3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
3740 commits 157 branches 125 tags 103 MiB
Commit graph

207 commits

Author SHA1 Message Date
Denis Mishin
cb0e8aaf06
mcp: add oauth metadata endpoint (#5579) 2025-04-23 12:24:00 -04:00
Kenneth Jenkins
e1d84a1dde
logging: standardize on hyphens in attribute names (#5577) 2025-04-22 10:57:19 -07:00
Caleb Doxsey
e78cfc0687
cleanup logs (#5571) 2025-04-14 08:20:10 -06:00
dependabot[bot]
5f95dd32db
chore(deps): bump the go group with 39 updates (#5559) 
* chore(deps): bump the go group with 39 updates

Bumps the go group with 39 updates:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.50.0` | `1.51.0` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.29.8` | `1.29.12` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.78.0` | `1.79.0` |
| [github.com/bits-and-blooms/bitset](https://github.com/bits-and-blooms/bitset) | `1.21.0` | `1.22.0` |
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | `0.21.7` | `0.22.2` |
| [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) | `3.12.0` | `3.13.0` |
| [github.com/docker/docker](https://github.com/docker/docker) | `28.0.1+incompatible` | `28.0.4+incompatible` |
| [github.com/grpc-ecosystem/go-grpc-middleware/v2](https://github.com/grpc-ecosystem/go-grpc-middleware) | `2.3.0` | `2.3.1` |
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `5.7.2` | `5.7.4` |
| [github.com/mholt/acmez/v3](https://github.com/mholt/acmez) | `3.0.1` | `3.1.1` |
| [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) | `7.0.87` | `7.0.89` |
| [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) | `1.2.0` | `1.3.0` |
| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.21.0` | `1.21.1` |
| [github.com/prometheus/common](https://github.com/prometheus/common) | `0.62.0` | `0.63.0` |
| [github.com/prometheus/procfs](https://github.com/prometheus/procfs) | `0.15.1` | `0.16.0` |
| [github.com/quic-go/quic-go](https://github.com/quic-go/quic-go) | `0.50.0` | `0.50.1` |
| [github.com/rs/zerolog](https://github.com/rs/zerolog) | `1.33.0` | `1.34.0` |
| [github.com/spf13/viper](https://github.com/spf13/viper) | `1.19.0` | `1.20.1` |
| [github.com/testcontainers/testcontainers-go](https://github.com/testcontainers/testcontainers-go) | `0.35.0` | `0.36.0` |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.59.0` | `0.60.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.59.0` | `0.60.0` |
| [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.59.0` | `0.60.0` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/bridge/opencensus](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/sdk/metric](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) | `1.34.0` | `1.35.0` |
| [golang.org/x/net](https://github.com/golang/net) | `0.37.0` | `0.38.0` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.27.0` | `0.28.0` |
| [golang.org/x/time](https://github.com/golang/time) | `0.10.0` | `0.11.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.223.0` | `0.224.0` |
| [google.golang.org/genproto/googleapis/rpc](https://github.com/googleapis/go-genproto) | `0.0.0-20250219182151-9fdb1cabc7b2` | `0.0.0-20250303144028-a0af3efb3deb` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.71.0` | `1.71.1` |
| google.golang.org/protobuf | `1.36.5` | `1.36.6` |


Updates `cloud.google.com/go/storage` from 1.50.0 to 1.51.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.50.0...spanner/v1.51.0)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.29.8 to 1.29.12
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.8...config/v1.29.12)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.78.0 to 1.79.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.78.0...service/s3/v1.79.0)

Updates `github.com/bits-and-blooms/bitset` from 1.21.0 to 1.22.0
- [Release notes](https://github.com/bits-and-blooms/bitset/releases)
- [Commits](https://github.com/bits-and-blooms/bitset/compare/v1.21.0...v1.22.0)

Updates `github.com/caddyserver/certmagic` from 0.21.7 to 0.22.2
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.21.7...v0.22.2)

Updates `github.com/coreos/go-oidc/v3` from 3.12.0 to 3.13.0
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.12.0...v3.13.0)

Updates `github.com/docker/docker` from 28.0.1+incompatible to 28.0.4+incompatible
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.0.1...v28.0.4)

Updates `github.com/grpc-ecosystem/go-grpc-middleware/v2` from 2.3.0 to 2.3.1
- [Release notes](https://github.com/grpc-ecosystem/go-grpc-middleware/releases)
- [Commits](https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v2.3.0...v2.3.1)

