Skip to content

chore(deps): update oryd/oathkeeper docker tag to v26#6

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/oryd-oathkeeper-26.x
Open

chore(deps): update oryd/oathkeeper docker tag to v26#6
renovate[bot] wants to merge 1 commit intomainfrom
renovate/oryd-oathkeeper-26.x

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Mar 31, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
oryd/oathkeeper (source) Kustomization major v0.40.7v26.2.0

Release Notes

ory/oathkeeper (oryd/oathkeeper)

v26.2.0

Compare Source

v26.2.0

Bug Fixes

  • Always retry curl invocations to surmount transient third-party failures (9a8bda2):

  • Clean path while matching to prevent path traversal (8e00021):

  • Context passing in jsonnetsecure (664432e):

  • Correctly scan SQL NULL into go JSON types (9088f91):

  • Down migrations in newer MySQL versions (c92bc2c):

  • Drop all X-Forwarded-* headers when untrusted (36a676e):

  • Fix benchmark test (5862cf6):

  • Incorrect default value for page_tokens (9667983):

  • Incorrect usage of database/sql (73009ca):

  • Only use X-Forwarded-Proto header when trusted (e9acca1):

  • Remove flaky test for unused function (ee67087):

  • Remove WithDumpMigrations option to MigrationBox (5964b69):

  • Request log config key (5ce8122):

  • Restore OTEL trace propagation in remote and remote_json authorizers (6c8b787):

  • Scope cache config key to introspection URL (198a2bc):

  • Stray debug print (b9a2725):

  • Update CONTRIBUTING.md (3af6f3c):

  • Update packages to fix GHSA-7h2j-956f-4vf2 (0b855e4):

  • Upgrade vulnerable dependencies across Go and npm (afdef7d):

    Co-authored-by: Deepak Prabhakara deepak.prabhakara@ory.sh

  • X data race and parallize some tests (ecbebd3):

Code Generation
  • Prepare for OSS release - v26.2.0 (c84dbe0):
Code Refactoring
  • Squash merge old backoffice migration and fix up command (1350d8a):
Documentation
Features

  • Add support for NULL and more column types to keysetpagination (8e36fb7):

  • Automatic transaction retries for postgres (de668c1):

  • Collect external latency data and write to logs (e4e2644):

  • Consider Go migrations DirHash when restoring full schema from backups (cb65b07):

  • Forward (some) user request headers to SMS HTTP channel (f9ef1b2):

  • Generate events for SSO and SCIM provider revisions (bf85260):

  • Hydra benchmarking tool (7dc973b):

  • Improved tracing (a362e6e):

  • Keto-cli improvements (44167e9):

  • Make 429 passthrough instead return 401 (12cc3da):

  • Make SCIM work with MySQL (d717289):

  • Rename project revision columns (96fee1c):

  • Use keysetpagination planner for keto read queries (2b33f5a):

Tests

  • Deflake and improve performance (5c91d9d):

  • Deflake directory watcherx (9ef6345):

  • Faster and more reliable courier tests (7dd339a):

  • hydra: Add plaintext backups for all DB types (cdc1e05):

  • Minor setup improvements (d9f227a):

