docker","description":"OpenID Connect Identity (OIDC) and OAuth 2.0 Provider with Pluggable Connectors","homepage":null,"licenses":null,"normalized_licenses":[],"repository_url":null,"keywords_array":[],"namespace":"dexidp","versions_count":82,"first_release_published_at":"2020-09-11T06:53:53.737Z","latest_release_published_at":"2025-05-22T09:10:37.785Z","latest_release_number":"v2.43.1","last_synced_at":"2025-06-07T21:10:14.024Z","created_at":"2025-06-07T21:10:12.172Z","updated_at":"2025-06-08T20:58:19.070Z","registry_url":"https://hub.docker.com/r/dexidp/dex","install_command":"docker pull dexidp/dex","documentation_url":null,"metadata":{},"repo_metadata":{},"repo_metadata_updated_at":null,"dependent_packages_count":0,"downloads":9493351,"downloads_period":"total","dependent_repos_count":0,"rankings":{"downloads":0.1400068257069696,"dependent_repos_count":1.5145285771594281,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":0.5515118009554659},"purl":"pkg:docker/dexidp%2Fdex","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/docker/dexidp/dex","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/docker/dexidp/dex","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/docker/dexidp/dex/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/packages/dexidp%2Fdex/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/packages/dexidp%2Fdex/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/packages/dexidp%2Fdex/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/packages/dexidp%2Fdex/related_packages","maintainers":[],"registry":{"name":"hub.docker.com","url":"https://hub.docker.com","ecosystem":"docker","default":true,"packages_count":1002113,"maintainers_count":0,"namespaces_count":411609,"keywords_count":1704,"github":"docker","metadata":{"api_url":"https://registry-1.docker.io","funded_packages_count":256},"icon_url":"https://github.com/docker.png","created_at":"2022-11-24T17:07:36.388Z","updated_at":"2025-06-09T06:59:46.217Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/hub.docker.com/namespaces"}},"unique_repositories_count":9,"unique_repositories_count_past_30_days":1,"recent_issues":[{"uuid":"3981048832","node_id":"PR_kwDOEH72W87Fy3ga","number":2946,"state":"closed","title":"Bump dexidp/dex from v2.44.0 to v2.45.0 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-04T01:53:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-24T01:53:29.000Z","updated_at":"2026-03-04T01:53:41.000Z","time_to_close":691211,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.44.0","new_version":"v2.45.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.44.0 to v2.45.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.45.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eKnow Before Upgrade\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe major version of \u003ccode\u003egomplate\u003c/code\u003e has been bumped to v5.0.0, which includes breaking changes. Here is \u003ca href=\"https://github.com/hairyhenderson/gomplate/releases/tag/v5.0.0\"\u003ethe full list\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThere are two known CVEs in the \u003ccode\u003egomplate\u003c/code\u003e binary - \u003ccode\u003eCVE-2025-68121\u003c/code\u003e and \u003ccode\u003eCVE-2026-25934\u003c/code\u003e. \u003ccode\u003egomplate\u003c/code\u003e is only used for preprocessing configuration files and is optional. Once the CVEs are fixed upstream, the version of gomplate in the dex image will be updated accordingly.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eContinueOnConnectorFailure\u003c/code\u003e feature flag is now enabled by default. To disable it, use the following environment variable: \u003ccode\u003eDEX_CONTINUE_ON_CONNECTOR_FAILURE=false\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ePre-release versions of dex now use pseudo-versioning for identifying releases. Unreleased versions will follow the pattern \u003ccode\u003ev2.minor+1.0-yyyymmdd-commithash\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eExciting New Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support to PKCE in OIDC connector by \u003ca href=\"https://github.com/johnvan7\"\u003e\u003ccode\u003e@​johnvan7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3777\"\u003edexidp/dex#3777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Vault signer for JWT by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4512\"\u003edexidp/dex#4512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport groups and preferred_username for static passwords by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4456\"\u003edexidp/dex#4456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd name and email_verified fields for static passwords by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4526\"\u003edexidp/dex#4526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExample app pkce by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4284\"\u003edexidp/dex#4284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly wrap IPv6 addresses in brackets by \u003ca href=\"https://github.com/rene-dekker\"\u003e\u003ccode\u003e@​rene-dekker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4388\"\u003edexidp/dex#4388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate distroless base image to debian13 by \u003ca href=\"https://github.com/loosebazooka\"\u003e\u003ccode\u003e@​loosebazooka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4453\"\u003edexidp/dex#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide internal server error details from users by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4457\"\u003edexidp/dex#4457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGitlab support custom rootCAData by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4496\"\u003edexidp/dex#4496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable \u003ccode\u003eContinueOnConnectorFailure\u003c/code\u003e feature flag by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4495\"\u003edexidp/dex#4495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtend example configs for idEnv and public by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4443\"\u003edexidp/dex#4443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd unprivileged user setup in Dockerfile by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4517\"\u003edexidp/dex#4517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conformance tests for Vault signer integration by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4520\"\u003edexidp/dex#4520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CRD handling behavior and configuration options by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4543\"\u003edexidp/dex#4543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance git-version script to generate pseudo-versions by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4553\"\u003edexidp/dex#4553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate redirect URIs and safely append parameters by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4559\"\u003edexidp/dex#4559\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor example-app with a new config by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4569\"\u003edexidp/dex#4569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement device code flow in example-app by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4570\"\u003edexidp/dex#4570\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not wrap Kubernetes Address in brackets by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4363\"\u003edexidp/dex#4363\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDevice callback URL needs to handle a / by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4448\"\u003edexidp/dex#4448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress deprecation warning for userAttr when not set by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4539\"\u003edexidp/dex#4539\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse correct id value for label by \u003ca href=\"https://github.com/loganripplinger\"\u003e\u003ccode\u003e@​loganripplinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4541\"\u003edexidp/dex#4541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespond with forbidden if failed to authenticate by \u003ca href=\"https://github.com/aljoshare\"\u003e\u003ccode\u003e@​aljoshare\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4200\"\u003edexidp/dex#4200\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.3.0 to 2.4.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4299\"\u003edexidp/dex#4299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4304\"\u003edexidp/dex#4304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.33.0 to 0.33.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4305\"\u003edexidp/dex#4305\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4307\"\u003edexidp/dex#4307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003ea9f88e0\u003c/code\u003e to \u003ccode\u003ee8a4044\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4313\"\u003edexidp/dex#4313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump oras-project/setup-oras from 1.2.3 to 1.2.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4314\"\u003edexidp/dex#4314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.11 to 3.30.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4320\"\u003edexidp/dex#4320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4324\"\u003edexidp/dex#4324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4302\"\u003edexidp/dex#4302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.23.0 to 1.23.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4309\"\u003edexidp/dex#4309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump tonistiigi/xx from 1.6.1 to 1.