{"id":52555,"name":"oauth2-proxy/oauth2-proxy","ecosystem":"docker","repository_url":null,"issues_count":8,"created_at":"2025-07-19T00:36:49.553Z","updated_at":"2025-07-19T00:36:49.553Z","purl":"pkg:docker/oauth2-proxy/oauth2-proxy","unique_repositories_count":3,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"4125020593","node_id":"PR_kwDOF3eXvs7M31Pv","number":11337,"state":"closed","title":"Bump oauth2-proxy/oauth2-proxy from v7.14.3-alpine to v7.15.1-alpine","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-15T03:38:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-24T03:36:11.000Z","updated_at":"2026-04-15T03:38:57.000Z","time_to_close":1900964,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.14.3-alpine","new_version":"v7.15.1-alpine","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.14.3-alpine to v7.15.1-alpine.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.15.1\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-33186\"\u003eCVE-2026-33186\u003c/a\u003e\nOAuth2 Proxy was not impacted by this vulnerability as it isn't in the path of execution\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3382\"\u003e#3382\u003c/a\u003e chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3374\"\u003e#3374\u003c/a\u003e fix: handle Unix socket RemoteAddr in IP resolution (\u003ca href=\"https://github.com/H1net\"\u003e\u003ccode\u003e@​H1net\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3381\"\u003e#3381\u003c/a\u003e fix: do not log error for backend logout 204 (\u003ca href=\"https://github.com/artificiosus\"\u003e\u003ccode\u003e@​artificiosus\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3327\"\u003e#3327\u003c/a\u003e fix: improve logging when session refresh token is missing (\u003ca href=\"https://github.com/yosri-brh\"\u003e\u003ccode\u003e@​yosri-brh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2767\"\u003e#2767\u003c/a\u003e fix: propagate errors during route building (\u003ca href=\"https://github.com/sybereal\"\u003e\u003ccode\u003e@​sybereal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.15.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3352\"\u003e#3352\u003c/a\u003e fix: backend logout URL call on sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3172\"\u003e#3172\u003c/a\u003e)(\u003ca href=\"https://github.com/vsejpal\"\u003e\u003ccode\u003e@​vsejpal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3332\"\u003e#3332\u003c/a\u003e ci: distribute windows binary with .exe extension (\u003ca href=\"https://github.com/igitur\"\u003e\u003ccode\u003e@​igitur\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2685\"\u003e#2685\u003c/a\u003e feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (\u003ca href=\"https://github.com/vegetablest\"\u003e\u003ccode\u003e@​vegetablest\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3278\"\u003e#3278\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://github.com/albanf\"\u003e\u003ccode\u003e@​albanf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2851\"\u003e#2851\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) (\u003ca href=\"https://github.com/andoks\"\u003e\u003ccode\u003e@​andoks\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3369\"\u003e#3369\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3365\"\u003e#3365\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3338\"\u003e#3338\u003c/a\u003e feat: add --config-test flag for validating configuration (\u003ca href=\"https://github.com/MayorFaj\"\u003e\u003ccode\u003e@​MayorFaj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVx.x.x (Pre-release)\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.15.1\u003c/h2\u003e\n\u003ch1\u003eV7.15.1\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-33186\"\u003eCVE-2026-33186\u003c/a\u003e\nOAuth2 Proxy was not impacted by this vulnerability as it isn't in the path of execution\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3382\"\u003e#3382\u003c/a\u003e chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3374\"\u003e#3374\u003c/a\u003e fix: handle Unix socket RemoteAddr in IP resolution (\u003ca href=\"https://github.com/H1net\"\u003e\u003ccode\u003e@​H1net\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3381\"\u003e#3381\u003c/a\u003e fix: do not log error for backend logout 204 (\u003ca href=\"https://github.com/artificiosus\"\u003e\u003ccode\u003e@​artificiosus\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3327\"\u003e#3327\u003c/a\u003e fix: improve logging when session refresh token is missing (\u003ca href=\"https://github.com/yosri-brh\"\u003e\u003ccode\u003e@​yosri-brh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2767\"\u003e#2767\u003c/a\u003e fix: propagate errors during route building (\u003ca href=\"https://github.com/sybereal\"\u003e\u003ccode\u003e@​sybereal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eV7.15.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/848ec8ba82e8097bf52c16b3ba825dacef8fcbcb\"\u003e\u003ccode\u003e848ec8b\u003c/code\u003e\u003c/a\u003e release v7.15.1 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3384\"\u003e#3384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/46be69c276f0ab17cd30d0cc0f309a187a23d92a\"\u003e\u003ccode\u003e46be69c\u003c/code\u003e\u003c/a\u003e fix: propagate errors during route building (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3383\"\u003e#3383\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/e2682f759539fe735b18fc655b677cb0a935637f\"\u003e\u003ccode\u003ee2682f7\u003c/code\u003e\u003c/a\u003e fix: improve logging when session refresh token is missing (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3327\"\u003e#3327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/5ca3012652893d34e41d069fa4156e78ba0b4751\"\u003e\u003ccode\u003e5ca3012\u003c/code\u003e\u003c/a\u003e doc: update PR template with additional checklist items\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/44236f0314ebaeed8d9f57ece7e2ab05a80b81e6\"\u003e\u003ccode\u003e44236f0\u003c/code\u003e\u003c/a\u003e fix: do not log error for backend logout 204 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3381\"\u003e#3381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/a4d89036ec102509fbb0d393f77cc90af6d083c8\"\u003e\u003ccode\u003ea4d8903\u003c/code\u003e\u003c/a\u003e fix: handle Unix socket RemoteAddr in IP resolution (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3374\"\u003e#3374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9f09d54ba4481aa69f336381cd106d058f118930\"\u003e\u003ccode\u003e9f09d54\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/upload-artifact action to v7 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3358\"\u003e#3358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/0ecc35ea41a25f4ec89649533b51aa927ad64f85\"\u003e\u003ccode\u003e0ecc35e\u003c/code\u003e\u003c/a\u003e chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3382\"\u003e#3382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/96c9ec69868e2bcd307ee837ca9fd24e77dcc48b\"\u003e\u003ccode\u003e96c9ec6\u003c/code\u003e\u003c/a\u003e release v7.15.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ae0b325a6d75b163c6f1fefb66ca4817c133438\"\u003e\u003ccode\u003e9ae0b32\u003c/code\u003e\u003c/a\u003e feat: add support for setting a unix binding's socket file mode (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3376\"\u003e#3376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.14.3...v7.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.14.3-alpine\u0026new-version=v7.15.1-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/11337","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/11337","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11337/packages"},{"uuid":"4098726961","node_id":"PR_kwDOLDe_3M7Lt9Kj","number":341,"state":"open","title":"chore(deps): bump oauth2-proxy/oauth2-proxy from v7.14.2 to v7.15.0 in /helm/modelix","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T01:53:37.000Z","updated_at":"2026-03-19T02:05:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.14.2","new_version":"v7.15.0","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":"/helm/modelix","ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.14.2 to v7.15.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.15.