Changelog

  • 4dcf01a autogen(docs): generate and bump docs
  • 6816c4e autogen(sdk): bump to 05ddc40
  • 4c610a5 autogen(sdk): bump to 9c2abd7
  • c84dbe0 autogen: prepare for OSS release - v26.2.0
  • 3601987 chore(deps): update actions/checkout action to v6
  • d334de1 chore(deps): update dependency @​types/lodash to v4.17.21
  • 3d4762d chore(deps): update go modules
  • 8668033 chore(deps): update golangci/golangci-lint-action action to v9
  • bff5f54 chore(deps): update jackson (major)
  • addb79f chore(deps): update oathkeeper to v4 (major)
  • d5931bc chore(keto): use ory/x router
  • 3bfd8fc chore(kratos): use httprouter from ory/x
  • 271e90e chore: add cause to context cancels with 'context.WithTimeoutCause' in ./x
  • 8888a60 chore: add helpers for Kratos OEL to support various databases
  • 5334a52 chore: add retries to more curl invocations
  • f1ba1cf chore: added CLIENT_SECRET_VERIFIER to our deployment
  • ead66ab chore: always use ristretto/v2
  • 82e6cfb chore: audit and fix npm dependencies
  • add9940 chore: bump to CRDB v25.4
  • e690c00 chore: bump to Go 1.26 massive cleanup in ory/x
  • 3f4085a chore: cleanup package-lock files
  • 97ecec8 chore: correct typos
  • d57bf13 chore: delete unused CRDB changefeed watcherx module
  • 25bbdc3 chore: deprecate organization APIs
  • 77eee56 chore: fix for critical CVE - GHSA-p77j-4mvh-x3m3
  • d1301c9 chore: fix golangci-lint warnings
  • 4304bc3 chore: improve clidoc generation
  • dafc47d chore: improve error reporting to help diagnose flaky test
  • f234fba chore: improve readability of popx.MigrationBox
  • d062731 chore: keysetpagination improvements
  • f8d0fcc chore: more npm security updates
  • 7d92cad chore: remove unused code
  • 116d2b9 chore: remove unused log code
  • 54dae34 chore: remove unused x/watcherx/websocket
  • f054847 chore: run go mod tidy and misc cleanup
  • aced92d chore: run npm audit fix
  • 1caff5e chore: security updates for glob library
  • 8e0f109 chore: simplify HTTP metrics instrumentation
  • 2a11ffc chore: simplify decoderx usage
  • f3ae92b chore: split SCIM from multi-region & make it work with SQLite
  • 93582cf chore: trivial linter issues
  • 9163541 chore: unify common dependency interfaces
  • b32cc90 chore: update @​openapitools/openapi-generator-cli
  • c019a13 chore: update OSS ory.sh to ory.com
  • 3a3a6ae chore: update pop to latest & only run pop.SetNowFunc() inside init()
  • 6bfe8cb chore: update to dockertest v4
  • 1322ee3 chore: updated axios
  • 1246bc6 chore: updated golang.org/x/crypto
  • aee85c3 chore: updated minimatch
  • 249608a chore: use pgx pool in Kratos OEL & fix some OEL commands not using enterprise migrations
  • 183aee9 ci: add docker driver to cve scan
  • 0e3dc10 docs: update readmes
  • 8e36fb7 feat: add support for NULL and more column types to keysetpagination
  • de668c1 feat: automatic transaction retries for postgres
  • e4e2644 feat: collect external latency data and write to logs
  • cb65b07 feat: consider Go migrations DirHash when restoring full schema from backups
  • f9ef1b2 feat: forward (some) user request headers to SMS HTTP channel
  • bf85260 feat: generate events for SSO and SCIM provider revisions
  • 7dc973b feat: hydra benchmarking tool
  • a362e6e feat: improved tracing
  • 44167e9 feat: keto-cli improvements
  • 12cc3da feat: make 429 passthrough instead return 401
  • d717289 feat: make SCIM work with MySQL
  • 96fee1c feat: rename project revision columns
  • 2b33f5a feat: use keysetpagination planner for keto read queries
  • 9a8bda2 fix: always retry curl invocations to surmount transient third-party failures
  • 8e00021 fix: clean path while matching to prevent path traversal
  • 664432e fix: context passing in jsonnetsecure
  • 9088f91 fix: correctly scan SQL NULL into go JSON types
  • c92bc2c fix: down migrations in newer MySQL versions
  • 36a676e fix: drop all X-Forwarded-* headers when untrusted
  • 5862cf6 fix: fix benchmark test
  • 9667983 fix: incorrect default value for page_tokens
  • 73009ca fix: incorrect usage of database/sql
  • e9acca1 fix: only use X-Forwarded-Proto header when trusted
  • 5964b69 fix: remove WithDumpMigrations option to MigrationBox
  • ee67087 fix: remove flaky test for unused function
  • 5ce8122 fix: request log config key
  • 6c8b787 fix: restore OTEL trace propagation in remote and remote_json authorizers
  • 198a2bc fix: scope cache config key to introspection URL
  • b9a2725 fix: stray debug print
  • 3af6f3c fix: update CONTRIBUTING.md
  • 0b855e4 fix: update packages to fix GHSA-7h2j-956f-4vf2
  • afdef7d fix: upgrade vulnerable dependencies across Go and npm
  • ecbebd3 fix: x data race and parallize some tests
  • 1350d8a refactor: squash merge old backoffice migration and fix up command
  • cdc1e05 test(hydra): add plaintext backups for all DB types
  • 5c91d9d test: deflake and improve performance
  • 9ef6345 test: deflake directory watcherx
  • 7dd339a test: faster and more reliable courier tests
  • d9f227a test: minor setup improvements

Artifacts can be verified with cosign using this public key.

v25.4.0

Compare Source

This release brings internal improvements to configuration handling, observability, and repo management. It also aligns Oathkeeper more closely with the rest of the Ory ecosystem by migrating to vendored libraries, modernizing infrastructure, and improving CI/CD pipelines.

Ory has moved to a new versioning scheme. Read about our new version scheme. Interested in self-hosting Ory with support, SLAs, and advanced features? Check out our offerings.

