Bump main to v8.4.6 #3
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BREAKING CHANGE: The non-standard `introspection_endpoint_auth_method`, and `introspection_endpoint_auth_signing_alg` client metadata properties were removed. The client's `token_endpoint_auth_method`, and `token_endpoint_auth_signing_alg` properties are now used as the only indication of how a client must authenticate at the introspection endpoint. The accompanying JWA and authentication methods configuration properties were also removed. BREAKING CHANGE: The non-standard `revocation_endpoint_auth_method`, and `revocation_endpoint_auth_signing_alg` client metadata properties were removed. The client's `token_endpoint_auth_method`, and `token_endpoint_auth_signing_alg` properties are now used as the only indication of how a client must authenticate at the revocation endpoint. The accompanying JWA and authentication methods configuration properties were also removed.
`Client.prototype.clientAuthMethod` and `Client.prototype.clientAuthSigningAlg` prototype getters were added as as aliases to the client's `tokenEndpointAuthMethod` and `tokenEndpointAuthSigningAlg` getters. BREAKING CHANGE: The `tokenEndpointAuthMethods` configuration method was renamed to `clientAuthMethods`. BREAKING CHANGE: The `enabledJWA.tokenEndpointAuthSigningAlgValues` configuration method was renamed to `enabledJWA.clientAuthSigningAlgValues`.
BREAKING CHANGE: It is no longer possible to pass Bearer tokens using the `access_token` query string parameter. This can be reverted using the `acceptQueryParamAccessTokens` configuration option.
BREAKING CHANGE: The client registration management update action now rotates registration access tokens by default. This can be reverted using the `features.registrationManagement.rotateRegistrationAccessToken` configuration option.
BREAKING CHANGE: The PBKDF2 based JWE Key Management Algorithms, which were previously disabled by default, are now completely removed.
BREAKING CHANGE: The "none" JWS algorithm, which was previously disabled by default, is now completely removed.
BREAKING CHANGE: Request Object use now defaults to its stricter definition from RFC 9101 rather than OIDC Core 1.0. This can be reverted using the `features.requestObjects.mode` configuration option.
BREAKING CHANGE: Default Authorization Code duration is now 60 seconds instead of 10 minutes. This can be reverted using the `ttl.AuthorizationCode` configuration option.
BREAKING CHANGE: Removed support for Node.js 12. BREAKING CHANGE: Removed support for Node.js 14. BREAKING CHANGE: Removed support for Node.js 16. BREAKING CHANGE: Node.js LTS 18 (^18.12.0) is now required.
BREAKING CHANGE: PASETO Access Token format support was removed.
BREAKING CHANGE: `httpOptions` no longer defaults to using the npm module `cacheable-lookup` as its `dnsLookup` option. It defaults to `node:dns` module's `lookup` export instead.
BREAKING CHANGE: `oidc-provider` is now an ESM-only module, it must now be imported using the `import` declaration or the `import()` syntax, the `Provider` constructor is the module's default export, the `errors` and `interactionPolicy` exports are the package's named exports. There is no `Provider` named export.
BREAKING CHANGE: `httpOptions` return property `lookup` was renamed to `dnsLookup`. BREAKING CHANGE: `httpOptions` return property `timeout` was removed, return an `AbortSignal` instance as `signal` property instead.
Node's native `assert()` can be very heavy, especially in a large project with a source map as it creates a full stack trace on failure. Co-authored-by: Wayne Robinson <[email protected]> closes panva#1204 closes panva#1205
BREAKING CHANGE: `request_uri` parameter support is now disabled by default. This can be reverted using the `features.requestObjects.requestUri` configuration option.
BREAKING CHANGE: The RSA1_5 JWE Key Management Algorithm, which was previously disabled by default, is now completely removed.
BREAKING CHANGE: `id_token_signed_response_alg` now must be set when `id_token_encrypted_response_alg` is also set on a client. BREAKING CHANGE: `userinfo_signed_response_alg` now must be set when `userinfo_encrypted_response_alg` is also set on a client. BREAKING CHANGE: `introspection_signed_response_alg` now must be set when `introspection_encrypted_response_alg` is also set on a client. BREAKING CHANGE: `authorization_signed_response_alg` now must be set when `authorization_encrypted_response_alg` is also set on a client.
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Filip Skokan <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Filip Skokan <[email protected]>
|
this means moving to esm, so no for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge latest v8.x branch.