Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @inrupt/solid-client-authn-browser from 2.0.0 to 2.1.0 #2390

Closed
wants to merge 2 commits into from
Closed

[Snyk] Upgrade @inrupt/solid-client-authn-browser from 2.0.0 to 2.1.0 #2390

wants to merge 2 commits into from

Conversation

acoburn
Copy link
Contributor

@acoburn acoburn commented Apr 26, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @inrupt/solid-client-authn-browser from 2.0.0 to 2.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released a month ago, on 2024-03-14.
Release notes
Package name: @inrupt/solid-client-authn-browser
  • 2.1.0 - 2024-03-14

    New Feature

    node and browser

    • OpenID Providers with multiple JWK in their JWKS are now supported. Thanks to
      @ pavol-brunclik-compote for the original contribution.

    node

    • Authorization code flow for statically registered clients is now supported. Statically registered
      clients previously defaulted to the Client Credentials flow, it is no longer an assumption.

    Bugfix

    browser

    • Fix non-DPoP bound tokens support in browser: a bug in the handling of non-DPoP-bound tokens was
      preventing the auth code grant to complete, with a 401 to the OpenId Provider Token Endpoint
      observed on redirect after the user authenticated. It is now possible to do
      session.login({/*...*/, tokenType: "Bearer"}) and get a successful result.
  • 2.0.0 - 2023-12-20

    Breaking Changes

    • Node 16 is no longer supported. The global fetch function is used instead of @ inrupt/universal-fetch.
      This means this library now only works with Node 18 and higher.
    • The Session class no longer extends EventEmitter. Instead, it exposes an events attribute implementing
      EventEmitter. We do not recommend to use Session instance's events attribute as an arbitrary events emitter,
      and encourage users to only use the supported events and documented API.
    • Session methods onLogin, onLogout, onError, onSessionRestore, onSessionExpiration and onNewRefreshToken
      have been removed. They are replaced by calls to session.events.on, using the appropriate event name.
    • Session constructor changes:
      • the onNewRefreshToken parameter is no longer supported. Its usage is replaced by calling session.events.on
        using the EVENTS.NEW_REFRESH_TOKEN constant as a first parameter, and a callback handling the token as a
        second parameter.
      • The useEssSession parameter is no longer supported.
    • The getClientAuthenticationWithDependencies is no longer exported as part of the public API, and is now internal-only.
    • The UMD build of @ inrupt/oidc-client-ext is no longer available. Since this is a package only intended to be
      consumed by @ inrupt/solid-client-authn-browser, which doesn't have a UMD build, this change should have no
      impact.

    Build system changes

    • Moved from rollup-plugin-typescript2 to @ rollup/plugin-typescript. Although this should not be a breaking change,
      upgrading may require extra attention.
from @inrupt/solid-client-authn-browser GitHub release notes
Commit messages
Package name: @inrupt/solid-client-authn-browser
  • 259a567 Release v2.1.0 (#3401)
  • 08cb129 Adjust CODEOWNERS (#3402)
  • d58fced chore(deps-dev): bump @ inrupt/eslint-config-base from 2.6.0 to 3.2.1 (#3387)
  • 3533026 chore(deps-dev): bump @ babel/preset-env from 7.23.9 to 7.24.0 (#3384)
  • 8804aac chore(deps): bump @ nx/nx-win32-x64-msvc from 18.0.5 to 18.0.8 (#3394)
  • 38cd84a chore(deps): bump express from 4.18.2 to 4.18.3 (#3385)
  • a000262 chore(deps-dev): bump @ types/node from 20.11.10 to 20.11.27 (#3399)
  • dd1b1ca Support auth code flow for statically registered clients (#3380)
  • 459ff62 Re-enable code coverage collection (#3379)
  • bd14278 Improve JWKS support (#3382)
  • 0ef44d6 chore(deps-dev): bump @ types/react from 18.2.53 to 18.2.61 (#3383)
  • 5be816b chore(deps-dev): bump @ inrupt/eslint-config-lib from 3.1.0 to 3.2.1 (#3375)
  • 2a32916 chore(deps-dev): bump @ types/react-dom from 18.2.18 to 18.2.19 (#3372)
  • 1c1e96c chore(deps): bump @ nx/nx-win32-x64-msvc from 17.2.8 to 18.0.5 (#3373)
  • 8da35a0 chore(deps-dev): bump @ inrupt/internal-playwright-helpers (#3369)
  • ac6375b chore(deps-dev): bump @ inrupt/jest-jsdom-polyfills from 3.2.0 to 3.2.1 (#3367)
  • bce3a52 chore(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#3368)
  • 6860c46 chore(deps-dev): bump http-link-header from 1.1.1 to 1.1.2 (#3374)
  • acc961a chore(deps-dev): bump typedoc from 0.25.8 to 0.25.9 (#3376)
  • 2cfca75 chore(deps-dev): bump prettier from 3.1.1 to 3.2.5 (#3352)
  • fee41e2 chore(deps-dev): bump @ typescript-eslint/eslint-plugin (#3363)
  • 342c7db chore(deps-dev): bump @ typescript-eslint/parser from 6.20.0 to 6.21.0 (#3357)
  • 37f0d76 chore(deps): bump pydata-sphinx-theme in /packages/browser/docs/api (#3325)
  • b679262 chore(deps-dev): bump esbuild from 0.19.11 to 0.20.1 (#3364)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@acoburn acoburn requested a review from a team as a code owner April 26, 2024 00:45
@acoburn acoburn deployed to ESS Dev-2-1 April 26, 2024 00:45 — with GitHub Actions Active
@acoburn acoburn temporarily deployed to ESS PodSpaces May 2, 2024 15:50 — with GitHub Actions Inactive
@acoburn acoburn temporarily deployed to ESS PodSpaces May 2, 2024 15:50 — with GitHub Actions Inactive
@acoburn acoburn closed this Jun 4, 2024
@acoburn acoburn deleted the snyk-upgrade-6761460f34da76f7bb46385b6d2c4f9c branch June 4, 2024 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@acoburn @snyk-bot