Features

  • Monorepo migration: Oathkeeper has been consolidated into the Ory monorepo for better cross-project consistency and maintainability.
  • Vendored Ory/x: Oathkeeper now uses vendored versions of ory/x to reduce dependency issues and simplify builds.
  • Goreleaser integration: Release builds are now managed via goreleaser, improving reproducibility across platforms.
  • Config helpers moved to ory/x: Shared configuration test helpers were migrated for reuse across the ecosystem.
  • OTLP tracing improvements: Enhanced telemetry support with better defaults and sampling control.

Auto-generated release notes

Bug Fixes

  • Add repo syncing for polis (d9d0564):

  • Better tracing in proxy HTTP (154aa3a):

  • Copybara script (e378207):

  • Deduplicate down migrations (2a9de87):

  • deps: Update go-x (596d47f):

  • Escape IPv6 regex string (1c941f8):

  • Failing CI in OSS repos (ef037fc):

  • Force SQL operator precedence in pagination v2 to ensure nid isolation (352dc27):

  • hydra: Instrument metrics also on public endpoints (9fb2738):

  • hydra: Use prometheus metrics instead of SQA metrics (2e8a272):

  • Ignore non SQL files when applying migrations (190f33f):

  • Implicit transactions for cockroach v23.5 and simplified migration logic (f80141c):

  • Include go.mod in vendored oryx (682fcc1):

  • Jsonx.ApplyJSONPatch (7afa2f9):

  • Lint (637e831):

  • Otlp sampling rate default (eb7f97f):

  • Print correct content of down migrations (d84193b):

  • Reject invalid migration names (dfc957a):

  • Return 404 on schema file not exists (62b1711):

  • Revert "fix: otlp sampling rate default (#​9055)" (2941afc):

  • Simplify and fix Copybara sync job (1492be0):

  • Use batch insert to speed up project changes (269a260):

  • Use git hash to render ory x schema references (7f7962c):

  • Use hard-coded fallback key instead of panic (70be40a):

  • Use main branch for polis (bf316f3):

Code Generation
  • Prepare for OSS release - v25.4.0 (2020997):
Code Refactoring
  • Move database meta functions to root x folder for reusability (5dd0c61):
Features

  • Add allowed domains configuration for captcha (1635888):

  • Autoconfigure kratos-changefeed (cb91816):

  • Bump CRDB, establish foreign key, (d525767):

  • changelog-oel: Choose identity schema in self-service registration and login flows (afe66df):

  • changelog-oel: Improved tracing and metrics for the high-performance SQL connection pool (e2e2c1b):

  • changelog: Migrate http router to stdlib router (8350c72):

  • Custom page token column extraction (d1cab42):

  • Domain telemetry improvements (897ec02):

  • Expose Ory-Error-Id HTTP header (4caf155):

  • Extend Copybara pipelines to sync PRs from OSS repositories (da827d3):

  • Goreleaser (009ad5c):

  • hydra: Split up persister (51c7a2a):

  • Improve domain telemetry for OSS (Hydra & Kratos) (54ce1f5):

  • Improved events and identity recent activity (b11af64):

  • Monorepo (809577e):

  • Move config testhelpers to ory/x (933e770):

  • Use stdlib HTTP router in Kratos (e2cc330):

  • Use vendored ory/x (3c2c499):

Tests

  • Add golangci-lint config and GHA (35de51f):

  • hydra: Add snapshots for login & consent requests (c668a49):

  • Resturcture and improve integration tests (df4e14b):

