chore(dependabot): bump github.com/zitadel/oidc/v3 from 3.35.0 to 3.38.1 (#546)

dependabot[bot] · web-flow · commit 915fa782ea02 · 2025-04-30T07:18:42.000-07:00
Bumps [github.com/zitadel/oidc/v3](https://github.com/zitadel/oidc) from 3.35.0 to 3.38.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zitadel/oidc/releases">github.com/zitadel/oidc/v3's releases</a>.</em></p> <blockquote> <h2>v3.38.1</h2> <h2><a href="https://github.com/zitadel/oidc/compare/v3.38.0...v3.38.1">3.38.1</a> (2025-04-29)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>op:</strong> Add mitigation for PKCE Downgrade Attack (<a href="https://redirect.github.com/zitadel/oidc/issues/741">#741</a>) (<a href="https://github.com/zitadel/oidc/commit/4f0ed79c0a49c9de7341300c0d1e45e5c1e38796">4f0ed79</a>)</li> </ul> <h2>v3.38.0</h2> <h1><a href="https://github.com/zitadel/oidc/compare/v3.37.0...v3.38.0">3.38.0</a> (2025-04-29)</h1> <h3>Features</h3> <ul> <li>enhance authentication response handling (<a href="https://redirect.github.com/zitadel/oidc/issues/728">#728</a>) (<a href="https://github.com/zitadel/oidc/commit/5913c5a07482829532d831b168a82255cba0e8cc">5913c5a</a>)</li> </ul> <h2>v3.37.0</h2> <h1><a href="https://github.com/zitadel/oidc/compare/v3.36.1...v3.37.0">3.37.0</a> (2025-03-24)</h1> <h3>Features</h3> <ul> <li><strong>op:</strong> always verify code challenge when available (<a href="https://redirect.github.com/zitadel/oidc/issues/721">#721</a>) (<a href="https://github.com/zitadel/oidc/commit/c51628ea27035796152a32631439625b55f0a7ea">c51628e</a>)</li> </ul> <h2>v3.36.1</h2> <h2><a href="https://github.com/zitadel/oidc/compare/v3.36.0...v3.36.1">3.36.1</a> (2025-03-14)</h2> <h3>Bug Fixes</h3> <ul> <li>ignore empty json strings for locale (<a href="https://redirect.github.com/zitadel/oidc/issues/678">#678</a>) (<a href="https://github.com/zitadel/oidc/commit/efd6fdad7aa2382879821fde4d016236bb5c243a">efd6fda</a>), closes <a href="https://redirect.github.com/zitadel/oidc/issues/673">#673</a></li> </ul> <h2>v3.36.0</h2> <h1><a href="https://github.com/zitadel/oidc/compare/v3.35.0...v3.36.0">3.36.0</a> (2025-03-12)</h1> <h3>Features</h3> <ul> <li>add CanGetPrivateClaimsFromRequest interface (<a href="https://redirect.github.com/zitadel/oidc/issues/717">#717</a>) (<a href="https://github.com/zitadel/oidc/commit/7a767d8568772197503dca7f90b5a767f6f23572">7a767d8</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zitadel/oidc/commit/4f0ed79c0a49c9de7341300c0d1e45e5c1e38796"><code>4f0ed79</code></a> fix(op): Add mitigation for PKCE Downgrade Attack (<a href="https://redirect.github.com/zitadel/oidc/issues/741">#741</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/5913c5a07482829532d831b168a82255cba0e8cc"><code>5913c5a</code></a> feat: enhance authentication response handling (<a href="https://redirect.github.com/zitadel/oidc/issues/728">#728</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/b917cdc2e3cc021815e28e30bde8c3ea688aa339"><code>b917cdc</code></a> chore(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 (<a href="https://redirect.github.com/zitadel/oidc/issues/737">#737</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/cb3ec3ac5f9bcfb07ffb51c4230291408a3501de"><code>cb3ec3a</code></a> chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 (<a href="https://redirect.github.com/zitadel/oidc/issues/739">#739</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/7cc5fb656818b9da48d34252c186b3d715cf2af0"><code>7cc5fb6</code></a> chore(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 (<a href="https://redirect.github.com/zitadel/oidc/issues/733">#733</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/92972fd30f02756cdf361c024342fbc8f2cb660c"><code>92972fd</code></a> chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (<a href="https://redirect.github.com/zitadel/oidc/issues/734">#734</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/c51628ea27035796152a32631439625b55f0a7ea"><code>c51628e</code></a> feat(op): always verify code challenge when available (<a href="https://redirect.github.com/zitadel/oidc/issues/721">#721</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/7096406e71f682c492da1a2d4b6a4a0b88ffd34a"><code>7096406</code></a> chore(deps): bump github.com/zitadel/schema from 1.3.0 to 1.3.1 (<a href="https://redirect.github.com/zitadel/oidc/issues/731">#731</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/c91db9e47b147ce8c5d8ba33939782b6177f78bd"><code>c91db9e</code></a> chore(deps): bump github.com/zitadel/logging from 0.6.1 to 0.6.2 (<a href="https://redirect.github.com/zitadel/oidc/issues/730">#730</a>)</li> <li><a href="https://github.com/zitadel/oidc/commit/f648c61cab4771e9b5bf5e5b38e71388d26d07b7"><code>f648c61</code></a> Merge pull request <a href="https://redirect.github.com/zitadel/oidc/issues/729">#729</a> from zitadel/update-go-version</li> <li>Additional commits viewable in <a href="https://github.com/zitadel/oidc/compare/v3.35.0...v3.38.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/zitadel/oidc/v3&package-manager=go_modules&previous-version=3.35.0&new-version=3.38.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/go.mod b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.10.0
 	github.com/zalando/go-keyring v0.2.6
-	github.com/zitadel/oidc/v3 v3.35.0
+	github.com/zitadel/oidc/v3 v3.38.1
 	golang.org/x/oauth2 v0.29.0
 	golang.org/x/term v0.30.0
 	google.golang.org/grpc v1.69.4
@@ -104,18 +104,18 @@ require (
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/yuin/goldmark v1.7.4 // indirect
 	github.com/yuin/goldmark-emoji v1.0.3 // indirect
-	github.com/zitadel/logging v0.6.1 // indirect
-	github.com/zitadel/schema v1.3.0 // indirect
+	github.com/zitadel/logging v0.6.2 // indirect
+	github.com/zitadel/schema v1.3.1 // indirect
 	go.opentelemetry.io/otel v1.31.0 // indirect
 	go.opentelemetry.io/otel/metric v1.31.0 // indirect
 	go.opentelemetry.io/otel/trace v1.31.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect
 	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
@@ -325,12 +325,12 @@ github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFi
 github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s=
 github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI=
-github.com/zitadel/logging v0.6.1 h1:Vyzk1rl9Kq9RCevcpX6ujUaTYFX43aa4LkvV1TvUk+Y=
-github.com/zitadel/logging v0.6.1/go.mod h1:Y4CyAXHpl3Mig6JOszcV5Rqqsojj+3n7y2F591Mp/ow=
-github.com/zitadel/oidc/v3 v3.35.0 h1:ClEhENG/fly9bYV2K5GaDih9bAMfnpzj7mWjv6puTQM=
-github.com/zitadel/oidc/v3 v3.35.0/go.mod h1:RLkol0VGNN6EHfWoa+H0GsEOqrLI/Dwl/rnqBnGh7hU=
-github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=
-github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=
+github.com/zitadel/logging v0.6.2 h1:MW2kDDR0ieQynPZ0KIZPrh9ote2WkxfBif5QoARDQcU=
+github.com/zitadel/logging v0.6.2/go.mod h1:z6VWLWUkJpnNVDSLzrPSQSQyttysKZ6bCRongw0ROK4=
+github.com/zitadel/oidc/v3 v3.38.1 h1:VTf1Bv/33UbSwJnIWbfEIdpUGYKfoHetuBNIqVTcjvA=
+github.com/zitadel/oidc/v3 v3.38.1/go.mod h1:muukzAasaWmn3vBwEVMglJfuTE0PKCvLJGombPwXIRw=
+github.com/zitadel/schema v1.3.1 h1:QT3kwiRIRXXLVAs6gCK/u044WmUVh6IlbLXUsn6yRQU=
+github.com/zitadel/schema v1.3.1/go.mod h1:071u7D2LQacy1HAN+YnMd/mx1qVE2isb0Mjeqg46xnU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
 go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
@@ -366,8 +366,8 @@ golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
+golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -394,8 +394,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
