chore(deps): update docker images

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
dexidp/dex	final	minor	v2.44.0 -> v2.45.1
registry.access.redhat.com/ubi9/ubi-minimal	final	digest	2bd1443 -> f5346fb
registry.redhat.io/ubi9/go-toolset	stage	patch	9.7 -> 9.7-1774499506

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

dexidp/dex (dexidp/dex)

v2.45.1

Compare Source

Bug Fixes 🐛

• Quote groups reserved word in query replacer to fix MySQL 8.0+ storage migration (#​4580)
• Update authproxy and oauth to match CallbackConnector interface (#​4589)

Full Changelog: dexidp/dex@v2.45.0...v2.45.1

v2.45.0

Compare Source

Know Before Upgrade

• The major version of gomplate has been bumped to v5.0.0, which includes breaking changes. Here is the full list.
• There are two known CVEs in the gomplate binary - CVE-2025-68121 and CVE-2026-25934. gomplate is only used for preprocessing configuration files and is optional. Once the CVEs are fixed upstream, the version of gomplate in the dex image will be updated accordingly.
• The ContinueOnConnectorFailure feature flag is now enabled by default. To disable it, use the following environment variable: DEX_CONTINUE_ON_CONNECTOR_FAILURE=false.
• Pre-release versions of dex now use pseudo-versioning for identifying releases. Unreleased versions will follow the pattern v2.minor+1.0-yyyymmdd-commithash.

What's Changed

Exciting New Features 🎉

• Add support to PKCE in OIDC connector by @​johnvan7 in #​3777
• Add Vault signer for JWT by @​nabokihms in #​4512
• Support groups and preferred_username for static passwords by @​Jabejixo in #​4456
• Add name and email_verified fields for static passwords by @​Jabejixo in #​4526

Enhancements 🚀

• Example app pkce by @​nabokihms in #​4284
• Only wrap IPv6 addresses in brackets by @​rene-dekker in #​4388
• Update distroless base image to debian13 by @​loosebazooka in #​4453
• Hide internal server error details from users by @​Jabejixo in #​4457
• Gitlab support custom rootCAData by @​Jabejixo in #​4496
• Enable ContinueOnConnectorFailure feature flag by @​manojVivek in #​4495
• Extend example configs for idEnv and public by @​cardoe in #​4443
• Add unprivileged user setup in Dockerfile by @​nabokihms in #​4517
• Add conformance tests for Vault signer integration by @​nabokihms in #​4520
• Add CRD handling behavior and configuration options by @​nabokihms in #​4543
• Enhance git-version script to generate pseudo-versions by @​nabokihms in #​4553
• Validate redirect URIs and safely append parameters by @​nabokihms in #​4559
• Refactor example-app with a new config by @​nabokihms in #​4569
• Implement device code flow in example-app by @​nabokihms in #​4570

Bug Fixes 🐛

• Do not wrap Kubernetes Address in brackets by @​nabokihms in #​4363
• Device callback URL needs to handle a / by @​cardoe in #​4448
• Suppress deprecation warning for userAttr when not set by @​nabokihms in #​4539
• Use correct id value for label by @​loganripplinger in #​4541
• Respond with forbidden if failed to authenticate by @​aljoshare in #​4200

