chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 #10939

crenshaw-dev · 2022-10-14T00:05:03Z

No description provided.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

codecov · 2022-10-14T00:29:24Z

Codecov Report

Base: 45.82% // Head: 45.62% // Decreases project coverage by -0.20% ⚠️

Coverage data is based on head (bf77f45) compared to base (eb9d0a5).
Patch has no changes to coverable lines.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #10939      +/-   ##
==========================================
- Coverage   45.82%   45.62%   -0.21%     
==========================================
  Files         236      236              
  Lines       28700    28701       +1     
==========================================
- Hits        13152    13095      -57     
- Misses      13738    13805      +67     
+ Partials     1810     1801       -9

Impacted Files	Coverage Δ
server/application/application.go	`27.89% <0.00%> (-1.12%)`	⬇️
util/settings/settings.go	`51.25% <0.00%> (ø)`
pkg/apiclient/grpcproxy.go	`0.00% <0.00%> (ø)`
pkg/apiclient/apiclient.go	`1.25% <0.00%> (+0.15%)`	⬆️
server/application/terminal.go	`12.75% <0.00%> (+1.43%)`	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

34fathombelow

LGTM

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

crenshaw-dev · 2022-10-17T16:34:00Z

Cherry-picked onto release-2.2 for 2.2.15, release-2.3 for 2.3.10, release-2.4 for 2.4.15, and release-2.5 for 2.5.0-rc3.

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Signed-off-by: Nicholas Johnson <nbjohnson10@gmail.com>

chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665

bf77f45

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

crenshaw-dev added cherry-pick/2.2 Candidate for cherry picking into the 2.2 release branch cherry-pick/2.3 Candidate for cherry picking into the 2.3 release branch cherry-pick/2.4 Candidate for cherry picking into the 2.4 release branch cherry-pick/2.5 labels Oct 14, 2022

34fathombelow approved these changes Oct 14, 2022

View reviewed changes

zachaller approved these changes Oct 17, 2022

View reviewed changes

wanghong230 approved these changes Oct 17, 2022

View reviewed changes

crenshaw-dev merged commit 793f728 into argoproj:master Oct 17, 2022

crenshaw-dev deleted the dex-2.35.3 branch October 17, 2022 16:30

mconigliaro mentioned this pull request Nov 21, 2022

"invalid session token: failed to verify signature: failed to verify id token signature" with argocd v2.5.2 and dex v2.35.x #11392

Open

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 #10939

chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 #10939

crenshaw-dev commented Oct 14, 2022

codecov bot commented Oct 14, 2022

34fathombelow left a comment

crenshaw-dev commented Oct 17, 2022

chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 #10939

chore: upgrade dex to v2.35.3 to avoid CVE-2022-27665 #10939

Conversation

crenshaw-dev commented Oct 14, 2022

codecov bot commented Oct 14, 2022

Codecov Report

34fathombelow left a comment

Choose a reason for hiding this comment

crenshaw-dev commented Oct 17, 2022