search

ether / ep_openid_connect

Etherpad plugin to authenticate users against an OpenID Connect provider
Other
5 stars 8 forks source link

Bump openid-client from 4.7.4 to 5.1.2 #22

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps openid-client from 4.7.4 to 5.1.2.

Release notes

Sourced from openid-client's releases.

v5.1.2

Fixes

  • passing null as checks.nonce should not disable it (5120a07)

v5.1.1

Fixes

  • allow setting timeout to 0 to disable it (32b28b5), closes #443

v5.1.0

Features

  • support OAuth 2.0 Authorization Server Issuer Identification (fb6a141)
  • support server-provided DPoP nonces (update DPoP to draft-04) (a84950a)

Fixes

  • reject oauthCallback when id_token is detected (92ffee5)
  • typescript: ts-ignore missing AbortSignal global (d975c11), closes #433

v5.0.2

Bug Fixes

  • explicitly set content-length again (956c34b), closes #420

v5.0.1

Bug Fixes

  • explicitly set accept: application/json again (89cdbe2)

v5.0.0

⚠ BREAKING CHANGES

  • The 'query' way of passing access token to userinfo was removed.
  • Access Token is now asserted to be present for userinfo and requestResource calls.
  • The registry export was removed.
  • FAPIClient is renamed to FAPI1Client
  • FAPI1Client has default algorithms set to PS256 rather than RS256
  • FAPI1Client has default tls_client_certificate_bound_access_tokens set to true
  • FAPI1Client has default response_types set to id_token code and grant_types accordingly
  • FAPI1Client has no token_endpoint_auth_method set, one must be set explicitly
  • Client methods unpackAggregatedClaims and fetchDistributedClaims were removed with no replacement.
  • DPoP option inputs must be a private crypto.KeyObject or a valid crypto.createPrivateKey input.
  • Issuer.prototype.keystore is now private API
  • HTTP(S) request customization now only recognizes the following options 'agent', 'ca', 'cert', 'crl', 'headers', 'key', 'lookup', 'passphrase', 'pfx', and 'timeout'. These are standard node http/https module request options, got-library specific options such as 'followRedirect', 'retry', or 'throwHttpErrors' are no longer recognized.
  • The arguments inside individual HTTP request customization changed, first argument is now an instance of URL, the http request options object is passed in as a second argument.
  • The response property attached to some RPError or OPError instances is now an instance of http.IncomingMessage. Its body is available on its body property as either JSON if it could be parsed, or a Buffer if it failed to pass as JSON.
  • Drop support for Node.js v10.x

... (truncated)

Changelog

Sourced from openid-client's changelog.

5.1.2 (2022-01-13)

Fixes

  • passing null as checks.nonce should not disable it (5120a07)

5.1.1 (2021-12-20)

Fixes

  • allow setting timeout to 0 to disable it (32b28b5), closes #443

5.1.0 (2021-12-03)

Features

  • support OAuth 2.0 Authorization Server Issuer Identification (fb6a141)
  • support server-provided DPoP nonces (update DPoP to draft-04) (a84950a)

Bug Fixes

  • reject oauthCallback when id_token is detected (92ffee5)
  • typescript: ts-ignore missing AbortSignal global (d975c11), closes #433

5.0.2 (2021-10-28)

Bug Fixes

  • explicitly set content-length again (956c34b), closes #420

5.0.1 (2021-10-27)

Bug Fixes

  • explicitly set accept: application/json again (89cdbe2)

5.0.0 (2021-10-27)

⚠ BREAKING CHANGES

  • The 'query' way of passing access token to userinfo was removed.
  • Access Token is now asserted to be present for the

... (truncated)

Commits
  • ae2e3ff chore(release): 5.1.2
  • 5120a07 fix: passing null as checks.nonce should not disable it
  • cba11f2 chore(release): 5.1.1
  • 32b28b5 fix: allow setting timeout to 0 to disable it
  • 5abf728 refactor: substr > slice
  • 07be6ee chore: not everything is a Bug Fix per se, something is just a Fix
  • ff046ca chore(release): 5.1.0
  • a84950a feat: support server-provided DPoP nonces (update DPoP to draft-04)
  • 92ffee5 fix: reject oauthCallback when id_token is detected
  • fb6a141 feat: support OAuth 2.0 Authorization Server Issuer Identification
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
rhansen commented 2 years ago

@dependabot rebase

rhansen commented 2 years ago

@dependabot rebase