github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-20 07:12:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
557 Commits 3 Branches 0 Tags
00432bcfd670f28c2ae55ddcfafbf70ad4a0f5bf
Commit Graph

73 Commits

Author SHA1 Message Date
dependabot[bot]
c6dc354c34 build(deps): bump github.com/bsm/redislock from 0.9.2 to 0.9.3 (#98) 
Bumps [github.com/bsm/redislock](https://github.com/bsm/redislock) from 0.9.2 to 0.9.3.
- [Release notes](https://github.com/bsm/redislock/releases)
- [Changelog](https://github.com/bsm/redislock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bsm/redislock/compare/v0.9.2...v0.9.3)

---
updated-dependencies:
- dependency-name: github.com/bsm/redislock
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-02 07:00:04 +00:00
dependabot[bot]
d4523ad5c9 build(deps): bump golang.org/x/vuln (#99) 
Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 0.0.0-20230207141452-6b5ae5be2408 to 0.1.0.
- [Release notes](https://github.com/golang/vuln/releases)
- [Commits](https://github.com/golang/vuln/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: golang.org/x/vuln
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-02 06:56:55 +00:00
dependabot[bot]
af69c07234 build(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 (#96) 
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.30.1 to 2.30.2.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.1...v2.30.2)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-25 06:36:43 +00:00
dependabot[bot]
1e6eed5f53 build(deps): bump github.com/prometheus/client_golang (#90) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-17 20:07:08 +00:00
dependabot[bot]
bbc91d5838 build(deps): bump github.com/rs/cors from 1.8.3 to 1.9.0 (#91) 
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.8.3 to 1.9.0.
- [Release notes](https://github.com/rs/cors/releases)
- [Commits](https://github.com/rs/cors/compare/v1.8.3...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-17 19:59:57 +00:00
Trong Huu Nguyen
ba6f689056 build(deps): bump 2023-04-11 14:35:04 +02:00
Trong Huu Nguyen
bf964e42f2 build(deps): bump 2023-03-21 09:22:12 +01:00
dependabot[bot]
a3585895c1 build(deps): bump github.com/alicebob/miniredis/v2 from 2.30.0 to 2.30.1 
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.30.0 to 2.30.1.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.0...v2.30.1)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 19:58:41 +00:00
Trong Huu Nguyen
2116f8d23b build(deps): bump golang.org/x/oauth2 from 0.5.0 to 0.6.0 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-08 13:43:43 +01:00
dependabot[bot]
4ab4b54bfe build(deps): bump golang.org/x/crypto from 0.6.0 to 0.7.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-08 13:43:26 +01:00
dependabot[bot]
db499229de build(deps): bump github.com/bsm/redislock from 0.9.0 to 0.9.1 
Bumps [github.com/bsm/redislock](https://github.com/bsm/redislock) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/bsm/redislock/releases)
- [Changelog](https://github.com/bsm/redislock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/bsm/redislock/compare/v0.9.0...v0.9.1)

