sigstore-java
sigstore-java copied to clipboard
Published
20 hours ago •
sigstore
sigstore
fix(deps): update dependency no.nav.security:mock-oauth2-server to v2
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| no.nav.security:mock-oauth2-server | 0.5.10 -> 2.1.10 |
Release Notes
navikt/mock-oauth2-server (no.nav.security:mock-oauth2-server)
v2.1.10
What's Changed
- fix(logback): set logback severity back to INFO (#753) @jenspav
- fix(readme): replace scope with code (#754) @jenspav
- feat: support custom TimeProvider when validating tokens (introspect, userinfo) (#730) @tommytroen
⬆️ Dependency upgrades
- chore(deps): bump the github group with 7 updates (#734) @dependabot
- chore(deps): bump the github group across 1 directory with 2 updates (#733) @dependabot
v2.1.9
What's Changed
- chore(build): netty-all with netty-codec-http (#723) @ybelMekk
- Fix/704 response types (#710) @pniederlag
⬆️ Dependency upgrades
- chore(deps): bump the github group across 1 directory with 5 updates (#726) @dependabot
- chore: bumped gradle wrapper to 8.9 (#724) @MikAoJk
- chore(deps): bump the github group across 1 directory with 17 updates (#722) @dependabot
- chore(deps): bump the github group across 1 directory with 2 updates (#715) @dependabot
v2.1.8
What's Changed
🐛 Bug Fixes
- fix: extend wellknown return values (#704) (#706) @pniederlag
⬆️ Dependency upgrades
- chore(deps): bump the github group across 1 directory with 20 updates (#709) @dependabot
- chore(deps): bump org.jetbrains.kotlinx:kotlinx-serialization-json from 1.6.3 to 1.7.0 in the github group (#702) @dependabot
v2.1.7
What's Changed
🚀 Features
- feat: support objects and lists in request mapping claims (#699) @tommytroen
v2.1.6
What's Changed
⬆️ Dependency upgrades
- chore(deps): bump the github group across 1 directory with 6 updates (#698) @dependabot
- chore(deps): bump the github group across 1 directory with 9 updates (#689) @dependabot
- chore(deps): bump JamesIves/github-pages-deploy-action from 4.6.0 to 4.6.1 in the github group (#685) @dependabot
- chore(deps): bump the github group across 1 directory with 2 updates (#684) @dependabot
- chore(deps): bump the github group across 1 directory with 15 updates (#679) @dependabot
- chore(deps): bump the github group with 2 updates (#676) @dependabot
v2.1.5
What's Changed
🚀 Features
- feat(tokenprovider): support setting a static system time (#668) @tommytroen
- feat(logback): only use logback config in standalone server (#667) @tommytroen
- feat(DefaultOAuth2TokenCallback): Allow overriding tid claim (#663) @oddsund
⬆️ Dependency upgrades
- chore(deps): bump the github group with 2 updates (#666) @dependabot
- chore(deps): bump dependabot/fetch-metadata from 2.0.0 to 2.1.0 in the github group (#672) @dependabot
- chore(deps): bump JamesIves/github-pages-deploy-action from 4.5.0 to 4.6.0 in the github group (#669) @dependabot
- chore(deps): bump the github group across 1 directory with 7 updates (#671) @dependabot
v2.1.4
What's Changed
⬆️ Dependency upgrades
- chore(deps): bump the github group with 1 update (#656) @dependabot
- chore(deps): bump the github group with 28 updates (#662) @dependabot
v2.1.3
What's Changed
Breaking changes
- The constructor for the
OAuth2Configclass accepts a new parameterrotateRefreshToken. This has a default value offalse. You may need to update your code if you're instantiating aOAuth2Configwithout named parameters.
