v5.4.0-rc.1

New features:

• Introduced support for issuing and receiving credentials over OpenID4VCI (OpenID Connect for Verifiable Credential Issuance).
  If the node's /n2n endpoint runs on port 443, the node will automatically configure its DIDs for OpenID4VCI support.
  If running on another port, additional action is required. See :ref:openid4vci for more information.
• Added certificate info to peer diagnostics.
• Added last connection error and the date/time of the next connection attempt to the network's address book.

Bug fixes/improvements:

• Diagnostics now shows correct number of owned conflicted DID document (vdr.conflicted_did_documents.owned_count).
• Added background job that periodically checks the node's network state and fixes incorrect XOR hashes.
  This can happen in certain high-load cases on Redis.
• Network peer authentication failures are now logged on debug instead of warn, leading to less chatter.
  To find out what error occurred, you should now look at the network's address book. /internal/network/v1/addressbook
• When creating new DID documents, the VDR now checks whether the specified controllers actually exist.
• Helm chart got updated (@henk-hofs-pink).

What's Changed

• Added last error and next connection attempt to addressbook stats by @woutslakhorst in #2237
• Bump google.golang.org/grpc from 1.55.0 to 1.56.0 by @dependabot in #2258
• Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #2255
• change default NATS hostname to 0.0.0.0 by @woutslakhorst in #2257
• Migrate e2e tests to nuts-node repo by @reinkrul in #2253
• Bump github.com/lestrrat-go/jwx from 1.2.25 to 1.2.26 in /e2e-tests/auth/selfsigned by @dependabot in #2259
• Network: re-validate peers after denylist update by @gerardsn in #2238
• replace direct String return with specific error writer by @woutslakhorst in #2261
• Docs: add proxy_buffering and client_max_body_size to example NGINX config by @reinkrul in #2236
• e2e tests: use nuts-node APIs from workspace by @reinkrul in #2262
• Remove issue comment by @gerardsn in #2266
• Meh: typos by @gerardsn in #2265
• rewrite github docker action set-output by @woutslakhorst in #2263
• rewrite CORS tests to use correct headers by @woutslakhorst in #2264
• Bump github.com/nats-io/nats-server/v2 from 2.9.18 to 2.9.19 by @dependabot in #2268
• go mod tidy by @woutslakhorst in #2270
• OpenID4VCI: Refactor credential offers and access tokens for validity checking by @reinkrul in #2232
• e2e tests: make browser tests part of project by @reinkrul in #2275
• Bump github.com/nats-io/nats.go from 1.27.0 to 1.27.1 by @dependabot in #2276
• Bump google.golang.org/grpc from 1.56.0 to 1.56.1 by @dependabot in #2271
• killed popups when testing by @woutslakhorst in #2282
• Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in #2284
• Network: set Peer.Certificate on bootstrap connections by @gerardsn in #2280
• OID$VCI: rename types to type by @gerardsn in #2286
• OIDC: Rename invalid proof error codes by @gerardsn in #2285
• e2e tests: vault was moved to hashicorp/vault by @reinkrul in #2288
• only enable latest tag for docker if build tag equals latest github tag by @woutslakhorst in #2267
• Embed test PEM files instead of referencing via paths by @reinkrul in #2277
• OIDC4VCI: compare offered and received credential types for equality by @gerardsn in #2272
• Helm: do not set new chart as latest release by @gerardsn in #2293
• Bump github.com/alicebob/miniredis/v2 from 2.30.3 to 2.30.4 by @dependabot in #2292
• VCR Search: don't log each individual invalid search result by @reinkrul in #2294
• only allow openid4vci calls over https when strictmode is enabled by @woutslakhorst in #2290
• Feature/2058/oidc4vci/definitions by @woutslakhorst in #2287
• fix typo: credentials_definition -> credential_definition by @gerardsn in #2296
• Cleanup: remove network.publicaddr config properties, doesn't exist anymore by @reinkrul in #2297
• OpenID4VCI: DID service with base URL for wallet/issuer discovery by @reinkrul in #2240
• generate and check c_nonce for credential request by @woutslakhorst in #2298
• Cleanup: use --wait in e2e tests by @reinkrul in #2303
• Cleanup: remove old network.tls properties from e2e tests by @reinkrul in #2302
• OpenID4VCI: fix unknown nonce error by @reinkrul in #2305
• e2e-tests: removed prepare.sh scripts with env variable node DIDs by @reinkrul in #2306
• e2e-tests: replace sleeps with waitFor by @reinkrul in #2307
• Network: add certificate to peer diagnostics by @gerardsn in #2278
• Migrate golang/mock to uber/mock by @gerardsn in #2310
• Bump golang.org/x/crypto from 0.10.0 to 0.11.0 by @dependabot in #2319
• Pass didStore instead of service wrappers by @woutslakhorst in #2301
• OpenID4VCI: Golden Hammer for fixing services in DID services by @reinkrul in #2239
• Bump go.uber.org/mock from 0.1.0 to 0.2.0 by @dependabot in #2322
• add xor tree repair loop by @woutslakhorst in #2309
• Bump google.golang.org/grpc from 1.56.1 to 1.56.2 by @dependabot in #2321
• OpenID4VCI: Validate credential_definition and compare with credential by @gerardsn in #2308
• OpenID4VCI: Remove TLS support TODO (already fixed) by @reinkrul in #2326
• Rename OIDC4VCI to OpenID4VCI by @reinkrul in #2325
• Remove DID restore from restore procedure by @woutslakhorst in #2328
• Add backup for private credentials by @woutslakhorst in #2323
• PKI: add denylist Key and URL by @gerardsn in #2329
• Bump golang from 1.20.5-alpine to 1.20.6-alpine by @dependabot in #2334
• Release notes for v5.4.0-rc.1 by @reinkrul in #2331
• go mod tidy by @gerardsn in #2335
• OpenID4VCI: Re-use http.Client for connection re-use by @reinkrul in #2327
• Docs: update deprecated NGINX http2 directive by @gerardsn in #2338
• Configure backup shelves for credentials and revocations by @woutslakhorst in #2341
• VDR: CMD and API use same defaults when creating a new DID by @gerardsn in #2339

Full Changelog: nuts-node-v5.3.0...v5.4.0-rc.1