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3352\"\u003e#3352\u003c/a\u003e fix: backend logout URL call on sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3172\"\u003e#3172\u003c/a\u003e)(\u003ca href=\"https://github.com/vsejpal\"\u003e\u003ccode\u003e@​vsejpal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3332\"\u003e#3332\u003c/a\u003e ci: distribute windows binary with .exe extension (\u003ca href=\"https://github.com/igitur\"\u003e\u003ccode\u003e@​igitur\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2685\"\u003e#2685\u003c/a\u003e feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (\u003ca href=\"https://github.com/vegetablest\"\u003e\u003ccode\u003e@​vegetablest\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3278\"\u003e#3278\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://github.com/albanf\"\u003e\u003ccode\u003e@​albanf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2851\"\u003e#2851\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) (\u003ca href=\"https://github.com/andoks\"\u003e\u003ccode\u003e@​andoks\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3369\"\u003e#3369\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3365\"\u003e#3365\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3338\"\u003e#3338\u003c/a\u003e feat: add --config-test flag for validating configuration (\u003ca href=\"https://github.com/MayorFaj\"\u003e\u003ccode\u003e@​MayorFaj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3347\"\u003e#3347\u003c/a\u003e feat: add same site option for csrf cookies (\u003ca href=\"https://github.com/jvnoije\"\u003e\u003ccode\u003e@​jvnoije\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3376\"\u003e#3376\u003c/a\u003e feat: allow setting unix socket file mode when declaring listener (\u003ca href=\"https://github.com/Tristan971\"\u003e\u003ccode\u003e@​Tristan971\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.14.3\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔵 Go1.25.7 and upgrade of dependencies to latest versions (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://nvd.nist.gov/vuln/detail/cve-2025-68121\"\u003eCVE-2025-68121\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🐛 Bug fixes\n\u003cul\u003e\n\u003cli\u003eAllow Redis URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eWe improved our supply chain security by added additional checks to prevent potential command injection in the publish release workflow and to ensure that it can only be triggered from branches originating in the local repository. This potential issue was reported by automated systems as well as a couple of security researchers, and we want to thank everyone for their diligence in looking out for the security of the project. Especially Aastha Aggarwal for her detailed report and follow-up. \u003ca href=\"https://github.com/Aastha2602\"\u003e\u003ccode\u003e@​Aastha2602\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges since v7.15.0\u003c/h2\u003e\n\u003ch1\u003eV7.15.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3352\"\u003e#3352\u003c/a\u003e fix: backend logout URL call on sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3172\"\u003e#3172\u003c/a\u003e)(\u003ca href=\"https://github.com/vsejpal\"\u003e\u003ccode\u003e@​vsejpal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3332\"\u003e#3332\u003c/a\u003e ci: distribute windows binary with .exe extension (\u003ca href=\"https://github.com/igitur\"\u003e\u003ccode\u003e@​igitur\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2685\"\u003e#2685\u003c/a\u003e feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (\u003ca href=\"https://github.com/vegetablest\"\u003e\u003ccode\u003e@​vegetablest\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3278\"\u003e#3278\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://github.com/albanf\"\u003e\u003ccode\u003e@​albanf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2851\"\u003e#2851\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) (\u003ca href=\"https://github.com/andoks\"\u003e\u003ccode\u003e@​andoks\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3369\"\u003e#3369\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3365\"\u003e#3365\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3338\"\u003e#3338\u003c/a\u003e feat: add --config-test flag for validating configuration (\u003ca href=\"https://github.com/MayorFaj\"\u003e\u003ccode\u003e@​MayorFaj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3347\"\u003e#3347\u003c/a\u003e feat: add same site option for csrf cookies (\u003ca href=\"https://github.com/jvnoije\"\u003e\u003ccode\u003e@​jvnoije\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3376\"\u003e#3376\u003c/a\u003e feat: allow setting unix socket file mode when declaring listener (\u003ca href=\"https://github.com/Tristan971\"\u003e\u003ccode\u003e@​Tristan971\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eV7.14.3\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔵 Go1.25.7 and upgrade of dependencies to latest versions\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://nvd.nist.gov/vuln/detail/cve-2025-68121\"\u003eCVE-2025-68121\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🐛 Bug fixes\n\u003cul\u003e\n\u003cli\u003eAllow Redis URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eWe improved our supply chain security by added additional checks to prevent potential command injection in the publish release workflow and to ensure that it can only be triggered from branches originating in the local repository. This potential issue was reported by automated systems as well as a couple of security researchers, and we want to thank everyone for their diligence in looking out for the security of the project. Especially Aastha Aggarwal for her detailed report and follow-up. \u003ca href=\"https://github.com/Aastha2602\"\u003e\u003ccode\u003e@​Aastha2602\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/96c9ec69868e2bcd307ee837ca9fd24e77dcc48b\"\u003e\u003ccode\u003e96c9ec6\u003c/code\u003e\u003c/a\u003e release v7.15.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ae0b325a6d75b163c6f1fefb66ca4817c133438\"\u003e\u003ccode\u003e9ae0b32\u003c/code\u003e\u003c/a\u003e feat: add support for setting a unix binding's socket file mode (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3376\"\u003e#3376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/cdbdb1128dc09cae34670b7958cff56378137817\"\u003e\u003ccode\u003ecdbdb11\u003c/code\u003e\u003c/a\u003e feat: add same site option for csrf cookies (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3347\"\u003e#3347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/51ecc50372c42299749dafb225dee42df3520755\"\u003e\u003ccode\u003e51ecc50\u003c/code\u003e\u003c/a\u003e feat: add --config-test flag for validating configuration  (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3338\"\u003e#3338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/fe5c6becec9291ee95aee9306880b8ecd186e12b\"\u003e\u003ccode\u003efe5c6be\u003c/code\u003e\u003c/a\u003e doc: add missing redis-ca-path documentation (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3341\"\u003e#3341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/779cc5f350951b67169aec9836b3495f4faf80df\"\u003e\u003ccode\u003e779cc5f\u003c/code\u003e\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3365\"\u003e#3365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/ff357daa045a5a4622f5ac73cb9a45d15bf8accc\"\u003e\u003ccode\u003eff357da\u003c/code\u003e\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3369\"\u003e#3369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/7c96234233d7aa192939e90700313cc9c82e7516\"\u003e\u003ccode\u003e7c96234\u003c/code\u003e\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/30853098c71dd4088bff9eb4069e7c6e7cee9ef8\"\u003e\u003ccode\u003e3085309\u003c/code\u003e\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3278\"\u003e#3278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/8cb06b7ada3e46bce7c416a72caf611a49912c17\"\u003e\u003ccode\u003e8cb06b7\u003c/code\u003e\u003c/a\u003e chore(deps): update docker-compose (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3320\"\u003e#3320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.14.2...v7.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.14.2\u0026new-version=v7.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/modelix/modelix.kubernetes/pull/341","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelix%2Fmodelix.kubernetes/issues/341","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/341/packages"},{"uuid":"2758479636","node_id":"PR_kwDOLDe_3M6kaw8U","number":143,"state":"open","title":"build(deps): bump oauth2-proxy/oauth2-proxy from v7.11.0 to v7.12.0 in /helm/modelix","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-08-20T05:44:05.000Z","updated_at":"2025-08-20T05:44:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.11.0","new_version":"v7.12.0","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":"/helm/modelix","ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.11.0 to v7.12.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.12.