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4317\"\u003edexidp/dex#4317\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4310\"\u003edexidp/dex#4310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4311\"\u003edexidp/dex#4311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/bcc2283694018a59e9b84c43c6c50ce996e9409b\"\u003e\u003ccode\u003ebcc2283\u003c/code\u003e\u003c/a\u003e feat: enhance test commands to support GitHub Actions formatting (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4575\"\u003e#4575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ec26e19e7943de816f61b49a71a8bd126e38e705\"\u003e\u003ccode\u003eec26e19\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4573\"\u003e#4573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/51c66d252391c901cc931b9e437f8a685467b6bb\"\u003e\u003ccode\u003e51c66d2\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4574\"\u003e#4574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8db7699e0f5fbcd552fd6db671c54006c77ea8ce\"\u003e\u003ccode\u003e8db7699\u003c/code\u003e\u003c/a\u003e feat: implement device code flow in example-app (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4570\"\u003e#4570\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/cf17fc68c8e627e9a2c316d19af21c6f49683251\"\u003e\u003ccode\u003ecf17fc6\u003c/code\u003e\u003c/a\u003e test: update HandleCallback after merging OIDC PKCE (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4572\"\u003e#4572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/83697b06a680ade01bde2a063347dbbc04d0a2ec\"\u003e\u003ccode\u003e83697b0\u003c/code\u003e\u003c/a\u003e fix(server): respond with forbidden if failed to authenticate (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4200\"\u003e#4200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/25591eeaf41a5bd8039e5421cca7a794e6c9f112\"\u003e\u003ccode\u003e25591ee\u003c/code\u003e\u003c/a\u003e Add support to PKCE in OIDC connector (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/3777\"\u003e#3777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/5d27abc1179fa3d8593c8de65bd52dc8e096fa8f\"\u003e\u003ccode\u003e5d27abc\u003c/code\u003e\u003c/a\u003e feat: refactor example-app with a new config (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4569\"\u003e#4569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/08079303c9b992b07ee6d18f5c1b9fc64d2ced56\"\u003e\u003ccode\u003e0807930\u003c/code\u003e\u003c/a\u003e feat: add debug step to check image metadata in workflow (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4566\"\u003e#4566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/49c8228d304e84eb5845f7ef6c923c0fb839b82d\"\u003e\u003ccode\u003e49c8228\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4563\"\u003e#4563\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.44.0...v2.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.44.0\u0026new-version=v2.45.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware/pinniped/pull/2946","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fpinniped/issues/2946","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2946/packages"},{"uuid":"3395561784","node_id":"PR_kwDOFHnGQc6ndNqI","number":456,"state":"open","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-09-08T20:12:34.000Z","updated_at":"2025-09-22T21:44:30.426Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.6","new_version":"1.25.1"},{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.6 to 1.25.1\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/fulcio/pull/456","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Ffulcio/issues/456","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/456/packages"},{"uuid":"2808456673","node_id":"PR_kwDOJ2U4086nZaXh","number":421,"state":"open","title":"Bump dexidp/dex from v2.43.1 to v2.44.0 in /charts/argocd","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-08T14:19:24.000Z","updated_at":"2025-09-08T14:19:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/charts/argocd","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.43.1 to v2.44.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.43.1\u0026new-version=v2.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onehinny/homelab/pull/421","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/421","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/421/packages"},{"uuid":"3392743644","node_id":"PR_kwDOFT62E86nTsAn","number":1218,"state":"closed","title":"build(deps): Bump the all group in /test/e2e with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-15T06:07:00.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-09-08T06:05:44.000Z","updated_at":"2025-09-15T06:07:00.000Z","time_to_close":604876,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":2,"packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"},{"name":"hashicorp/vault","old_version":"1.20.2","new_version":"1.20.3"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 2 updates: [dexidp/dex](https://github.com/dexidp/dex) and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hashicorp/vault` from 1.20.2 to 1.20.3\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/sigstore/pull/1218","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Fsigstore/issues/1218","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1218/packages"},{"uuid":"2806580975","node_id":"PR_kwDOFFxbIM6nSQbv","number":2143,"state":"open","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-08T02:01:30.000Z","updated_at":"2025-09-16T10:50:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.6","new_version":"1.25.1"},{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.6 to 1.25.1\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/fulcio/pull/2143","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Ffulcio/issues/2143","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2143/packages"},{"uuid":"2794294447","node_id":"PR_kwDOF3eXvs6mjYyv","number":10001,"state":"closed","title":"Bump dexidp/dex from v2.43.1 to v2.44.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-05T15:28:41.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-03T00:44:54.000Z","updated_at":"2025-09-05T15:28:41.000Z","time_to_close":225827,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"}],"path":null,"ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.43.1 to v2.44.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.43.1\u0026new-version=v2.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10001","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10001","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10001/packages"},{"uuid":"2794095844","node_id":"PR_kwDOEH72W86mioTk","number":2592,"state":"closed","title":"Bump dexidp/dex from v2.43.1 to v2.44.0 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-09-09T14:18:27.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-02T22:21:51.000Z","updated_at":"2025-09-09T14:18:27.000Z","time_to_close":575796,"merged_at":"2025-09-09T14:18:26.000Z","merged_by":"joshuatcasey","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.43.1 to v2.44.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.43.1\u0026new-version=v2.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware/pinniped/pull/2592","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fpinniped/issues/2592","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2592/packages"},{"uuid":"2792119322","node_id":"PR_kwDOFC8iNM6mbFwa","number":2160,"state":"open","title":"build(deps): Bump the all group in /test/e2e with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-02T10:26:00.000Z","updated_at":"2025-09-02T10:31:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":2,"packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"},{"name":"hashicorp/vault","old_version":"1.20.2","new_version":"1.20.3"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 2 updates: [dexidp/dex](https://github.com/dexidp/dex) and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hashicorp/vault` from 1.20.2 to 1.20.3\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/sigstore/pull/2160","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore/issues/2160","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2160/packages"},{"uuid":"3110602269","node_id":"PR_kwDOJ2U4086Ypje2","number":385,"state":"open","title":"Bump dexidp/dex from v2.42.1 to v2.43.1 in /charts/argocd","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T15:11:57.000Z","updated_at":"2025-07-15T19:25:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1","repository_url":"https://github.com/dexidp/dex"}],"path":"/charts/argocd","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4146\"\u003e#4146\u003c/a\u003e to 2.43.x by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4148\"\u003edexidp/dex#4148\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6e602d3315ea09d0cdeef6b51e61f2fd4ae52502\"\u003e\u003ccode\u003e6e602d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4148\"\u003e#4148\u003c/a\u003e from dexidp/backport-4146\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/1a97d72ab1685dd27c372876033a329beb065364\"\u003e\u003ccode\u003e1a97d72\u003c/code\u003e\u003c/a\u003e Resolve CVE by updating gomplate to 4.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/onehinny/homelab/pull/385","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/385","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/385/packages"},{"uuid":"2543137645","node_id":"PR_kwDOFWzxY86XlTNt","number":539,"state":"open","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-05-26T06:20:16.000Z","updated_at":"2025-05-26T06:20:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.2","new_version":"1.24.3"},{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.2 to 1.24.3\n\nUpdates `dexidp/dex` from v2.42.1 to v2.43.1\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cpanato/fulcio/pull/539","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cpanato%2Ffulcio/issues/539","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/539/packages"},{"uuid":"2542848530","node_id":"PR_kwDOFFxbIM6XkMoS","number":2054,"state":"open","title":"Bump dexidp/dex from v2.42.1 to v2.43.1 in the all group","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-26T02:29:14.000Z","updated_at":"2025-05-26T06:35:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1","repository_url":null}],"path":"the all group","ecosystem":"docker"},"body":"Bumps the all group with 1 update: dexidp/dex.