Update dependency oauth2 to v2.0.24 #323

Open
renovate wants to merge 1 commit from renovate/oauth2-2.x-lockfile into main
Collaborator

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
oauth2 (source, changelog) 2.0.182.0.24 age adoption passing confidence

Release Notes

ruby-oauth/oauth2 (oauth2)

v2.0.24

Compare Source

  • TAG: [v2.0.24][2.0.24t]
  • COVERAGE: 100.00% -- 558/558 lines in 15 files
  • BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files
  • 88.35% documented
Changed
  • Raised the anonymous_loader runtime dependency floor to >= 0.1.1.
  • Raised the auth-sanitizer runtime dependency floor to >= 0.2.2 and
    switched isolated sanitizer loading to the released anonymous_loader gem,
    including local workspace wiring for the new runtime dependency.
Fixed
  • Fixed isolated auth-sanitizer loading when Bundler standalone setup makes
    auth_sanitizer/loader.rb available on $LOAD_PATH without adding
    auth-sanitizer to Gem.loaded_specs or GEM_PATH.

v2.0.23

Compare Source

  • TAG: [v2.0.23][2.0.23t]
  • COVERAGE: 100.00% -- 562/562 lines in 15 files
  • BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files
  • 88.35% documented
Changed
  • Upgraded to snaky_hash v2.0.6 by @​pboling
  • Refreshed generated GHA workflow action SHA pins by @​pboling
Fixed
  • Addressed Reek code-quality checks with targeted cleanup and documented compatibility exclusions by @​pboling
  • Fixed deprecation warning from MultiXML by @​robzolkos
  • Fixed head appraisal dependency conflicts and Ruby 2.4 protocol-relative redirect handling by @​pboling

v2.0.22

Compare Source

  • TAG: [v2.0.22][2.0.22t]
  • COVERAGE: 100.00% -- 542/542 lines in 15 files
  • BRANCH COVERAGE: 100.00% -- 180/180 branches in 15 files
  • 88.35% documented
Changed
  • Raised generated development tooling floors to kettle-dev >= 2.1.1 and
    version_gem >= 1.1.11.
  • Raised the runtime dependency floor for snaky_hash to >= 2.0.5.
Security

v2.0.21

Compare Source

  • TAG: [v2.0.21][2.0.21t]
  • COVERAGE: 100.00% -- 525/525 lines in 15 files
  • BRANCH COVERAGE: 100.00% -- 174/174 branches in 15 files
  • 88.35% documented
Added
  • Added conditional appraisal2-rubocop Appraisal root loading on modern Ruby
    so generated Appraisal gemfiles are normalized during generation - by @​pboling
Changed
  • Raised generated version_gem dependency floor to version_gem >= 1.1.10 - by @​pboling
  • Raised the runtime dependency floor for auth-sanitizer to >= 0.2.1 so
    OAuth2 consumers get hash and nested-attribute inspect redaction fixes plus
    downstream RBS duplicate-declaration fixes - by @​pboling
  • Refreshed generated package metadata, support documentation, CI workflows,
    and development dependency floors from the current kettle-jem template - by @​pboling
  • Documented the current per-version Ruby, JRuby, and TruffleRuby CI matrix in
    generated README badges and compatibility tables - by @​pboling
  • Removed the post-install message from the gemspec to keep installs quieter - by @​pboling
  • Refreshed generated README support badges so Ruby 2.3 is listed as
    supported but untested - by @​pboling
  • Refreshed generated project metadata from the current kettle-jem template - by @​pboling
  • Raised development tooling floors to kettle-dev >= 2.1.0 and
    appraisal2 >= 3.1.1 for Appraisal2's split generate/install/update
    command semantics.
  • Refreshed generated Appraisal and CI templates to appraisal2-rubocop 0.2.0 - by @​pboling
Removed
  • Dropped the obsolete Ruby 2.3 Caboose workflow and its Hashie appraisal
    gemfiles; development tooling now requires Ruby 2.4 or newer, and Ruby 2.4
    coverage is already handled by the standard Ruby 2.4 workflow - by @​pboling
Fixed
  • Updated CI workflow maintenance: QLTY uploads now use OIDC and harden-runner
    is pinned to v2.19.4 - by @​pboling
  • Replaced stale platform CI rake magic commands with portable spec commands - by @​pboling
  • Pinned multi_xml below 0.9 for TruffleRuby compatibility - by @​pboling
  • Marked EOL TruffleRuby 22.3, 23.0, and 23.1 CI as experimental because they can crash inside the interpreter during Bundler setup - by @​pboling
  • Improved gemspec version loading for older Rubies and isolated load-path
    contexts - by @​pboling
  • Constrained json in TruffleRuby and Ruby 3.2 appraisal bundles so generated
    CI dependency resolution remains compatible with those Ruby targets - by @​pboling
  • Pinned generated GitHub Actions actions/checkout steps to the peeled
    v6.0.3 commit SHA so OSSF Scorecard workflow verification accepts them - by @​pboling
  • Marked generated EOL TruffleRuby 22.3, 23.0, and 23.1 matrix entries
    experimental so native extension build failures do not fail the whole
    workflow - by @​pboling
  • Pinned json only for EOL TruffleRuby appraisal bundles, matching the
    default json gem shipped with each TruffleRuby release instead of
    constraining MRI Ruby appraisal bundles - by @​pboling

