Joe Kralicky
d588135b3a
very bad demo code
2025-02-18 01:33:15 +00:00
Joe Kralicky
b4aa275403
Add new device_auth_client_type setting to allow attaching the client_secret to device auth requests
2025-02-11 21:14:48 +00:00
Joe Kralicky
18aed33aa5
Prototype device authorization flow (core)
2025-02-11 21:07:23 +00:00
Joe Kralicky
56ce79e662
Prototype device authorization flow (core)
2025-02-11 21:07:22 +00:00
Caleb Doxsey
229ef72e58
proxy: fix routes portal error message ( #5476 )
2025-02-06 14:43:10 -07:00
Joe Kralicky
c8323ba744
tracing: handle empty protocol ( #5474 )
2025-02-06 13:19:50 -05:00
Joe Kralicky
81a52db749
tracing: add missing check for otel_exporter_otlp_endpoint in envoy trace config ( #5472 )
...
add missing check for otel_exporter_otlp_endpoint in envoy trace config
2025-02-04 13:29:06 -05:00
Kenneth Jenkins
efe3cef2e4
config: escape % signs in local reply format string ( #5460 )
...
Since v0.26, Pomerium configures Envoy to use a custom HTML error page
format string for most errors served by Envoy itself. This format string
uses %COMMAND% directives to include details about the error.
The HTML error page template also includes any branding options set via
the corresponding Enterprise settings. We need to ensure that any %
signs in the branding options strings are escaped to %% so that Envoy
will not interpret them as the start of a %COMMAND% directive, which
could lead to Envoy rejecting the format string as invalid.
2025-02-03 14:31:06 -08:00
dependabot[bot]
34c25442ff
chore(deps): bump the github-actions group with 14 updates ( #5462 )
...
Bumps the github-actions group with 14 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go ) | `5.1.0` | `5.3.0` |
| [actions/setup-node](https://github.com/actions/setup-node ) | `4.1.0` | `4.2.0` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) | `3.2.0` | `3.3.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.7.1` | `3.8.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.10.0` | `6.13.0` |
| [mikefarah/yq](https://github.com/mikefarah/yq ) | `4.44.5` | `4.45.1` |
| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) | `5.0.1` | `5.1.0` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) | `6.1.1` | `6.2.0` |
| [actions/stale](https://github.com/actions/stale ) | `9.0.0` | `9.1.0` |
| [google-github-actions/auth](https://github.com/google-github-actions/auth ) | `2.1.7` | `2.1.8` |
| [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud ) | `2.1.2` | `2.1.4` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.4.3` | `4.6.0` |
| [coverallsapp/github-action](https://github.com/coverallsapp/github-action ) | `2.3.4` | `2.3.6` |
| [actions/setup-python](https://github.com/actions/setup-python ) | `5.3.0` | `5.4.0` |
Updates `actions/setup-go` from 5.1.0 to 5.3.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](41dfa10bad...f111f3307dhttps://github.com/actions/setup-node/releases )
- [Commits](39370e3970...1d0ff469b7https://github.com/docker/setup-qemu-action/releases )
- [Commits](49b3bc8e6b...53851d1459https://github.com/docker/setup-buildx-action/releases )
- [Commits](c47758b77c...6524bf65afhttps://github.com/docker/build-push-action/releases )
- [Commits](48aba3b46d...ca877d9245https://github.com/mikefarah/yq/releases )
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt )
- [Commits](bc5b54cb1d...8bf425b4d1https://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](8621497c8c...e348103e90https://github.com/golangci/golangci-lint-action/releases )
- [Commits](971e284b60...ec5d18412chttps://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](28ca103628...5bef64f19dhttps://github.com/google-github-actions/auth/releases )
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md )
- [Commits](6fc4af4b14...71f986410dhttps://github.com/google-github-actions/setup-gcloud/releases )
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md )
- [Commits](6189d56e40...77e7a554d4https://github.com/actions/upload-artifact/releases )
- [Commits](b4b15b8c7c...65c4c4a1ddhttps://github.com/coverallsapp/github-action/releases )
- [Commits](cfd0633edb...648a8eb78ehttps://github.com/actions/setup-python/releases )
- [Commits](0b93645e9f...42375524e2
2025-02-03 15:06:51 -07:00
dependabot[bot]
56f89cb61f
chore(deps): bump the docker group with 3 updates ( #5463 )
...
