Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Update Dex to v2.27.0 #5058

Merged
merged 1 commit into from Dec 14, 2020
Merged

chore: Update Dex to v2.27.0 #5058

merged 1 commit into from Dec 14, 2020

Conversation

jannfis
Copy link
Member

@jannfis jannfis commented Dec 14, 2020
edited

PR to update Dex to v2.27.0 due to a security issue in SAML connectors, refer GHSA-m9hp-7r99-94h5 and GHSA-q547-gmf8-8jr7 for more details.

Dex also seems to have moved away from Quay registry to GitHub Container Registry.

Tested on an instance authenticating against GitHub.

Should be cherry-picked into 1.7 and 1.8 branches for next patch releases of Argo CD.

Signed-off-by: jannfis jann@mistrust.net

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • Optional. My organization is added to USERS.md.
  • I have signed off all my commits as required by DCO
  • My build is green (troubleshooting builds).

@jannfis
chore: Update Dex to v2.27.0
0545cd3 
Signed-off-by: jannfis <jann@mistrust.net>
@jannfis jannfis added security Security related cherry-pick/1.7 Candidate for cherry picking into the 1.7 release branch cherry-pick/1.8 Candidate for cherry picking into the 1.8 release branch labels Dec 14, 2020
alexmt
alexmt approved these changes Dec 14, 2020
View reviewed changes
Copy link
Collaborator

@alexmt alexmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexmt alexmt merged commit e08e0d2 into argoproj:master Dec 14, 2020
@james-d-elliott james-d-elliott mentioned this pull request Dec 15, 2020
Closed
5 tasks
jannfis added a commit that referenced this pull request Dec 15, 2020
@jannfis
chore: Update Dex to v2.27.0 (#5058)
41db5fc 
Signed-off-by: jannfis <jann@mistrust.net>
@jannfis jannfis mentioned this pull request Dec 16, 2020
Merged
8 tasks
rbreeze pushed a commit that referenced this pull request Jan 12, 2021
@jannfis @rbreeze
chore: Update Dex to v2.27.0 (#5058)
7f643a4 
Signed-off-by: jannfis <jann@mistrust.net>
Signed-off-by: Remington Breeze <remington@breeze.software>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexmt alexmt alexmt approved these changes

Assignees
No one assigned
Labels
cherry-pick/1.7 Candidate for cherry picking into the 1.7 release branch cherry-pick/1.8 Candidate for cherry picking into the 1.8 release branch security Security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jannfis @alexmt