Bump ejs and oidc-provider in /api #609

dependabot · 2024-05-01T09:52:07Z

Removes ejs. It's no longer used after updating ancestor dependency oidc-provider. These dependencies need to be updated together.

Removes ejs

Updates oidc-provider from 5.5.3 to 8.4.6

Release notes

Sourced from oidc-provider's releases.

v8.4.6

Documentation

adds events and debugging recipe (#1246) (0bf7696)

fix client_secret_basic special characters encoding example (73baae1)

re-run update docs (99cc84a)

Refactor

avoid iteration resource iteration in client_credentials (e306640)

avoid use of prototype attributes in object-hash (270af1d)

use logical or assignment (8f55588)

Fixes

ensure each individual resource indicator is a valid URI (d9e1ad2)

v8.4.5

Refactor

use doc argument in web_message js code (da3198b)

Fixes

add missing opening html tags (23997c5)

DPoP: mark defaulted dpop_jkt parameter as trusted (ee633f3)

v8.4.4

Refactor

test decoded basic auth tokens for their VSCHAR pattern (3f86cc0)

Fixes

DPoP,PAR,JAR: validate DPoP before invalidating JAR during PAR (ca0f999)

v8.4.3

This release contains only code refactoring, dependency, or documentation updates.

v8.4.2

Fixes

reject client JSON Web Key Set null value (#1237) (cce6d43)

v8.4.1

... (truncated)

Changelog

Sourced from oidc-provider's changelog.

8.4.6 (2024-04-23)

Documentation

adds events and debugging recipe (#1246) (0bf7696)

fix client_secret_basic special characters encoding example (73baae1)

re-run update docs (99cc84a)

Refactor

avoid iteration resource iteration in client_credentials (e306640)

avoid use of prototype attributes in object-hash (270af1d)

use logical or assignment (8f55588)

Fixes

ensure each individual resource indicator is a valid URI (d9e1ad2)

8.4.5 (2024-01-17)

Refactor

use doc argument in web_message js code (da3198b)

Fixes

add missing opening html tags (23997c5)

DPoP: mark defaulted dpop_jkt parameter as trusted (ee633f3)

8.4.4 (2024-01-08)

Refactor

test decoded basic auth tokens for their VSCHAR pattern (3f86cc0)

Fixes

DPoP,PAR,JAR: validate DPoP before invalidating JAR during PAR (ca0f999)

8.4.3 (2023-12-14)

8.4.2 (2023-12-02)

... (truncated)

Commits

c7aca91 chore(release): 8.4.6
85e7a58 chore: bump deps
d9e1ad2 fix: ensure each individual resource indicator is a valid URI
87cd3c5 build(deps-dev): bump express from 4.18.2 to 4.19.2 (#1255)
270af1d refactor: avoid use of prototype attributes in object-hash
0bf7696 docs: adds events and debugging recipe (#1246)
7d11383 ci: auto-create release discussions
99cc84a docs: re-run update docs
8f55588 refactor: use logical or assignment
e306640 refactor: avoid iteration resource iteration in client_credentials
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by panva, a new releaser for oidc-provider since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Removes [ejs](https://github.com/mde/ejs). It's no longer used after updating ancestor dependency [oidc-provider](https://github.com/panva/node-oidc-provider). These dependencies need to be updated together. Removes `ejs` Updates `oidc-provider` from 5.5.3 to 8.4.6 - [Release notes](https://github.com/panva/node-oidc-provider/releases) - [Changelog](https://github.com/panva/node-oidc-provider/blob/main/CHANGELOG.md) - [Commits](panva/node-oidc-provider@v5.5.3...v8.4.6) --- updated-dependencies: - dependency-name: ejs dependency-type: indirect - dependency-name: oidc-provider dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label May 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump ejs and oidc-provider in /api #609

Bump ejs and oidc-provider in /api #609

dependabot bot commented on behalf of github May 1, 2024

Bump ejs and oidc-provider in /api #609

Are you sure you want to change the base?

Bump ejs and oidc-provider in /api #609

Conversation

dependabot bot commented on behalf of github May 1, 2024

v8.4.6

Documentation

Refactor

Fixes

v8.4.5

Refactor

Fixes

v8.4.4

Refactor

Fixes

v8.4.3

v8.4.2

Fixes

v8.4.1

8.4.6 (2024-04-23)

Documentation

Refactor

Fixes

8.4.5 (2024-01-17)

Refactor

Fixes

8.4.4 (2024-01-08)

Refactor

Fixes

8.4.3 (2023-12-14)

8.4.2 (2023-12-02)