Bumps the docker group with 3 updates: node, golang and distroless/base-debian12.
Updates `node` from `0e910f4` to `ae2f3d4`
Updates `golang` from `2e83858` to `3149bc5`
Updates `distroless/base-debian12` from `a6b4081` to `3a59a8d`
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-03 14:19:36 -07:00
dependabot[bot]
59fe6b8bd5
chore(deps): bump the docker group in /.github with 3 updates ( #5464 )
...
Bumps the docker group in /.github with 3 updates: busybox, distroless/base and distroless/base-debian12.
Updates `busybox` from `2919d01` to `a5d0ce4`
Updates `distroless/base` from `e9d0321` to `74ddbf5`
Updates `distroless/base-debian12` from `e9d0321` to `74ddbf5`
---
updated-dependencies:
- dependency-name: busybox
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base
dependency-type: direct:production
dependency-group: docker
- dependency-name: distroless/base-debian12
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-03 14:19:15 -07:00
Caleb Doxsey
1e9a09269b
config: add support for http3 advertise port ( #5466 )
2025-02-03 13:58:57 -07:00
Caleb Doxsey
2754d20a2d
config: handle SIGHUP ( #5459 )
2025-01-31 18:31:47 -07:00
Caleb Doxsey
dc9a6bdb81
replace xxhash with xxh3 ( #5457 )
...
* update config file paths hash
* update filemgr
* use xxh3 for hashutil.Hash
* update hashutil digest, fix trace buffer test
* update comments
* update namegen, go mod tidy
2025-01-31 08:44:08 -07:00
Joe Kralicky
5e94b2f8f1
Refactor trace config to match supported otel options ( #5447 )
...
* Refactor trace config to match supported otel options
* use duration instead of int64 for otel timeouts
* change 'trace client updated' log level to debug
2025-01-30 11:59:19 -05:00
Caleb Doxsey
3e90f1e244
proxy: well known service icons ( #5453 )
...
* proxy: add logo discovery
* use a static url for testing
* well known service icons
* better fitting avatars
2025-01-30 08:52:59 -07:00
Caleb Doxsey
3c5c7fbd31
proxy: add logo discovery ( #5448 )
...
* proxy: add logo discovery
* use a static url for testing
2025-01-29 12:57:26 -07:00
Ross Smith
936bd28ae4
roll back to using ubuntu-22.04 images ( #5456 )
...
* roll back to using ubuntu-22.04 images
pending https://github.com/actions/runner-images/issues/11471 resolution, this moves us back to images that were working.
* move test back to latest
2025-01-28 19:51:03 -05:00
Joe Kralicky
b5f58997bd
storage/postgres: pgx client tracing ( #5438 )
...
* fix testcontainers docker client using the global tracer provider
* storage/postgres: pgx client tracing
* skip postgres test on macos
2025-01-28 17:10:09 -05:00
Caleb Doxsey
332d3dc334
proto: fix dependencies ( #5450 )
2025-01-27 14:41:08 -07:00
Denis Mishin
b482cc2fba
ci: more flex version branch regex ( #5449 )
2025-01-27 16:11:06 -05:00
Kenneth Jenkins
b0f89fc688
authorize: log JWT groups filtering ( #5432 )
...
Add a new Authorize Log Fields option for logging the number of groups
removed during JWT groups filtering. This will be enabled by default.
Additionally, when the log level is Debug (or more verbose), store and
log the IDs of any groups removed during JWT groups filtering.
2025-01-27 12:11:52 -08:00
Caleb Doxsey
97ba21b95a
proxy: add routes HTML page ( #5443 )
...
* proxy: add route portal json
* fix 405 issue
* proxy: add routes HTML page
2025-01-27 12:13:55 -07:00
Kenneth Jenkins
e9786f9719
authorize: filter only by group ID ( #5437 )
...