---
updated-dependencies:
- dependency-name: github.com/bsm/redislock
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-08 13:43:23 +01:00
dependabot[bot]
27bc5aee60 build(deps): bump honnef.co/go/tools from 0.4.0 to 0.4.2 (#72) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-28 08:12:28 +01:00
dependabot[bot]
f720842e03 build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#73) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-28 08:04:38 +01:00
Trong Huu Nguyen
d5b603c98f feat(router): add cors middleware for sso server 2023-02-23 14:30:55 +01:00
Trong Huu Nguyen
e7d411b5c9 build: add gofumt and Makefile target for formatting 2023-02-21 15:36:14 +01:00
Trong Huu Nguyen
9d330d8395 deps: bump 2023-02-21 13:13:23 +01:00
Trong Huu Nguyen
2a8386637e deps: bump em 2023-02-15 08:47:55 +01:00
Trong Huu Nguyen
c81297c401 build(deps): various bumps, use go-redis v9 2023-02-10 14:58:15 +01:00
Trong Huu Nguyen
9881bf5b44 build: bump to go version 1.20 2023-02-10 14:58:15 +01:00
Trong Huu Nguyen
a682f08715 ci: add staticcheck and govulncheck 2023-02-10 14:57:46 +01:00
dependabot[bot]
da54f4fcc5 build(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#65) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-31 09:16:41 +01:00
dependabot[bot]
d8493e1e7b build(deps): bump github.com/alicebob/miniredis/v2 from 2.23.1 to 2.30.0 (#62) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 08:42:51 +00:00
dependabot[bot]
fb8a4edb71 build(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 (#63) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 09:40:57 +01:00
dependabot[bot]
a925a3f112 build(deps): bump github.com/bmatcuk/doublestar/v4 from 4.4.0 to 4.6.0 (#64) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-10 09:36:21 +01:00
dependabot[bot]
0cb51a32ba build(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.23.1 (#60) 2022-12-19 14:29:25 +00:00
Trong Huu Nguyen
4896f9aa41 deps: more bumps 2022-12-19 09:45:16 +01:00
Trong Huu Nguyen
4ee771856a deps: bump em 2022-12-02 13:49:27 +01:00
Trong Huu Nguyen
185485a6fe feat(handler/autologin): use doublestar library for nested path matching 
Fixes #54.
 2022-11-24 11:36:54 +01:00
Trong Huu Nguyen
e76bb5c369 perf: use automaxprocs to prevent cpu throttling under cgroup quotas 2022-11-24 11:36:54 +01:00
Trong Huu Nguyen
16fa07921f chore: bump dependencies 2022-11-24 11:36:51 +01:00
Trong Huu Nguyen
9af867bf91 chore: bump deps 2022-09-19 08:41:14 +02:00
dependabot[bot]
2fd76001d8 build(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-12 19:24:24 +00:00
Trong Huu Nguyen
c0138f4b49 feat(session): use locks for refreshing 
One of the changes in OAuth 2.1 addresses attacks with refresh token
replays by recommending the use of one-time use tokens. A refresh token
is thus rotated and invalid after exactly one use, returning a new token
for each successful grant. Any further attempts must thus use the most
recently acquired refresh token. Reusing a refresh token may also
cause the authorization server to invalidate the current active refresh
token, requiring a refresh authorization grant to be reacquired for
further refresh token usage.

The use of locks prevents multiple refresh grant attempts for a given
session from happening across concurrent requests.
 2022-09-04 17:14:35 +02:00
Trong Huu Nguyen
9d7732fc25 deps: bump em 2022-08-31 08:50:09 +02:00
Trong Huu Nguyen
f9b7bbe10b deps: bump it 2022-08-22 08:40:27 +02:00
dependabot[bot]
758277a267 build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.4 to 2.0.5 (#45) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-11 10:59:15 +02:00
Trong Huu Nguyen
51075ad9ed refactor(middleware/logentry): remove httplog dependency 2022-08-11 09:54:23 +02:00
Trong Huu Nguyen
ea5b7701a9 deps: bump to go 1.19 2022-08-10 13:12:56 +02:00
Trong Huu Nguyen
261f0e039d deps: bump various dependencies 2022-08-10 13:12:42 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
a230599351 deps: bumpity bump 2022-07-14 12:20:51 +02:00
dependabot[bot]
afd1a29671 build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.5 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-27 19:25:46 +00:00
dependabot[bot]
557cca2a08 build(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.2 to 2.0.3 (#34) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-14 08:27:37 +02:00
Trong Huu Nguyen
a4c96d3217 deps: bumpity bump 2022-06-09 13:18:52 +02:00
Trong Huu Nguyen
2534c4dcd6 deps: bump prometheus/client_golang to 1.12.2 2022-05-19 08:25:51 +02:00
Trong Huu Nguyen
0a73b1cf3b deps: bump jwx to v2.0.1 2022-05-10 09:25:27 +02:00
Trong Huu Nguyen
04fab6104a feat(handler/callback): add retries for requests to external services 2022-05-06 12:28:58 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
eb2a93dbf0 deps: bump various libs 2022-05-05 11:06:01 +02:00
Trong Huu Nguyen
afeaf6a381 deps: bump to go 1.18 2022-05-05 11:03:25 +02:00