\n\nUpdates `dexidp/dex` from v2.42.1 to v2.43.1\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/fulcio/pull/2054","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Ffulcio/issues/2054","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2054/packages"},{"uuid":"2538595563","node_id":"PR_kwDOEH72W86XT-Tr","number":2407,"state":"closed","title":"Bump dexidp/dex from v2.42.1 to v2.43.1 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-27T16:39:29.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-23T02:06:54.000Z","updated_at":"2025-05-27T16:39:29.000Z","time_to_close":397955,"merged_at":"2025-05-27T16:39:29.000Z","merged_by":"joshuatcasey","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4146\"\u003e#4146\u003c/a\u003e to 2.43.x by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4148\"\u003edexidp/dex#4148\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6e602d3315ea09d0cdeef6b51e61f2fd4ae52502\"\u003e\u003ccode\u003e6e602d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4148\"\u003e#4148\u003c/a\u003e from dexidp/backport-4146\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/1a97d72ab1685dd27c372876033a329beb065364\"\u003e\u003ccode\u003e1a97d72\u003c/code\u003e\u003c/a\u003e Resolve CVE by updating gomplate to 4.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware-tanzu/pinniped/pull/2407","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fpinniped/issues/2407","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2407/packages"},{"uuid":"2530219839","node_id":"PR_kwDOF3eXvs6W0Bc_","number":9394,"state":"closed","title":"Bump dexidp/dex from v2.42.1 to v2.43.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-20T05:38:12.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-20T03:34:33.000Z","updated_at":"2025-05-20T05:38:12.000Z","time_to_close":7419,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.0","repository_url":"https://github.com/dexidp/dex"}],"path":null,"ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/login-action from 3.3.0 to 3.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4070\"\u003edexidp/dex#4070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4069\"\u003edexidp/dex#4069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4068\"\u003edexidp/dex#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/russellhaering/goxmldsig from 1.4.0 to 1.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4073\"\u003edexidp/dex#4073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/beevik/etree from 1.5.0 to 1.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4096\"\u003edexidp/dex#4096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4095\"\u003edexidp/dex#4095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-ldap/ldap/v3 from 3.4.10 to 3.4.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4093\"\u003edexidp/dex#4093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4092\"\u003edexidp/dex#4092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.11 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4091\"\u003edexidp/dex#4091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4090\"\u003edexidp/dex#4090\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/41f9cc8bfc77545fc9ab4e96b12eed1dcaca97d7\"\u003e\u003ccode\u003e41f9cc8\u003c/code\u003e\u003c/a\u003e build(deps): bump distroless/static-debian12 from \u003ccode\u003ec0f429e\u003c/code\u003e to \u003ccode\u003e188ddfb\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8f3e94d4424457a4193a750244075f15753ae5ad\"\u003e\u003ccode\u003e8f3e94d\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 3.28.17 to 3.28.18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9394","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9394","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9394/packages"},{"uuid":"2530111632","node_id":"PR_kwDOEH72W86WznCQ","number":2394,"state":"closed","title":"Bump dexidp/dex from v2.42.1 to v2.43.0 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-23T02:06:57.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-20T01:51:48.000Z","updated_at":"2025-05-23T02:06:57.000Z","time_to_close":260109,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/login-action from 3.3.0 to 3.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4070\"\u003edexidp/dex#4070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4069\"\u003edexidp/dex#4069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4068\"\u003edexidp/dex#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/russellhaering/goxmldsig from 1.4.0 to 1.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4073\"\u003edexidp/dex#4073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/beevik/etree from 1.5.0 to 1.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4096\"\u003edexidp/dex#4096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4095\"\u003edexidp/dex#4095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-ldap/ldap/v3 from 3.4.10 to 3.4.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4093\"\u003edexidp/dex#4093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4092\"\u003edexidp/dex#4092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.11 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4091\"\u003edexidp/dex#4091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4090\"\u003edexidp/dex#4090\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/41f9cc8bfc77545fc9ab4e96b12eed1dcaca97d7\"\u003e\u003ccode\u003e41f9cc8\u003c/code\u003e\u003c/a\u003e build(deps): bump distroless/static-debian12 from \u003ccode\u003ec0f429e\u003c/code\u003e to \u003ccode\u003e188ddfb\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8f3e94d4424457a4193a750244075f15753ae5ad\"\u003e\u003ccode\u003e8f3e94d\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 3.28.17 to 3.28.18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware-tanzu/pinniped/pull/2394","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fpinniped/issues/2394","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2394/packages"},{"uuid":"2529767650","node_id":"PR_kwDOFHnGQc6WyTDi","number":433,"state":"closed","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-06-18T16:14:07.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T20:56:24.000Z","updated_at":"2025-06-18T16:14:07.000Z","time_to_close":2575063,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.2","new_version":"1.24.3"},{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.0"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.2 to 1.24.3\n\nUpdates `dexidp/dex` from v2.42.1 to v2.43.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/fulcio/pull/433","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Ffulcio/issues/433","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/433/packages"},{"uuid":"2486794368","node_id":"PR_kwDOFC8iNM6UOXiA","number":2074,"state":"open","title":"build(deps): Bump the all group in /test/e2e with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-04-28T19:54:34.000Z","updated_at":"2025-05-12T19:50:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":3,"packages":[{"name":"dexidp/dex","old_version":"v2.42.0","new_version":"v2.42.1","repository_url":"https://github.com/dexidp/dex"},{"name":"localstack/localstack","old_version":"4.2.0","new_version":"4.3.0"},{"name":"hashicorp/vault","old_version":"1.18.5","new_version":"1.19.2"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 3 updates: [dexidp/dex](https://github.com/dexidp/dex), localstack/localstack and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.42.0 to v2.42.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.42.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4089\"\u003edexidp/dex#4089\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/4c3e83b90135339575b66d7cf878fb1a6326c243\"\u003e\u003ccode\u003e4c3e83b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4089\"\u003e#4089\u003c/a\u003e from dexidp/backport-4087\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/3e2abe882cc75ad99b6e255db0accfd7aa3c389f\"\u003e\u003ccode\u003e3e2abe8\u003c/code\u003e\u003c/a\u003e fix: remove version controlled files from dockerignore\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `localstack/localstack` from 4.2.0 to 4.3.0\n\nUpdates `hashicorp/vault` from 1.18.5 to 1.19.2\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/sigstore/pull/2074","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore/issues/2074","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2074/packages"},{"uuid":"3023856649","node_id":"PR_kwDOFT62E86UHDNd","number":1199,"state":"open","title":"build(deps): Bump the all group in /test/e2e with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-04-28T06:32:13.000Z","updated_at":"2025-06-18T11:46:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":3,"packages":[{"name":"dexidp/dex","old_version":"v2.42.0","new_version":"v2.42.1","repository_url":"https://github.com/dexidp/dex"},{"name":"localstack/localstack","old_version":"4.2.0","new_version":"4.3.0"},{"name":"hashicorp/vault","old_version":"1.18.5","new_version":"1.19.2"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 3 updates: [dexidp/dex](https://github.com/dexidp/dex), localstack/localstack and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.42.0 to v2.42.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.42.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4089\"\u003edexidp/dex#4089\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/4c3e83b90135339575b66d7cf878fb1a6326c243\"\u003e\u003ccode\u003e4c3e83b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4089\"\u003e#4089\u003c/a\u003e from dexidp/backport-4087\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/3e2abe882cc75ad99b6e255db0accfd7aa3c389f\"\u003e\u003ccode\u003e3e2abe8\u003c/code\u003e\u003c/a\u003e fix: remove version controlled files from dockerignore\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `localstack/localstack` from 4.2.0 to 4.3.0\n\nUpdates `hashicorp/vault` from 1.18.5 to 1.19.2\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/sigstore/pull/1199","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Fsigstore/issues/1199","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1199/packages"}],"issue_packages":[{"old_version":"v2.44.0","new_version":"v2.45.0","update_type":"minor","path":"/dockerfiles/test-dex","pr_created_at":"2026-02-24T01:53:29.000Z","version_change":"v2.44.0 → v2.45.0","issue":{"uuid":"3981048832","node_id":"PR_kwDOEH72W87Fy3ga","number":2946,"state":"closed","title":"Bump dexidp/dex from v2.44.0 to v2.45.0 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-04T01:53:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-24T01:53:29.000Z","updated_at":"2026-03-04T01:53:41.000Z","time_to_close":691211,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.44.0","new_version":"v2.45.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.44.0 to v2.45.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.45.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eKnow Before Upgrade\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe major version of \u003ccode\u003egomplate\u003c/code\u003e has been bumped to v5.0.0, which includes breaking changes. Here is \u003ca href=\"https://github.com/hairyhenderson/gomplate/releases/tag/v5.0.0\"\u003ethe full list\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThere are two known CVEs in the \u003ccode\u003egomplate\u003c/code\u003e binary - \u003ccode\u003eCVE-2025-68121\u003c/code\u003e and \u003ccode\u003eCVE-2026-25934\u003c/code\u003e. \u003ccode\u003egomplate\u003c/code\u003e is only used for preprocessing configuration files and is optional. Once the CVEs are fixed upstream, the version of gomplate in the dex image will be updated accordingly.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eContinueOnConnectorFailure\u003c/code\u003e feature flag is now enabled by default. To disable it, use the following environment variable: \u003ccode\u003eDEX_CONTINUE_ON_CONNECTOR_FAILURE=false\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ePre-release versions of dex now use pseudo-versioning for identifying releases. Unreleased versions will follow the pattern \u003ccode\u003ev2.minor+1.0-yyyymmdd-commithash\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eExciting New Features 🎉\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support to PKCE in OIDC connector by \u003ca href=\"https://github.com/johnvan7\"\u003e\u003ccode\u003e@​johnvan7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3777\"\u003edexidp/dex#3777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Vault signer for JWT by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4512\"\u003edexidp/dex#4512\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport groups and preferred_username for static passwords by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4456\"\u003edexidp/dex#4456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd name and email_verified fields for static passwords by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4526\"\u003edexidp/dex#4526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eExample app pkce by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4284\"\u003edexidp/dex#4284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly wrap IPv6 addresses in brackets by \u003ca href=\"https://github.com/rene-dekker\"\u003e\u003ccode\u003e@​rene-dekker\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4388\"\u003edexidp/dex#4388\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate distroless base image to debian13 by \u003ca href=\"https://github.com/loosebazooka\"\u003e\u003ccode\u003e@​loosebazooka\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4453\"\u003edexidp/dex#4453\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHide internal server error details from users by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4457\"\u003edexidp/dex#4457\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGitlab support custom rootCAData by \u003ca href=\"https://github.com/Jabejixo\"\u003e\u003ccode\u003e@​Jabejixo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4496\"\u003edexidp/dex#4496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable \u003ccode\u003eContinueOnConnectorFailure\u003c/code\u003e feature flag by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4495\"\u003edexidp/dex#4495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExtend example configs for idEnv and public by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4443\"\u003edexidp/dex#4443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd unprivileged user setup in Dockerfile by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4517\"\u003edexidp/dex#4517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd conformance tests for Vault signer integration by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4520\"\u003edexidp/dex#4520\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CRD handling behavior and configuration options by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4543\"\u003edexidp/dex#4543\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnhance git-version script to generate pseudo-versions by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4553\"\u003edexidp/dex#4553\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eValidate redirect URIs and safely append parameters by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4559\"\u003edexidp/dex#4559\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor example-app with a new config by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4569\"\u003edexidp/dex#4569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement device code flow in example-app by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4570\"\u003edexidp/dex#4570\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not wrap Kubernetes Address in brackets by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4363\"\u003edexidp/dex#4363\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDevice callback URL needs to handle a / by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4448\"\u003edexidp/dex#4448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSuppress deprecation warning for userAttr when not set by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4539\"\u003edexidp/dex#4539\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse correct id value for label by \u003ca href=\"https://github.com/loganripplinger\"\u003e\u003ccode\u003e@​loganripplinger\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4541\"\u003edexidp/dex#4541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRespond with forbidden if failed to authenticate by \u003ca href=\"https://github.com/aljoshare\"\u003e\u003ccode\u003e@​aljoshare\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4200\"\u003edexidp/dex#4200\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.3.0 to 2.4.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4299\"\u003edexidp/dex#4299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4304\"\u003edexidp/dex#4304\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.33.0 to 0.33.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4305\"\u003edexidp/dex#4305\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4307\"\u003edexidp/dex#4307\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003ea9f88e0\u003c/code\u003e to \u003ccode\u003ee8a4044\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4313\"\u003edexidp/dex#4313\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump oras-project/setup-oras from 1.2.3 to 1.2.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4314\"\u003edexidp/dex#4314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.11 to 3.30.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4320\"\u003edexidp/dex#4320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4324\"\u003edexidp/dex#4324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4302\"\u003edexidp/dex#4302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.23.0 to 1.23.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4309\"\u003edexidp/dex#4309\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump tonistiigi/xx from 1.6.1 to 1.