build(deps): bump github.com/pomerium/pomerium from 0.26.1 to 0.27.1

[dependabot]

Bumps github.com/pomerium/pomerium from 0.26.1 to 0.27.1.

Release notes

Sourced from github.com/pomerium/pomerium's releases.

v0.27.1

Security

Pomerium v0.27.1 includes a fix to the databroker service API authorization logic. Certain service account tokens from Pomerium Zero or Pomerium Enterprise could grant unintended authorization to the databroker service API. CVE-2024-47616

What's Changed

Security

• grpcutil: additional JWT validation by @​kenjenkins in pomerium/pomerium#5304

Fixed

• proxy: support loading sessions from headers and query string by @​calebdoxsey in pomerium/pomerium#5294
• proxy: fix is-enterprise check by @​calebdoxsey in pomerium/pomerium#5297

Full Changelog: pomerium/pomerium@v0.27.0...v0.27.1

v0.27.0

What's Changed

Breaking

• proxy: deprecate the /.pomerium/jwt endpoint by @​kenjenkins in pomerium/pomerium#5254
• zero/k8s: use Deployment instead of StatefulSet by @​wasaga in pomerium/pomerium#5248

New

• authorize: use uuid for jti, current time for iat and exp by @​calebdoxsey in pomerium/pomerium#5147
• config: add databroker_storage_connection_string_file by @​calebdoxsey in pomerium/pomerium#5242
• config: add mTLS UserPrincipalName SAN match by @​kenjenkins in pomerium/pomerium#5177
• config: add runtime flag to allow disabling config hot-reload (#5079) by @​kralicky in pomerium/pomerium#5112
• envoy: allow TLS 1.3 for upstream connections by @​calebdoxsey in pomerium/pomerium#5263
• envoy: log TLS connection failures in the mTLS reject_connection mode by @​kralicky in pomerium/pomerium#5210
• envoy: resource monitoring & overload manager configuration by @​kralicky in pomerium/pomerium#5106
• envoy: support http2 prior knowledge for insecure upstream targets (h2c://) by @​kralicky in pomerium/pomerium#5205
• ui: add "Policy ID" label to error details page by @​calebdoxsey in pomerium/pomerium#5127
• ui: add request id to upstream error page by @​calebdoxsey in pomerium/pomerium#5166
• ui: add user info link to error page by @​calebdoxsey in pomerium/pomerium#5158
• ui: user info dashboard improvements by @​calebdoxsey in pomerium/pomerium#5128
• zero/connect: add re-run health checks command by @​wasaga in pomerium/pomerium#5219
• zero/k8s: write bootstrap configuration to a secret by @​kralicky in pomerium/pomerium#5114

Fixes

• authorize: require new login when authenticate url changes by @​calebdoxsey in pomerium/pomerium#5165
• controlplane: avoid calling Close on nil listener by @​kenjenkins in pomerium/pomerium#5156
• databroker/leaser: set timeout on ReleaseLease by @​wasaga in pomerium/pomerium#5208
• logging: add support for using the standard grpc env vars to control log severity and verbosity by @​kralicky in pomerium/pomerium#5120
• session: do not invalidate based on ID token by @​kenjenkins in pomerium/pomerium#5182
• ui: fix cycle in profile data by @​calebdoxsey in pomerium/pomerium#5168
• ui: set Cache-Control: no-cache, tweak sign-out cancel button behavior by @​calebdoxsey in pomerium/pomerium#5264
• zero/connect: ignore unknown message types by @​wasaga in pomerium/pomerium#5223
• zero/health-checks: fix early checks sometimes missing by @​wasaga in pomerium/pomerium#5229

... (truncated)

Commits

• a2f98c8 zero: update k8s manifest to prepare for v0.27.1 (#5306)
• e018cf0 grpcutil: additional JWT validation (#5304)
• 61847b1 core/proxy: fix is-enterprise check (#5297)
• 8b6dc27 core/proxy: support loading sessions from headers and query string (#5294)
• 3dadcf1 add v0.27.0 changelog (#5271)
• bf30770 ci: update k8s manifests before v0.27.0 release (#5270)
• 653d8f9 Revert "config: allow overriding port numbers using environment variables (#5...
• dad954a core/logging: change log.Error function (#5251)
• 97bf5ed core/ui: no-cache html, force back (#5264)
• fb4ee25 core/ui: update logo (#5249)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like github.com/pomerium/pomerium is up-to-date now, so this is no longer needed.