Bump github.com/ory/hydra from 1.0.8 to 1.4.9

[dependabot-preview[bot]]

Bumps github.com/ory/hydra from 1.0.8 to 1.4.9.

Release notes

Sourced from github.com/ory/hydra's releases.

v1.4.9

This is the first release to use our new CI/CD pipeline which includes auto-generated release announcements via the newsletter.

If you have feedback on this new process feel free to start a discussion on Slack!

This release fixes some bugs and improves the docs.

1.4.9 (2020-04-25)

Bug Fixes

• Update install.sh script (#1828) (7d56902)

Changelog

1bbfb37c autogen(docs): generate and format documentation eed9d878 chore: pin v1.4.9 release commit 7d569022 fix: update install.sh script (#1828)

Docker images

• docker pull oryd/hydra:v1
• docker pull oryd/hydra:v1.4
• docker pull oryd/hydra:v1.4.9
• docker pull oryd/hydra:v1.4.9
• docker pull oryd/hydra:latest
• docker pull oryd/hydra:v1-alpine
• docker pull oryd/hydra:v1.4-alpine
• docker pull oryd/hydra:v1.4.9-alpine
• docker pull oryd/hydra:v1.4.9-alpine
• docker pull oryd/hydra:latest-alpine

v1.4.6

Changelog

a0a5f850 autogen(docs): generate and format documentation

... (truncated)

Changelog

Sourced from github.com/ory/hydra's changelog.

1.4.9 (2020-04-25)

Bug Fixes

• Update install.sh script (#1828) (7d56902)
• docker: Resolve nsswitch issues (#1824) (96b8733)

Documentation

• Add docker help to self-signed ssl (8be079b)
• Add tls self-signed certificate guide (#1826) (a90483f), closes #1822

Features

• Add workaround for CSRF SameSite=None cookies (#1810) (8967b9c), closes #1753:

  Implements the workaround from https://web.dev/samesite-cookie-recipes/ for the CSRF cookies only when using SameSite=None. This is configurable and disabled by default.

  Also adds some unit tests for the existing CSRF cookie helpers, along with unit tests for this change.

1.4.7 (2020-04-24)

Bug Fixes

• Allow -1 as ttl.refresh_token value (#1819) (66f5d3a), closes #1811:

  Because viper converts the type from both string and number to time.Duration we can allow both types.

• docker: Add nsswitch.conf into the dockerfiles (#1816) (48cf366):

  Go's netgo implementation currently does not respect hostname overrides defined in /etc/hosts if the /etc/nsswitch.conf does not exists.

  Made changes to the Dockerfiles to add a standard /etc/nsswitch.conf to fix this issue.

• Improve system secrets message (#1818) (7a3ecd0)
• docker: Bump version to 1.4.6 (0692869)
• Use semver-regex replacer func (77c6752)

Documentation

• Add CSRF section to debug (#1813) (85551eb)
• Clarify scope section (7606a48)
• Fix golang and javascript sdk links (0143712)
• Fix two broken links in sdk overview (#1809) (9def4ba)
• Update linux install guide (#1806) (a9eed57)

... (truncated)

Commits

• eed9d87 chore: pin v1.4.9 release commit
• 7d56902 fix: update install.sh script (#1828)
• 1bbfb37 autogen(docs): generate and format documentation
• bcfc6c4 chore: pin 1.4.8 release commit
• 8be079b docs: add docker help to self-signed ssl
• 96b8733 fix(docker): resolve nsswitch issues (#1824)
• a90483f docs: add tls self-signed certificate guide (#1826)
• e537745 autogen(docs): generate and format documentation
• 8967b9c feat: add workaround for CSRF SameSite=None cookies (#1810)
• e3e133c ci: bump changelog task (#1823)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #224.