Change the JWT groups filtering behavior:
- to filter only by group ID (not group name)
- and only for groups sourced from directory sync (groups from a
"groups" claim will not be filtered)
This avoids the need to fetch all group names up front, which should
improve performance in specific circumstances.
2025-01-24 14:43:45 -08:00
Joe Kralicky
c307ca806a
fix testcontainers docker client using the global tracer provider ( #5440 )
2025-01-24 14:55:21 -05:00
Joe Kralicky
6ea51149f9
tracing: adjust envoy otel trace batching settings to match go sdk ( #5446 )
2025-01-24 14:51:07 -05:00
Denis Mishin
0bd6d8cc83
core/authz: remove unused mutex ( #5442 )
2025-01-22 15:59:06 -05:00
Caleb Doxsey
e816cef2a1
proxy: add route portal json ( #5428 )
...
* proxy: add route portal json
* fix 405 issue
* add link to issue
* Update proxy/portal/filter_test.go
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
---------
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
2025-01-22 13:45:20 -07:00
Caleb Doxsey
6e1fabec0b
authorize: cache warming ( #5439 )
...
* authorize: cache warming
* add Authorize to test?
* remove tracing querier
* only update connection when it changes
2025-01-22 09:27:22 -07:00
Joe Kralicky
b674d5c19d
Fix small timeout causing test flake ( #5436 )
2025-01-21 14:31:34 -05:00
Joe Kralicky
396c35b6b4
New tracing system ( #5388 )
...
* update tracing config definitions
* new tracing system
* performance improvements
* only configure tracing in envoy if it is enabled in pomerium
* [tracing] refactor to use custom extension for trace id editing (#5420 )
refactor to use custom extension for trace id editing
* set default tracing sample rate to 1.0
* fix proxy service http middleware
* improve some existing auth related traces
* test fixes
* bump envoyproxy/go-control-plane
* code cleanup
* test fixes
* Fix missing spans for well-known endpoints
* import extension apis from pomerium/envoy-custom
2025-01-21 13:26:32 -05:00
Kenneth Jenkins
832742648d
config: add new OTLP tracing fields ( #5421 )
...
Add new tracing options fields to the Settings proto and Options struct.
Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
2025-01-17 14:56:42 -08:00
Kenneth Jenkins
3a2e6ce10a
config: fix JWT groups filter option ( #5429 )
...
When applying the settings proto, update the JWT groups filter option
only if the filter set is non-empty.
This is important when deploying Pomerium via the Ingress Controller in
combination with Pomerium Enterprise. In this scenario there is a
settings proto applied from both Ingress Controller and the Enterprise
console, and we want to make sure the one from Ingress Controller does
not overwrite the filter settings from Enterprise.
2025-01-16 08:53:06 -08:00
Caleb Doxsey
8bc86fe06f
config: add route name, description and logo ( #5424 )
...
* config: add route name, description and logo
* remove name generation
2025-01-14 14:55:14 -07:00
Joe Kralicky
dfd2457bb6
envoy: add internal_address_config to address deprecation warning ( #5425 )
2025-01-14 16:51:04 -05:00
Caleb Doxsey
5ff53ef2b1
importutil: refactor GenerateRouteNames to allow for protobuf or config routes ( #5427 )
...
* importutil: refactor GenerateRouteNames to allow for protobuf or config routes
* test via NewPolicyFromProto
2025-01-14 14:50:00 -07:00
Joe Kralicky
e5ede2d167
remove test code from config/options_test.go ( #5423 )
2025-01-14 14:00:38 -05:00
Joe Kralicky
6502d68162
config: set default tracing sample rate to 1.0 ( #5422 )
...
The previous default sample rate of 0.0001 is very low, so traces are
unlikely to be visible after enabling them until many thousands of
requests have been sent. This could be confusing to users.
2025-01-14 13:50:22 -05:00
Caleb Doxsey
c571769adc
config: add source ppl field ( #5419 )
2025-01-14 10:13:56 -07:00
Kenneth Jenkins
21b9e7890c
authorize: add filter options for JWT groups ( #5417 )
...
