Skip to content

build(deps): bump oauth2-proxy/oauth2-proxy from v7.14.3-alpine to v7.15.0-alpine in /oauth2-proxy#726

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/docker/oauth2-proxy/main/oauth2-proxy/oauth2-proxy-v7.15.0-alpine
Open

build(deps): bump oauth2-proxy/oauth2-proxy from v7.14.3-alpine to v7.15.0-alpine in /oauth2-proxy#726
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/docker/oauth2-proxy/main/oauth2-proxy/oauth2-proxy-v7.15.0-alpine

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026

Bumps oauth2-proxy/oauth2-proxy from v7.14.3-alpine to v7.15.0-alpine.

Release notes

Sourced from oauth2-proxy/oauth2-proxy's releases.

v7.15.0

Release Highlights

  • 🔒 OIDC JWT signing algorithms can now be configured
  • 🍪 CSRF cookie improvements (SameSite option, proper expiration validation)
  • 🧪 Configuration validation flag: --config-test
  • 🔌 Unix socket file mode support
  • 👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint
    • This opens the door for multiple features like:
    • Additional arbitrary header values for any claims your IDP provides
    • Extended OAuth2 Proxy UserInfo endpoint with all additional claims
    • Read the docs here

Important Notes

CSRF cookie validation now correctly uses CSRFExpire instead of Expire. If you relied on the previous behavior, review your session timeout configuration. Check the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for cookie-csrf-expire.

Breaking Changes

Changes since v7.14.3

Changelog

Sourced from oauth2-proxy/oauth2-proxy's changelog.

Vx.x.x (Pre-release)

Release Highlights

Important Notes

Breaking Changes

Changes since v7.15.0

V7.15.0

Release Highlights

  • 🔒 OIDC JWT signing algorithms can now be configured
  • 🍪 CSRF cookie improvements (SameSite option, proper expiration validation)
  • 🧪 Configuration validation flag: --config-test
  • 🔌 Unix socket file mode support
  • 👤 Session state can now be extend with arbitrary claims from ID Token and upstream IDP user profiles endpoint
    • This opens the door for multiple features like:
    • Additional arbitrary header values for any claims your IDP provides
    • Extended OAuth2 Proxy UserInfo endpoint with all additional claims
    • Read the docs here

Important Notes

CSRF cookie validation now correctly uses CSRFExpire instead of Expire. If you relied on the previous behavior, review your session timeout configuration. Check the [documentation(https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#cookie-options) for cookie-csrf-expire.

Breaking Changes

Changes since v7.14.3

V7.14.3

Release Highlights

  • 🔵 Go1.25.7 and upgrade of dependencies to latest versions

... (truncated)

Commits
  • 96c9ec6 release v7.15.0 (#3378)
  • 9ae0b32 feat: add support for setting a unix binding's socket file mode (#3376)
  • cdbdb11 feat: add same site option for csrf cookies (#3347)
  • 51ecc50 feat: add --config-test flag for validating configuration (#3338)
  • fe5c6be doc: add missing redis-ca-path documentation (#3341)
  • 779cc5f fix: filter empty strings from allowed groups (#3365)
  • ff357da fix: use CSRFExpire instead of Expire for CSRF cookie validation (#3369)
  • 7c96234 feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) ...
  • 3085309 feat: possibility to inject id_token in redirect url during sign out (#3278)
  • 8cb06b7 chore(deps): update docker-compose (#3320)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump oauth2-proxy/oauth2-proxy in /oauth2-proxy
519cd88 
Bumps [oauth2-proxy/oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) from v7.14.3-alpine to v7.15.0-alpine.
- [Release notes](https://github.com/oauth2-proxy/oauth2-proxy/releases)
- [Changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/CHANGELOG.md)
- [Commits](oauth2-proxy/oauth2-proxy@v7.14.3...v7.15.0)

---
updated-dependencies:
- dependency-name: oauth2-proxy/oauth2-proxy
  dependency-version: v7.15.0-alpine
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner March 19, 2026 07:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants