build(deps): bump dexidp/dex from v2.43.1 to v2.44.0 in /dex

[dependabot]

Bumps dexidp/dex from v2.43.1 to v2.44.0.

Release notes

Sourced from dexidp/dex's releases.

v2.44.0

What's Changed

Enhancements 🚀

• Allow server startup with partial connector failures by @​manojVivek in dexidp/dex#4159
• Add recursive LDAP parent group search (AD-style hierarchy across all LDAPs) by @​EthanDieterich in dexidp/dex#4113
• feat: Add ModifyGroupNames claimMutation to oidc connector by @​peschmae in dexidp/dex#4144
• authproxy connector: add support for specifying group header separator by @​a-buck in dexidp/dex#3745
• fix: join issuer URL with discovery path without extra slash after issuer URL by @​vizv in dexidp/dex#4263
• feat: grpc api list clients by @​daemonfire300 in dexidp/dex#4202

Bug Fixes 🐛

• 🐛 remove extra method="get" from device-code template by @​tuminoid in dexidp/dex#4145
• [oidc] pass httpClient to the TokenIdentity context by @​marriva in dexidp/dex#4223
• Resolve CVE by updating gomplate to 4.3.3 by @​philBrown in dexidp/dex#4224
• fix: device code should not require scope by @​cardoe in dexidp/dex#4203
• fix: device code pending HTTP response by @​cardoe in dexidp/dex#4204
• Allow compilation without CGO by @​nabokihms in dexidp/dex#4266

Dependency Updates ⬆️

• Resolve CVE by updating gomplate to 4.3.2 by @​nathanlaceyraft in dexidp/dex#4146
• build(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by @​dependabot[bot] in dexidp/dex#4180
• build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 by @​dependabot[bot] in dexidp/dex#4171
• build(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /examples by @​dependabot[bot] in dexidp/dex#4174
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @​dependabot[bot] in dexidp/dex#4179
• build(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by @​dependabot[bot] in dexidp/dex#4167
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in dexidp/dex#4162
• build(deps): bump docker/build-push-action from 6.17.0 to 6.18.0 by @​dependabot[bot] in dexidp/dex#4155
• build(deps): bump distroless/static-debian12 from 188ddfb to 627d6c5 by @​dependabot[bot] in dexidp/dex#4181
• build(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @​dependabot[bot] in dexidp/dex#4187
• build(deps): bump google.golang.org/api from 0.233.0 to 0.238.0 by @​dependabot[bot] in dexidp/dex#4186
• build(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.0 by @​dependabot[bot] in dexidp/dex#4185
• build(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by @​dependabot[bot] in dexidp/dex#4184
• build(deps): bump github.com/go-sql-driver/mysql from 1.9.2 to 1.9.3 by @​dependabot[bot] in dexidp/dex#4183
• build(deps): bump the etcd group with 2 updates by @​dependabot[bot] in dexidp/dex#4175
• build(deps): bump alpine from 3.21.3 to 3.22.0 by @​dependabot[bot] in dexidp/dex#4163
• build(deps): bump google.golang.org/grpc from 1.72.1 to 1.73.0 in /api/v2 by @​dependabot[bot] in dexidp/dex#4170
• build(deps): bump docker/setup-buildx-action from 3.11.0 to 3.11.1 by @​dependabot[bot] in dexidp/dex#4189
• build(deps): bump mheap/github-action-required-labels from 5.5.0 to 5.5.1 by @​dependabot[bot] in dexidp/dex#4190
• build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.0 in /examples by @​dependabot[bot] in dexidp/dex#4219
• build(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 by @​dependabot[bot] in dexidp/dex#4205
• build(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.2 by @​dependabot[bot] in dexidp/dex#4225
• build(deps): bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 by @​dependabot[bot] in dexidp/dex#4210
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.0 to 4.1.1 by @​dependabot[bot] in dexidp/dex#4196
• build(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 by @​dependabot[bot] in dexidp/dex#4214
• build(deps): bump alpine from 3.22.0 to 3.22.1 by @​dependabot[bot] in dexidp/dex#4217
• build(deps): bump the etcd group with 2 updates by @​dependabot[bot] in dexidp/dex#4213
• build(deps): bump github.com/oklog/run from 1.1.0 to 1.2.0 by @​dependabot[bot] in dexidp/dex#4199
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.28 to 1.14.29 by @​dependabot[bot] in dexidp/dex#4239
• build(deps): bump github/codeql-action from 3.29.0 to 3.29.4 by @​dependabot[bot] in dexidp/dex#4238
• build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2 by @​dependabot[bot] in dexidp/dex#4235

... (truncated)

Commits

• 2dce750 Merge pull request #4292 from dexidp/dependabot/go_modules/github.com/stretch...
• 8aa4684 Merge pull request #4293 from dexidp/dependabot/github_actions/aquasecurity/t...
• 33f0619 Merge pull request #4296 from dexidp/dependabot/github_actions/actions/attest...
• d95db82 Merge pull request #4295 from rackerlabs/avoid-hardcoded-image
• f10f4d6 build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0
• ad912d0 build(deps): bump aquasecurity/trivy-action from 0.32.0 to 0.33.0
• e1da164 build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
• d4e9d54 Merge pull request #4286 from dexidp/dependabot/go_modules/api/v2/google.gola...
• 9b5c87a build(deps): bump google.golang.org/protobuf in /api/v2
• 757fd5f Merge pull request #4290 from dexidp/dependabot/github_actions/actions/depend...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)