Add a new option for filtering to a subset of directory groups in the
Pomerium JWT and Impersonate-Group headers. Add a JWTGroupsFilter field
to both the Options struct (for a global filter) and to the Policy
struct (for per-route filter). These will be populated only from the
config protos, and not from a config file.
If either filter is set, then for each of a user's groups, the group
name or group ID will be added to the JWT groups claim only if it is an
exact string match with one of the elements of either filter.
2025-01-08 13:57:57 -08:00
dependabot[bot]
95d4a24271
chore(deps): bump the docker group with 2 updates ( #5413 )
...
Bumps the docker group with 2 updates: node and golang.
Updates `node` from `5c76d05` to `0e910f4`
Updates `golang` from `3f3b9da` to `2e83858`
---
updated-dependencies:
- dependency-name: node
dependency-type: direct:production
dependency-group: docker
- dependency-name: golang
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
2025-01-06 11:41:42 -07:00
Caleb Doxsey
fb7b61a677
cleanup headers ( #5408 )
...
* cleanup headers
* return issuer format errors
* go mod
2025-01-06 09:52:29 -07:00
Joe Kralicky
8f36870650
testenv: embedded envoy cpu/memory profiling config ( #5377 )
2025-01-03 17:41:54 -05:00
Joe Kralicky
68764407b8
authorize: enable WaitForReady on databroker query requests ( #5415 )
...
* authorize: enable WaitForReady on databroker query requests
(cherry picked from commit 1709a7b1f61d7b45c4a60d9374223d252260f576)
* go mod tidy
2025-01-03 11:01:16 -05:00
dependabot[bot]
cad38c6b4f
chore(deps): bump the go group with 27 updates ( #5412 )
...
* chore(deps): bump the go group with 27 updates
Bumps the go group with 27 updates:
| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go ) | `1.47.0` | `1.49.0` |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) | `1.32.6` | `1.32.7` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) | `1.28.6` | `1.28.7` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2 ) | `1.70.0` | `1.71.1` |
| [github.com/bits-and-blooms/bitset](https://github.com/bits-and-blooms/bitset ) | `1.17.0` | `1.20.0` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic ) | `0.21.4` | `0.21.5` |
| [github.com/docker/docker](https://github.com/docker/docker ) | `27.3.1+incompatible` | `27.4.1+incompatible` |
| [github.com/envoyproxy/go-control-plane](https://github.com/envoyproxy/go-control-plane ) | `0.13.1` | `0.13.2` |
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ) | `5.1.0` | `5.2.0` |
| [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware ) | `2.1.0` | `2.2.0` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx ) | `5.7.1` | `5.7.2` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go ) | `7.0.81` | `7.0.82` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa ) | `0.70.0` | `1.0.0` |
| [github.com/prometheus/common](https://github.com/prometheus/common ) | `0.60.1` | `0.61.0` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go ) | `1.32.0` | `1.33.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) | `0.209.0` | `0.214.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto ) | `0.0.0-20241113202542-65e8d215514f` | `0.0.0-20241209162323-e6fa225c2576` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go ) | `1.68.0` | `1.69.2` |
| google.golang.org/protobuf | `1.35.2` | `1.36.1` |
Updates `cloud.google.com/go/storage` from 1.47.0 to 1.49.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.47.0...spanner/v1.49.0 )
Updates `github.com/aws/aws-sdk-go-v2` from 1.32.6 to 1.32.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.32.7 )
Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.6 to 1.28.7
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.28.7 )
Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.70.0 to 1.71.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.70.0...service/s3/v1.71.1 )
Updates `github.com/bits-and-blooms/bitset` from 1.17.0 to 1.20.0
- [Release notes](https://github.com/bits-and-blooms/bitset/releases )
- [Commits](https://github.com/bits-and-blooms/bitset/compare/v1.17.0...v1.20.0 )
Updates `github.com/caddyserver/certmagic` from 0.21.4 to 0.21.5
- [Release notes](https://github.com/caddyserver/certmagic/releases )
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.4...v0.21.5 )
Updates `github.com/docker/docker` from 27.3.1+incompatible to 27.4.1+incompatible
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v27.3.1...v27.4.1 )
Updates `github.com/envoyproxy/go-control-plane` from 0.13.1 to 0.13.2
- [Release notes](https://github.com/envoyproxy/go-control-plane/releases )