🚀 Features
- feat(refresh_token): rotate refresh tokens if configured to rotate (#645) @tommytroen
⬆️ Dependency upgrades
- chore(deps): bump the github group with 23 updates (#650) @dependabot
- chore(deps): bump bouncycastle, use bcpkix-jdk18on instead of jdk15on (#641) @tommytroen
v2.1.2
What's Changed
⬆️ Dependency upgrades
- chore(deps): bump transitive dep jsonpath to 2.9.0 (#640) @tommytroen
- chore(deps): bump the github group with 22 updates (#639) @dependabot
- chore(deps): bump release-drafter/release-drafter from 5 to 6 (#634) @dependabot
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.6 to 11.9.1 (#622) @dependabot
- chore(deps): bump org.assertj:assertj-core from 3.25.1 to 3.25.2 (#631) @dependabot
- chore(deps): bump gradle/gradle-build-action from 2 to 3 (#632) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.104.Final to 4.1.106.Final (#629) @dependabot
- chore(deps): bump org.jmailen.kotlinter from 4.1.1 to 4.2.0 (#624) @dependabot
- chore(deps): bump com.github.ben-manes.versions from 0.50.0 to 0.51.0 (#630) @dependabot
- chore(deps): bump com.fasterxml.woodstox:woodstox-core from 6.5.1 to 6.6.0 (#626) @dependabot
v2.1.1
What's Changed
⬆️ Dependency upgrades
- chore(deps): bump org.assertj:assertj-core from 3.25.0 to 3.25.1 (#621) @dependabot
- chore(deps): bump io.projectreactor:reactor-test from 3.6.1 to 3.6.2 (#623) @dependabot
- chore(deps): bump org.assertj:assertj-core from 3.24.2 to 3.25.0 (#620) @dependabot
- chore(deps): bump org.jmailen.kotlinter from 4.1.0 to 4.1.1 (#618) @dependabot
- chore(deps): bump jacksonVersion from 2.16.0 to 2.16.1 (#617) @dependabot
- chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.21 to 1.9.22 (#616) @dependabot
- chore(deps): bump jvm from 1.9.21 to 1.9.22 (#614) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.101.Final to 4.1.104.Final (#613) @dependabot
- chore(deps): bump io.projectreactor:reactor-test from 3.6.0 to 3.6.1 (#608) @dependabot
v2.1.0
What's Changed
🚀 Features
- Regex based matching in RequestMappingTokenCallback and request parameters used as variables inside claims (#578) @kvokacka
⬆️ Dependency upgrades
- chore(deps): bump ch.qos.logback:logback-classic from 1.4.13 to 1.4.14 (#604) @dependabot
- chore(deps): bump actions/stale from 8 to 9 (#605) @dependabot
- chore(deps): bump ktorVersion from 2.3.6 to 2.3.7 (#606) @dependabot
- chore(deps): bump ch.qos.logback:logback-classic from 1.4.11 to 1.4.13 (#602) @dependabot
- chore(deps): bump actions/setup-java from 3 to 4 (#603) @dependabot
- chore(deps): bump JamesIves/github-pages-deploy-action from 4.4.3 to 4.5.0 (#601) @dependabot
- chore(deps): bump springBootVersion from 3.1.5 to 3.2.0 (#596) @dependabot
- chore(deps): bump jvm from 1.9.20 to 1.9.21 (#597) @dependabot
- chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.20 to 1.9.21 (#598) @dependabot
v2.0.1
What's Changed
🚀 Features
- feat: basic client authentication for token exchange grant (#564) @valdemon
🐛 Bug Fixes
- fix: use hostname instead of canonicalHostname (#586) @tronghn
- this should resolve issues with inconsistent URLs for Windows users
- fix(httpRequest): naming clash, update nimbus sdk to latest (#576) @ybelMekk
⬆️ Dependency upgrades
- chore(deps): bump com.github.ben-manes.versions from 0.49.0 to 0.50.0 (#595) @dependabot
- chore(deps): bump jacksonVersion from 2.15.3 to 2.16.0 (#594) @dependabot
- chore(deps): bump io.projectreactor:reactor-test from 3.5.11 to 3.6.0 (#593) @dependabot
- chore(deps): bump org.jmailen.kotlinter from 4.0.0 to 4.1.0 (#592) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.100.Final to 4.1.101.Final (#588) @dependabot
- chore(deps): bump ktorVersion from 2.3.5 to 2.3.6 (#587) @dependabot
- chore(deps): bump kotestVersion from 5.7.2 to 5.8.0 (#584) @dependabot
- chore(deps): bump junitJupiterVersion from 5.10.0 to 5.10.1 (#583) @dependabot
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.5 to 11.6 (#585) @dependabot
- chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.10 to 1.9.20 (#580) @dependabot
- chore(deps): bump jvm from 1.9.10 to 1.9.20 (#579) @dependabot
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.4 to 11.5 (#577) @dependabot
- chore(deps): bump springBootVersion from 3.1.4 to 3.1.5 (#574) @dependabot
- fix(httpRequest): naming clash, update nimbus sdk to latest (#576) @ybelMekk
