Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
**⚠️ This release fixes a [major vulnerability](GHSA-vh7g-p26c-j2cw) in Dex. We advise everyone to upgrade as soon as possible!⚠️ ** The official container image for this release can be pulled from ``` ghcr.io/dexidp/dex:v2.35.0 ``` <!-- Release notes generated using configuration in .github/release.yml at v2.35.0 --> ## What's Changed ### Enhancements 🚀 * Reduce HTTP client creations in the Keystone connector by @erwinvaneyk in dexidp#2659 ### Bug Fixes 🐛 * fix for issue 2670; check for no serviceAccountFilePath and no email by @bobcallaway in dexidp#2679 * supply HMACKey in test case by @bobcallaway in dexidp#2683 * fix: refresh token only once for all concurrent requests by @nabokihms in dexidp#2692 ### Dependency Updates ⬆️ * build(deps): bump google.golang.org/api from 0.95.0 to 0.97.0 by @dependabot in dexidp#2677 * build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.5 by @dependabot in dexidp#2666 * build(deps): bump google.golang.org/api from 0.97.0 to 0.98.0 by @dependabot in dexidp#2682 * build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 by @dependabot in dexidp#2681 * build(deps): bump entgo.io/ent from 0.11.2 to 0.11.3 by @dependabot in dexidp#2684 * Update golang.org/x packages by @sagikazarmark in dexidp#2688 ## New Contributors * @jannfis made their first contribution in dexidp#2691 **Full Changelog**: dexidp/dex@v2.34.0...v2.35.0
- Loading branch information