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4317\"\u003edexidp/dex#4317\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4310\"\u003edexidp/dex#4310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4311\"\u003edexidp/dex#4311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/bcc2283694018a59e9b84c43c6c50ce996e9409b\"\u003e\u003ccode\u003ebcc2283\u003c/code\u003e\u003c/a\u003e feat: enhance test commands to support GitHub Actions formatting (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4575\"\u003e#4575\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ec26e19e7943de816f61b49a71a8bd126e38e705\"\u003e\u003ccode\u003eec26e19\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4573\"\u003e#4573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/51c66d252391c901cc931b9e437f8a685467b6bb\"\u003e\u003ccode\u003e51c66d2\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4574\"\u003e#4574\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8db7699e0f5fbcd552fd6db671c54006c77ea8ce\"\u003e\u003ccode\u003e8db7699\u003c/code\u003e\u003c/a\u003e feat: implement device code flow in example-app (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4570\"\u003e#4570\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/cf17fc68c8e627e9a2c316d19af21c6f49683251\"\u003e\u003ccode\u003ecf17fc6\u003c/code\u003e\u003c/a\u003e test: update HandleCallback after merging OIDC PKCE (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4572\"\u003e#4572\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/83697b06a680ade01bde2a063347dbbc04d0a2ec\"\u003e\u003ccode\u003e83697b0\u003c/code\u003e\u003c/a\u003e fix(server): respond with forbidden if failed to authenticate (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4200\"\u003e#4200\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/25591eeaf41a5bd8039e5421cca7a794e6c9f112\"\u003e\u003ccode\u003e25591ee\u003c/code\u003e\u003c/a\u003e Add support to PKCE in OIDC connector (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/3777\"\u003e#3777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/5d27abc1179fa3d8593c8de65bd52dc8e096fa8f\"\u003e\u003ccode\u003e5d27abc\u003c/code\u003e\u003c/a\u003e feat: refactor example-app with a new config (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4569\"\u003e#4569\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/08079303c9b992b07ee6d18f5c1b9fc64d2ced56\"\u003e\u003ccode\u003e0807930\u003c/code\u003e\u003c/a\u003e feat: add debug step to check image metadata in workflow (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4566\"\u003e#4566\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/49c8228d304e84eb5845f7ef6c923c0fb839b82d\"\u003e\u003ccode\u003e49c8228\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 (\u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4563\"\u003e#4563\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.44.0...v2.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.44.0\u0026new-version=v2.45.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware/pinniped/pull/2946","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fpinniped/issues/2946","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2946/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":null,"pr_created_at":"2025-09-08T20:12:34.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"3395561784","node_id":"PR_kwDOFHnGQc6ndNqI","number":456,"state":"open","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-09-08T20:12:34.000Z","updated_at":"2025-09-22T21:44:30.426Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.6","new_version":"1.25.1"},{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.6 to 1.25.1\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/fulcio/pull/456","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Ffulcio/issues/456","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/456/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":"/charts/argocd","pr_created_at":"2025-09-08T14:19:24.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"2808456673","node_id":"PR_kwDOJ2U4086nZaXh","number":421,"state":"open","title":"Bump dexidp/dex from v2.43.1 to v2.44.0 in /charts/argocd","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-08T14:19:24.000Z","updated_at":"2025-09-08T14:19:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/charts/argocd","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.43.1 to v2.44.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.43.1\u0026new-version=v2.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onehinny/homelab/pull/421","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/421","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/421/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":"/test/e2e","pr_created_at":"2025-09-08T06:05:44.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"3392743644","node_id":"PR_kwDOFT62E86nTsAn","number":1218,"state":"closed","title":"build(deps): Bump the all group in /test/e2e with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-15T06:07:00.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-09-08T06:05:44.000Z","updated_at":"2025-09-15T06:07:00.000Z","time_to_close":604876,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":2,"packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"},{"name":"hashicorp/vault","old_version":"1.20.2","new_version":"1.20.3"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 2 updates: [dexidp/dex](https://github.com/dexidp/dex) and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hashicorp/vault` from 1.20.2 to 1.20.3\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/sigstore/pull/1218","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Fsigstore/issues/1218","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1218/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":null,"pr_created_at":"2025-09-08T02:01:30.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"2806580975","node_id":"PR_kwDOFFxbIM6nSQbv","number":2143,"state":"open","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-08T02:01:30.000Z","updated_at":"2025-09-16T10:50:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.6","new_version":"1.25.1"},{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.6 to 1.25.1\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/fulcio/pull/2143","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Ffulcio/issues/2143","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2143/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":null,"pr_created_at":"2025-09-03T00:44:54.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"2794294447","node_id":"PR_kwDOF3eXvs6mjYyv","number":10001,"state":"closed","title":"Bump dexidp/dex from v2.43.1 to v2.44.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-05T15:28:41.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-03T00:44:54.000Z","updated_at":"2025-09-05T15:28:41.000Z","time_to_close":225827,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"}],"path":null,"ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.43.1 to v2.44.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.43.1\u0026new-version=v2.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/10001","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/10001","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10001/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":"/dockerfiles/test-dex","pr_created_at":"2025-09-02T22:21:51.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"2794095844","node_id":"PR_kwDOEH72W86mioTk","number":2592,"state":"closed","title":"Bump dexidp/dex from v2.43.1 to v2.44.0 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-09-09T14:18:27.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-02T22:21:51.000Z","updated_at":"2025-09-09T14:18:27.000Z","time_to_close":575796,"merged_at":"2025-09-09T14:18:26.000Z","merged_by":"joshuatcasey","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.43.1 to v2.44.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.43.1\u0026new-version=v2.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware/pinniped/pull/2592","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware%2Fpinniped/issues/2592","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2592/packages"}},{"old_version":"v2.43.1","new_version":"v2.44.0","update_type":"minor","path":"/test/e2e","pr_created_at":"2025-09-02T10:26:00.000Z","version_change":"v2.43.1 → v2.44.0","issue":{"uuid":"2792119322","node_id":"PR_kwDOFC8iNM6mbFwa","number":2160,"state":"open","title":"build(deps): Bump the all group in /test/e2e with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-02T10:26:00.000Z","updated_at":"2025-09-02T10:31:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":2,"packages":[{"name":"dexidp/dex","old_version":"v2.43.1","new_version":"v2.44.0","repository_url":"https://github.com/dexidp/dex"},{"name":"hashicorp/vault","old_version":"1.20.2","new_version":"1.20.3"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 2 updates: [dexidp/dex](https://github.com/dexidp/dex) and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.43.1 to v2.44.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.44.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAllow server startup with partial connector failures by \u003ca href=\"https://github.com/manojVivek\"\u003e\u003ccode\u003e@​manojVivek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4159\"\u003edexidp/dex#4159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4113\"\u003edexidp/dex#4113\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: Add ModifyGroupNames claimMutation to oidc connector by \u003ca href=\"https://github.com/peschmae\"\u003e\u003ccode\u003e@​peschmae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4144\"\u003edexidp/dex#4144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eauthproxy connector: add support for specifying group header separator by \u003ca href=\"https://github.com/a-buck\"\u003e\u003ccode\u003e@​a-buck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3745\"\u003edexidp/dex#3745\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: join issuer URL with discovery path without extra slash after issuer URL by \u003ca href=\"https://github.com/vizv\"\u003e\u003ccode\u003e@​vizv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4263\"\u003edexidp/dex#4263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: grpc api list clients by \u003ca href=\"https://github.com/daemonfire300\"\u003e\u003ccode\u003e@​daemonfire300\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4202\"\u003edexidp/dex#4202\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:bug: remove extra method=\u0026quot;get\u0026quot; from device-code template by \u003ca href=\"https://github.com/tuminoid\"\u003e\u003ccode\u003e@​tuminoid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4145\"\u003edexidp/dex#4145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[oidc] pass