davidpatrick
commented
3 years ago @frederikprijck this release doesn't include those. This patch has already been released, this PR is just to move the code changes into the code base
Closed davidpatrick closed 3 years ago
davidpatrick
commented
3 years ago @frederikprijck this release doesn't include those. This patch has already been released, this PR is just to move the code changes into the code base
davidpatrick
commented
3 years ago To be clear, this was in response to https://github.com/auth0-samples/auth0-rubyonrails-sample/issues/46#issuecomment-763188947, this library should have already had omniauth explicitly included in the gemspec. The result of not having it in the gemspec caused new installs or non-locked installs of this gem to grab a new major of omniauth which had a breaking change in it for people using GET requests on the auth endpoint. So we released this patch 2.4.2 on top of the 2.4.1 code, so it doesn't include the latest PRs that have been merged that @frederikprijck mentions, those PRs will be released in the next minor 2.5.0.
frederikprijck
commented
3 years ago Thanks for the context. I understand it has been released already and we need this in master in order to make the next release.
This library was requiring
omniauththroughomniauth-oauth2, this patches 2.4.x with lockingomniauthto1.9. The new version ofomniauthintroduces a security fix that is a breaking change for some, and we are evaluating on either releasing a minor or a major for.