Update dependency oauth2 to v2.0.24 #323
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/oauth2-2.x-lockfile"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
2.0.18→2.0.24Release Notes
ruby-oauth/oauth2 (oauth2)
v2.0.24Compare Source
Changed
anonymous_loaderruntime dependency floor to>= 0.1.1.auth-sanitizerruntime dependency floor to>= 0.2.2andswitched isolated sanitizer loading to the released
anonymous_loadergem,including local workspace wiring for the new runtime dependency.
Fixed
auth-sanitizerloading when Bundler standalone setup makesauth_sanitizer/loader.rbavailable on$LOAD_PATHwithout addingauth-sanitizertoGem.loaded_specsorGEM_PATH.v2.0.23Compare Source
Changed
Fixed
v2.0.22Compare Source
Changed
kettle-dev>= 2.1.1 andversion_gem>= 1.1.11.snaky_hashto>= 2.0.5.Security
Locationvalues from changing request authority, and stripAuthorizationheaders from cross-origin redirects by @tonghuaroot and @pbolingv2.0.21Compare Source
Added
appraisal2-rubocopAppraisal root loading on modern Rubyso generated Appraisal gemfiles are normalized during generation - by @pboling
Changed
version_gemdependency floor toversion_gem>= 1.1.10 - by @pbolingauth-sanitizerto>= 0.2.1soOAuth2 consumers get hash and nested-attribute inspect redaction fixes plus
downstream RBS duplicate-declaration fixes - by @pboling
and development dependency floors from the current kettle-jem template - by @pboling
generated README badges and compatibility tables - by @pboling
supported but untested - by @pboling
kettle-dev>= 2.1.0 andappraisal2>= 3.1.1 for Appraisal2's split generate/install/updatecommand semantics.
Removed
gemfiles; development tooling now requires Ruby 2.4 or newer, and Ruby 2.4
coverage is already handled by the standard Ruby 2.4 workflow - by @pboling
Fixed
is pinned to v2.19.4 - by @pboling
rake magiccommands with portable spec commands - by @pbolingmulti_xmlbelow 0.9 for TruffleRuby compatibility - by @pbolingcontexts - by @pboling
jsonin TruffleRuby and Ruby 3.2 appraisal bundles so generatedCI dependency resolution remains compatible with those Ruby targets - by @pboling
actions/checkoutsteps to the peeledv6.0.3 commit SHA so OSSF Scorecard workflow verification accepts them - by @pboling
experimental so native extension build failures do not fail the whole
workflow - by @pboling
jsononly for EOL TruffleRuby appraisal bundles, matching thedefault
jsongem shipped with each TruffleRuby release instead ofconstraining MRI Ruby appraisal bundles - by @pboling
v2.0.20Compare Source
Added
Changed
Fixed
auth-sanitizerthrough an internal isolated loader so requiringoauth2does not add top-levelAuthorAuthSanitizerconstants that may collide with downstream applications by @pbolingSecurity
v2.0.19Compare Source
Added
OAuth2.config[:filtered_label]to configure the placeholder used for filtered sensitive values in inspected objects and debug logging output by @pbolingOAuth2.config[:filtered_debug_keys]to configure which key names have their values redacted from debug logging output by @pbolingChanged
auth-sanitizerwhile preservingOAuth2::FilteredAttributesas a permanent API alias by @pbolingRemoved
OAuth2::ThingFilterandOAuth2::SanitizedLoggerimplementations now provided byauth-sanitizerby @pbolingSecurity
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.
8575ad36b51e340e9e4bUpdate dependency oauth2 to v2.0.23to Update dependency oauth2 to v2.0.24View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.