Updates `github.com/jackc/pgx/v5` from 5.7.2 to 5.7.4
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.7.2...v5.7.4)

Updates `github.com/mholt/acmez/v3` from 3.0.1 to 3.1.1
- [Release notes](https://github.com/mholt/acmez/releases)
- [Commits](https://github.com/mholt/acmez/compare/v3.0.1...v3.1.1)

Updates `github.com/minio/minio-go/v7` from 7.0.87 to 7.0.89
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.87...v7.0.89)

Updates `github.com/open-policy-agent/opa` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.2.0...v1.3.0)

Updates `github.com/prometheus/client_golang` from 1.21.0 to 1.21.1
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.21.0...v1.21.1)

Updates `github.com/prometheus/common` from 0.62.0 to 0.63.0
- [Release notes](https://github.com/prometheus/common/releases)
- [Changelog](https://github.com/prometheus/common/blob/main/RELEASE.md)
- [Commits](https://github.com/prometheus/common/compare/v0.62.0...v0.63.0)

Updates `github.com/prometheus/procfs` from 0.15.1 to 0.16.0
- [Release notes](https://github.com/prometheus/procfs/releases)
- [Commits](https://github.com/prometheus/procfs/compare/v0.15.1...v0.16.0)

Updates `github.com/quic-go/quic-go` from 0.50.0 to 0.50.1
- [Release notes](https://github.com/quic-go/quic-go/releases)
- [Changelog](https://github.com/quic-go/quic-go/blob/master/Changelog.md)
- [Commits](https://github.com/quic-go/quic-go/compare/v0.50.0...v0.50.1)

Updates `github.com/rs/zerolog` from 1.33.0 to 1.34.0
- [Commits](https://github.com/rs/zerolog/compare/v1.33.0...v1.34.0)

Updates `github.com/spf13/viper` from 1.19.0 to 1.20.1
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.19.0...v1.20.1)

Updates `github.com/testcontainers/testcontainers-go` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/testcontainers/testcontainers-go/releases)
- [Commits](https://github.com/testcontainers/testcontainers-go/compare/v0.35.0...v0.36.0)

Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.59.0 to 0.60.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.59.0...zpages/v0.60.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.59.0 to 0.60.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.59.0...zpages/v0.60.0)

Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.59.0 to 0.60.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.59.0...zpages/v0.60.0)

Updates `go.opentelemetry.io/otel` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/bridge/opencensus` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/metric` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `go.opentelemetry.io/otel/trace` from 1.34.0 to 1.35.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.34.0...v1.35.0)

Updates `golang.org/x/net` from 0.37.0 to 0.38.0
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0)

Updates `golang.org/x/oauth2` from 0.27.0 to 0.28.0
- [Commits](https://github.com/golang/oauth2/compare/v0.27.0...v0.28.0)

Updates `golang.org/x/time` from 0.10.0 to 0.11.0
- [Commits](https://github.com/golang/time/compare/v0.10.0...v0.11.0)

Updates `google.golang.org/api` from 0.223.0 to 0.224.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.223.0...v0.224.0)

Updates `google.golang.org/genproto/googleapis/rpc` from 0.0.0-20250219182151-9fdb1cabc7b2 to 0.0.0-20250303144028-a0af3efb3deb
- [Commits](https://github.com/googleapis/go-genproto/commits)

Updates `google.golang.org/grpc` from 1.71.0 to 1.71.1
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.71.0...v1.71.1)

Updates `google.golang.org/protobuf` from 1.36.5 to 1.36.6

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.29.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.79.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/bits-and-blooms/bitset
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/caddyserver/certmagic
  dependency-version: 0.22.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-version: 3.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/docker/docker
  dependency-version: 28.0.4+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/grpc-ecosystem/go-grpc-middleware/v2
  dependency-version: 2.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/jackc/pgx/v5
  dependency-version: 5.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/mholt/acmez/v3
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/minio/minio-go/v7
  dependency-version: 7.0.89
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/client_golang
  dependency-version: 1.21.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/prometheus/common
  dependency-version: 0.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/prometheus/procfs
  dependency-version: 0.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/quic-go/quic-go
  dependency-version: 0.50.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/rs/zerolog
  dependency-version: 1.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/spf13/viper
  dependency-version: 1.20.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/testcontainers/testcontainers-go
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/contrib/propagators/autoprop
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/bridge/opencensus
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-version: 1.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/time
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/api
  dependency-version: 0.224.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: google.golang.org/genproto/googleapis/rpc
  dependency-version: 0.0.0-20250303144028-a0af3efb3deb
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/grpc
  dependency-version: 1.71.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix build errors

