Bump oidc-provider from 8.4.3 to 8.4.5 by dependabot[bot] · Pull Request #720 · auth0/auth0-react

dependabot · 2024-01-17T19:12:23Z

Bumps oidc-provider from 8.4.3 to 8.4.5.

Release notes

Sourced from oidc-provider's releases.

v8.4.5

Refactor

use doc argument in web_message js code (da3198b)

Fixes

add missing opening html tags (23997c5)

DPoP: mark defaulted dpop_jkt parameter as trusted (ee633f3)

v8.4.4

Refactor

test decoded basic auth tokens for their VSCHAR pattern (3f86cc0)

Fixes

DPoP,PAR,JAR: validate DPoP before invalidating JAR during PAR (ca0f999)

Changelog

Sourced from oidc-provider's changelog.

8.4.5 (2024-01-17)

Refactor

use doc argument in web_message js code (da3198b)

Fixes

add missing opening html tags (23997c5)

DPoP: mark defaulted dpop_jkt parameter as trusted (ee633f3)

8.4.4 (2024-01-08)

Refactor

test decoded basic auth tokens for their VSCHAR pattern (3f86cc0)

Fixes

DPoP,PAR,JAR: validate DPoP before invalidating JAR during PAR (ca0f999)

Commits

3e26073 chore(release): 8.4.5
ee633f3 fix(DPoP): mark defaulted dpop_jkt parameter as trusted
da3198b refactor: use doc argument in web_message js code
23997c5 fix: add missing opening html tags
81c683d chore(release): 8.4.4
29b9667 chore: add documentation updates and refactors to future changelogs
ca0f999 fix(DPoP,PAR,JAR): validate DPoP before invalidating JAR during PAR
3f86cc0 refactor: test decoded basic auth tokens for their VSCHAR pattern
391885c chore: bump upload-artifact
b583993 Revert "build(deps): bump actions/upload-artifact from 3 to 4" (#1243)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [oidc-provider](https://github.com/panva/node-oidc-provider) from 8.4.3 to 8.4.5. - [Release notes](https://github.com/panva/node-oidc-provider/releases) - [Changelog](https://github.com/panva/node-oidc-provider/blob/main/CHANGELOG.md) - [Commits](panva/node-oidc-provider@v8.4.3...v8.4.5) --- updated-dependencies: - dependency-name: oidc-provider dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

**Added** - Feature/react19 [\#824](#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](#715) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump typedoc from 0.25.4 to 0.25.7 [\#713](#713) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](#796) ([desusai7](https://github.com/desusai7)) - Update codeowner file with new GitHub team name [\#790](#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Workaround for failing "integration test (CRA)" [\#769](#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](#720) ([dependabot[bot]](https://github.com/apps/dependabot))

**Added** - Release v2.3.0 [\#825](#825) ([tusharpandey13](https://github.com/tusharpandey13)) - Feature/react19 [\#824](#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](#796) ([desusai7](https://github.com/desusai7)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](#715) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - fix npm release workflow [\#826](#826) ([tusharpandey13](https://github.com/tusharpandey13)) - Update codeowner file with new GitHub team name [\#790](#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Workaround for failing "integration test (CRA)" [\#769](#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Removed** - Revert "Release v2.3.0" [\#827](#827) ([tusharpandey13](https://github.com/tusharpandey13)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](#720) ([dependabot[bot]](https://github.com/apps/dependabot))

**Added** - Feature/react19 [\#824](auth0/auth0-react#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](auth0/auth0-react#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](auth0/auth0-react#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](auth0/auth0-react#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](auth0/auth0-react#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](auth0/auth0-react#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](auth0/auth0-react#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](auth0/auth0-react#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](auth0/auth0-react#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](auth0/auth0-react#715) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump typedoc from 0.25.4 to 0.25.7 [\#713](auth0/auth0-react#713) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](auth0/auth0-react#796) ([desusai7](https://github.com/desusai7)) - Update codeowner file with new GitHub team name [\#790](auth0/auth0-react#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](auth0/auth0-react#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Workaround for failing "integration test (CRA)" [\#769](auth0/auth0-react#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](auth0/auth0-react#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](auth0/auth0-react#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](auth0/auth0-react#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](auth0/auth0-react#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](auth0/auth0-react#720) ([dependabot[bot]](https://github.com/apps/dependabot))