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pkg.go.dev/vuln/GO-2025-3849\"\u003eCVE-2025-47907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🦸 Support for Cidaas IDP\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2273\"\u003e#2273\u003c/a\u003e feat: add Cidaas provider (\u003ca href=\"https://github.com/Bibob7\"\u003e\u003ccode\u003e@​Bibob7\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Teko012\"\u003e\u003ccode\u003e@​Teko012\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3166\"\u003e#3166\u003c/a\u003e chore(dep): upgrade to latest golang 1.24.6 (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3156\"\u003e#3156\u003c/a\u003e feat: allow disable-keep-alives configuration for upstream (\u003ca href=\"https://github.com/jet-go\"\u003e\u003ccode\u003e@​jet-go\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3150\"\u003e#3150\u003c/a\u003e fix: Gitea team membership (\u003ca href=\"https://github.com/MagicRB\"\u003e\u003ccode\u003e@​MagicRB\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges since v7.12.0\u003c/h2\u003e\n\u003ch1\u003eV7.12.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pkg.go.dev/vuln/GO-2025-3849\"\u003eCVE-2025-47907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🦸 Support for Cidaas IDP\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/5082db0bec432132651cc62a9cecba8d9c718823\"\u003e\u003ccode\u003e5082db0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3169\"\u003e#3169\u003c/a\u003e from oauth2-proxy/release/v7.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/7294eebce1d626f1a47a1b4567b987f78365ad23\"\u003e\u003ccode\u003e7294eeb\u003c/code\u003e\u003c/a\u003e add changelog entry for v7.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/b4b69a6cb370e863d45c17f90a9567b0ff474b67\"\u003e\u003ccode\u003eb4b69a6\u003c/code\u003e\u003c/a\u003e update to release version v7.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/413d4f697632a270516a482910a157470b58f28f\"\u003e\u003ccode\u003e413d4f6\u003c/code\u003e\u003c/a\u003e add new docs version 7.12.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/8c1b2b63bfdba1118f55464a1554a672be9637d6\"\u003e\u003ccode\u003e8c1b2b6\u003c/code\u003e\u003c/a\u003e fix: Gitea team membership (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3150\"\u003e#3150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/f18a0b7b0744eac3c0696764aa6ccdcc08856b0c\"\u003e\u003ccode\u003ef18a0b7\u003c/code\u003e\u003c/a\u003e feat: allow disable-keep-alives configuration in upstream (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3156\"\u003e#3156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/3978b2f27fd4af09ae2103aa337768ab0bc5a809\"\u003e\u003ccode\u003e3978b2f\u003c/code\u003e\u003c/a\u003e chore(deps): update docker-compose (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3160\"\u003e#3160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/26813d3cddafc37c6997f75c7a5e1dfb4a400f39\"\u003e\u003ccode\u003e26813d3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency golangci/golangci-lint to v2.4.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3161\"\u003e#3161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/82e016954caf174adbe573dafc41108d2efb076f\"\u003e\u003ccode\u003e82e0169\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v5 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3164\"\u003e#3164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/744b31a2c6d6338b09935f7ce0946f2b5f830075\"\u003e\u003ccode\u003e744b31a\u003c/code\u003e\u003c/a\u003e chore(dep): upgrade to latest golang 1.24.6 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3166\"\u003e#3166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.11.0...v7.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.11.0\u0026new-version=v7.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/modelix/modelix.kubernetes/pull/143","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelix%2Fmodelix.kubernetes/issues/143","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/143/packages"},{"uuid":"3312270676","node_id":"PR_kwDOBeEB2c6jKfp1","number":928,"state":"open","title":"chore(deps): bump oauth2-proxy/oauth2-proxy from v7.10.0 to v7.11.0","user":"dependabot[bot]","labels":["dependencies","docker","chore"],"assignees":["nimdanitro"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-08-12T02:19:17.000Z","updated_at":"2025-08-12T10:06:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.10.0","new_version":"v7.11.0","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.10.0 to v7.11.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor detailed information, migration guidance, and security implications, see the \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434\"\u003esecurity advisory\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eChanges since v7.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2615\"\u003e#2615\u003c/a\u003e feat(cookies): add option to set a limit on the number of per-request CSRF cookies oauth2-proxy sets (\u003ca href=\"https://github.com/bh-tt\"\u003e\u003ccode\u003e@​bh-tt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2605\"\u003e#2605\u003c/a\u003e fix: show login page on broken cookie (\u003ca href=\"https://github.com/Primexz\"\u003e\u003ccode\u003e@​Primexz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2743\"\u003e#2743\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://github.com/BobDu\"\u003e\u003ccode\u003e@​BobDu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2359\"\u003e#2359\u003c/a\u003e feat: add SourceHut (sr.ht) provider(\u003ca href=\"https://github.com/bitfehler\"\u003e\u003ccode\u003e@​bitfehler\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2524\"\u003e#2524\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running envsubst (\u003ca href=\"https://github.com/dashkan\"\u003e\u003ccode\u003e@​dashkan\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges since v7.11.0\u003c/h2\u003e\n\u003ch1\u003eV7.11.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor detailed information, migration guidance, and security implications, see the \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434\"\u003esecurity advisory\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/c0a928ededa40391baeedf8c5f3e104c047bfb6e\"\u003e\u003ccode\u003ec0a928e\u003c/code\u003e\u003c/a\u003e release v7.11.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3145\"\u003e#3145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ffafad4b2d2f9f7668e5504565f356a7c047b77\"\u003e\u003ccode\u003e9ffafad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/f4b33b64bd66ad28e9b0d63bea51837b83c00ca1\"\u003e\u003ccode\u003ef4b33b6\u003c/code\u003e\u003c/a\u003e feat: differentiate between \u0026quot;no available key\u0026quot; and error for redis sessions (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/e75a258299ec3db633450dd48a6df54b38988916\"\u003e\u003ccode\u003ee75a258\u003c/code\u003e\u003c/a\u003e feat: make google-groups argument optional (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3138\"\u003e#3138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/b905f2cd934315100dadc5c64203533fa4c9aa70\"\u003e\u003ccode\u003eb905f2c\u003c/code\u003e\u003c/a\u003e feat: use non-default authorization request response mode in OIDC providers (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/dc8b1623a26a2537a8d0119e087f2048234c9843\"\u003e\u003ccode\u003edc8b162\u003c/code\u003e\u003c/a\u003e feat(cookie): add feature support for cookie-secret-file (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3104\"\u003e#3104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/137e59d52668e3fc5d670dfbb6c3d667739e22e3\"\u003e\u003ccode\u003e137e59d\u003c/code\u003e\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/a88306be980a4866edae676f8c976ab94f23eec6\"\u003e\u003ccode\u003ea88306b\u003c/code\u003e\u003c/a\u003e feat: add SourceHut (sr.ht) provider (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2359\"\u003e#2359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/4d17bc1d6834b62c49548b88eff3f8d2a666ef8d\"\u003e\u003ccode\u003e4d17bc1\u003c/code\u003e\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2743\"\u003e#2743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/3ac834dbcfbb06de1b5168eb6397835f6f6538bb\"\u003e\u003ccode\u003e3ac834d\u003c/code\u003e\u003c/a\u003e Fix local-environment ports (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.10.0...v7.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.10.0\u0026new-version=v7.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/f-eld-ch/sitrep/pull/928","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-eld-ch%2Fsitrep/issues/928","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/928/packages"},{"uuid":"2708855431","node_id":"PR_kwDOF3eXvs6hddqH","number":9800,"state":"open","title":"Bump oauth2-proxy/oauth2-proxy from v7.10.0-alpine to v7.11.0-alpine","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-31T03:31:28.000Z","updated_at":"2025-07-31T03:31:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.10.0-alpine","new_version":"v7.11.0-alpine","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.10.0-alpine to v7.11.0-alpine.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor detailed information, migration guidance, and security implications, see the \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434\"\u003esecurity advisory\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eChanges since v7.