* update OPA formatting in policy generator test

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
 2025-04-04 16:26:51 -07:00
Caleb Doxsey
c47055bece
upgrade to go v1.24 (#5562) 
* upgrade to go v1.24

* add a macOS-specific //nolint comment too

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
 2025-04-02 15:53:09 -06:00
Caleb Doxsey
4c9398e95b
config: fix layered bearer_token_format and idp_access_token_allowed_audiences (#5533) 2025-03-19 10:04:48 -06:00
Kenneth Jenkins
ad183873f4
add global jwt_issuer_format option (#5508) 
Add a corresponding global setting for the existing route-level
jwt_issuer_format option. The route-level option will take precedence
when set to a non-empty string.
 2025-03-11 14:11:50 -07:00
Caleb Doxsey
fbd1f34110
fileutil: add directory helpers, atomic file writing (#5477) 2025-02-19 07:56:38 -07:00
Caleb Doxsey
b9fd926618
authorize: support authenticating with idp tokens (#5484) 
* identity: add support for verifying access and identity tokens

* allow overriding with policy option

* authenticate: add verify endpoints

* wip

* implement session creation

* add verify test

* implement idp token login

* fix tests

* add pr permission

* make session ids route-specific

* rename method

* add test

* add access token test

* test for newUserFromIDPClaims

* more tests

* make the session id per-idp

* use type for

* add test

* remove nil checks
 2025-02-18 13:02:06 -07:00
Caleb Doxsey
1e9a09269b
config: add support for http3 advertise port (#5466) 2025-02-03 13:58:57 -07:00
Joe Kralicky
5e94b2f8f1
Refactor trace config to match supported otel options (#5447) 
* Refactor trace config to match supported otel options

* use duration instead of int64 for otel timeouts

* change 'trace client updated' log level to debug
 2025-01-30 11:59:19 -05:00
Joe Kralicky
396c35b6b4
New tracing system (#5388) 
* update tracing config definitions

* new tracing system

* performance improvements

* only configure tracing in envoy if it is enabled in pomerium

* [tracing] refactor to use custom extension for trace id editing (#5420)

refactor to use custom extension for trace id editing

* set default tracing sample rate to 1.0

* fix proxy service http middleware

* improve some existing auth related traces

* test fixes

* bump envoyproxy/go-control-plane

* code cleanup

* test fixes

* Fix missing spans for well-known endpoints

* import extension apis from pomerium/envoy-custom
 2025-01-21 13:26:32 -05:00
Kenneth Jenkins
832742648d
config: add new OTLP tracing fields (#5421) 
Add new tracing options fields to the Settings proto and Options struct.

Co-authored-by: Joe Kralicky <joekralicky@gmail.com>
 2025-01-17 14:56:42 -08:00
Kenneth Jenkins
3a2e6ce10a
config: fix JWT groups filter option (#5429) 
When applying the settings proto, update the JWT groups filter option
only if the filter set is non-empty.

This is important when deploying Pomerium via the Ingress Controller in
combination with Pomerium Enterprise. In this scenario there is a
settings proto applied from both Ingress Controller and the Enterprise
console, and we want to make sure the one from Ingress Controller does
not overwrite the filter settings from Enterprise.
 2025-01-16 08:53:06 -08:00
Joe Kralicky
6502d68162
config: set default tracing sample rate to 1.0 (#5422) 
The previous default sample rate of 0.0001 is very low, so traces are
unlikely to be visible after enabling them until many thousands of
requests have been sent. This could be confusing to users.
 2025-01-14 13:50:22 -05:00
Kenneth Jenkins
21b9e7890c
authorize: add filter options for JWT groups (#5417) 
Add a new option for filtering to a subset of directory groups in the
Pomerium JWT and Impersonate-Group headers. Add a JWTGroupsFilter field
to both the Options struct (for a global filter) and to the Policy
struct (for per-route filter). These will be populated only from the
config protos, and not from a config file.