**Added** - Release v2.3.0 [\#825](auth0/auth0-react#825) ([tusharpandey13](https://github.com/tusharpandey13)) - Feature/react19 [\#824](auth0/auth0-react#824) ([tusharpandey13](https://github.com/tusharpandey13)) - Add ReversingLabs Workflow (Don't Merge) [\#782](auth0/auth0-react#782) ([developerkunal](https://github.com/developerkunal)) **Changed** - ci: changed pull_request_target to pull_request and removed the authorize step [\#796](auth0/auth0-react#796) ([desusai7](https://github.com/desusai7)) - Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](auth0/auth0-react#757) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ts-jest from 29.1.1 to 29.1.5 [\#766](auth0/auth0-react#766) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump cypress from 13.6.1 to 13.12.0 [\#770](auth0/auth0-react#770) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/jest from 29.5.11 to 29.5.12 [\#750](auth0/auth0-react#750) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump @types/react from 18.2.45 to 18.2.64 [\#747](auth0/auth0-react#747) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](auth0/auth0-react#715) ([dependabot[bot]](https://github.com/apps/dependabot)) **Fixed** - fix npm release workflow [\#826](auth0/auth0-react#826) ([tusharpandey13](https://github.com/tusharpandey13)) - Update codeowner file with new GitHub team name [\#790](auth0/auth0-react#790) ([stevenwong-okta](https://github.com/stevenwong-okta)) - Workaround for failing "integration test (CRA)" [\#769](auth0/auth0-react#769) ([nandan-bhat](https://github.com/nandan-bhat)) **Removed** - Revert "Release v2.3.0" [\#827](auth0/auth0-react#827) ([tusharpandey13](https://github.com/tusharpandey13)) **Security** - Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](auth0/auth0-react#736) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](auth0/auth0-react#761) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](auth0/auth0-react#749) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](auth0/auth0-react#754) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](auth0/auth0-react#752) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump ws from 7.5.9 to 7.5.10 [\#768](auth0/auth0-react#768) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump braces from 3.0.2 to 3.0.3 [\#773](auth0/auth0-react#773) ([dependabot[bot]](https://github.com/apps/dependabot)) - Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](auth0/auth0-react#720) ([dependabot[bot]](https://github.com/apps/dependabot))

dependabot bot requested a review from a team as a code owner January 17, 2024 19:12

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 17, 2024

dependabot bot mentioned this pull request Jan 17, 2024

Bump oidc-provider from 8.4.3 to 8.4.4 #716

Closed

dependabot bot temporarily deployed to internal January 17, 2024 19:12 Inactive

dependabot bot force-pushed the dependabot/npm_and_yarn/oidc-provider-8.4.5 branch from b0e2b56 to 131e28e Compare February 9, 2024 16:00

dependabot bot temporarily deployed to internal February 9, 2024 16:00 Inactive

Merge branch 'main' into dependabot/npm_and_yarn/oidc-provider-8.4.5

bcb7918

stevehobbsdev temporarily deployed to internal February 9, 2024 16:32 — with GitHub Actions Inactive

stevehobbsdev approved these changes Feb 9, 2024

View reviewed changes

stevehobbsdev merged commit c461b11 into main Feb 9, 2024

stevehobbsdev deleted the dependabot/npm_and_yarn/oidc-provider-8.4.5 branch February 9, 2024 16:52

tusharpandey13 mentioned this pull request Jan 21, 2025

Release v2.3.0 #825

Merged

tusharpandey13 mentioned this pull request Jan 21, 2025

Release v2.3.0 #828

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump oidc-provider from 8.4.3 to 8.4.5#720

Bump oidc-provider from 8.4.3 to 8.4.5#720
stevehobbsdev merged 2 commits intomainfrom
dependabot/npm_and_yarn/oidc-provider-8.4.5

dependabot bot commented on behalf of github Jan 17, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Jan 17, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.4.5

Refactor

Fixes

v8.4.4

Refactor

Fixes

8.4.5 (2024-01-17)

Refactor

Fixes

8.4.4 (2024-01-08)

Refactor

Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Jan 17, 2024 •

edited

Loading