Dependency Updates ⬆️

• build(deps): bump github.com/dexidp/dex/api/v2 from 2.3.0 to 2.4.0 in /examples by @​dependabot[bot] in #​4299
• build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​4304
• build(deps): bump aquasecurity/trivy-action from 0.33.0 to 0.33.1 by @​dependabot[bot] in #​4305
• build(deps): bump golang from 1.25.0-alpine3.22 to 1.25.1-alpine3.22 by @​dependabot[bot] in #​4307
• build(deps): bump distroless/static-debian12 from a9f88e0 to e8a4044 by @​dependabot[bot] in #​4313
• build(deps): bump oras-project/setup-oras from 1.2.3 to 1.2.4 by @​dependabot[bot] in #​4314
• build(deps): bump github/codeql-action from 3.29.11 to 3.30.3 by @​dependabot[bot] in #​4320
• build(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 by @​dependabot[bot] in #​4324
• build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @​dependabot[bot] in #​4302
• build(deps): bump github.com/prometheus/client_golang from 1.23.0 to 1.23.2 by @​dependabot[bot] in #​4309
• build(deps): bump tonistiigi/xx from 1.6.1 to 1.7.0 by @​dependabot[bot] in #​4317
• build(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 by @​dependabot[bot] in #​4310
• build(deps): bump golang.org/x/oauth2 from 0.30.0 to 0.31.0 in /examples by @​dependabot[bot] in #​4311
• build(deps): bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​4339
• build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.9 by @​dependabot[bot] in #​4335
• build(deps): bump golang.org/x/net from 0.43.0 to 0.44.0 by @​dependabot[bot] in #​4334
• build(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 by @​dependabot[bot] in #​4332
• build(deps): bump golang from 1.25.1-alpine3.22 to 1.25.3-alpine3.22 by @​dependabot[bot] in #​4368
• build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.1 by @​dependabot[bot] in #​4366
• build(deps): bump github/codeql-action from 3.30.4 to 4.30.8 by @​dependabot[bot] in #​4365
• build(deps): bump google.golang.org/api from 0.248.0 to 0.252.0 by @​dependabot[bot] in #​4360
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.76.0 in /examples by @​dependabot[bot] in #​4357
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @​dependabot[bot] in #​4350
• build(deps): bump docker/login-action from 3.5.0 to 3.6.0 by @​dependabot[bot] in #​4348
• build(deps): bump actions/cache from 4.2.4 to 4.3.0 by @​dependabot[bot] in #​4338
• build(deps): bump the etcd group with 2 updates by @​dependabot[bot] in #​4333
• build(deps): bump alpine from 3.22.1 to 3.22.2 by @​dependabot[bot] in #​4361
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.15.0 to 3.16.0 in /examples by @​dependabot[bot] in #​4354
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.76.0 by @​dependabot[bot] in #​4355
• build(deps): bump golang.org/x/oauth2 from 0.31.0 to 0.32.0 in /examples by @​dependabot[bot] in #​4362
• build(deps): bump github/codeql-action from 4.30.8 to 4.31.2 by @​dependabot[bot] in #​4398
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in #​4395
• build(deps): bump anchore/sbom-action from 0.20.6 to 0.20.9 by @​dependabot[bot] in #​4393
• build(deps): bump tonistiigi/xx from 1.7.0 to 1.8.0 by @​dependabot[bot] in #​4386
• build(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 by @​dependabot[bot] in #​4376
• build(deps): bump google.golang.org/grpc from 1.75.0 to 1.76.0 in /api/v2 by @​dependabot[bot] in #​4356
• build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 by @​dependabot[bot] in #​4380
• build(deps): bump golang.org/x/net from 0.44.0 to 0.46.0 by @​dependabot[bot] in #​4374
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.2 to 4.1.3 by @​dependabot[bot] in #​4373
• build(deps): bump golang from 20ee0b6 to aee43c3 by @​dependabot[bot] in #​4371
• build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 in /examples by @​dependabot[bot] in #​4300
• build(deps): bump golang.org/x/oauth2 from 0.31.0 to 0.32.0 by @​dependabot[bot] in #​4375
• build(deps): bump google.golang.org/protobuf from 1.36.8 to 1.36.10 in /api/v2 by @​dependabot[bot] in #​4352
• build(deps): bump tonistiigi/xx from 1.8.0 to 1.9.0 by @​dependabot[bot] in #​4430
• build(deps): bump distroless/static-debian12 from e8a4044 to 2b7c93f by @​dependabot[bot] in #​4427
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @​dependabot[bot] in #​4419
• build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​4414
• build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 by @​dependabot[bot] in #​4411
• build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in #​4405
• build(deps): bump docker/metadata-action from 5.8.0 to 5.9.0 by @​dependabot[bot] in #​4402
• build(deps): bump helm/kind-action from 1.12.0 to 1.13.0 by @​dependabot[bot] in #​4399
• build(deps): bump alpine from 3.22.2 to 3.23.0 by @​dependabot[bot] in #​4425
• build(deps): bump golang from 1.25.3-alpine3.22 to 1.25.5-alpine3.22 by @​dependabot[bot] in #​4424
• build(deps): bump google.golang.org/api from 0.252.0 to 0.256.0 by @​dependabot[bot] in #​4413
• build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 by @​dependabot[bot] in #​4409
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.44.0 by @​dependabot[bot] in #​4412
• build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.11 to 3.4.12 by @​dependabot[bot] in #​4401
• build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.34.0 in /examples by @​dependabot[bot] in #​4431
• build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 in /examples by @​dependabot[bot] in #​4417
• build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 in /api/v2 by @​dependabot[bot] in #​4416
• build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 in /examples by @​dependabot[bot] in #​4426
• build(deps): bump alpine from 3.23.0 to 3.23.2 by @​dependabot[bot] in #​4455
• build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 in /examples by @​dependabot[bot] in #​4460
• build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 by @​dependabot[bot] in #​4449
• build(deps): bump github/codeql-action from 4.31.3 to 4.31.7 by @​dependabot[bot] in #​4440
• build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @​dependabot[bot] in #​4439
• build(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 by @​dependabot[bot] in #​4438
• build(deps): bump actions/checkout from 5.0.0 to 6.0.1 by @​dependabot[bot] in #​4437
• build(deps): bump anchore/sbom-action from 0.20.9 to 0.20.11 by @​dependabot[bot] in #​4435
• build(deps): bump docker/metadata-action from 5.9.0 to 5.10.0 by @​dependabot[bot] in #​4434
• build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​4433
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.14.1 to 3.17.0 by @​dependabot[bot] in #​4441
• build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 in /api/v2 by @​dependabot[bot] in #​4450
• build(deps): bump github.com/coreos/go-oidc/v3 from 3.16.0 to 3.17.0 in /examples by @​dependabot[bot] in #​4420
• build(deps): bump the etcd group with 2 updates by @​dependabot[bot] in #​4436
• build(deps): bump golang from 1.25.5-alpine3.22 to 1.25.6-alpine3.22 by @​dependabot[bot] in #​4481
• build(deps): bump distroless/static-debian13 from b5b9fd0 to f9f84bd by @​dependabot[bot] in #​4468
• build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​4476
• build(deps): bump golang.org/x/crypto from 0.46.0 to 0.47.0 by @​dependabot[bot] in #​4472
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.32 to 1.14.33 by @​dependabot[bot] in #​4474
• build(deps): bump golang.org/x/net from 0.48.0 to 0.49.0 by @​dependabot[bot] in #​4475
• build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 by @​dependabot[bot] in #​4469
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​4477
• build(deps): bump actions/cache from 4.3.0 to 5.0.1 by @​dependabot[bot] in #​4473
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.10 by @​dependabot[bot] in #​4470
• build(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @​dependabot[bot] in #​4471
• build(deps): bump google.golang.org/api from 0.257.0 to 0.259.0 by @​dependabot[bot] in #​4478
• build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 in /api/v2 by @​dependabot[bot] in #​4459
• build(deps): bump actions/cache from 5.0.1 to 5.0.2 by @​dependabot[bot] in #​4484
• build(deps): bump golang from d9c983d to ad295fc by @​dependabot[bot] in #​4493
• build(deps): bump actions/attest-build-provenance from 3.0.0 to 3.1.0 by @​dependabot[bot] in #​4485
