Skip to content

chore(deps): bump oidc-provider from 8.5.1 to 9.2.0 in /dev/oidc-provider#4487

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev/oidc-provider/oidc-provider-9.2.0
Closed

chore(deps): bump oidc-provider from 8.5.1 to 9.2.0 in /dev/oidc-provider#4487
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dev/oidc-provider/oidc-provider-9.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2025

Copy link
Copy Markdown
Contributor

Bumps oidc-provider from 8.5.1 to 9.2.0.

Release notes

Sourced from oidc-provider's releases.

v9.2.0

Features

  • expose RFC8414 Authorization Server Metadata route (c5bd90f)

v9.1.3

Fixes

  • ensure an account's accountId and claims().sub is the same (9b89153), closes #1336

v9.1.2

Fixes

  • ignore allowOmittingSingleRegisteredRedirectUri when FAPI 2.0 is used (e2de529)

v9.1.1

Refactor

  • oidc-provider now uses koa@3 (3a83d32)

v9.1.0

Features

  • experimental support for OIDC RP Metadata Choices (f3550da)

Fixes

  • only include DPoP-Nonce in Access-Control-Expose-Headers when DPoP is enabled (e769aa8)

Refactor

  • avoid assignment operators in conditional expressions (b7ed877)
  • improve static find performance (106f94a)
  • update some default helpers for readability (0818c36)

Documentation

  • more clarity for features.dPoP.allowReplay (779a141)

v9.0.1

Documentation

  • mark experimental features more distinctly (986adc5)
  • update references and styling of spec links (a4787b8)

Fixes

... (truncated)

Changelog

Sourced from oidc-provider's changelog.

9.2.0 (2025-06-24)

Features

  • expose RFC8414 Authorization Server Metadata route (c5bd90f)

9.1.3 (2025-06-02)

Fixes

  • ensure an account's accountId and claims().sub is the same (9b89153), closes #1336

9.1.2 (2025-05-28)

Fixes

  • ignore allowOmittingSingleRegisteredRedirectUri when FAPI 2.0 is used (e2de529)

9.1.1 (2025-04-28)

Refactor

  • oidc-provider now uses koa@3 (3a83d32)

9.1.0 (2025-04-26)

Features

  • experimental support for OIDC RP Metadata Choices (f3550da)

Fixes

  • only include DPoP-Nonce in Access-Control-Expose-Headers when DPoP is enabled (e769aa8)

Refactor

  • avoid assignment operators in conditional expressions (b7ed877)
  • improve static find performance (106f94a)
  • update some default helpers for readability (0818c36)

Documentation

... (truncated)

Commits
  • 5f94ca7 chore(release): 9.2.0
  • de4ca00 chore: bump packages
  • c5bd90f feat: expose RFC8414 Authorization Server Metadata route
  • feb9ecd chore: resolve a CodeQL syntax error
  • 8df6dec ci: uninstall GitHubSecurityLab/actions-permissions
  • 177c5bd ci: install GitHubSecurityLab/actions-permissions and adjust permissions on n...
  • 183dc4f chore: bump packages
  • 3189449 chore(release): 9.1.3
  • 9b89153 fix: ensure an account's accountId and claims().sub is the same
  • 5ab1429 ci: remove leftover action step
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [oidc-provider](https://github.com/panva/node-oidc-provider) from 8.5.1 to 9.2.0.
- [Release notes](https://github.com/panva/node-oidc-provider/releases)
- [Changelog](https://github.com/panva/node-oidc-provider/blob/main/CHANGELOG.md)
- [Commits](panva/node-oidc-provider@v8.5.1...v9.2.0)

---
updated-dependencies:
- dependency-name: oidc-provider
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 7, 2025
@dependabot dependabot Bot requested a review from a team as a code owner July 7, 2025 23:07
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 7, 2025
@dependabot @github

dependabot Bot commented on behalf of github Jul 21, 2025

Copy link
Copy Markdown
Contributor Author

Superseded by #4501.

@dependabot dependabot Bot closed this Jul 21, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dev/oidc-provider/oidc-provider-9.2.0 branch July 21, 2025 23:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants