build(deps): bump oauth2-proxy/oauth2-proxy from v7.13.0-alpine to v7.14.2-alpine in /oauth2-proxy

[dependabot]

Bumps oauth2-proxy/oauth2-proxy from v7.13.0-alpine to v7.14.2-alpine.

Release notes

Sourced from oauth2-proxy/oauth2-proxy's releases.

v7.14.2

Release Highlights

• Revert AuthOnly endpoint change from v7.14.1 that caused issues when using skip-provider-button enabled

Important Notes

• This release reverts the change made in v7.14.1 that caused issues when using the skip-provider-button enabled. Now, when a session does not exist, the AuthOnly endpoint will send a 401 status code as expected instead of a 302 redirect. And instead we extended the documentation to clarify the behavior when using nginx with auth_request and skip-provider-button and how to properly configure redirects for browser and API routes.

Excerpt from v7.14.0 release letter:

This release introduces a breaking change for Alpha Config users and moves us significantly closer to removing legacy configuration parameters, making the codebase of OAuth2 Proxy more future proof and extensible.

From v7.14.0 onward, header injection sources must be explicitly nested. If you previously relied on squashed fields, update to the new structure before upgrading:

# before v7.14.0
injectRequestHeaders:
- name: X-Forwarded-User
  values:
  - claim: user
- name: X-Custom-Secret-header
  values:
  - value: my-super-secret
v7.14.0 and later
injectRequestHeaders:

name: X-Forwarded-User
values:

claimSource:
claim: user


name: X-Custom-Secret-header
values:

secretSource:
value: my-super-secret

Furthermore, Alpha Config now fully supports configuring the Server struct using YAML.

// Server represents the configuration for the Proxy HTTP(S) configuration.
type Server struct {
    // BindAddress is the address on which to serve traffic.
    BindAddress string `yaml:"bindAddress,omitempty"`
// SecureBindAddress is the address on which to serve secure traffic.
SecureBindAddress string `yaml:"secureBindAddress,omitempty"`

</tr></table>

... (truncated)

Changelog

Sourced from oauth2-proxy/oauth2-proxy's changelog.

Vx.x.x (Pre-release)

Release Highlights

Important Notes

Breaking Changes

Changes since v7.14.2

V7.14.2

Release Highlights

• Revert AuthOnly endpoint change from v7.14.1 that caused issues when using skip-provider-button enabled

Important Notes

• This release reverts the change made in v7.14.1 that caused issues when using the skip-provider-button enabled. Now, when a session does not exist, the AuthOnly endpoint will send a 401 status code as expected instead of a 302 redirect. And instead we extended the documentation to clarify the behavior when using nginx with auth_request and skip-provider-button and how to properly configure redirects for browser and API routes.

Breaking Changes

Changes since v7.14.1

• #3314 revert: fix: skip provider button auth only redirect (#3309) (@​StefanMarkmann / @​tuunit)
• #3315 docs: clarify browser vs API routes for nginx auth_request redirects (@​StefanMarkmann)

V7.14.1

Release Highlights

• 🔵 Go1.25.6 and upgrade of dependencies to latest versions
• 🐛 Bug fixes
  • AuthOnly now starts the auth flow and send status code 302 if no session exists and skip-provider-button is true
  • Fixed static upstream validation issue due to incorrect defaults

Important Notes

Breaking Changes

Changes since v7.14.0

• #3309 fix: Return 302 redirect from AuthOnly endpoint when skip-provider-button is true (@​StefanMarkmann)
• #3302 fix: static upstreams failing validation due to passHostHeader and proxyWebSockets defaults being set incorrectly (@​sourava01 / @​tuunit)
• #3312 chore(deps): upgrade to go1.25.6 and latest dependencies (@​tuunit)

V7.14.0

Release Highlights

... (truncated)

Commits

• 3a55dad release v7.14.2 (#3317)
• d5ea33b ci: avoid running qlty coverage report for PRs (#3316)
• dcc7970 docs: fix how to use skip-provider-button with proper auth redirect handling ...
• cf5d34a revert: "fix: skip provider button auth only redirect (#3309)" (#3314)
• 7bf586c Merge pull request #3313 from oauth2-proxy/release/v7.14.1
• 8f52b14 doc: changelog entry for v7.14.1
• 3ed3baf update to release version v7.14.1
• 56b5c08 Merge pull request #3312 from oauth2-proxy/chore/gomod
• 5020c33 ci: fix qlty coverage upload
• cc0b48d ci: fix linter warnings for preallocation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)