v2.0.20

Compare Source

  • TAG: [v2.0.20][2.0.20t]
  • COVERAGE: 99.62% -- 525/527 lines in 15 files
  • BRANCH COVERAGE: 98.88% -- 176/178 branches in 15 files
  • 88.35% documented
Added
  • OAuth2::VERSION (Traditional Constant Location) - by @​pboling
Changed
Fixed
  • gh!721 Load auth-sanitizer through an internal isolated loader so requiring oauth2 does not add top-level Auth or AuthSanitizer constants that may collide with downstream applications by @​pboling
Security

v2.0.19

Compare Source

  • TAG: [v2.0.19][2.0.19t]
  • COVERAGE: 100.00% -- 515/515 lines in 14 files
  • BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
  • 89.11% documented
Added
  • gh!707 Add OAuth2.config[:filtered_label] to configure the placeholder used for filtered sensitive values in inspected objects and debug logging output by @​pboling
  • gh!707 Add OAuth2.config[:filtered_debug_keys] to configure which key names have their values redacted from debug logging output by @​pboling
Changed
  • gh!707 Make inspect-time and debug-log filters snapshot their configuration at initialization time rather than tracking later config changes by @​pboling
  • gh!714Refactor sensitive-value filtering to use auth-sanitizer while preserving OAuth2::FilteredAttributes as a permanent API alias by @​pboling
Removed
  • Remove the internal OAuth2::ThingFilter and OAuth2::SanitizedLogger implementations now provided by auth-sanitizer by @​pboling
Security
  • gh!707 Redact sensitive values from debug logging output, including Authorization headers and common token/secret fields in headers, query strings, form bodies, and JSON payloads by @​pboling
    • NOTE: debug logging has always been, and remains, opt-in. It is turned off by default.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Adoption](https://docs.renovatebot.com/merge-confidence/) | [Passing](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [oauth2](https://oauth2.galtzo.com) ([source](https://github.com/ruby-oauth/oauth2), [changelog](https://github.com/ruby-oauth/oauth2/blob/v2.0.24/CHANGELOG.md)) | `2.0.18` → `2.0.24` | ![age](https://developer.mend.io/api/mc/badges/age/rubygems/oauth2/2.0.24?slim=true) | ![adoption](https://developer.mend.io/api/mc/badges/adoption/rubygems/oauth2/2.0.24?slim=true) | ![passing](https://developer.mend.io/api/mc/badges/compatibility/rubygems/oauth2/2.0.18/2.0.24?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/rubygems/oauth2/2.0.18/2.0.24?slim=true) | --- ### Release Notes <details> <summary>ruby-oauth/oauth2 (oauth2)</summary> ### [`v2.0.24`](https://github.com/ruby-oauth/oauth2/blob/HEAD/CHANGELOG.md#2024---2026-06-18) [Compare Source](https://github.com/ruby-oauth/oauth2/compare/v2.0.23...v2.0.24) - TAG: \[v2.0.24]\[2.0.24t] - COVERAGE: 100.00% -- 558/558 lines in 15 files - BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files - 88.35% documented ##### Changed - Raised the `anonymous_loader` runtime dependency floor to `>= 0.1.1`. - Raised the `auth-sanitizer` runtime dependency floor to `>= 0.2.2` and switched isolated sanitizer loading to the released `anonymous_loader` gem, including local workspace wiring for the new runtime dependency. ##### Fixed - Fixed isolated `auth-sanitizer` loading when Bundler standalone setup makes `auth_sanitizer/loader.rb` available on `$LOAD_PATH` without adding `auth-sanitizer` to `Gem.loaded_specs` or `GEM_PATH`. ### [`v2.0.23`](https://github.com/ruby-oauth/oauth2/blob/HEAD/CHANGELOG.md#2023---2026-06-13) [Compare Source](https://github.com/ruby-oauth/oauth2/compare/v2.0.22...v2.0.23) - TAG: \[v2.0.23]\[2.0.23t] - COVERAGE: 100.00% -- 562/562 lines in 15 files - BRANCH COVERAGE: 97.89% -- 186/190 branches in 15 files - 88.35% documented ##### Changed - Upgraded to snaky\_hash v2.0.6 by [@&#8203;pboling](https://github.com/pboling) - Refreshed generated GHA workflow action SHA pins by [@&#8203;pboling](https://github.com/pboling) ##### Fixed - Addressed Reek code-quality checks with targeted cleanup and documented compatibility exclusions by [@&#8203;pboling](https://github.com/pboling) - Fixed deprecation warning from MultiXML by [@&#8203;robzolkos](https://github.com/robzolkos) [gh!733]: https://github.com/ruby-oauth/oauth2/pull/733 - Fixed head appraisal dependency conflicts and Ruby 2.4 protocol-relative redirect handling by [@&#8203;pboling](https://github.com/pboling) ### [`v2.0.22`](https://github.com/ruby-oauth/oauth2/blob/HEAD/CHANGELOG.md#2022---2026-06-07) [Compare Source](https://github.com/ruby-oauth/oauth2/compare/v2.0.21...v2.0.22) - TAG: \[v2.0.22]\[2.0.22t] - COVERAGE: 100.00% -- 542/542 lines in 15 files - BRANCH COVERAGE: 100.00% -- 180/180 branches in 15 files - 88.35% documented ##### Changed - Raised generated development tooling floors to `kettle-dev` >= 2.1.1 and `version_gem` >= 1.1.11. - Raised the runtime dependency floor for `snaky_hash` to `>= 2.0.5`. ##### Security - [GHSA-pp92-crg2-gfv9][GHSA-pp92-crg2-gfv9] Prevent protocol-relative redirect `Location` values from changing request authority, and strip `Authorization` headers from cross-origin redirects by [@&#8203;tonghuaroot](https://github.com/tonghuaroot) and [@&#8203;pboling](https://github.com/pboling) [GHSA-pp92-crg2-gfv9]: https://github.com/ruby-oauth/oauth2/security/advisories/GHSA-pp92-crg2-gfv9 ### [`v2.0.21`](https://github.com/ruby-oauth/oauth2/blob/HEAD/CHANGELOG.md#2021---2026-06-06) [Compare Source](https://github.com/ruby-oauth/oauth2/compare/v2.0.20...v2.0.21) - TAG: \[v2.0.21]\[2.0.21t] - COVERAGE: 100.00% -- 525/525 lines in 15 files - BRANCH COVERAGE: 100.00% -- 174/174 branches in 15 files - 88.35% documented ##### Added - [gh!730][gh!730] - Alternatives section to README by [@&#8203;jonathangrinstead](https://github.com/jonathangrinstead) - Updates to alternatives section - by [@&#8203;pboling](https://github.com/pboling) [gh!730]: https://github.com/ruby-oauth/oauth2/pull/730 - Added conditional `appraisal2-rubocop` Appraisal root loading on modern Ruby so generated Appraisal gemfiles are normalized during generation - by [@&#8203;pboling](https://github.com/pboling) ##### Changed - Raised generated `version_gem` dependency floor to `version_gem` >= 1.1.10 - by [@&#8203;pboling](https://github.com/pboling) - Raised the runtime dependency floor for `auth-sanitizer` to `>= 0.2.1` so OAuth2 consumers get hash and nested-attribute inspect redaction fixes plus downstream RBS duplicate-declaration fixes - by [@&#8203;pboling](https://github.com/pboling) - Refreshed generated package metadata, support documentation, CI workflows, and development dependency floors from the current kettle-jem template - by [@&#8203;pboling](https://github.com/pboling) - Documented the current per-version Ruby, JRuby, and TruffleRuby CI matrix in generated README badges and compatibility tables - by [@&#8203;pboling](https://github.com/pboling) - Removed the post-install message from the gemspec to keep installs quieter - by [@&#8203;pboling](https://github.com/pboling) - Refreshed generated README support badges so Ruby 2.3 is listed as supported but untested - by [@&#8203;pboling](https://github.com/pboling) - Refreshed generated project metadata from the current kettle-jem template - by [@&#8203;pboling](https://github.com/pboling) - Raised development tooling floors to `kettle-dev` >= 2.1.0 and `appraisal2` >= 3.1.1 for Appraisal2's split generate/install/update command semantics. - Refreshed generated Appraisal and CI templates to appraisal2-rubocop 0.2.0 - by [@&#8203;pboling](https://github.com/pboling) ##### Removed - Dropped the obsolete Ruby 2.3 Caboose workflow and its Hashie appraisal gemfiles; development tooling now requires Ruby 2.4 or newer, and Ruby 2.4 coverage is already handled by the standard Ruby 2.4 workflow - by [@&#8203;pboling](https://github.com/pboling) ##### Fixed - Updated CI workflow maintenance: QLTY uploads now use OIDC and harden-runner is pinned to v2.19.4 - by [@&#8203;pboling](https://github.com/pboling) - Replaced stale platform CI `rake magic` commands with portable spec commands - by [@&#8203;pboling](https://github.com/pboling) - Pinned `multi_xml` below 0.9 for TruffleRuby compatibility - by [@&#8203;pboling](https://github.com/pboling) - Marked EOL TruffleRuby 22.3, 23.0, and 23.1 CI as experimental because they can crash inside the interpreter during Bundler setup - by [@&#8203;pboling](https://github.com/pboling) - Improved gemspec version loading for older Rubies and isolated load-path contexts - by [@&#8203;pboling](https://github.com/pboling) - Constrained `json` in TruffleRuby and Ruby 3.2 appraisal bundles so generated CI dependency resolution remains compatible with those Ruby targets - by [@&#8203;pboling](https://github.com/pboling) - Pinned generated GitHub Actions `actions/checkout` steps to the peeled v6.0.3 commit SHA so OSSF Scorecard workflow verification accepts them - by [@&#8203;pboling](https://github.com/pboling) - Marked generated EOL TruffleRuby 22.3, 23.0, and 23.1 matrix entries experimental so native extension build failures do not fail the whole workflow - by [@&#8203;pboling](https://github.com/pboling) - Pinned `json` only for EOL TruffleRuby appraisal bundles, matching the default `json` gem shipped with each TruffleRuby release instead of constraining MRI Ruby appraisal bundles - by [@&#8203;pboling](https://github.com/pboling) ### [`v2.0.20`](https://github.com/ruby-oauth/oauth2/blob/HEAD/CHANGELOG.md#2020---2026-05-20) [Compare Source](https://github.com/ruby-oauth/oauth2/compare/v2.0.19...v2.0.20) - TAG: \[v2.0.20]\[2.0.20t] - COVERAGE: 99.62% -- 525/527 lines in 15 files - BRANCH COVERAGE: 98.88% -- 176/178 branches in 15 files - 88.35% documented ##### Added - OAuth2::VERSION (Traditional Constant Location) - by [@&#8203;pboling](https://github.com/pboling) ##### Changed - auth-sanitizer v0.1.3 - by [@&#8203;pboling](https://github.com/pboling) ##### Fixed - [gh!721][gh!721] Load `auth-sanitizer` through an internal isolated loader so requiring `oauth2` does not add top-level `Auth` or `AuthSanitizer` constants that may collide with downstream applications by [@&#8203;pboling](https://github.com/pboling) ##### Security [gh!721]: https://github.com/ruby-oauth/oauth2/pull/721 ### [`v2.0.19`](https://github.com/ruby-oauth/oauth2/blob/HEAD/CHANGELOG.md#2019---2026-05-15) [Compare Source](https://github.com/ruby-oauth/oauth2/compare/v2.0.18...v2.0.19) - TAG: \[v2.0.19]\[2.0.19t] - COVERAGE: 100.00% -- 515/515 lines in 14 files - BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files - 89.11% documented ##### Added - [gh!707][gh!707] Add `OAuth2.config[:filtered_label]` to configure the placeholder used for filtered sensitive values in inspected objects and debug logging output by [@&#8203;pboling](https://github.com/pboling) - [gh!707][gh!707] Add `OAuth2.config[:filtered_debug_keys]` to configure which key names have their values redacted from debug logging output by [@&#8203;pboling](https://github.com/pboling) ##### Changed - [gh!707][gh!707] Make inspect-time and debug-log filters snapshot their configuration at initialization time rather than tracking later config changes by [@&#8203;pboling](https://github.com/pboling) - [gh!714][gh!714]Refactor sensitive-value filtering to use `auth-sanitizer` while preserving `OAuth2::FilteredAttributes` as a permanent API alias by [@&#8203;pboling](https://github.com/pboling) ##### Removed - Remove the internal `OAuth2::ThingFilter` and `OAuth2::SanitizedLogger` implementations now provided by `auth-sanitizer` by [@&#8203;pboling](https://github.com/pboling) ##### Security - [gh!707][gh!707] Redact sensitive values from debug logging output, including Authorization headers and common token/secret fields in headers, query strings, form bodies, and JSON payloads by [@&#8203;pboling](https://github.com/pboling) - NOTE: debug logging has always been, and remains, opt-in. It is turned off by default. [gh!707]: https://github.com/ruby-oauth/oauth2/pull/707 [gh!714]: https://github.com/ruby-oauth/oauth2/pull/714 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTUuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Update dependency oauth2 to v2.0.23
All checks were successful
ci/woodpecker/pr/test Pipeline was successful
8575ad36b5
renovate force-pushed renovate/oauth2-2.x-lockfile from 8575ad36b5
All checks were successful
ci/woodpecker/pr/test Pipeline was successful
to 1e340e9e4b
All checks were successful
ci/woodpecker/pr/test Pipeline was successful
2026-06-18 19:30:59 +00:00
Compare
renovate changed title from Update dependency oauth2 to v2.0.23 to Update dependency oauth2 to v2.0.24 2026-06-18 19:31:00 +00:00
All checks were successful
ci/woodpecker/pr/test Pipeline was successful
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/oauth2-2.x-lockfile:renovate/oauth2-2.x-lockfile
git switch renovate/oauth2-2.x-lockfile

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/oauth2-2.x-lockfile
git switch renovate/oauth2-2.x-lockfile
git rebase main
git switch main
git merge --ff-only renovate/oauth2-2.x-lockfile
git switch renovate/oauth2-2.x-lockfile
git rebase main
git switch main
git merge --no-ff renovate/oauth2-2.x-lockfile
git switch main
git merge --squash renovate/oauth2-2.x-lockfile
git switch main
git merge --ff-only renovate/oauth2-2.x-lockfile
git switch main
git merge renovate/oauth2-2.x-lockfile
git push origin main
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
casper/advent_leaderboard!323
No description provided.