httpClient to the TokenIdentity context by \u003ca href=\"https://github.com/marriva\"\u003e\u003ccode\u003e@​marriva\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4223\"\u003edexidp/dex#4223\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.3 by \u003ca href=\"https://github.com/philBrown\"\u003e\u003ccode\u003e@​philBrown\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4224\"\u003edexidp/dex#4224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code should not require scope by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4203\"\u003edexidp/dex#4203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: device code pending HTTP response by \u003ca href=\"https://github.com/cardoe\"\u003e\u003ccode\u003e@​cardoe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4204\"\u003edexidp/dex#4204\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAllow compilation without CGO by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4266\"\u003edexidp/dex#4266\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eResolve CVE by updating gomplate to 4.3.2 by \u003ca href=\"https://github.com/nathanlaceyraft\"\u003e\u003ccode\u003e@​nathanlaceyraft\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4146\"\u003edexidp/dex#4146\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4180\"\u003edexidp/dex#4180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4171\"\u003edexidp/dex#4171\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4174\"\u003edexidp/dex#4174\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4179\"\u003edexidp/dex#4179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4167\"\u003edexidp/dex#4167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4162\"\u003edexidp/dex#4162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4155\"\u003edexidp/dex#4155\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e188ddfb\u003c/code\u003e to \u003ccode\u003e627d6c5\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4181\"\u003edexidp/dex#4181\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4187\"\u003edexidp/dex#4187\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4186\"\u003edexidp/dex#4186\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4185\"\u003edexidp/dex#4185\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4184\"\u003edexidp/dex#4184\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4183\"\u003edexidp/dex#4183\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4175\"\u003edexidp/dex#4175\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.21.3 to 3.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4163\"\u003edexidp/dex#4163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4170\"\u003edexidp/dex#4170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4189\"\u003edexidp/dex#4189\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4190\"\u003edexidp/dex#4190\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4219\"\u003edexidp/dex#4219\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4205\"\u003edexidp/dex#4205\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4225\"\u003edexidp/dex#4225\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4210\"\u003edexidp/dex#4210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4196\"\u003edexidp/dex#4196\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4214\"\u003edexidp/dex#4214\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump alpine from 3.22.0 to 3.22.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4217\"\u003edexidp/dex#4217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump the etcd group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4213\"\u003edexidp/dex#4213\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4199\"\u003edexidp/dex#4199\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4239\"\u003edexidp/dex#4239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4238\"\u003edexidp/dex#4238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4235\"\u003edexidp/dex#4235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/2dce75009acfcd9df77d57f2d144aae999a4c569\"\u003e\u003ccode\u003e2dce750\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4292\"\u003e#4292\u003c/a\u003e from dexidp/dependabot/go_modules/github.com/stretch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8aa4684f81590325672d0fbc707d9d60ed64de2d\"\u003e\u003ccode\u003e8aa4684\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4293\"\u003e#4293\u003c/a\u003e from dexidp/dependabot/github_actions/aquasecurity/t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/33f0619a66d08ec08e7642d4df6a058e15af4d7e\"\u003e\u003ccode\u003e33f0619\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4296\"\u003e#4296\u003c/a\u003e from dexidp/dependabot/github_actions/actions/attest...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d95db82a70dbd2b0058c1094930cf592b078c350\"\u003e\u003ccode\u003ed95db82\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4295\"\u003e#4295\u003c/a\u003e from rackerlabs/avoid-hardcoded-image\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/f10f4d6ef8c8b1c81dd9629461c9eb6c8a6980a4\"\u003e\u003ccode\u003ef10f4d6\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/ad912d0569b2af157e1645e81235108d41a2802a\"\u003e\u003ccode\u003ead912d0\u003c/code\u003e\u003c/a\u003e build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e1da164dd59a476f1271506c1b306de2a331ce97\"\u003e\u003ccode\u003ee1da164\u003c/code\u003e\u003c/a\u003e build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/d4e9d54f41a79cd35a26c3229123d641c37df01d\"\u003e\u003ccode\u003ed4e9d54\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4286\"\u003e#4286\u003c/a\u003e from dexidp/dependabot/go_modules/api/v2/google.gola...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9b5c87a10063ad7df905f1dfdff8ea6513bce39e\"\u003e\u003ccode\u003e9b5c87a\u003c/code\u003e\u003c/a\u003e build(deps): bump google.golang.org/protobuf in /api/v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/757fd5fbe619916fb01bcd746329b99f1c8f4e28\"\u003e\u003ccode\u003e757fd5f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4290\"\u003e#4290\u003c/a\u003e from dexidp/dependabot/github_actions/actions/depend...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.1...v2.44.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hashicorp/vault` from 1.20.2 to 1.20.3\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/sigstore/pull/2160","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore/issues/2160","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2160/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.1","update_type":"minor","path":"/charts/argocd","pr_created_at":"2025-06-02T15:11:57.000Z","version_change":"v2.42.1 → v2.43.1","issue":{"uuid":"3110602269","node_id":"PR_kwDOJ2U4086Ypje2","number":385,"state":"open","title":"Bump dexidp/dex from v2.42.1 to v2.43.1 in /charts/argocd","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-06-02T15:11:57.000Z","updated_at":"2025-07-15T19:25:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1","repository_url":"https://github.com/dexidp/dex"}],"path":"/charts/argocd","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4146\"\u003e#4146\u003c/a\u003e to 2.43.x by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4148\"\u003edexidp/dex#4148\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6e602d3315ea09d0cdeef6b51e61f2fd4ae52502\"\u003e\u003ccode\u003e6e602d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4148\"\u003e#4148\u003c/a\u003e from dexidp/backport-4146\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/1a97d72ab1685dd27c372876033a329beb065364\"\u003e\u003ccode\u003e1a97d72\u003c/code\u003e\u003c/a\u003e Resolve CVE by updating gomplate to 4.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.\n","html_url":"https://github.com/onehinny/homelab/pull/385","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onehinny%2Fhomelab/issues/385","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/385/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.1","update_type":"minor","path":null,"pr_created_at":"2025-05-26T06:20:16.000Z","version_change":"v2.42.1 → v2.43.1","issue":{"uuid":"2543137645","node_id":"PR_kwDOFWzxY86XlTNt","number":539,"state":"open","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-05-26T06:20:16.000Z","updated_at":"2025-05-26T06:20:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.2","new_version":"1.24.3"},{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.2 to 1.24.3\n\nUpdates `dexidp/dex` from v2.42.1 to v2.43.1\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/cpanato/fulcio/pull/539","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cpanato%2Ffulcio/issues/539","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/539/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.1","update_type":"minor","path":"the all group","pr_created_at":"2025-05-26T02:29:14.000Z","version_change":"v2.42.1 → v2.43.1","issue":{"uuid":"2542848530","node_id":"PR_kwDOFFxbIM6XkMoS","number":2054,"state":"open","title":"Bump dexidp/dex from v2.42.1 to v2.43.1 in the all group","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-26T02:29:14.000Z","updated_at":"2025-05-26T06:35:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1","repository_url":null}],"path":"the all group","ecosystem":"docker"},"body":"Bumps the all group with 1 update: dexidp/dex.\n\nUpdates `dexidp/dex` from v2.42.1 to v2.43.1\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/fulcio/pull/2054","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Ffulcio/issues/2054","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2054/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.1","update_type":"minor","path":"/dockerfiles/test-dex","pr_created_at":"2025-05-23T02:06:54.000Z","version_change":"v2.42.1 → v2.43.1","issue":{"uuid":"2538595563","node_id":"PR_kwDOEH72W86XT-Tr","number":2407,"state":"closed","title":"Bump dexidp/dex from v2.42.1 to v2.43.1 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-05-27T16:39:29.