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2615\"\u003e#2615\u003c/a\u003e feat(cookies): add option to set a limit on the number of per-request CSRF cookies oauth2-proxy sets (\u003ca href=\"https://github.com/bh-tt\"\u003e\u003ccode\u003e@​bh-tt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2605\"\u003e#2605\u003c/a\u003e fix: show login page on broken cookie (\u003ca href=\"https://github.com/Primexz\"\u003e\u003ccode\u003e@​Primexz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2743\"\u003e#2743\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://github.com/BobDu\"\u003e\u003ccode\u003e@​BobDu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2359\"\u003e#2359\u003c/a\u003e feat: add SourceHut (sr.ht) provider(\u003ca href=\"https://github.com/bitfehler\"\u003e\u003ccode\u003e@​bitfehler\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2524\"\u003e#2524\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running envsubst (\u003ca href=\"https://github.com/dashkan\"\u003e\u003ccode\u003e@​dashkan\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVx.x.x (Pre-release)\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.11.0\u003c/h2\u003e\n\u003ch1\u003eV7.11.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/c0a928ededa40391baeedf8c5f3e104c047bfb6e\"\u003e\u003ccode\u003ec0a928e\u003c/code\u003e\u003c/a\u003e release v7.11.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3145\"\u003e#3145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ffafad4b2d2f9f7668e5504565f356a7c047b77\"\u003e\u003ccode\u003e9ffafad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/f4b33b64bd66ad28e9b0d63bea51837b83c00ca1\"\u003e\u003ccode\u003ef4b33b6\u003c/code\u003e\u003c/a\u003e feat: differentiate between \u0026quot;no available key\u0026quot; and error for redis sessions (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/e75a258299ec3db633450dd48a6df54b38988916\"\u003e\u003ccode\u003ee75a258\u003c/code\u003e\u003c/a\u003e feat: make google-groups argument optional (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3138\"\u003e#3138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/b905f2cd934315100dadc5c64203533fa4c9aa70\"\u003e\u003ccode\u003eb905f2c\u003c/code\u003e\u003c/a\u003e feat: use non-default authorization request response mode in OIDC providers (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/dc8b1623a26a2537a8d0119e087f2048234c9843\"\u003e\u003ccode\u003edc8b162\u003c/code\u003e\u003c/a\u003e feat(cookie): add feature support for cookie-secret-file (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3104\"\u003e#3104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/137e59d52668e3fc5d670dfbb6c3d667739e22e3\"\u003e\u003ccode\u003e137e59d\u003c/code\u003e\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/a88306be980a4866edae676f8c976ab94f23eec6\"\u003e\u003ccode\u003ea88306b\u003c/code\u003e\u003c/a\u003e feat: add SourceHut (sr.ht) provider (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2359\"\u003e#2359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/4d17bc1d6834b62c49548b88eff3f8d2a666ef8d\"\u003e\u003ccode\u003e4d17bc1\u003c/code\u003e\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2743\"\u003e#2743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/3ac834dbcfbb06de1b5168eb6397835f6f6538bb\"\u003e\u003ccode\u003e3ac834d\u003c/code\u003e\u003c/a\u003e Fix local-environment ports (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.10.0...v7.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.10.0-alpine\u0026new-version=v7.11.0-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9800","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9800","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9800/packages"},{"uuid":"2683200627","node_id":"PR_kwDOBeEB2c6f7mRz","number":897,"state":"open","title":"chore(deps): bump oauth2-proxy/oauth2-proxy from v7.9.0 to v7.10.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-21T21:12:44.000Z","updated_at":"2025-07-25T15:42:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.9.0","new_version":"v7.10.0","repository_url":null}],"path":null,"ecosystem":"docker"},"body":"\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.9.0\u0026new-version=v7.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/f-eld-ch/sitrep/pull/897","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-eld-ch%2Fsitrep/issues/897","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/897/packages"},{"uuid":"2675868515","node_id":"PR_kwDOF3eXvs6ffoNj","number":9740,"state":"open","title":"Bump oauth2-proxy/oauth2-proxy from v7.9.0-alpine to v7.10.0-alpine","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-18T03:15:12.000Z","updated_at":"2025-07-18T03:15:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.9.0-alpine","new_version":"v7.10.0-alpine","repository_url":null}],"path":null,"ecosystem":"docker"},"body":"\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.9.0-alpine\u0026new-version=v7.10.0-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9740","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9740","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9740/packages"},{"uuid":"3241572427","node_id":"PR_kwDOLDe_3M6ffNRY","number":114,"state":"open","title":"build(deps): bump oauth2-proxy/oauth2-proxy from v7.9.0 to v7.10.0 in /helm/modelix","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-18T01:57:06.000Z","updated_at":"2025-07-18T02:07:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.9.0","new_version":"v7.10.0","repository_url":null}],"path":"/helm/modelix","ecosystem":"docker"},"body":"\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.9.0\u0026new-version=v7.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/modelix/modelix.kubernetes/pull/114","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelix%2Fmodelix.kubernetes/issues/114","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/114/packages"}],"issue_packages":[{"old_version":"v7.14.3-alpine","new_version":"v7.15.1-alpine","update_type":"minor","path":null,"pr_created_at":"2026-03-24T03:36:11.000Z","version_change":"v7.14.3-alpine → v7.15.1-alpine","issue":{"uuid":"4125020593","node_id":"PR_kwDOF3eXvs7M31Pv","number":11337,"state":"closed","title":"Bump oauth2-proxy/oauth2-proxy from v7.14.3-alpine to v7.15.1-alpine","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-15T03:38:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-24T03:36:11.000Z","updated_at":"2026-04-15T03:38:57.000Z","time_to_close":1900964,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.14.3-alpine","new_version":"v7.15.1-alpine","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.14.3-alpine to v7.15.1-alpine.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.15.1\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-33186\"\u003eCVE-2026-33186\u003c/a\u003e\nOAuth2 Proxy was not impacted by this vulnerability as it isn't in the path of execution\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3382\"\u003e#3382\u003c/a\u003e chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3374\"\u003e#3374\u003c/a\u003e fix: handle Unix socket RemoteAddr in IP resolution (\u003ca href=\"https://github.com/H1net\"\u003e\u003ccode\u003e@​H1net\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3381\"\u003e#3381\u003c/a\u003e fix: do not log error for backend logout 204 (\u003ca href=\"https://github.com/artificiosus\"\u003e\u003ccode\u003e@​artificiosus\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3327\"\u003e#3327\u003c/a\u003e fix: improve logging when session refresh token is missing (\u003ca href=\"https://github.com/yosri-brh\"\u003e\u003ccode\u003e@​yosri-brh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2767\"\u003e#2767\u003c/a\u003e fix: propagate errors during route building (\u003ca href=\"https://github.com/sybereal\"\u003e\u003ccode\u003e@​sybereal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.15.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3352\"\u003e#3352\u003c/a\u003e fix: backend logout URL call on sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3172\"\u003e#3172\u003c/a\u003e)(\u003ca href=\"https://github.com/vsejpal\"\u003e\u003ccode\u003e@​vsejpal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3332\"\u003e#3332\u003c/a\u003e ci: distribute windows binary with .exe extension (\u003ca href=\"https://github.com/igitur\"\u003e\u003ccode\u003e@​igitur\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2685\"\u003e#2685\u003c/a\u003e feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (\u003ca href=\"https://github.com/vegetablest\"\u003e\u003ccode\u003e@​vegetablest\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3278\"\u003e#3278\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://github.com/albanf\"\u003e\u003ccode\u003e@​albanf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2851\"\u003e#2851\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) (\u003ca href=\"https://github.com/andoks\"\u003e\u003ccode\u003e@​andoks\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3369\"\u003e#3369\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3365\"\u003e#3365\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3338\"\u003e#3338\u003c/a\u003e feat: add --config-test flag for validating configuration (\u003ca href=\"https://github.com/MayorFaj\"\u003e\u003ccode\u003e@​MayorFaj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVx.x.x (Pre-release)\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.15.1\u003c/h2\u003e\n\u003ch1\u003eV7.15.1\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-33186\"\u003eCVE-2026-33186\u003c/a\u003e\nOAuth2 Proxy was not impacted by this vulnerability as it isn't in the path of execution\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.15.