<!-- Release notes generated using configuration in .github/release.yml at v2.42.0 -->

## What's Changed
### Exciting New Features 🎉
* feat: also allow localhost equivalent IP addresses by @dsonck92 in dexidp#3778
### Enhancements 🚀
* Added Discovery to grpc by @koendelaat in dexidp#3598
* feat(metrics): add response_size, request_duration histograms by @IvoGoman in dexidp#3748
* Handle root path better (than nothing) by @nabokihms in dexidp#3747
* Support base64 encoded and PEM encoded certs by @nabokihms in dexidp#3751
* GitLab connector: add GitLab additional group with role  by @zvlb in dexidp#2941
* OIDC Connector: Support for IssuerAlias and group claims with maps instead of strings by @meldsza in dexidp#3676
* Add CSS for example app to make it prettier by @nabokihms in dexidp#3886
* feat: set resource revision for connectors by @nrwiersma in dexidp#3868
* Add authproxy preferred_username header by @kotx in dexidp#3950
* Passing context storage by @bobmaertz in dexidp#3941
### Bug Fixes 🐛
* Fix scheme for DialURL ldap connection by @nabokihms in dexidp#3677
* Change workdir for gomplate by @nabokihms in dexidp#3684
* fix unmarshaling of expanded environment variables with special characters by @tuminoid in dexidp#3770
* saml connector: fix nil pointer PANIC on validate saml by @siarhei-haurylau in dexidp#3793
* fix: update enhancement proposal link by @emmanuel-ferdman in dexidp#3755
* Create offline sessions if approval is skipped by @nabokihms in dexidp#3828
### Dependency Updates ⬆️
* build(deps): bump golang from 1.22.5-alpine3.20 to 1.23.1-alpine3.20 by @dependabot in dexidp#3728
* build(deps): bump alpine from 3.20.2 to 3.20.3 by @dependabot in dexidp#3729
* build(deps): bump golang.org/x/net from 0.27.0 to 0.29.0 by @dependabot in dexidp#3726
* build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.23.0 in /examples by @dependabot in dexidp#3722
* build(deps): bump actions/attest-build-provenance from 1.4.0 to 1.4.3 by @dependabot in dexidp#3727
* build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.1 in /examples by @dependabot in dexidp#3731
* build(deps): bump distroless/static-debian12 from `8dd8d3c` to `42d15c6` by @dependabot in dexidp#3724
* build(deps): bump tonistiigi/xx from 1.4.0 to 1.5.0 by @dependabot in dexidp#3705
* build(deps): bump google.golang.org/api from 0.190.0 to 0.196.0 by @dependabot in dexidp#3721
* build(deps): bump docker/build-push-action from 6.5.0 to 6.7.0 by @dependabot in dexidp#3696
* build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.23.0 by @dependabot in dexidp#3723
* build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in dexidp#3685
* build(deps): bump actions/upload-artifact from 4.3.4 to 4.4.0 by @dependabot in dexidp#3720
* build(deps): bump github.com/dexidp/dex/api/v2 from 2.1.0 to 2.2.0 in /examples by @dependabot in dexidp#3734
* build(deps): bump mheap/github-action-required-labels from 5.4.1 to 5.4.2 by @dependabot in dexidp#3735
* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.22 to 1.14.23 by @dependabot in dexidp#3738
* build(deps): bump google.golang.org/grpc from 1.66.0 to 1.66.2 by @dependabot in dexidp#3742
* build(deps): bump distroless/static-debian12 from `42d15c6` to `dcd3f1f` by @dependabot in dexidp#3754
* build(deps): bump anchore/sbom-action from 0.17.0 to 0.17.2 by @dependabot in dexidp#3746
* build(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 by @dependabot in dexidp#3753
* build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.28.0 by @dependabot in dexidp#3797
* build(deps): bump github/codeql-action from 3.25.15 to 3.26.13 by @dependabot in dexidp#3795
* build(deps): bump golang from 1.23.1-alpine3.20 to 1.23.2-alpine3.20 by @dependabot in dexidp#3775
* build(deps): bump distroless/static-debian12 from `dcd3f1f` to `26f9b99` by @dependabot in dexidp#3766
* build(deps): bump cloud.google.com/go/compute/metadata from 0.5.0 to 0.5.2 by @dependabot in dexidp#3764
* build(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.1 by @dependabot in dexidp#3781
* build(deps): bump google.golang.org/grpc from 1.66.1 to 1.67.1 in /examples by @dependabot in dexidp#3774
* build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0 by @dependabot in dexidp#3772
* build(deps): bump anchore/sbom-action from 0.17.2 to 0.17.4 by @dependabot in dexidp#3801
* build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.5 by @dependabot in dexidp#3799
* build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in dexidp#3802
* build(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5 by @dependabot in dexidp#3804