If either filter is set, then for each of a user's groups, the group
name or group ID will be added to the JWT groups claim only if it is an
exact string match with one of the elements of either filter.
 2025-01-08 13:57:57 -08:00
Caleb Doxsey
4a5b737763
config: fix lost branding settings when there are multiple configuration sources (#5401) 2024-12-19 08:47:28 -07:00
Denis Mishin
2bb70258c3
authorize/log: remove audit logging (#5369) 2024-11-22 14:32:52 -05:00
Caleb Doxsey
d2c14cd6d2
logging: remove ctx from global log methods (#5337) 
* log: remove warn

* log: update debug

* log: update info

* remove level, log

* remove contextLogger function
 2024-10-23 14:18:52 -06:00
Joe Kralicky
0e13248685
Core-Zero Import (#5288) 
* initial core-zero import implementation

* Update /config/import openapi description and use PUT instead of POST

* update import ui tests

* Add 413 as a possible response for /config/import

* Options/Settings type conversion tests and related bugfixes

* Fixes for proto type conversion and tests

* Update core-zero import client

* Update core-zero import client

* Update import api and environment detection

* update go.mod

* remove old testdata

* Remove usage of deleted setting after merge

* remove extra newline from --version output
 2024-10-09 18:51:56 -04:00
Caleb Doxsey
410354bc00
core/go: use hashicorp/go-set (#5278) 2024-10-03 12:59:11 -06:00
Kenneth Jenkins
01d375f0bc
config: remove unused gRPC setting (#5308) 
Remove the grpc_client_dns_roundrobin option as it appears to be unused
since commit bbec2cae9f.
 2024-10-03 10:14:54 -07:00
Kenneth Jenkins
6171c09596
config: remove unused databroker storage settings (#5285) 
Config options concerning the TLS connection from databroker to storage
backend are now unused. TLS options for this connection can instead be
set directly in the databroker storage connection string.
 2024-09-16 11:58:57 -07:00
Caleb Doxsey
10e1746471
core/authorize: remove default header logging in debug (#5287) 2024-09-13 13:04:33 -06:00
Caleb Doxsey
dad954ae16
core/logging: change log.Error function (#5251) 
* core/logging: change log.Error function

* use request id
 2024-09-05 15:42:46 -06:00
Caleb Doxsey
f3620cf6e9
core/config: add databroker_storage_connection_string_file (#5242) 
* core/config: add databroker_storage_connection_string_file

* add file to file list
 2024-08-27 09:42:14 -06:00
Caleb Doxsey
d062f9d68d
core/logs: remove warnings (#5235) 
* core/logs: remove warnings

* switch to error
 2024-08-27 09:38:50 -06:00
Joe Kralicky
56ba07e53e
Optimize policy iterators (#5184) 
* Optimize policy iterators (go1.23)

This modifies (*Options).GetAllPolicies() to use a go 1.23 iterator
instead of copying all policies on every call, which can be extremely
expensive. All existing usages of this function were updated as
necessary.

Additionally, a new (*Options).NumPolicies() method was added which
quickly computes the number of policies that would be given by
GetAllPolicies(), since there were several usages where only the
number of policies was needed.

* Fix race condition when assigning default envoy opts to a policy
 2024-08-20 12:35:10 -04:00
Caleb Doxsey
d225288ab3
core/identity: dynamic authenticator registration (#5105) 2024-05-07 16:45:39 -06:00
Caleb Doxsey
1a5b8b606f
core/lint: upgrade golangci-lint, replace interface{} with any (#5099) 
* core/lint: upgrade golangci-lint, replace interface{} with any

* regen proto
 2024-05-02 14:33:52 -06:00
Caleb Doxsey
5373e25ac4
core/config: add support for stripping the port for matching routes (#5085) 
* core/config: add support for stripping the port for matching routes

* fix test

* rename option, improve port detection

* add more test cases
 2024-04-26 08:24:46 -06:00
Denis Mishin
e7b3d3b6e9
config: add runtime flags (#5050) 2024-04-04 17:51:04 -04:00
Kenneth Jenkins
e83b14bcd5
config: remove deprecated client_ca option (#4918) 
The client_ca and client_ca_file settings were deprecated in v0.23.
Remove these options and add a link to the corresponding explanation on
the Upgrading docs page.
 2024-01-30 14:12:23 -08:00
Caleb Doxsey
5e0079c649
core/databroker: disable identity manager user refresh when hosted authenticate is used (#4905) 2024-01-12 13:30:03 -07:00
Caleb Doxsey
f684910ab3
core/config: remove cookie secure option (#4907) 2024-01-12 13:28:14 -07:00
Caleb Doxsey
d6221c07ce
core/config: remove debug option, always use json logs (#4857) 
* core/config: remove debug option, always use json logs

* go mod tidy
 2023-12-15 11:29:05 -07:00
Caleb Doxsey
a2fd95aae6
core/ci: update linting (#4844) 
* core/ci: update linting

* re-add exportloopref

* re-add gocheckcompilerdirectives

* re-add stylecheck

* re-add usestdlibvars

* upgrade lint

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-12-14 09:07:54 -08:00
Kenneth Jenkins
08c186a72e
integration: test with both authentication flows (#4817) 
Add an environment variable to allow forcing either the stateful or the
stateless authenticate flow.

Split the existing integration test clusters "single" and "multi" into
four new clusters: "single-stateful", "single-stateless",
"multi-stateful", and "multi-stateless", so that the integration tests
will run for both the stateful and the stateless authenticate flows.

(The "kubernetes" cluster is not currently being run, so I've left it
alone for now.)
 2023-12-07 16:06:41 -08:00
Kenneth Jenkins
5ccd7a520a
support both stateful and stateless authenticate (#4765) 
Update the initialization logic for the authenticate, authorize, and
proxy services to automatically select between the stateful
authentication flow and the stateless authentication flow, depending on
whether Pomerium is configured to use the hosted authenticate service.

Add a unit test case to verify that the sign_out handler does not 
trigger a sign in redirect.
 2023-12-07 14:24:13 -08:00
Caleb Doxsey
bcddbff6e1
core/redis: remove redis (#4768) 
* core/redis: remove redis

* 20 minute max wait
 2023-11-28 13:14:36 -07:00
Caleb Doxsey
cfc339548f
core/config: disable strict-transport-security header with staging autocert (#4741) 2023-11-13 09:21:44 -07:00
Caleb Doxsey
62a9299e02
core/config: remove support for base64 encoded certificates (#4718) 
* core/config: update file watcher source to handle base64 encoded certificates

* fix data race

* core/config: only allow files in certificates

* remove test

* re-add test
 2023-11-08 13:08:24 -07:00
Caleb Doxsey
3bdbd56222
core/config: add pass_identity_headers option (#4720) 
* core/config: add pass_identity_headers option

* add to proto

* remove deprecated field
 2023-11-08 13:07:37 -07:00
Caleb Doxsey
77f9893fe5
core/config: remove unnecessary authenticate route (#4719) 2023-11-08 09:12:44 -07:00
Denis Mishin
bfcc970839
databroker: build config concurrently, option to bypass validation (#4655) 
* validation: option to bypass

* concurrently build config

* add regex_priority_order and route sorting

* rm mutex
 2023-11-06 13:21:29 -05:00
Kenneth Jenkins
4f648e9ac1
databroker: remove redis storage backend (#4699) 
Remove the Redis databroker backend. According to
https://www.pomerium.com/docs/internals/data-storage#redis it has been
discouraged since Pomerium v0.18.

Update the config options validation to return an error if "redis" is 
set as the databroker storage backend type.
 2023-11-02 11:53:25 -07:00
Kenneth Jenkins
5a735264b3
config: do not add route headers to global map (#4629) 
Currently the GetSetResponseHeadersForPolicy() method may add entries to 
the global SetResponseHeaders map, which can lead to one route's headers
being applied to other routes.

Instead, make a copy of the SetResponseHeaders map before adding any 
route-specific response header entries.

Add additional unit tests for GetSetResponseHeaders() and 
GetSetResponseHeadersForPolicy().
 2023-10-18 13:55:48 -07:00
Kenneth Jenkins
5a4acc5cd3
config: validate cookie_secure option (#4484) 
Do not allow the combination of 'cookie_same_site: none' and
'cookie_secure: false'.

Cookies with SameSite=None must also set the Secure option, see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#none.
 2023-08-23 10:43:01 -07:00
Kenneth Jenkins
e448909042
authorize: remove incorrect "valid-client-certificate" reason (#4470) 
Fix the logic around when to add the default invalid_client_certificate
rule: this should only be added if mTLS is enabled and the enforcement
mode is not set to "policy". Add a unit test for this logic.
 2023-08-17 08:13:57 -07:00
Kenneth Jenkins
24b09186a4
config: move mTLS settings to new struct (#4442) 
Move downstream mTLS settings to a nested config file object, under the
key 'downstream_mtls', and add a new DownstreamMTLSSettings struct for
these settings.

Deprecate the existing ClientCA and ClientCAFile fields in the Options
struct, but continue to honor them for now (log a warning if either is
populated).

Delete the ClientCRL and ClientCRLFile fields entirely (in current
releases these cannot be set without causing an Envoy error, so this
should not be a breaking change).

Update the Settings proto to mirror this nested structure.
 2023-08-08 10:22:48 -07:00