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3382\"\u003e#3382\u003c/a\u003e chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3374\"\u003e#3374\u003c/a\u003e fix: handle Unix socket RemoteAddr in IP resolution (\u003ca href=\"https://github.com/H1net\"\u003e\u003ccode\u003e@​H1net\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3381\"\u003e#3381\u003c/a\u003e fix: do not log error for backend logout 204 (\u003ca href=\"https://github.com/artificiosus\"\u003e\u003ccode\u003e@​artificiosus\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3327\"\u003e#3327\u003c/a\u003e fix: improve logging when session refresh token is missing (\u003ca href=\"https://github.com/yosri-brh\"\u003e\u003ccode\u003e@​yosri-brh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2767\"\u003e#2767\u003c/a\u003e fix: propagate errors during route building (\u003ca href=\"https://github.com/sybereal\"\u003e\u003ccode\u003e@​sybereal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eV7.15.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/848ec8ba82e8097bf52c16b3ba825dacef8fcbcb\"\u003e\u003ccode\u003e848ec8b\u003c/code\u003e\u003c/a\u003e release v7.15.1 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3384\"\u003e#3384\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/46be69c276f0ab17cd30d0cc0f309a187a23d92a\"\u003e\u003ccode\u003e46be69c\u003c/code\u003e\u003c/a\u003e fix: propagate errors during route building (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3383\"\u003e#3383\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/e2682f759539fe735b18fc655b677cb0a935637f\"\u003e\u003ccode\u003ee2682f7\u003c/code\u003e\u003c/a\u003e fix: improve logging when session refresh token is missing (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3327\"\u003e#3327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/5ca3012652893d34e41d069fa4156e78ba0b4751\"\u003e\u003ccode\u003e5ca3012\u003c/code\u003e\u003c/a\u003e doc: update PR template with additional checklist items\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/44236f0314ebaeed8d9f57ece7e2ab05a80b81e6\"\u003e\u003ccode\u003e44236f0\u003c/code\u003e\u003c/a\u003e fix: do not log error for backend logout 204 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3381\"\u003e#3381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/a4d89036ec102509fbb0d393f77cc90af6d083c8\"\u003e\u003ccode\u003ea4d8903\u003c/code\u003e\u003c/a\u003e fix: handle Unix socket RemoteAddr in IP resolution (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3374\"\u003e#3374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9f09d54ba4481aa69f336381cd106d058f118930\"\u003e\u003ccode\u003e9f09d54\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/upload-artifact action to v7 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3358\"\u003e#3358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/0ecc35ea41a25f4ec89649533b51aa927ad64f85\"\u003e\u003ccode\u003e0ecc35e\u003c/code\u003e\u003c/a\u003e chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3382\"\u003e#3382\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/96c9ec69868e2bcd307ee837ca9fd24e77dcc48b\"\u003e\u003ccode\u003e96c9ec6\u003c/code\u003e\u003c/a\u003e release v7.15.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ae0b325a6d75b163c6f1fefb66ca4817c133438\"\u003e\u003ccode\u003e9ae0b32\u003c/code\u003e\u003c/a\u003e feat: add support for setting a unix binding's socket file mode (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3376\"\u003e#3376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.14.3...v7.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.14.3-alpine\u0026new-version=v7.15.1-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/11337","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/11337","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11337/packages"}},{"old_version":"v7.14.2","new_version":"v7.15.0","update_type":"minor","path":"/helm/modelix","pr_created_at":"2026-03-19T01:53:37.000Z","version_change":"v7.14.2 → v7.15.0","issue":{"uuid":"4098726961","node_id":"PR_kwDOLDe_3M7Lt9Kj","number":341,"state":"open","title":"chore(deps): bump oauth2-proxy/oauth2-proxy from v7.14.2 to v7.15.0 in /helm/modelix","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T01:53:37.000Z","updated_at":"2026-03-19T02:05:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.14.2","new_version":"v7.15.0","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":"/helm/modelix","ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.14.2 to v7.15.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.15.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3352\"\u003e#3352\u003c/a\u003e fix: backend logout URL call on sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3172\"\u003e#3172\u003c/a\u003e)(\u003ca href=\"https://github.com/vsejpal\"\u003e\u003ccode\u003e@​vsejpal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3332\"\u003e#3332\u003c/a\u003e ci: distribute windows binary with .exe extension (\u003ca href=\"https://github.com/igitur\"\u003e\u003ccode\u003e@​igitur\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2685\"\u003e#2685\u003c/a\u003e feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (\u003ca href=\"https://github.com/vegetablest\"\u003e\u003ccode\u003e@​vegetablest\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3278\"\u003e#3278\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://github.com/albanf\"\u003e\u003ccode\u003e@​albanf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2851\"\u003e#2851\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) (\u003ca href=\"https://github.com/andoks\"\u003e\u003ccode\u003e@​andoks\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3369\"\u003e#3369\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3365\"\u003e#3365\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3338\"\u003e#3338\u003c/a\u003e feat: add --config-test flag for validating configuration (\u003ca href=\"https://github.com/MayorFaj\"\u003e\u003ccode\u003e@​MayorFaj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3347\"\u003e#3347\u003c/a\u003e feat: add same site option for csrf cookies (\u003ca href=\"https://github.com/jvnoije\"\u003e\u003ccode\u003e@​jvnoije\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3376\"\u003e#3376\u003c/a\u003e feat: allow setting unix socket file mode when declaring listener (\u003ca href=\"https://github.com/Tristan971\"\u003e\u003ccode\u003e@​Tristan971\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.14.3\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔵 Go1.25.7 and upgrade of dependencies to latest versions (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://nvd.nist.gov/vuln/detail/cve-2025-68121\"\u003eCVE-2025-68121\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🐛 Bug fixes\n\u003cul\u003e\n\u003cli\u003eAllow Redis URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eWe improved our supply chain security by added additional checks to prevent potential command injection in the publish release workflow and to ensure that it can only be triggered from branches originating in the local repository. This potential issue was reported by automated systems as well as a couple of security researchers, and we want to thank everyone for their diligence in looking out for the security of the project. Especially Aastha Aggarwal for her detailed report and follow-up. \u003ca href=\"https://github.com/Aastha2602\"\u003e\u003ccode\u003e@​Aastha2602\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges since v7.15.0\u003c/h2\u003e\n\u003ch1\u003eV7.15.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔒 OIDC JWT signing algorithms can now be configured\u003c/li\u003e\n\u003cli\u003e🍪 CSRF cookie improvements (SameSite option, proper expiration validation)\u003c/li\u003e\n\u003cli\u003e🧪 Configuration validation flag: --config-test\u003c/li\u003e\n\u003cli\u003e🔌 Unix socket file mode support\u003c/li\u003e\n\u003cli\u003e👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint\n\u003cul\u003e\n\u003cli\u003eThis opens the door for multiple features like:\u003c/li\u003e\n\u003cli\u003eAdditional arbitrary header values for any claims your IDP provides\u003c/li\u003e\n\u003cli\u003eExtended OAuth2 Proxy UserInfo endpoint with all additional claims\u003c/li\u003e\n\u003cli\u003eRead the docs \u003ca href=\"https://oauth2-proxy.github.io/oauth2-proxy/configuration/alpha-config#how-to-utilize-arbitrary-claims-provided-by-your-identity-provider\"\u003ehere\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eCSRF cookie validation now correctly uses \u003ccode\u003eCSRFExpire\u003c/code\u003e instead of \u003ccode\u003eExpire\u003c/code\u003e. If you relied on the previous behavior, review your session timeout configuration.\nCheck the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for \u003ccode\u003ecookie-csrf-expire\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.14.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3352\"\u003e#3352\u003c/a\u003e fix: backend logout URL call on sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3172\"\u003e#3172\u003c/a\u003e)(\u003ca href=\"https://github.com/vsejpal\"\u003e\u003ccode\u003e@​vsejpal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3332\"\u003e#3332\u003c/a\u003e ci: distribute windows binary with .exe extension (\u003ca href=\"https://github.com/igitur\"\u003e\u003ccode\u003e@​igitur\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2685\"\u003e#2685\u003c/a\u003e feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (\u003ca href=\"https://github.com/vegetablest\"\u003e\u003ccode\u003e@​vegetablest\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3278\"\u003e#3278\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://github.com/albanf\"\u003e\u003ccode\u003e@​albanf\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2851\"\u003e#2851\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) (\u003ca href=\"https://github.com/andoks\"\u003e\u003ccode\u003e@​andoks\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3369\"\u003e#3369\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3365\"\u003e#3365\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://github.com/Br1an67\"\u003e\u003ccode\u003e@​Br1an67\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3338\"\u003e#3338\u003c/a\u003e feat: add --config-test flag for validating configuration (\u003ca href=\"https://github.com/MayorFaj\"\u003e\u003ccode\u003e@​MayorFaj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3347\"\u003e#3347\u003c/a\u003e feat: add same site option for csrf cookies (\u003ca href=\"https://github.com/jvnoije\"\u003e\u003ccode\u003e@​jvnoije\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3376\"\u003e#3376\u003c/a\u003e feat: allow setting unix socket file mode when declaring listener (\u003ca href=\"https://github.com/Tristan971\"\u003e\u003ccode\u003e@​Tristan971\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eV7.14.3\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🔵 Go1.25.7 and upgrade of dependencies to latest versions\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://nvd.nist.gov/vuln/detail/cve-2025-68121\"\u003eCVE-2025-68121\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🐛 Bug fixes\n\u003cul\u003e\n\u003cli\u003eAllow Redis URL parameters to configure username, password and max idle connection timeout if the matching configuration is empty.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eWe improved our supply chain security by added additional checks to prevent potential command injection in the publish release workflow and to ensure that it can only be triggered from branches originating in the local repository. This potential issue was reported by automated systems as well as a couple of security researchers, and we want to thank everyone for their diligence in looking out for the security of the project. Especially Aastha Aggarwal for her detailed report and follow-up. \u003ca href=\"https://github.com/Aastha2602\"\u003e\u003ccode\u003e@​Aastha2602\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/96c9ec69868e2bcd307ee837ca9fd24e77dcc48b\"\u003e\u003ccode\u003e96c9ec6\u003c/code\u003e\u003c/a\u003e release v7.15.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3378\"\u003e#3378\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ae0b325a6d75b163c6f1fefb66ca4817c133438\"\u003e\u003ccode\u003e9ae0b32\u003c/code\u003e\u003c/a\u003e feat: add support for setting a unix binding's socket file mode (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3376\"\u003e#3376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/cdbdb1128dc09cae34670b7958cff56378137817\"\u003e\u003ccode\u003ecdbdb11\u003c/code\u003e\u003c/a\u003e feat: add same site option for csrf cookies (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3347\"\u003e#3347\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/51ecc50372c42299749dafb225dee42df3520755\"\u003e\u003ccode\u003e51ecc50\u003c/code\u003e\u003c/a\u003e feat: add --config-test flag for validating configuration  (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3338\"\u003e#3338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/fe5c6becec9291ee95aee9306880b8ecd186e12b\"\u003e\u003ccode\u003efe5c6be\u003c/code\u003e\u003c/a\u003e doc: add missing redis-ca-path documentation (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3341\"\u003e#3341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/779cc5f350951b67169aec9836b3495f4faf80df\"\u003e\u003ccode\u003e779cc5f\u003c/code\u003e\u003c/a\u003e fix: filter empty strings from allowed groups (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3365\"\u003e#3365\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/ff357daa045a5a4622f5ac73cb9a45d15bf8accc\"\u003e\u003ccode\u003eff357da\u003c/code\u003e\u003c/a\u003e fix: use CSRFExpire instead of Expire for CSRF cookie validation (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3369\"\u003e#3369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/7c96234233d7aa192939e90700313cc9c82e7516\"\u003e\u003ccode\u003e7c96234\u003c/code\u003e\u003c/a\u003e feat: add support for specifying allowed OIDC JWT signing algorithms (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2753\"\u003e#2753\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/30853098c71dd4088bff9eb4069e7c6e7cee9ef8\"\u003e\u003ccode\u003e3085309\u003c/code\u003e\u003c/a\u003e feat: possibility to inject id_token in redirect url during sign out (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3278\"\u003e#3278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/8cb06b7ada3e46bce7c416a72caf611a49912c17\"\u003e\u003ccode\u003e8cb06b7\u003c/code\u003e\u003c/a\u003e chore(deps): update docker-compose (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3320\"\u003e#3320\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.14.2...v7.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.14.2\u0026new-version=v7.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/modelix/modelix.kubernetes/pull/341","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelix%2Fmodelix.kubernetes/issues/341","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/341/packages"}},{"old_version":"v7.11.0","new_version":"v7.12.0","update_type":"minor","path":"/helm/modelix","pr_created_at":"2025-08-20T05:44:05.000Z","version_change":"v7.11.0 → v7.12.0","issue":{"uuid":"2758479636","node_id":"PR_kwDOLDe_3M6kaw8U","number":143,"state":"open","title":"build(deps): bump oauth2-proxy/oauth2-proxy from v7.11.0 to v7.12.0 in /helm/modelix","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-08-20T05:44:05.000Z","updated_at":"2025-08-20T05:44:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.11.0","new_version":"v7.12.0","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":"/helm/modelix","ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.11.0 to v7.12.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.12.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pkg.go.dev/vuln/GO-2025-3849\"\u003eCVE-2025-47907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🦸 Support for Cidaas IDP\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.11.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2273\"\u003e#2273\u003c/a\u003e feat: add Cidaas provider (\u003ca href=\"https://github.com/Bibob7\"\u003e\u003ccode\u003e@​Bibob7\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/Teko012\"\u003e\u003ccode\u003e@​Teko012\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3166\"\u003e#3166\u003c/a\u003e chore(dep): upgrade to latest golang 1.24.6 (\u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3156\"\u003e#3156\u003c/a\u003e feat: allow disable-keep-alives configuration for upstream (\u003ca href=\"https://github.com/jet-go\"\u003e\u003ccode\u003e@​jet-go\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/3150\"\u003e#3150\u003c/a\u003e fix: Gitea team membership (\u003ca href=\"https://github.com/MagicRB\"\u003e\u003ccode\u003e@​MagicRB\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges since v7.12.0\u003c/h2\u003e\n\u003ch1\u003eV7.12.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🕵️‍♀️ Vulnerabilities have been addressed\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://pkg.go.dev/vuln/GO-2025-3849\"\u003eCVE-2025-47907\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e🦸 Support for Cidaas IDP\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/5082db0bec432132651cc62a9cecba8d9c718823\"\u003e\u003ccode\u003e5082db0\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3169\"\u003e#3169\u003c/a\u003e from oauth2-proxy/release/v7.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/7294eebce1d626f1a47a1b4567b987f78365ad23\"\u003e\u003ccode\u003e7294eeb\u003c/code\u003e\u003c/a\u003e add changelog entry for v7.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/b4b69a6cb370e863d45c17f90a9567b0ff474b67\"\u003e\u003ccode\u003eb4b69a6\u003c/code\u003e\u003c/a\u003e update to release version v7.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/413d4f697632a270516a482910a157470b58f28f\"\u003e\u003ccode\u003e413d4f6\u003c/code\u003e\u003c/a\u003e add new docs version 7.12.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/8c1b2b63bfdba1118f55464a1554a672be9637d6\"\u003e\u003ccode\u003e8c1b2b6\u003c/code\u003e\u003c/a\u003e fix: Gitea team membership (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3150\"\u003e#3150\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/f18a0b7b0744eac3c0696764aa6ccdcc08856b0c\"\u003e\u003ccode\u003ef18a0b7\u003c/code\u003e\u003c/a\u003e feat: allow disable-keep-alives configuration in upstream (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3156\"\u003e#3156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/3978b2f27fd4af09ae2103aa337768ab0bc5a809\"\u003e\u003ccode\u003e3978b2f\u003c/code\u003e\u003c/a\u003e chore(deps): update docker-compose (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3160\"\u003e#3160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/26813d3cddafc37c6997f75c7a5e1dfb4a400f39\"\u003e\u003ccode\u003e26813d3\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency golangci/golangci-lint to v2.4.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3161\"\u003e#3161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/82e016954caf174adbe573dafc41108d2efb076f\"\u003e\u003ccode\u003e82e0169\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v5 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3164\"\u003e#3164\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/744b31a2c6d6338b09935f7ce0946f2b5f830075\"\u003e\u003ccode\u003e744b31a\u003c/code\u003e\u003c/a\u003e chore(dep): upgrade to latest golang 1.24.6 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3166\"\u003e#3166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.11.0...v7.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.11.0\u0026new-version=v7.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/modelix/modelix.kubernetes/pull/143","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelix%2Fmodelix.kubernetes/issues/143","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/143/packages"}},{"old_version":"v7.10.0","new_version":"v7.11.0","update_type":"minor","path":null,"pr_created_at":"2025-08-12T02:19:17.000Z","version_change":"v7.10.0 → v7.11.0","issue":{"uuid":"3312270676","node_id":"PR_kwDOBeEB2c6jKfp1","number":928,"state":"open","title":"chore(deps): bump oauth2-proxy/oauth2-proxy from v7.10.0 to v7.11.0","user":"dependabot[bot]","labels":["dependencies","docker","chore"],"assignees":["nimdanitro"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-08-12T02:19:17.000Z","updated_at":"2025-08-12T10:06:25.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.10.0","new_version":"v7.11.0","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.10.0 to v7.11.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor detailed information, migration guidance, and security implications, see the \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434\"\u003esecurity advisory\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eChanges since v7.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2615\"\u003e#2615\u003c/a\u003e feat(cookies): add option to set a limit on the number of per-request CSRF cookies oauth2-proxy sets (\u003ca href=\"https://github.com/bh-tt\"\u003e\u003ccode\u003e@​bh-tt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2605\"\u003e#2605\u003c/a\u003e fix: show login page on broken cookie (\u003ca href=\"https://github.com/Primexz\"\u003e\u003ccode\u003e@​Primexz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2743\"\u003e#2743\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://github.com/BobDu\"\u003e\u003ccode\u003e@​BobDu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2359\"\u003e#2359\u003c/a\u003e feat: add SourceHut (sr.ht) provider(\u003ca href=\"https://github.com/bitfehler\"\u003e\u003ccode\u003e@​bitfehler\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2524\"\u003e#2524\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running envsubst (\u003ca href=\"https://github.com/dashkan\"\u003e\u003ccode\u003e@​dashkan\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eChanges since v7.11.0\u003c/h2\u003e\n\u003ch1\u003eV7.11.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor detailed information, migration guidance, and security implications, see the \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434\"\u003esecurity advisory\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/c0a928ededa40391baeedf8c5f3e104c047bfb6e\"\u003e\u003ccode\u003ec0a928e\u003c/code\u003e\u003c/a\u003e release v7.11.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3145\"\u003e#3145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ffafad4b2d2f9f7668e5504565f356a7c047b77\"\u003e\u003ccode\u003e9ffafad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/f4b33b64bd66ad28e9b0d63bea51837b83c00ca1\"\u003e\u003ccode\u003ef4b33b6\u003c/code\u003e\u003c/a\u003e feat: differentiate between \u0026quot;no available key\u0026quot; and error for redis sessions (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/e75a258299ec3db633450dd48a6df54b38988916\"\u003e\u003ccode\u003ee75a258\u003c/code\u003e\u003c/a\u003e feat: make google-groups argument optional (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3138\"\u003e#3138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/b905f2cd934315100dadc5c64203533fa4c9aa70\"\u003e\u003ccode\u003eb905f2c\u003c/code\u003e\u003c/a\u003e feat: use non-default authorization request response mode in OIDC providers (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/dc8b1623a26a2537a8d0119e087f2048234c9843\"\u003e\u003ccode\u003edc8b162\u003c/code\u003e\u003c/a\u003e feat(cookie): add feature support for cookie-secret-file (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3104\"\u003e#3104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/137e59d52668e3fc5d670dfbb6c3d667739e22e3\"\u003e\u003ccode\u003e137e59d\u003c/code\u003e\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/a88306be980a4866edae676f8c976ab94f23eec6\"\u003e\u003ccode\u003ea88306b\u003c/code\u003e\u003c/a\u003e feat: add SourceHut (sr.ht) provider (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2359\"\u003e#2359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/4d17bc1d6834b62c49548b88eff3f8d2a666ef8d\"\u003e\u003ccode\u003e4d17bc1\u003c/code\u003e\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2743\"\u003e#2743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/3ac834dbcfbb06de1b5168eb6397835f6f6538bb\"\u003e\u003ccode\u003e3ac834d\u003c/code\u003e\u003c/a\u003e Fix local-environment ports (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.10.0...v7.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.10.0\u0026new-version=v7.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/f-eld-ch/sitrep/pull/928","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-eld-ch%2Fsitrep/issues/928","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/928/packages"}},{"old_version":"v7.10.0-alpine","new_version":"v7.11.0-alpine","update_type":"minor","path":null,"pr_created_at":"2025-07-31T03:31:28.000Z","version_change":"v7.10.0-alpine → v7.11.0-alpine","issue":{"uuid":"2708855431","node_id":"PR_kwDOF3eXvs6hddqH","number":9800,"state":"open","title":"Bump oauth2-proxy/oauth2-proxy from v7.10.0-alpine to v7.11.0-alpine","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-31T03:31:28.000Z","updated_at":"2025-07-31T03:31:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.10.0-alpine","new_version":"v7.11.0-alpine","repository_url":"https://github.com/oauth2-proxy/oauth2-proxy"}],"path":null,"ecosystem":"docker"},"body":"Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.10.0-alpine to v7.11.0-alpine.