upcase icon indicating copy to clipboard operation
upcase copied to clipboard
verified publisher icon thoughtbot

Bump doorkeeper from 5.1.1 to 5.5.2

Open dependabot-preview[bot] opened this issue 4 years ago • 0 comments

Bumps doorkeeper from 5.1.1 to 5.5.2.

Release notes

Sourced from doorkeeper's releases.

v5.5.2

  • #1502 Drop support for Ruby 2.4 because of EOL.
  • #1504 Updated the url fragment in the comment for code documentation.
  • #1512 Fix form behavior when response mode is form_post.
  • #1511 Fix that authorization code is returned by fragment if response_mode is fragament.

v5.5.1

  • #1496 Revoke old_refresh_token if previous_refresh_token is present.
  • #1495 Fix respond_to undefined in API-only mode
  • #1488 Verify client authentication for Resource Owner Password Grant when config.skip_client_authentication_for_password_grant is set and the client credentials are sent in a HTTP Basic auth header.

v5.5.0

  • #1482 Simplify TokenInfoController to be overridable (extract response rendering).
  • #1478 Fix ownership association and Rake tasks when custom models configured.
  • #1477 Respect ActiveRecord::Base.pluralize_table_names for Doorkeeper table names.

v5.5.0.rc2

  • #1473 Enable Applications and AuthorizedApplications controllers in API mode.

    [IMPORTANT] you can still skip these controllers using skip_controllers in use_doorkeeper inside routes.rb. Please do it in case you don't need them.

  • #1472 Fix establish_connection configuration for custom defined models.

  • #1471 Add support for Ruby 3.0.

  • #1469 Check if redirect_uri exists.

  • #1465 Memoize nil doorkeeper_token.

  • #1459 Use built-in Ruby option to remove padding in PKCE code challenge value.

  • #1457 Make owner_id a bigint for newly-generated owner migrations

  • #1452 Empty previous_refresh_token only if present.

  • #1440 Validate empty host in redirect_uri.

  • #1438 Add form post response mode.

  • #1458 Make config.skip_client_authentication_for_password_grant a long term configuration option.

v5.5.0.rc1

  • #1435 Make error response not redirectable when client is unauthorized

  • #1426 Ensure ActiveRecord callbacks are executed on token revocation.

  • #1407 Remove redundant and complex to support helpers froms tests (should_have_json, etc).

  • #1416 Don't add introspection route if token introspection completely disabled.

  • #1410 Properly memoize current_resource_owner value (consider nil and false values).

  • #1415 Ignore PKCE params for non-PKCE grants.

  • #1418 Add ability to register custom OAuth Grant Flows.

  • #1420 Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.

    [IMPORTANT] you need to create a new OAuth client (Doorkeeper::Application) if yoo didn't have it before and use client credentials in HTTP Basic auth if you previously used this grant flow without client authentication. For migration purposes you could enable skip_client_authentication_for_password_grant configuration option to true, but such behavior (as well as configuration option) would be completely removed in a future version of Doorkeeper.

... (truncated)

Changelog

Sourced from doorkeeper's changelog.

5.5.2

  • #1502 Drop support for Ruby 2.4 because of EOL.
  • #1504 Updated the url fragment in the comment for code documentation.
  • #1512 Fix form behavior when response mode is form_post.
  • #1511 Fix that authorization code is returned by fragment if response_mode is fragament.

5.5.1

  • #1496 Revoke old_refresh_token if previous_refresh_token is present.
  • #1495 Fix respond_to undefined in API-only mode
  • #1488 Verify client authentication for Resource Owner Password Grant when config.skip_client_authentication_for_password_grant is set and the client credentials are sent in a HTTP Basic auth header.

5.5.0

  • #1482 Simplify TokenInfoController to be overridable (extract response rendering).
  • #1478 Fix ownership association and Rake tasks when custom models configured.
  • #1477 Respect ActiveRecord::Base.pluralize_table_names for Doorkeeper table names.

5.5.0.rc2

  • #1473 Enable Applications and AuthorizedApplications controllers in API mode.

    [IMPORTANT] you can still skip these controllers using skip_controllers in use_doorkeeper inside routes.rb. Please do it in case you don't need them.

  • #1472 Fix establish_connection configuration for custom defined models.

  • #1471 Add support for Ruby 3.0.

  • #1469 Check if redirect_uri exists.

  • #1465 Memoize nil doorkeeper_token.

  • #1459 Use built-in Ruby option to remove padding in PKCE code challenge value.

  • #1457 Make owner_id a bigint for newly-generated owner migrations

  • #1452 Empty previous_refresh_token only if present.

  • #1440 Validate empty host in redirect_uri.

  • #1438 Add form post response mode.

  • #1458 Make config.skip_client_authentication_for_password_grant a long term configuration option.

5.5.0.rc1

  • #1435 Make error response not redirectable when client is unauthorized
  • #1426 Ensure ActiveRecord callbacks are executed on token revocation.
  • #1407 Remove redundant and complex to support helpers froms tests (should_have_json, etc).
  • #1416 Don't add introspection route if token introspection completely disabled.
  • #1410 Properly memoize current_resource_owner value (consider nil and false values).
  • #1415 Ignore PKCE params for non-PKCE grants.
  • #1418 Add ability to register custom OAuth Grant Flows.
  • #1420 Require client authentication for Resource Owner Password Grant as stated in OAuth RFC.

... (truncated)

Commits
  • c070288 Release 5.5.2 :tada:
  • e2d11cc Merge pull request #1508 from doorkeeper-gem/dependabot/add-v2-config-file
  • 76c6ed6 Merge pull request #1511 from nhosoya/fix/response_mode-is-fragment
  • 64d35be Fix that authorization code is returned by fragment if response_mode is fraga...
  • cdb8143 Merge pull request #1512 from nhosoya/fix-response_mode-form_post
  • f67fb5f Fix form behavior when response mode is form_post
  • fd04882 Upgrade to GitHub-native Dependabot
  • a56b1a5 Merge pull request #1504 from nhosoya/update-links-to-guide
  • 9fbc7bc Updated the URL fragment in the comment
  • 2418589 [ci skip] Update CHANGELOG.md
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

dependabot-preview[bot] avatar Jun 11 '21 12:06 dependabot-preview[bot]