chore(deps): update docker.io/oryd/oathkeeper docker tag to v26

[renovate]

This PR contains the following updates:

Package	Update	Change
docker.io/oryd/oathkeeper (source)	major	v25.4.0 → v26.2.0

---

Release Notes

ory/oathkeeper (docker.io/oryd/oathkeeper)

v26.2.0

Compare Source

v26.2.0

Bug Fixes

• Always retry curl invocations to surmount transient third-party failures (9a8bda2):

• Clean path while matching to prevent path traversal (8e00021):

• Context passing in jsonnetsecure (664432e):

• Correctly scan SQL NULL into go JSON types (9088f91):

• Down migrations in newer MySQL versions (c92bc2c):

• Drop all X-Forwarded-* headers when untrusted (36a676e):

• Fix benchmark test (5862cf6):

• Incorrect default value for page_tokens (9667983):

• Incorrect usage of database/sql (73009ca):

• Only use X-Forwarded-Proto header when trusted (e9acca1):

• Remove flaky test for unused function (ee67087):

• Remove WithDumpMigrations option to MigrationBox (5964b69):

• Request log config key (5ce8122):

• Restore OTEL trace propagation in remote and remote_json authorizers (6c8b787):

• Scope cache config key to introspection URL (198a2bc):

• Stray debug print (b9a2725):

• Update CONTRIBUTING.md (3af6f3c):

• Update packages to fix GHSA-7h2j-956f-4vf2 (0b855e4):

• Upgrade vulnerable dependencies across Go and npm (afdef7d):

  Co-authored-by: Deepak Prabhakara deepak.prabhakara@ory.sh

• X data race and parallize some tests (ecbebd3):

Code Generation

• Prepare for OSS release - v26.2.0 (c84dbe0):

Code Refactoring

• Squash merge old backoffice migration and fix up command (1350d8a):

Documentation

• Update readmes (0e3dc10):

Features

• Add support for NULL and more column types to keysetpagination (8e36fb7):

• Automatic transaction retries for postgres (de668c1):

• Collect external latency data and write to logs (e4e2644):

• Consider Go migrations DirHash when restoring full schema from backups (cb65b07):

• Forward (some) user request headers to SMS HTTP channel (f9ef1b2):

• Generate events for SSO and SCIM provider revisions (bf85260):

• Hydra benchmarking tool (7dc973b):

• Improved tracing (a362e6e):

• Keto-cli improvements (44167e9):

• Make 429 passthrough instead return 401 (12cc3da):

• Make SCIM work with MySQL (d717289):

• Rename project revision columns (96fee1c):

• Use keysetpagination planner for keto read queries (2b33f5a):

Tests

• Deflake and improve performance (5c91d9d):

• Deflake directory watcherx (9ef6345):

• Faster and more reliable courier tests (7dd339a):

• hydra: Add plaintext backups for all DB types (cdc1e05):

• Minor setup improvements (d9f227a):

Changelog

• 4dcf01a autogen(docs): generate and bump docs
• 6816c4e autogen(sdk): bump to 05ddc40
• 4c610a5 autogen(sdk): bump to 9c2abd7
• c84dbe0 autogen: prepare for OSS release - v26.2.0
• 3601987 chore(deps): update actions/checkout action to v6
• d334de1 chore(deps): update dependency @​types/lodash to v4.17.21
• 3d4762d chore(deps): update go modules
• 8668033 chore(deps): update golangci/golangci-lint-action action to v9
• bff5f54 chore(deps): update jackson (major)
• addb79f chore(deps): update oathkeeper to v4 (major)
• d5931bc chore(keto): use ory/x router
• 3bfd8fc chore(kratos): use httprouter from ory/x
• 271e90e chore: add cause to context cancels with 'context.WithTimeoutCause' in ./x
• 8888a60 chore: add helpers for Kratos OEL to support various databases
• 5334a52 chore: add retries to more curl invocations
• f1ba1cf chore: added CLIENT_SECRET_VERIFIER to our deployment
• ead66ab chore: always use ristretto/v2
• 82e6cfb chore: audit and fix npm dependencies
• add9940 chore: bump to CRDB v25.4
• e690c00 chore: bump to Go 1.26 massive cleanup in ory/x
• 3f4085a chore: cleanup package-lock files
• 97ecec8 chore: correct typos
• d57bf13 chore: delete unused CRDB changefeed watcherx module
• 25bbdc3 chore: deprecate organization APIs
• 77eee56 chore: fix for critical CVE - GHSA-p77j-4mvh-x3m3
• d1301c9 chore: fix golangci-lint warnings
• 4304bc3 chore: improve clidoc generation
• dafc47d chore: improve error reporting to help diagnose flaky test
• f234fba chore: improve readability of popx.MigrationBox
• d062731 chore: keysetpagination improvements
• f8d0fcc chore: more npm security updates
• 7d92cad chore: remove unused code
• 116d2b9 chore: remove unused log code
• 54dae34 chore: remove unused x/watcherx/websocket
• f054847 chore: run go mod tidy and misc cleanup
• aced92d chore: run npm audit fix
• 1caff5e chore: security updates for glob library
• 8e0f109 chore: simplify HTTP metrics instrumentation
• 2a11ffc chore: simplify decoderx usage
• f3ae92b chore: split SCIM from multi-region & make it work with SQLite
• 93582cf chore: trivial linter issues
• 9163541 chore: unify common dependency interfaces
• b32cc90 chore: update @​openapitools/openapi-generator-cli
• c019a13 chore: update OSS ory.sh to ory.com
• 3a3a6ae chore: update pop to latest & only run pop.SetNowFunc() inside init()
• 6bfe8cb chore: update to dockertest v4
• 1322ee3 chore: updated axios
• 1246bc6 chore: updated golang.org/x/crypto
• aee85c3 chore: updated minimatch
• 249608a chore: use pgx pool in Kratos OEL & fix some OEL commands not using enterprise migrations
• 183aee9 ci: add docker driver to cve scan
• 0e3dc10 docs: update readmes
• 8e36fb7 feat: add support for NULL and more column types to keysetpagination
• de668c1 feat: automatic transaction retries for postgres
• e4e2644 feat: collect external latency data and write to logs
• cb65b07 feat: consider Go migrations DirHash when restoring full schema from backups
• f9ef1b2 feat: forward (some) user request headers to SMS HTTP channel
• bf85260 feat: generate events for SSO and SCIM provider revisions
• 7dc973b feat: hydra benchmarking tool
• a362e6e feat: improved tracing
• 44167e9 feat: keto-cli improvements
• 12cc3da feat: make 429 passthrough instead return 401
• d717289 feat: make SCIM work with MySQL
• 96fee1c feat: rename project revision columns
• 2b33f5a feat: use keysetpagination planner for keto read queries
• 9a8bda2 fix: always retry curl invocations to surmount transient third-party failures
• 8e00021 fix: clean path while matching to prevent path traversal
• 664432e fix: context passing in jsonnetsecure
• 9088f91 fix: correctly scan SQL NULL into go JSON types
• c92bc2c fix: down migrations in newer MySQL versions
• 36a676e fix: drop all X-Forwarded-* headers when untrusted
• 5862cf6 fix: fix benchmark test
• 9667983 fix: incorrect default value for page_tokens
• 73009ca fix: incorrect usage of database/sql
• e9acca1 fix: only use X-Forwarded-Proto header when trusted
• 5964b69 fix: remove WithDumpMigrations option to MigrationBox
• ee67087 fix: remove flaky test for unused function
• 5ce8122 fix: request log config key
• 6c8b787 fix: restore OTEL trace propagation in remote and remote_json authorizers
• 198a2bc fix: scope cache config key to introspection URL
• b9a2725 fix: stray debug print
• 3af6f3c fix: update CONTRIBUTING.md
• 0b855e4 fix: update packages to fix GHSA-7h2j-956f-4vf2
• afdef7d fix: upgrade vulnerable dependencies across Go and npm
• ecbebd3 fix: x data race and parallize some tests
• 1350d8a refactor: squash merge old backoffice migration and fix up command
• cdc1e05 test(hydra): add plaintext backups for all DB types
• 5c91d9d test: deflake and improve performance
• 9ef6345 test: deflake directory watcherx
• 7dd339a test: faster and more reliable courier tests
• d9f227a test: minor setup improvements

Artifacts can be verified with cosign using this public key.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.