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-23T02:06:54.000Z","updated_at":"2025-05-27T16:39:29.000Z","time_to_close":397955,"merged_at":"2025-05-27T16:39:29.000Z","merged_by":"joshuatcasey","closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.1","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4146\"\u003e#4146\u003c/a\u003e to 2.43.x by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4148\"\u003edexidp/dex#4148\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.43.0...v2.43.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6e602d3315ea09d0cdeef6b51e61f2fd4ae52502\"\u003e\u003ccode\u003e6e602d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4148\"\u003e#4148\u003c/a\u003e from dexidp/backport-4146\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/1a97d72ab1685dd27c372876033a329beb065364\"\u003e\u003ccode\u003e1a97d72\u003c/code\u003e\u003c/a\u003e Resolve CVE by updating gomplate to 4.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware-tanzu/pinniped/pull/2407","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fpinniped/issues/2407","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2407/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.0","update_type":"minor","path":null,"pr_created_at":"2025-05-20T03:34:33.000Z","version_change":"v2.42.1 → v2.43.0","issue":{"uuid":"2530219839","node_id":"PR_kwDOF3eXvs6W0Bc_","number":9394,"state":"closed","title":"Bump dexidp/dex from v2.42.1 to v2.43.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-20T05:38:12.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-20T03:34:33.000Z","updated_at":"2025-05-20T05:38:12.000Z","time_to_close":7419,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.0","repository_url":"https://github.com/dexidp/dex"}],"path":null,"ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/login-action from 3.3.0 to 3.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4070\"\u003edexidp/dex#4070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4069\"\u003edexidp/dex#4069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4068\"\u003edexidp/dex#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/russellhaering/goxmldsig from 1.4.0 to 1.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4073\"\u003edexidp/dex#4073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/beevik/etree from 1.5.0 to 1.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4096\"\u003edexidp/dex#4096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4095\"\u003edexidp/dex#4095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-ldap/ldap/v3 from 3.4.10 to 3.4.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4093\"\u003edexidp/dex#4093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4092\"\u003edexidp/dex#4092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.11 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4091\"\u003edexidp/dex#4091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4090\"\u003edexidp/dex#4090\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/41f9cc8bfc77545fc9ab4e96b12eed1dcaca97d7\"\u003e\u003ccode\u003e41f9cc8\u003c/code\u003e\u003c/a\u003e build(deps): bump distroless/static-debian12 from \u003ccode\u003ec0f429e\u003c/code\u003e to \u003ccode\u003e188ddfb\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8f3e94d4424457a4193a750244075f15753ae5ad\"\u003e\u003ccode\u003e8f3e94d\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 3.28.17 to 3.28.18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9394","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9394","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9394/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.0","update_type":"minor","path":"/dockerfiles/test-dex","pr_created_at":"2025-05-20T01:51:48.000Z","version_change":"v2.42.1 → v2.43.0","issue":{"uuid":"2530111632","node_id":"PR_kwDOEH72W86WznCQ","number":2394,"state":"closed","title":"Bump dexidp/dex from v2.42.1 to v2.43.0 in /dockerfiles/test-dex","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-05-23T02:06:57.000Z","author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-05-20T01:51:48.000Z","updated_at":"2025-05-23T02:06:57.000Z","time_to_close":260109,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.0","repository_url":"https://github.com/dexidp/dex"}],"path":"/dockerfiles/test-dex","ecosystem":"docker"},"body":"Bumps [dexidp/dex](https://github.com/dexidp/dex) from v2.42.1 to v2.43.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.43.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancements 🚀\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGenerate access tokens for implicit \u0026amp; hybrid flows only when needed by \u003ca href=\"https://github.com/mfila\"\u003e\u003ccode\u003e@​mfila\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3857\"\u003edexidp/dex#3857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ek8s storage: Request only one object to check if API exists by \u003ca href=\"https://github.com/nabokihms\"\u003e\u003ccode\u003e@​nabokihms\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4027\"\u003edexidp/dex#4027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: simplify tests by using slog.DiscardHandler by \u003ca href=\"https://github.com/alexandear\"\u003e\u003ccode\u003e@​alexandear\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4058\"\u003edexidp/dex#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix Makefile to Support Spaces in Paths by \u003ca href=\"https://github.com/EthanDieterich\"\u003e\u003ccode\u003e@​EthanDieterich\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4000\"\u003edexidp/dex#4000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4087\"\u003edexidp/dex#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix Incorrect Group Handling in RequestContextHandler logger.go by \u003ca href=\"https://github.com/alihasan070707\"\u003e\u003ccode\u003e@​alihasan070707\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4082\"\u003edexidp/dex#4082\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Updates ⬆️\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.0 to 4.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3998\"\u003edexidp/dex#3998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.13.0 to 6.14.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3997\"\u003edexidp/dex#3997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/dexidp/dex/api/v2 from 2.2.0 to 2.3.0 in /examples by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3996\"\u003edexidp/dex#3996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.20.5 to 1.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3995\"\u003edexidp/dex#3995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.221.0 to 0.222.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/3994\"\u003edexidp/dex#3994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4008\"\u003edexidp/dex#4008\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in /examples in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4007\"\u003edexidp/dex#4007\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.0-alpine3.20 to 1.24.1-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4021\"\u003edexidp/dex#4021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4001\"\u003edexidp/dex#4001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.9 to 3.28.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4038\"\u003edexidp/dex#4038\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4043\"\u003edexidp/dex#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003e6ec5aa9\u003c/code\u003e to \u003ccode\u003eb35229a\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4052\"\u003edexidp/dex#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/api from 0.222.0 to 0.228.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4059\"\u003edexidp/dex#4059\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump distroless/static-debian12 from \u003ccode\u003eb35229a\u003c/code\u003e to \u003ccode\u003ec0f429e\u003c/code\u003e by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4062\"\u003edexidp/dex#4062\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4060\"\u003edexidp/dex#4060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4053\"\u003edexidp/dex#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/build-push-action from 6.14.0 to 6.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4039\"\u003edexidp/dex#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/grpc from 1.70.0 to 1.71.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4064\"\u003edexidp/dex#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-qemu-action from 3.4.0 to 3.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4031\"\u003edexidp/dex#4031\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4005\"\u003edexidp/dex#4005\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4014\"\u003edexidp/dex#4014\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/prometheus/client_golang from 1.21.0 to 1.22.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4083\"\u003edexidp/dex#4083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-sql-driver/mysql from 1.9.0 to 1.9.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4080\"\u003edexidp/dex#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang from 1.24.1-alpine3.20 to 1.24.2-alpine3.20 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4079\"\u003edexidp/dex#4079\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump go.etcd.io/etcd/client/v3 from 3.5.18 to 3.5.21 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4074\"\u003edexidp/dex#4074\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/cache from 4.2.1 to 4.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4072\"\u003edexidp/dex#4072\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/attest-build-provenance from 2.2.0 to 2.2.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4071\"\u003edexidp/dex#4071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/login-action from 3.3.0 to 3.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4070\"\u003edexidp/dex#4070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4069\"\u003edexidp/dex#4069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump docker/metadata-action from 5.6.1 to 5.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4068\"\u003edexidp/dex#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/russellhaering/goxmldsig from 1.4.0 to 1.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4073\"\u003edexidp/dex#4073\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/beevik/etree from 1.5.0 to 1.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4096\"\u003edexidp/dex#4096\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4095\"\u003edexidp/dex#4095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github.com/go-ldap/ldap/v3 from 3.4.10 to 3.4.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4093\"\u003edexidp/dex#4093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4092\"\u003edexidp/dex#4092\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.11 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4091\"\u003edexidp/dex#4091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump aquasecurity/trivy-action from 0.29.0 to 0.30.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4090\"\u003edexidp/dex#4090\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8e96058e71257eb0a32e1b0a42303094dea9d8fb\"\u003e\u003ccode\u003e8e96058\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4141\"\u003e#4141\u003c/a\u003e from dexidp/dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/385e63d4d4748dc8d9e89cf392296ea2e216c59d\"\u003e\u003ccode\u003e385e63d\u003c/code\u003e\u003c/a\u003e chore: update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/6dad0fc16f0d39b9af4b0470ea2f6a482cf05321\"\u003e\u003ccode\u003e6dad0fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4136\"\u003e#4136\u003c/a\u003e from dexidp/dependabot/go_modules/go.etcd.io/etcd/cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/362f2557f76d65f720462465004626ef5f9aed4f\"\u003e\u003ccode\u003e362f255\u003c/code\u003e\u003c/a\u003e build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.21 to 3.6.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/183d84575856a67ef29da45753231a2794fdefaa\"\u003e\u003ccode\u003e183d845\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4135\"\u003e#4135\u003c/a\u003e from dexidp/dependabot/github_actions/docker/build-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/e552a8e8ed5a3301f2c738303d04a42148655e91\"\u003e\u003ccode\u003ee552a8e\u003c/code\u003e\u003c/a\u003e chore: group etcd dependency updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/9da4bdb4235c43295c20af50ceb47820541579d9\"\u003e\u003ccode\u003e9da4bdb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4139\"\u003e#4139\u003c/a\u003e from dexidp/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/70fb1638886ffb99bd4598523c6cdea7bf009eed\"\u003e\u003ccode\u003e70fb163\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4140\"\u003e#4140\u003c/a\u003e from dexidp/dependabot/docker/distroless/static-debi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/41f9cc8bfc77545fc9ab4e96b12eed1dcaca97d7\"\u003e\u003ccode\u003e41f9cc8\u003c/code\u003e\u003c/a\u003e build(deps): bump distroless/static-debian12 from \u003ccode\u003ec0f429e\u003c/code\u003e to \u003ccode\u003e188ddfb\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/8f3e94d4424457a4193a750244075f15753ae5ad\"\u003e\u003ccode\u003e8f3e94d\u003c/code\u003e\u003c/a\u003e build(deps): bump github/codeql-action from 3.28.17 to 3.28.18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.1...v2.43.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dexidp/dex\u0026package-manager=docker\u0026previous-version=v2.42.1\u0026new-version=v2.43.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/vmware-tanzu/pinniped/pull/2394","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-tanzu%2Fpinniped/issues/2394","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2394/packages"}},{"old_version":"v2.42.1","new_version":"v2.43.0","update_type":"minor","path":null,"pr_created_at":"2025-05-19T20:56:24.000Z","version_change":"v2.42.1 → v2.43.0","issue":{"uuid":"2529767650","node_id":"PR_kwDOFHnGQc6WyTDi","number":433,"state":"closed","title":"Bump the all group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-06-18T16:14:07.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-05-19T20:56:24.000Z","updated_at":"2025-06-18T16:14:07.000Z","time_to_close":2575063,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"all","update_count":2,"packages":[{"name":"golang","old_version":"1.24.2","new_version":"1.24.3"},{"name":"dexidp/dex","old_version":"v2.42.1","new_version":"v2.43.0"}],"path":null,"ecosystem":"docker"},"body":"Bumps the all group with 2 updates in the / directory: golang and dexidp/dex.\n\nUpdates `golang` from 1.24.2 to 1.24.3\n\nUpdates `dexidp/dex` from v2.42.1 to v2.43.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/fulcio/pull/433","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Ffulcio/issues/433","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/433/packages"}},{"old_version":"v2.42.0","new_version":"v2.42.1","update_type":"patch","path":"/test/e2e","pr_created_at":"2025-04-28T19:54:34.000Z","version_change":"v2.42.0 → v2.42.1","issue":{"uuid":"2486794368","node_id":"PR_kwDOFC8iNM6UOXiA","number":2074,"state":"open","title":"build(deps): Bump the all group in /test/e2e with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-04-28T19:54:34.000Z","updated_at":"2025-05-12T19:50:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":3,"packages":[{"name":"dexidp/dex","old_version":"v2.42.0","new_version":"v2.42.1","repository_url":"https://github.com/dexidp/dex"},{"name":"localstack/localstack","old_version":"4.2.0","new_version":"4.3.0"},{"name":"hashicorp/vault","old_version":"1.18.5","new_version":"1.19.2"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 3 updates: [dexidp/dex](https://github.com/dexidp/dex), localstack/localstack and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.42.0 to v2.42.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.42.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4089\"\u003edexidp/dex#4089\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/4c3e83b90135339575b66d7cf878fb1a6326c243\"\u003e\u003ccode\u003e4c3e83b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4089\"\u003e#4089\u003c/a\u003e from dexidp/backport-4087\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/3e2abe882cc75ad99b6e255db0accfd7aa3c389f\"\u003e\u003ccode\u003e3e2abe8\u003c/code\u003e\u003c/a\u003e fix: remove version controlled files from dockerignore\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `localstack/localstack` from 4.2.0 to 4.3.0\n\nUpdates `hashicorp/vault` from 1.18.5 to 1.19.2\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/sigstore/sigstore/pull/2074","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore/issues/2074","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2074/packages"}},{"old_version":"v2.42.0","new_version":"v2.42.1","update_type":"patch","path":"/test/e2e","pr_created_at":"2025-04-28T06:32:13.000Z","version_change":"v2.42.0 → v2.42.1","issue":{"uuid":"3023856649","node_id":"PR_kwDOFT62E86UHDNd","number":1199,"state":"open","title":"build(deps): Bump the all group in /test/e2e with 3 updates","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-04-28T06:32:13.000Z","updated_at":"2025-06-18T11:46:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"all","update_count":3,"packages":[{"name":"dexidp/dex","old_version":"v2.42.0","new_version":"v2.42.1","repository_url":"https://github.com/dexidp/dex"},{"name":"localstack/localstack","old_version":"4.2.0","new_version":"4.3.0"},{"name":"hashicorp/vault","old_version":"1.18.5","new_version":"1.19.2"}],"path":"/test/e2e","ecosystem":"docker"},"body":"Bumps the all group in /test/e2e with 3 updates: [dexidp/dex](https://github.com/dexidp/dex), localstack/localstack and hashicorp/vault.\n\nUpdates `dexidp/dex` from v2.42.0 to v2.42.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dexidp/dex/releases\"\u003edexidp/dex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.42.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug Fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: remove version controlled files from dockerignore by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dexidp/dex/pull/4089\"\u003edexidp/dex#4089\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ehttps://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/4c3e83b90135339575b66d7cf878fb1a6326c243\"\u003e\u003ccode\u003e4c3e83b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dexidp/dex/issues/4089\"\u003e#4089\u003c/a\u003e from dexidp/backport-4087\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dexidp/dex/commit/3e2abe882cc75ad99b6e255db0accfd7aa3c389f\"\u003e\u003ccode\u003e3e2abe8\u003c/code\u003e\u003c/a\u003e fix: remove version controlled files from dockerignore\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dexidp/dex/compare/v2.42.0...v2.42.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `localstack/localstack` from 4.2.0 to 4.3.0\n\nUpdates `hashicorp/vault` from 1.18.5 to 1.19.2\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/bobcallaway/sigstore/pull/1199","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bobcallaway%2Fsigstore/issues/1199","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1199/packages"}}]}