Changelog

  • 996bcaf chore(deps): update actions/setup-node action to v6
  • 95d5ec4 chore(deps): update actions/setup-node action to v6
  • ff602dd chore(deps): update dependency node to v24
  • f32259a chore(deps): update oathkeeper gha
  • d20aefc chore(hydra): registry setup refactoring
  • e59c492 chore(kratos): cleanup and improve some tests
  • 71ed442 chore: add migration tests in kratos non-oss for crdb
  • 9e30681 chore: add pagination secrets for Kratos
  • d2d49b1 chore: add pre-release workflows for oss
  • bef3eb9 chore: additional pop options
  • 43aee43 chore: axios update
  • 99d23a9 chore: bump Go everywhere
  • 88dfaf2 chore: bump deps
  • 52e01e7 chore: bump go deps
  • 405e21b chore: bump go to 1.24.6
  • 69d68e4 chore: bump sec deps
  • f77f609 chore: cleanup oss workflows
  • 0f29a1b chore: fix build for kratos-oss
  • 971b1bc chore: fix vulnerable dependencies
  • 083c2e4 chore: gh actions and node lib updates
  • ea42f28 chore: go mod tidy to unblock CI
  • b7cdaae chore: improve migration testdata and assertions
  • 6ea1e01 chore: merge ory/x repo
  • 6c5e2b2 chore: more gh actions and npm lib updates
  • 1352a8c chore: remove counting courier messages
  • 4a35143 chore: remove sdk generation action
  • bcf2f81 chore: replace deprecated usages
  • fd1fb80 chore: set GitOrigin-RevId (#​1227)
  • edb9061 chore: shared serve config
  • 29db785 chore: simplify service and option loading
  • 6fa6664 chore: template migration command help
  • fcc486b chore: update OSS readme
  • 0d1c41b chore: update copybara rules
  • 23bce23 chore: update copybara transformation
  • 3828f94 chore: update github actions
  • 2451cbf chore: update github actions
  • cae1157 chore: update linter settings
  • 8b82b03 chore: update opencontainers/runc to v1.3.3
  • b1b4363 chore: update oss release workflows
  • ded5047 chore: update repository templates to ory/meta@bc603a6
  • 15c4955 chore: update repository templates to ory/meta@d919e6f
  • 962d15b chore: update repository templates to ory/meta@fc1b4d6
  • 593b8a5 chore: updated node to lts
  • bc7ed9a chore: upgrade crdb to v25.2 everywhere & deflake CI!
  • 31eb2a9 chore: use dedicated ory fork of pop
  • 56ccdb1 ci: update oss workflows and add to renovate
  • 8350c72 feat(changelog): migrate http router to stdlib router
  • afe66df feat(changelog-oel): choose identity schema in self-service registration and login flows
  • e2e2c1b feat(changelog-oel): improved tracing and metrics for the high-performance SQL connection pool
  • 51c7a2a feat(hydra): split up persister
  • 1635888 feat: add allowed domains configuration for captcha
  • cb91816 feat: autoconfigure kratos-changefeed
  • d525767 feat: bump CRDB, establish foreign key,
  • d1cab42 feat: custom page token column extraction
  • 897ec02 feat: domain telemetry improvements
  • 4caf155 feat: expose Ory-Error-Id HTTP header
  • da827d3 feat: extend Copybara pipelines to sync PRs from OSS repositories
  • 009ad5c feat: goreleaser
  • 54ce1f5 feat: improve domain telemetry for OSS (Hydra & Kratos)
  • b11af64 feat: improved events and identity recent activity
  • 809577e feat: monorepo
  • 933e770 feat: move config testhelpers to ory/x
  • e2cc330 feat: use stdlib HTTP router in Kratos
  • 3c2c499 feat: use vendored ory/x
  • 596d47f fix(deps): update go-x
  • 9fb2738 fix(hydra): instrument metrics also on public endpoints
  • 2e8a272 fix(hydra): use prometheus metrics instead of SQA metrics
  • d9d0564 fix: add repo syncing for polis
  • 154aa3a fix: better tracing in proxy HTTP
  • e378207 fix: copybara script
  • 2a9de87 fix: deduplicate down migrations
  • 1c941f8 fix: escape IPv6 regex string
  • ef037fc fix: failing CI in OSS repos
  • 352dc27 fix: force SQL operator precedence in pagination v2 to ensure nid isolation
  • 190f33f fix: ignore non SQL files when applying migrations
  • f80141c fix: implicit transactions for cockroach v23.5 and simplified migration logic
  • 682fcc1 fix: include go.mod in vendored oryx
  • 7afa2f9 fix: jsonx.ApplyJSONPatch
  • 637e831 fix: lint
  • eb7f97f fix: otlp sampling rate default
  • d84193b fix: print correct content of down migrations
  • dfc957a fix: reject invalid migration names
  • 62b1711 fix: return 404 on schema file not exists
  • 2941afc fix: revert "fix: otlp sampling rate default (#​9055)"
  • 1492be0 fix: simplify and fix Copybara sync job
  • 269a260 fix: use batch insert to speed up project changes
  • 7f7962c fix: use git hash to render ory x schema references
  • 70be40a fix: use hard-coded fallback key instead of panic
  • bf316f3 fix: use main branch for polis
  • 5dd0c61 refactor: move database meta functions to root x folder for reusability
  • c668a49 test(hydra): add snapshots for login & consent requests
  • 35de51f test: add golangci-lint config and GHA
  • df4e14b test: resturcture and improve integration tests

Artifacts can be verified with cosign using this public key.

v0.40.9

Compare Source

This is a maintanance release with small fixes and dependency updates.

Bug Fixes
Code Generation
  • Pin v0.40.9 release commit (05493f3)

Changelog

Artifacts can be verified with cosign using this public key.

v0.40.8

Compare Source

This release consists of dependency updates and also includes some bug fixes.

Bug Fixes
Code Generation
  • Pin v0.40.8 release commit (f14d6da)

Changelog

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants