8000 Comparing v3.2.6...v3.3.0 · erlef/oidcc · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request 8000 by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: erlef/oidcc
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.2.6
Choose a base ref
...
head repository: erlef/oidcc
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.3.0
Choose a head ref
  • 16 commits
  • 15 files changed
  • 3 contributors

Commits on Nov 18, 2024

  1. Bump github/codeql-action in the github-actions group (#402) 

    Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.27.1 to 3.27.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4f3212b...ea9e4e3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 18, 2024
    Configuration menu
    Copy the full SHA
    67cd3d3 View commit details
    Browse the repository at this point in the history

Commits on Nov 25, 2024

  1. Bump the github-actions group with 3 updates (#403) 

    Bumps the github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action).


Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@91182cc...0080882)

Updates `github/codeql-action` from 3.27.4 to 3.27.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ea9e4e3...f09c1c0)

Updates `actions/dependency-review-action` from 4.4.0 to 4.5.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@4081bf9...3b139cf)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 25, 2024
    Configuration menu
    Copy the full SHA
    ef11cc3 View commit details
    Browse the repository at this point in the history

Commits on Dec 9, 2024

  1. Bump the github-actions group with 3 updates (#405) 

    Bumps the github-actions group with 3 updates: [actions/cache](https://github.com/actions/cache), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/cache` from 4.1.2 to 4.2.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6849a64...1bd1e32)

Updates `actions/attest-build-provenance` from 1.4.4 to 2.0.1
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@ef24412...c4fbc64)

Updates `github/codeql-action` from 3.27.5 to 3.27.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f09c1c0...aa57810)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 9, 2024
    Configuration menu
    Copy the full SHA
    be1b1f5 View commit details
    Browse the repository at this point in the history

Commits on Dec 16, 2024

  1. Bump the github-actions group with 2 updates (#407) 

    Bumps the github-actions group with 2 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/attest-build-provenance` from 2.0.1 to 2.1.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@c4fbc64...7668571)

Updates `github/codeql-action` from 3.27.6 to 3.27.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@aa57810...df409f7)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 16, 2024
    Configuration menu
    Copy the full SHA
    489144f View commit details
    Browse the repository at this point in the history

Commits on Dec 23, 2024

  1. Bump the github-actions group with 2 updates (#409) 

    Bumps the github-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/upload-artifact` from 4.4.3 to 4.5.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b4b15b8...6f51ac0)

Updates `github/codeql-action` from 3.27.9 to 3.28.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@df409f7...48ab28a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 23, 2024
    Configuration menu
    Copy the full SHA
    2145b5d View commit details
    Browse the repository at this point in the history

Commits on Jan 13, 2025

  1. Bump the github-actions group with 3 updates (#410) 

    Bumps the github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `step-security/harden-runner` from 2.10.2 to 2.10.3
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@0080882...c95a14d)

Updates `actions/upload-artifact` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@6f51ac0...65c4c4a)

Updates `github/codeql-action` from 3.28.0 to 3.28.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@48ab28a...b6a472f)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 13, 2025
    Configuration menu
    Copy the full SHA
    8a6b173 View commit details
    Browse the repository at this point in the history

Commits on Jan 20, 2025

  1. Bump step-security/harden-runner in the github-actions group (#412) 

    Bumps the github-actions group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner).


Updates `step-security/harden-runner` from 2.10.3 to 2.10.4
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@c95a14d...cb605e5)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 20, 2025
    Configuration menu
    Copy the full SHA
    22d227a View commit details
    Browse the repository at this point in the history

Commits on Jan 27, 2025

  1. Bump the github-actions group with 2 updates (#414) 

    Bumps the github-actions group with 2 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/attest-build-provenance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@7668571...520d128)

Updates `github/codeql-action` from 3.28.1 to 3.28.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b6a472f...f6091c0)

---
updated-dependencies:
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 27, 2025
    Configuration menu
    Copy the full SHA
    1f6d7aa View commit details
    Browse the repository at this point in the history

Commits on Feb 3, 2025

  1. Bump github/codeql-action in the github-actions group (#415) 

    Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.28.5 to 3.28.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f6091c0...dd74661)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 3, 2025
    Configuration menu
    Copy the full SHA
    e2249b7 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2025

  1. Bump github/codeql-action in the github-actions group (#417) 

    Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.28.8 to 3.28.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@dd74661...9e8d078)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 10, 2025
    Configuration menu
    Copy the full SHA
    fbb4c74 View commit details
    Browse the repository at this point in the history

  2. feat: set aud claim to Issuer (#418) 

    At some point, this became part of the FAPI2 spec:

https://openid.bitbucket.io/fapi/fapi-security-profile-2_0.html#section-5.3.1

> Authorization servers [...] shall only accept its issuer identifier value (as defined in [RFC8414]) as a string in the aud claim received in client authentication assertions;

This also generally works with regular OIDC endpoint as well. To allow
for the old behavior, we provide a `token_request_claims` option which
can explicitly set any claims for the token request.
    @paulswartz
    paulswartz authored Feb 10, 2025
    Configuration menu
    Copy the full SHA
    02504bc View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2025

  1. Bump step-security/harden-runner in the github-actions group (#419) 

    Bumps the github-actions group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner).


Updates `step-security/harden-runner` from 2.10.4 to 2.11.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@cb605e5...4d991eb)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Feb 17, 2025
    Configuration menu
    Copy the full SHA
    03dbcda View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2025

  1. Validate arguments to validate_jwt fn (#422)

    @maennchen
    maennchen authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    09d2b5a View commit details
    Browse the repository at this point in the history

  2. Relocate Key roatation into Token Validation (#420)

    @maennchen
    maennchen authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    9caa3a3 View commit details
    Browse the repository at this point in the history

  3. Cleanup duplicated code around oidcc_token:validate_jwt/3 (#424) 

    Document missing options and adds refresh handling
    @maennchen
    maennchen authored Feb 21, 2025
    Configuration menu
    Copy the full SHA
    0b76d76 View commit details
    Browse the repository at this point in the history

  4. Release v3.3.0

    @maennchen
    maennchen committed Feb 21, 2025
    Configuration menu
    Copy the full SHA
    fdf45b0 View commit details
    Browse the repository at this point in the history
Loading
0