• build(deps): bump anchore/sbom-action from 0.20.11 to 0.22.0 by @​dependabot[bot] in #​4487
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​4489
• build(deps): bump github/codeql-action from 4.31.10 to 4.31.11 by @​dependabot[bot] in #​4492
• build(deps): bump google.golang.org/api from 0.260.0 to 0.263.0 by @​dependabot[bot] in #​4494
• build(deps): bump github.com/lib/pq from 1.10.9 to 1.11.1 by @​dependabot[bot] in #​4505
• build(deps): bump actions/cache from 5.0.2 to 5.0.3 by @​dependabot[bot] in #​4504
• build(deps): bump github/codeql-action from 4.31.11 to 4.32.0 by @​dependabot[bot] in #​4502
• build(deps): bump actions/attest-build-provenance from 3.1.0 to 3.2.0 by @​dependabot[bot] in #​4501
• build(deps): bump anchore/sbom-action from 0.22.0 to 0.22.1 by @​dependabot[bot] in #​4499
• build(deps): bump alpine from 3.23.2 to 3.23.3 by @​dependabot[bot] in #​4498
• build(deps): bump google.golang.org/api from 0.263.0 to 0.265.0 by @​dependabot[bot] in #​4508
• build(deps): bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in #​4503
• build(deps): bump golang from 1.25.6-alpine3.22 to 1.25.7-alpine3.22 by @​dependabot[bot] in #​4514
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in #​4515
• build(deps): bump github/codeql-action from 4.32.0 to 4.32.2 by @​dependabot[bot] in #​4509
• build(deps): bump anchore/sbom-action from 0.22.1 to 0.22.2 by @​dependabot[bot] in #​4510
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 in /examples by @​dependabot[bot] in #​4516
• build(deps): bump golang.org/x/crypto from 0.47.0 to 0.48.0 by @​dependabot[bot] in #​4518
• build(deps): bump golang.org/x/net from 0.49.0 to 0.50.0 by @​dependabot[bot] in #​4519
• build(deps): bump google.golang.org/api from 0.265.0 to 0.266.0 by @​dependabot[bot] in #​4523
• build(deps): bump docker/build-push-action from 6.18.0 to 6.19.1 by @​dependabot[bot] in #​4530
• build(deps): bump golang from 1.25.7-alpine3.22 to 1.26.0-alpine3.22 by @​dependabot[bot] in #​4522
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.33 to 1.14.34 by @​dependabot[bot] in #​4524
• build(deps): bump github.com/lib/pq from 1.11.1 to 1.11.2 by @​dependabot[bot] in #​4525
• build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 in /examples by @​dependabot[bot] in #​4537
• build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.0 by @​dependabot[bot] in #​4534
• build(deps): bump docker/build-push-action from 6.19.1 to 6.19.2 by @​dependabot[bot] in #​4535
• build(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 by @​dependabot[bot] in #​4533
• build(deps): bump distroless/static-debian13 from f9f84bd to 01e550f by @​dependabot[bot] in #​4546
• build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 in /examples by @​dependabot[bot] in #​4551
• build(deps): bump google.golang.org/grpc from 1.79.0 to 1.79.1 by @​dependabot[bot] in #​4549
• build(deps): bump the etcd group with 2 updates by @​dependabot[bot] in #​4548
• build(deps): bump github/codeql-action from 4.32.2 to 4.32.3 by @​dependabot[bot] in #​4547
• build(deps): update gRPC to v1.79.1 and other dependencies by @​nabokihms in #​4554
• build(deps): bump helm/kind-action from 1.13.0 to 1.14.0 by @​dependabot[bot] in #​4557
• build(deps): bump google.golang.org/api from 0.266.0 to 0.267.0 by @​dependabot[bot] in #​4558
• build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @​dependabot[bot] in #​4562
• build(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 by @​dependabot[bot] in #​4563
• build(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 by @​dependabot[bot] in #​4574
• build(deps): bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​4573

Other Changes

• Add Terrakube to Adopters by @​shurup in #​4316

New Contributors

• @​Zash made their first contribution in #​4327
• @​rene-dekker made their first contribution in #​4388
• @​loosebazooka made their first contribution in #​4453
• @​Jabejixo made their first contribution in #​4456
• @​loganripplinger made their first contribution in #​4541
• @​johnvan7 made their first contribution in #​3777
• @​aljoshare made their first contribution in #​4200

Full Changelog: dexidp/dex@v2.44.0...v2.45.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.