zitadel-node icon indicating copy to clipboard operation
zitadel-node copied to clipboard
verified publisher icon smartive

fix(deps): update dependency openid-client to v6

Open renovate[bot] opened this issue 1 year ago • 0 comments

This PR contains the following updates:

Package Change Age Confidence
openid-client 5.7.1 -> 6.8.1 age confidence

Release Notes

panva/openid-client (openid-client)

v6.8.1

Compare Source

Refactor
  • workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Compare Source

Features
  • respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)
Documentation
  • remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Compare Source

Fixes
  • passport: include req.host from express@​5 for ease of use in express@​4 (81f6c12)

v6.7.0

Compare Source

Features
  • support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Compare Source

Fixes
  • recognize N_A in the token exchange grant (770b177)

v6.6.3

Compare Source

Documentation
  • fix TokenEndpointResponseHelpers.claims() note (b77c786)
Refactor
  • passport: allow custom logic to drive initiating auth requests (0b57115), closes #​811

v6.6.2

Compare Source

Fixes
  • RFC8414: strip any terminating "/" when pathname is present (e884302)

v6.6.1

Compare Source

Refactor
  • revert use 303 See Other for the redirect (54f2170)

v6.6.0

Compare Source

Features
  • passport: automatically use form_post response mode when using hybrid response types (c9f2993)
  • passport: easier way to use id_token_hint without overloads (afe24ae)
  • passport: easier way to use login_hint without overloads (264db00)
  • passport: easier way to use OAuth 2.0 Resource Indicators without overloads (7eb3076)
  • passport: easier way to use OAuth 2.0 Rich Authorization Requests without overloads (af0f9d6)
Refactor
  • passport: align use of callbackURL with other strategies and user expectations (333ad31)
  • passport: use 303 See Other for the redirect (4004070)
Documentation
  • passport: add clarity to oauth-specific AuthenticateOptions (dba27f3)
  • passport: expand descriptions and structure (0a173ce)

v6.5.3

Compare Source

Fixes
  • passport: handle JARM responses with authorizationCodeGrant instead of authorizationRequest (e734bec)

v6.5.2

Compare Source

Fixes
  • passport: allow custom query params in the initial authenticate() invocation (deb9925)

v6.5.1

Compare Source

Documentation
  • update implicitAuthentication and useIdTokenResponseType (4036242)
  • use GitHub Flavored Markdown for notes and warnings (a2482c7)
Refactor
  • use native Uint8Array<->base64 when available in the runtime (daf9118)

v6.5.0

Compare Source

Features
  • support response_type=id_token OIDC Authentication Responses (94bba9d)
Fixes
  • handle POST method Request inputs for non-hybrid responses (92faadc)
Documentation
  • add WWW-Authenticate parameter descriptions and RS Metadata related parameters (38f3448)
  • update implicitAuthentication and authorizationCodeGrant inline examples (b1f0a28)

v6.4.2

Compare Source

Documentation
  • add more resources for DCR (e9b978d)
  • hardcode spec revision links (e.g. final or errata) (afef152)
Fixes
  • properly handle a number of edge-cases in www-authenticate header parsing (56f0ed1)

v6.4.1

Compare Source

Fixes
  • allow client secret based auth factories to be used with DCR (d125b30)

v6.4.0

Compare Source

Features
  • add support for Dynamic Client Registration (15f6953)
Fixes
  • handle max_age=0 in buildAuthorizationUrlWithJAR() (5a5a7c9)

v6.3.4

Compare Source

Documentation
Refactor
  • use subpath export for JWE decryption dependency (f8c39fc)

v6.3.3

Compare Source

v6.3.2

Compare Source

Documentation
  • improve docs for default client authentication (3c9f0d9), closes #​761

v6.3.1

Compare Source

Refactor
  • passport: allow dpop handle to be retrieved with an async function (4491f70)
  • passport: bind authorization code to a DPoP Key (b536d0a)
  • passport: use the supportsPKCE() metadata helper (e13fb37)

v6.3.0

Compare Source

Features
  • add a helper to DPoPHandle to calculate dpop_jkt (e99a9d9)
Documentation
  • add DPoP example (2fb51e1)
  • reword buildAuthorizationUrl methods for more clarity (7e987d9)
  • update CIBA docs (35ff0f5)
  • update example diffs (2e152d9)
  • update JWT Introspection Response references to RFC 9701 (d742709)
  • update README.md (8dbb921)
  • update README.md (546b651)

v6.2.0

Compare Source

Features
  • add Client-Initiated Backchannel Authentication (fe6d996)
Documentation
  • explain more discovery() behaviours (271ac5b)
  • re-run docs (17b531a)
  • update buildAuthorizationUrl parameters description (23fb405)
  • update buildAuthorizationUrl parameters description (db9fd94)
Fixes
  • types: fix typo in DeviceAuthorizationGrantPollOptions (d3629c9)

v6.1.7

Compare Source

Refactor
  • types: move customFetch options into its own interface (57d8355)

v6.1.6

Compare Source

Fixes
  • handle scope, prompt, and passReqToCallback from generic passport types (cc92a36), closes #​735

v6.1.5

Compare Source

Fixes
  • passport: fix currentUrl when using express.Router (3b2d570), closes #​733

v6.1.4

Compare Source

Documentation
  • resolve discovery customFetch jsdoc mentioning timeout (5f4cd1b)

v6.1.3

Compare Source

Documentation
  • remove note from issuer transformation algorithm (5fda2cb)
Fixes
  • deal with discovery issues from b2clogin.com (b9a4f2f), closes #​718

v6.1.2

Compare Source

Refactor
  • rename the parameters positional argument in authorizationCodeGrant() (c79ccc5), closes #​712
Documentation
  • document behaviour of customFetch on discovery (072da62)
  • update Strategy.prototype.currentUrl JSDoc (46ea086), closes #​714

v6.1.1

Compare Source

Documentation
  • update link to passport example (110575b)
Fixes

v6.1.0

Compare Source

Features
  • add a server metadata helper for checking PKCE support (ca34a91)
  • add JWKS Cache management for use in non-persistent runtimes (cda4b53)

v6.0.0

Compare Source

⚠ BREAKING CHANGES
  • openid-client v6.x is a complete rewrite of the openid-client module, this is the first time since 0.1.0 (8 years ago) that the API has drastically changed. The new module structure and API focuses on three core principles:
  • runtime compatibility (adding support for Deno, Cloudflare Workers, Bun, and other Web API interoperable runtimes)
  • tree-shakeability (bundles should not contain features that don't end up being used)
  • less options (removing support for processing deprecated response types, cutting down on the number of combinations that need to handled)

To that end openid-client@​6 no longer supports the full cartesian matrix of response types and response modes, it no longer supports issuing encrypted assertions, decrypting assertions is limited to only a few algorithms, it no longer supports Dynamic Client Registration or Management, and Self-Issued OpenID Provider responses are also not supported.

The new API makes basic setups simple while allowing some degree of complexity where needed.

openid-client@​6 is an ESM module using ES2022 syntax and it depends on WebCryptoAPI and Fetch API globals being available in the JS runtime.

openid-client@​6 is written in TypeScript and its exported types come with comment annotations.

(Node.js) Versions 20.x and newer have all the necessary globals.

(Node.js) CJS style let client = require('openid-client') is possible in versions where process.features.require_module is true. This is a new Node.js feature slated to be released without a CLI flag in 23.x and 22.x

Documentation
Refactor

Configuration

📅 Schedule: Branch creation - "after 9pm,before 6am" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] avatar Oct 15 '24 23:10 renovate[bot]