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.15 to 11.4 (#571) @dependabot
- chore(deps): bump org.jetbrains.dokka from 1.9.0 to 1.9.10 (#569) @dependabot
- chore(deps): bump com.squareup.okhttp3:mockwebserver from 4.11.0 to 4.12.0 (#568) @dependabot
- chore(deps): bump jacksonVersion from 2.15.2 to 2.15.3 (#567) @dependabot
- chore(deps): bump io.projectreactor:reactor-test from 3.5.10 to 3.5.11 (#566) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.99.Final to 4.1.100.Final (#565) @dependabot
- bump(deps): kotlinter 3.16.0 to 4.0.0 (#562) @ybelMekk
- chore(deps): bump com.github.ben-manes.versions from 0.48.0 to 0.49.0 (#559) @dependabot
- chore(deps): bump ktorVersion from 2.3.4 to 2.3.5 (#556) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.98.Final to 4.1.99.Final (#555) @dependabot
- chore(deps): bump com.google.cloud.tools.jib from 3.3.2 to 3.4.0 (#554) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.97.Final to 4.1.98.Final (#552) @dependabot
- chore(deps): bump springBootVersion from 3.1.3 to 3.1.4 (#553) @dependabot
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.14.2 to 10.15 (#549) @dependabot
- chore(deps): bump io.projectreactor:reactor-test from 3.5.9 to 3.5.10 (#548) @dependabot
- chore(deps): bump docker/login-action from 2 to 3 (#546) @dependabot
v2.0.0
What's Changed
🚀 Features
- feat: allow to configure clientId as sub in RequestMapping (#532) @kvokacka
- feat: serve static assets, support wildcard path in routes (#526) @tommytroen
- feat(oauth2): add state when provided (#524) @ybelMekk
⚠️ Breaking Changes
- feat: serve static assets, support wildcard path in routes (#526) @tommytroen
⬆️ Dependency upgrades
- chore(deps): bump actions/checkout from 3 to 4 (#540) @dependabot
- chore(deps): bump kotestVersion from 5.7.1 to 5.7.2 (#541) @dependabot
- chore(deps): bump com.github.ben-manes.versions from 0.47.0 to 0.48.0 (#542) @dependabot
- chore(deps): bump kotestVersion from 5.6.2 to 5.7.1 (#539) @dependabot
- chore(deps): bump ktorVersion from 2.3.3 to 2.3.4 (#534) @dependabot
- chore(deps): bump org.jetbrains.dokka from 1.8.20 to 1.9.0 (#538) @dependabot
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.13.2 to 10.14.2 (#537) @dependabot
- chore(deps): bump org.yaml:snakeyaml from 2.0 to 2.2 (#536) @dependabot
- chore(deps): bump com.fasterxml.woodstox:woodstox-core from 6.4.0 to 6.5.1 (#535) @dependabot
- chore(deps): bump org.jetbrains.kotlin:kotlin-test-junit5 from 1.9.0 to 1.9.10 (#529) @dependabot
- chore(deps): bump jvm from 1.9.0 to 1.9.10 (#528) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.96.Final to 4.1.97.Final (#527) @dependabot
- chore(deps): bump ch.qos.logback:logback-classic from 1.4.8 to 1.4.11 (#521) @dependabot
- chore(deps): bump io.projectreactor:reactor-test from 3.4.24 to 3.5.9 (#523) @dependabot
- chore(deps): bump org.jmailen.kotlinter from 3.15.0 to 3.16.0 (#522) @dependabot
- chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 10.11 to 10.13.2 (#520) @dependabot
- chore(deps): bump io.netty:netty-all from 4.1.94.Final to 4.1.96.Final (#515) @dependabot
- chore(deps): bump ktorVersion from 2.3.2 to 2.3.3 (#517) @dependabot
- chore(deps): bump junitJupiterVersion from 5.9.3 to 5.10.0 (#512) @dependabot
- chore(deps): bump springBootVersion from 3.1.1 to 3.1.2 (#510) @dependabot
🚧 Fix
- fix(server): replace deprecated Java API (#530) @ybelMekk
- add(workflows): permissions for action to publish (https://github.com/navikt/mock-oauth2-server/commit/1c8c8ed08b717652d9b360a94bb58db5b7eba81d) @ybelMekk
v1.0.0
What's Changed
⬆️ Upgrades
- Java 11 -> 17
- Spring Boot 2 -> 3
- Bumped various libraries to their latest versions
Full Changelog: https://github.com/navikt/mock-oauth2-server/compare/0.5.10...1.0.0
Configuration
📅 Schedule: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Incompatible because this component declares a component, compatible with Java 17 and the consumer needed a component, compatible with Java 11
yeah unlike last time, this appears to be a very intentional move to java 17. We probably just need to disable this test on Java11?
Do we gain much from dropping Java 11? Do we lose userbase by dropping Java 11?
I would rather pin mok-oauth2 to v1 to avoid adding unexpected Java 17 requirements for the users.