* build(deps): bump anchore/sbom-action from 0.17.4 to 0.17.5 by @dependabot in dexidp#3803
* build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in dexidp#3800
* build(deps): bump github.com/mattn/go-sqlite3 from 1.14.23 to 1.14.24 by @dependabot in dexidp#3805
* build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in dexidp#3806
* build(deps): bump actions/checkout from 4.1.7 to 4.2.1 by @dependabot in dexidp#3785
* build(deps): bump google.golang.org/api from 0.196.0 to 0.203.0 by @dependabot in dexidp#3807
* build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in dexidp#3808
* build(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 by @dependabot in dexidp#3814
* build(deps): bump distroless/static-debian12 from `26f9b99` to `3a03fc0` by @dependabot in dexidp#3812
* build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in dexidp#3809
* build(deps): bump anchore/sbom-action from 0.17.5 to 0.17.6 by @dependabot in dexidp#3817
* build(deps): bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 by @dependabot in dexidp#3822
* build(deps): bump alpine from `beefdbd` to `1e42bbe` by @dependabot in dexidp#3840
* build(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 in /examples by @dependabot in dexidp#3832
* build(deps): bump golang from 1.23.2-alpine3.20 to 1.23.3-alpine3.20 by @dependabot in dexidp#3834
* build(deps): bump anchore/sbom-action from 0.17.6 to 0.17.8 by @dependabot in dexidp#3858
* build(deps): bump distroless/static-debian12 from `3a03fc0` to `d71f4b2` by @dependabot in dexidp#3839
* build(deps): bump golang from `0974259` to `c694a4d` by @dependabot in dexidp#3863
* build(deps): bump tonistiigi/xx from 1.5.0 to 1.6.1 by @dependabot in dexidp#3879
* build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 in the go_modules group by @dependabot in dexidp#3893
* build(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 in /examples in the go_modules group by @dependabot in dexidp#3892
* build(deps): bump github/codeql-action from 3.27.0 to 3.28.0 by @dependabot in dexidp#3898
* build(deps): bump actions/upload-artifact from 4.4.0 to 4.5.0 by @dependabot in dexidp#3890
* build(deps): bump actions/attest-build-provenance from 1.4.3 to 2.1.0 by @dependabot in dexidp#3878
* build(deps): bump golang from 1.23.3-alpine3.20 to 1.23.4-alpine3.20 by @dependabot in dexidp#3866
* build(deps): bump distroless/static-debian12 from `d71f4b2` to `6cd937e` by @dependabot in dexidp#3864
* build(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @dependabot in dexidp#3862
* build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1 by @dependabot in dexidp#3861
* build(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 by @dependabot in dexidp#3851
* build(deps): bump gomplate from 4.0.1 to 4.3.0 by @MoeBensu in dexidp#3856
* build: update Go version by @sagikazarmark in dexidp#3913
* build(deps): bump github.com/beevik/etree from 1.4.0 to 1.4.1 by @dependabot in dexidp#3638
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.15 to 3.5.17 by @dependabot in dexidp#3842
* build(deps): bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 in /examples by @dependabot in dexidp#3903
* build(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 in /examples by @dependabot in dexidp#3904
* build(deps): bump alpine from 3.20.3 to 3.21.2 by @dependabot in dexidp#3909
* build(deps): bump golang.org/x/net from 0.30.0 to 0.33.0 in the go_modules group by @dependabot in dexidp#3911
* build(deps): bump docker/setup-qemu-action from 3.2.0 to 3.3.0 by @dependabot in dexidp#3914
* build(deps): bump helm/kind-action from 1.10.0 to 1.12.0 by @dependabot in dexidp#3917
* build(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @dependabot in dexidp#3916
* build(deps): bump anchore/sbom-action from 0.17.8 to 0.17.9 by @dependabot in dexidp#3915
* build(deps): bump actions/cache from 4.1.2 to 4.2.0 by @dependabot in dexidp#3918
* build(deps): bump golang from 1.23.4-alpine3.20 to 1.23.5-alpine3.20 by @dependabot in dexidp#3928
* build(deps): bump golang.org/x/net from 0.30.0 to 0.34.0 by @dependabot in dexidp#3920
* build(deps): bump distroless/static-debian12 from `6cd937e` to `6ec5aa9` by @dependabot in dexidp#3922
* build(deps): bump golang.org/x/net from 0.28.0 to 0.33.0 in /examples in the go_modules group by @dependabot in dexidp#3912
* build(deps): bump google.golang.org/api from 0.203.0 to 0.217.0 by @dependabot in dexidp#3927
* build(deps): bump google.golang.org/grpc from 1.67.1 to 1.69.4 in /examples by @dependabot in dexidp#3924
* build(deps): bump golang.org/x/net from 0.27.0 to 0.33.0 in /api/v2 in the go_modules group by @dependabot in dexidp#3910
* build(deps): bump google.golang.org/grpc from 1.65.0 to 1.69.4 in /api/v2 by @dependabot in dexidp#3925
* build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in dexidp#3931
* build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 in /examples by @dependabot in dexidp#3943
* build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in dexidp#3939
* build(deps): bump oras-project/setup-oras from 1.2.1 to 1.2.2 by @dependabot in dexidp#3936
* build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.8 to 3.4.10 by @dependabot in dexidp#3932
* build(deps): bump docker/build-push-action from 6.9.0 to 6.13.0 by @dependabot in dexidp#3949
* build(deps): bump github/codeql-action from 3.28.0 to 3.28.8 by @dependabot in dexidp#3956
* build(deps): bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 by @dependabot in dexidp#3933
* build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.4 by @dependabot in dexidp#3947
* build(deps): bump actions/setup-go from 5.1.0 to 5.3.0 by @dependabot in dexidp#3935
* build(deps): bump github.com/beevik/etree from 1.4.1 to 1.5.0 by @dependabot in dexidp#3966
* build(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 by @dependabot in dexidp#3960
* build(deps): bump mheap/github-action-required-labels from 5.4.2 to 5.5.0 by @dependabot in dexidp#3961
* build(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 by @dependabot in dexidp#3962
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.17 to 3.5.18 by @dependabot in dexidp#3963
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.17 to 3.5.18 by @dependabot in dexidp#3965
* build(deps): bump google.golang.org/api from 0.217.0 to 0.219.0 by @dependabot in dexidp#3964
* build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 by @dependabot in dexidp#3969
* build(deps): bump golang from 1.23.5-alpine3.20 to 1.23.6-alpine3.20 by @dependabot in dexidp#3972
* build(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @dependabot in dexidp#3970
* build(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 in /examples by @dependabot in dexidp#3968
* build(deps): bump google.golang.org/api from 0.219.0 to 0.220.0 by @dependabot in dexidp#3973
* build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5 by @dependabot in dexidp#3975
* build(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @dependabot in dexidp#3977
* build(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 by @dependabot in dexidp#3978
* build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 by @dependabot in dexidp#3980
* build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in dexidp#3981
* build(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 by @dependabot in dexidp#3985
* build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.36.5 in /api/v2 by @dependabot in dexidp#3976
* build(deps): bump google.golang.org/grpc from 1.69.4 to 1.70.0 in /api/v2 by @dependabot in dexidp#3944
* build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 in /examples by @dependabot in dexidp#3988
* build(deps): bump golang from 1.23.6-alpine3.20 to 1.24.0-alpine3.20 by @dependabot in dexidp#3984
* Update Go to 1.24 by @sagikazarmark in dexidp#3993
* build(deps): bump alpine from 3.21.2 to 3.21.3 by @dependabot in dexidp#3986
* build(deps): bump golang from `9fed402` to `79f7ffe` by @dependabot in dexidp#3992
* build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in dexidp#3987
* build(deps): bump github.com/go-sql-driver/mysql from 1.8.1 to 1.9.0 by @dependabot in dexidp#3991

## New Contributors
* @hur made their first contribution in dexidp#3700
* @koendelaat made their first contribution in dexidp#3598
* @IvoGoman made their first contribution in dexidp#3748
* @dsonck92 made their first contribution in dexidp#3778
* @siarhei-haurylau made their first contribution in dexidp#3793
* @emmanuel-ferdman made their first contribution in dexidp#3755
* @zvlb made their first contribution in dexidp#2941
* @meldsza made their first contribution in dexidp#3676
* @nrwiersma made their first contribution in dexidp#3868
* @JanMkl made their first contribution in dexidp#3930
* @kotx made their first contribution in dexidp#3950
* @bobmaertz made their first contribution in dexidp#3941

**Full Changelog**: dexidp/dex@v2.41.0...v2.42.0

Instead of only checking for "localhost", also validate through
net.ParseIP + IsLoopback whether the host is numerically localhost

Signed-off-by: Daniel Sonck <[email protected]>