- [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md )
- [Commits](https://github.com/envoyproxy/go-control-plane/compare/v0.13.1...v0.13.2 )
Updates `github.com/go-chi/chi/v5` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/go-chi/chi/releases )
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-chi/chi/compare/v5.1.0...v5.2.0 )
Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases )
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.1.0...v2.2.0 )
Updates `github.com/jackc/pgx/v5` from 5.7.1 to 5.7.2
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jackc/pgx/compare/v5.7.1...v5.7.2 )
Updates `github.com/minio/minio-go/v7` from 7.0.81 to 7.0.82
- [Release notes](https://github.com/minio/minio-go/releases )
- [Commits](https://github.com/minio/minio-go/compare/v7.0.81...v7.0.82 )
Updates `github.com/open-policy-agent/opa` from 0.70.0 to 1.0.0
- [Release notes](https://github.com/open-policy-agent/opa/releases )
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.70.0...v1.0.0 )
Updates `github.com/prometheus/common` from 0.60.1 to 0.61.0
- [Release notes](https://github.com/prometheus/common/releases )
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md )
- [Commits](https://github.com/prometheus/common/compare/v0.60.1...v0.61.0 )
Updates `go.opentelemetry.io/otel` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/metric` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/sdk` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/sdk/metric` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `go.opentelemetry.io/otel/trace` from 1.32.0 to 1.33.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.32.0...v1.33.0 )
Updates `google.golang.org/api` from 0.209.0 to 0.214.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.209.0...v0.214.0 )
Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20241113202542-65e8d215514f to 0.0.0-20241209162323-e6fa225c2576
- [Commits](https://github.com/googleapis/go-genproto/commits )
Updates `google.golang.org/grpc` from 1.68.0 to 1.69.2
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.68.0...v1.69.2 )
Updates `google.golang.org/protobuf` from 1.35.2 to 1.36.1
---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/envoyproxy/go-control-plane
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/go-chi/chi/v5
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: go
- dependency-name: github.com/prometheus/common
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: go
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: go
...
Signed-off-by: dependabot[bot] <support@github.com>
* keep github.com/caddyserver/certmagic@v0.21.4
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
2025-01-02 13:16:23 -05:00
dependabot[bot]
2e778bdd37
chore(deps): bump busybox from db142d4 to 2919d01 in /.github in the docker group ( #5414 )
...
chore(deps): bump busybox in /.github in the docker group
Bumps the docker group in /.github with 1 update: busybox.
Updates `busybox` from `db142d4` to `2919d01`
---
updated-dependencies:
- dependency-name: busybox
dependency-type: direct:production
dependency-group: docker
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-02 13:13:35 -05:00
Caleb Doxsey
b3d2ef95e7
fix redirect server proxy protocol ( #5405 )
2024-12-23 05:37:11 -07:00
Kenneth Jenkins
7d15a5efe1
chore(deps): bump golang.org/x/net from 0.31.0 to 0.33.0 ( #5404 )
2024-12-19 12:42:56 -08:00
Kenneth Jenkins
04585af9ef
config: generate fallback cert only as last resort ( #5250 )
...
Currently Pomerium will always generate a wildcard certificate for use
as a fallback certificate.
If any other certificate is configured, this fallback certificate will
not normally be presented, except in the case of a TLS connection where
the client does not include the Server Name Indication (SNI) extension.
All modern browsers support SNI, so in practice this certificate should
never be presented to end users.
However, some network scanning tools will probe connections by IP
addresses (without SNI), and so this fallback certificate may be
presented. The presence of this certificate may be flagged as a problem
in some automated vulnerability scans.
Let's avoid generating this fallback certificate if Pomerium has any
other certificate configured (unless specifically requested by the Auto
TLS option). This should prevent false positive reports from these
particular vulnerability scans.
2024-12-19 09:46:59 -08:00
Caleb Doxsey
4a5b737763
config: fix lost branding settings when there are multiple configuration sources ( #5401 )
2024-12-19 08:47:28 -07:00
