search

GluuFederation / gluu-passport

Gluu interface to Passport.js to support social login and inbound identity.
Apache License 2.0
6 stars 17 forks source link

build(deps): bump openid-client from 4.7.5 to 5.1.2 #406

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps openid-client from 4.7.5 to 5.1.2.

Release notes

Sourced from openid-client's releases.

v5.1.2

Fixes

  • passing null as checks.nonce should not disable it (5120a07)

v5.1.1

Fixes

  • allow setting timeout to 0 to disable it (32b28b5), closes #443

v5.1.0

Features

  • support OAuth 2.0 Authorization Server Issuer Identification (fb6a141)
  • support server-provided DPoP nonces (update DPoP to draft-04) (a84950a)

Fixes

  • reject oauthCallback when id_token is detected (92ffee5)
  • typescript: ts-ignore missing AbortSignal global (d975c11), closes #433

v5.0.2

Bug Fixes

  • explicitly set content-length again (956c34b), closes #420

v5.0.1

Bug Fixes

  • explicitly set accept: application/json again (89cdbe2)

v5.0.0

⚠ BREAKING CHANGES

  • The 'query' way of passing access token to userinfo was removed.
  • Access Token is now asserted to be present for userinfo and requestResource calls.
  • The registry export was removed.
  • FAPIClient is renamed to FAPI1Client
  • FAPI1Client has default algorithms set to PS256 rather than RS256
  • FAPI1Client has default tls_client_certificate_bound_access_tokens set to true
  • FAPI1Client has default response_types set to id_token code and grant_types accordingly
  • FAPI1Client has no token_endpoint_auth_method set, one must be set explicitly
  • Client methods unpackAggregatedClaims and fetchDistributedClaims were removed with no replacement.
  • DPoP option inputs must be a private crypto.KeyObject or a valid crypto.createPrivateKey input.
  • Issuer.prototype.keystore is now private API
  • HTTP(S) request customization now only recognizes the following options 'agent', 'ca', 'cert', 'crl', 'headers', 'key', 'lookup', 'passphrase', 'pfx', and 'timeout'. These are standard node http/https module request options, got-library specific options such as 'followRedirect', 'retry', or 'throwHttpErrors' are no longer recognized.
  • The arguments inside individual HTTP request customization changed, first argument is now an instance of URL, the http request options object is passed in as a second argument.
  • The response property attached to some RPError or OPError instances is now an instance of http.IncomingMessage. Its body is available on its body property as either JSON if it could be parsed, or a Buffer if it failed to pass as JSON.
  • Drop support for Node.js v10.x

... (truncated)

Changelog

Sourced from openid-client's changelog.

5.1.2 (2022-01-13)

Fixes

  • passing null as checks.nonce should not disable it (5120a07)

5.1.1 (2021-12-20)

Fixes

  • allow setting timeout to 0 to disable it (32b28b5), closes #443

5.1.0 (2021-12-03)

Features

  • support OAuth 2.0 Authorization Server Issuer Identification (fb6a141)
  • support server-provided DPoP nonces (update DPoP to draft-04) (a84950a)

Bug Fixes

  • reject oauthCallback when id_token is detected (92ffee5)
  • typescript: ts-ignore missing AbortSignal global (d975c11), closes #433

5.0.2 (2021-10-28)

Bug Fixes

  • explicitly set content-length again (956c34b), closes #420

5.0.1 (2021-10-27)

Bug Fixes

  • explicitly set accept: application/json again (89cdbe2)

5.0.0 (2021-10-27)

⚠ BREAKING CHANGES

  • The 'query' way of passing access token to userinfo was removed.
  • Access Token is now asserted to be present for the

... (truncated)

Commits
  • ae2e3ff chore(release): 5.1.2
  • 5120a07 fix: passing null as checks.nonce should not disable it
  • cba11f2 chore(release): 5.1.1
  • 32b28b5 fix: allow setting timeout to 0 to disable it
  • 5abf728 refactor: substr > slice
  • 07be6ee chore: not everything is a Bug Fix per se, something is just a Fix
  • ff046ca chore(release): 5.1.0
  • a84950a feat: support server-provided DPoP nonces (update DPoP to draft-04)
  • 92ffee5 fix: reject oauthCallback when id_token is detected
  • fb6a141 feat: support OAuth 2.0 Authorization Server Issuer Identification
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
christian-hawk commented 2 years ago

Can one of the admins verify this patch?

codecov[bot] commented 2 years ago

Codecov Report

Merging #406 (0ee2734) into master (a857f4a) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #406   +/-   ##
=======================================
  Coverage   78.58%   78.58%           
=======================================
  Files          36       36           
  Lines         780      780           
=======================================
  Hits          613      613           
  Misses        167      167

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a857f4a...0ee2734. Read the comment docs.

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

christian-hawk commented 2 years ago

solved by #397

dependabot[bot] commented 2 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.