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/releases\"\u003eoauth2-proxy/oauth2-proxy's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFor detailed information, migration guidance, and security implications, see the \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434\"\u003esecurity advisory\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eChanges since v7.10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2615\"\u003e#2615\u003c/a\u003e feat(cookies): add option to set a limit on the number of per-request CSRF cookies oauth2-proxy sets (\u003ca href=\"https://github.com/bh-tt\"\u003e\u003ccode\u003e@​bh-tt\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2605\"\u003e#2605\u003c/a\u003e fix: show login page on broken cookie (\u003ca href=\"https://github.com/Primexz\"\u003e\u003ccode\u003e@​Primexz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2743\"\u003e#2743\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://github.com/BobDu\"\u003e\u003ccode\u003e@​BobDu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2359\"\u003e#2359\u003c/a\u003e feat: add SourceHut (sr.ht) provider(\u003ca href=\"https://github.com/bitfehler\"\u003e\u003ccode\u003e@​bitfehler\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/pull/2524\"\u003e#2524\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running envsubst (\u003ca href=\"https://github.com/dashkan\"\u003e\u003ccode\u003e@​dashkan\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://github.com/tuunit\"\u003e\u003ccode\u003e@​tuunit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md\"\u003eoauth2-proxy/oauth2-proxy's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eVx.x.x (Pre-release)\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003ch2\u003eChanges since v7.11.0\u003c/h2\u003e\n\u003ch1\u003eV7.11.0\u003c/h1\u003e\n\u003ch2\u003eRelease Highlights\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e🏢 Support for SourceHut (sr.ht) provider\u003c/li\u003e\n\u003cli\u003e🔍️ Support for more fine-grained control over the google admin-sdk scopes and optional google groups\u003c/li\u003e\n\u003cli\u003e🐛 Squashed some bugs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eImportant Notes\u003c/h2\u003e\n\u003cp\u003eFirstly, fixed critical vulnerability where \u003ccode\u003eskip_auth_routes\u003c/code\u003e regex patterns matched against the full request URI (path + query parameters) instead of just the path, allowing authentication bypass attacks.\u003c/p\u003e\n\u003cp\u003eSecondly, fixed double-escaping of \u003ccode\u003e$\u003c/code\u003e in regexes for Alpha Config upstreams path and rewriteTargets:\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# Before\nupstreams:\n  - id: web\n    path: ^/(.*)$$\n    rewriteTarget: /$$1\n\u003ch1\u003eAfter\u003c/h1\u003e\n\u003cp\u003eupstreams:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eid: web\npath: ^/(.*)$\nrewriteTarget: /$1\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cp\u003eIf your configuration relies on matching query parameters in \u003ccode\u003eskip_auth_routes\u003c/code\u003e patterns, you must update your regex patterns to match paths only. Review all \u003ccode\u003eskip_auth_routes\u003c/code\u003e entries for potential impact.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eExample of affected configuration:\u003c/strong\u003e\u003c/p\u003e\n\u003cpre lang=\"yaml\"\u003e\u003ccode\u003e# This pattern previously matched both:\n# - /api/foo/status (intended)\n# - /api/private/sensitive?path=/status (bypass - now fixed)\nskip_auth_routes: [\u0026quot;^/api/.*/status\u0026quot;]\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/c0a928ededa40391baeedf8c5f3e104c047bfb6e\"\u003e\u003ccode\u003ec0a928e\u003c/code\u003e\u003c/a\u003e release v7.11.0 (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3145\"\u003e#3145\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/9ffafad4b2d2f9f7668e5504565f356a7c047b77\"\u003e\u003ccode\u003e9ffafad\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/f4b33b64bd66ad28e9b0d63bea51837b83c00ca1\"\u003e\u003ccode\u003ef4b33b6\u003c/code\u003e\u003c/a\u003e feat: differentiate between \u0026quot;no available key\u0026quot; and error for redis sessions (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/e75a258299ec3db633450dd48a6df54b38988916\"\u003e\u003ccode\u003ee75a258\u003c/code\u003e\u003c/a\u003e feat: make google-groups argument optional (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3138\"\u003e#3138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/b905f2cd934315100dadc5c64203533fa4c9aa70\"\u003e\u003ccode\u003eb905f2c\u003c/code\u003e\u003c/a\u003e feat: use non-default authorization request response mode in OIDC providers (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/dc8b1623a26a2537a8d0119e087f2048234c9843\"\u003e\u003ccode\u003edc8b162\u003c/code\u003e\u003c/a\u003e feat(cookie): add feature support for cookie-secret-file (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3104\"\u003e#3104\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/137e59d52668e3fc5d670dfbb6c3d667739e22e3\"\u003e\u003ccode\u003e137e59d\u003c/code\u003e\u003c/a\u003e fix: regex substitution for $ signs in upstream path handling before running ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/a88306be980a4866edae676f8c976ab94f23eec6\"\u003e\u003ccode\u003ea88306b\u003c/code\u003e\u003c/a\u003e feat: add SourceHut (sr.ht) provider (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2359\"\u003e#2359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/4d17bc1d6834b62c49548b88eff3f8d2a666ef8d\"\u003e\u003ccode\u003e4d17bc1\u003c/code\u003e\u003c/a\u003e feat: allow use more possible google admin-sdk api scopes (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/2743\"\u003e#2743\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/commit/3ac834dbcfbb06de1b5168eb6397835f6f6538bb\"\u003e\u003ccode\u003e3ac834d\u003c/code\u003e\u003c/a\u003e Fix local-environment ports (\u003ca href=\"https://redirect.github.com/oauth2-proxy/oauth2-proxy/issues/3136\"\u003e#3136\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/oauth2-proxy/oauth2-proxy/compare/v7.10.0...v7.11.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.10.0-alpine\u0026new-version=v7.11.0-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9800","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9800","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9800/packages"}},{"old_version":"v7.9.0","new_version":"v7.10.0","update_type":"minor","path":null,"pr_created_at":"2025-07-21T21:12:44.000Z","version_change":"v7.9.0 → v7.10.0","issue":{"uuid":"2683200627","node_id":"PR_kwDOBeEB2c6f7mRz","number":897,"state":"open","title":"chore(deps): bump oauth2-proxy/oauth2-proxy from v7.9.0 to v7.10.0","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-21T21:12:44.000Z","updated_at":"2025-07-25T15:42:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.9.0","new_version":"v7.10.0","repository_url":null}],"path":null,"ecosystem":"docker"},"body":"\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.9.0\u0026new-version=v7.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/f-eld-ch/sitrep/pull/897","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-eld-ch%2Fsitrep/issues/897","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/897/packages"}},{"old_version":"v7.9.0-alpine","new_version":"v7.10.0-alpine","update_type":"minor","path":null,"pr_created_at":"2025-07-18T03:15:12.000Z","version_change":"v7.9.0-alpine → v7.10.0-alpine","issue":{"uuid":"2675868515","node_id":"PR_kwDOF3eXvs6ffoNj","number":9740,"state":"open","title":"Bump oauth2-proxy/oauth2-proxy from v7.9.0-alpine to v7.10.0-alpine","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-18T03:15:12.000Z","updated_at":"2025-07-18T03:15:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.9.0-alpine","new_version":"v7.10.0-alpine","repository_url":null}],"path":null,"ecosystem":"docker"},"body":"\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.9.0-alpine\u0026new-version=v7.10.0-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/noroutine/upstream/pull/9740","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/noroutine%2Fupstream/issues/9740","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9740/packages"}},{"old_version":"v7.9.0","new_version":"v7.10.0","update_type":"minor","path":"/helm/modelix","pr_created_at":"2025-07-18T01:57:06.000Z","version_change":"v7.9.0 → v7.10.0","issue":{"uuid":"3241572427","node_id":"PR_kwDOLDe_3M6ffNRY","number":114,"state":"open","title":"build(deps): bump oauth2-proxy/oauth2-proxy from v7.9.0 to v7.10.0 in /helm/modelix","user":"dependabot[bot]","labels":["dependencies","docker"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-07-18T01:57:06.000Z","updated_at":"2025-07-18T02:07:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"oauth2-proxy/oauth2-proxy","old_version":"v7.9.0","new_version":"v7.10.0","repository_url":null}],"path":"/helm/modelix","ecosystem":"docker"},"body":"\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oauth2-proxy/oauth2-proxy\u0026package-manager=docker\u0026previous-version=v7.9.0\u0026new-version=v7.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/modelix/modelix.kubernetes/pull/114","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/modelix%2Fmodelix.kubernetes/issues/114","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/114/packages"}}]}