Skip to content

Bump openid-client from 5.6.5 to 6.8.4 in /Framework#3423

Closed
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/Framework/openid-client-6.8.4
Closed

Bump openid-client from 5.6.5 to 6.8.4 in /Framework#3423
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/Framework/openid-client-6.8.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026
edited
Loading

Bumps openid-client from 5.6.5 to 6.8.4.

Release notes

Sourced from openid-client's releases.

v6.8.4

Fixes

  • apply optional non-repudiation on generic grant ID Tokens (6202888)
  • filter jwe decryption keys by algorithm (34e2ffd)
  • preserve poll abort signals on requests (96a2d17)
  • retry dpop nonce errors for generic grants (498c4d9)

v6.8.3

Documentation

  • note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

  • passport: delete one-time state on callback (1e7dd2e)

v6.8.2

Fixes

  • use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

v6.8.1

Refactor

  • workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

  • respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

  • remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

  • passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

  • support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

... (truncated)

Changelog

Sourced from openid-client's changelog.

6.8.4 (2026-04-27)

Fixes

  • apply optional non-repudiation on generic grant ID Tokens (6202888)
  • filter jwe decryption keys by algorithm (34e2ffd)
  • preserve poll abort signals on requests (96a2d17)
  • retry dpop nonce errors for generic grants (498c4d9)

6.8.3 (2026-04-13)

Documentation

  • note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

  • passport: delete one-time state on callback (1e7dd2e)

6.8.2 (2026-02-07)

Fixes

  • use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

6.8.1 (2025-09-27)

Refactor

  • workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

  • respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

  • remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

... (truncated)

Commits
  • c645695 chore(release): 6.8.4
  • ee60464 chore: update CHANGELOG.md header
  • 96a2d17 fix: preserve poll abort signals on requests
  • 34e2ffd fix: filter jwe decryption keys by algorithm
  • 6202888 fix: apply optional non-repudiation on generic grant ID Tokens
  • 498c4d9 fix: retry dpop nonce errors for generic grants
  • 35042cf chore: cleanup after release
  • 66e4082 chore(release): 6.8.3
  • fa292f2 test: fix typings build issues
  • 0600c91 test: deflake pollBackchannelAuthenticationGrant
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openid-client since your current version.

@dependabot dependabot Bot added the Framework label Apr 28, 2026
@dependabot dependabot Bot requested a review from graduta as a code owner April 28, 2026 05:21
@dependabot dependabot Bot added the Framework label Apr 28, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/Framework/openid-client-6.8.4 branch from 19bbf72 to b009479 Compare May 5, 2026 07:29
@dependabot
Bump openid-client from 5.6.5 to 6.8.4 in /Framework
40a9a34 
Bumps [openid-client](https://github.com/panva/openid-client) from 5.6.5 to 6.8.4.
- [Release notes](https://github.com/panva/openid-client/releases)
- [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md)
- [Commits](panva/openid-client@v5.6.5...v6.8.4)

---
updated-dependencies:
- dependency-name: openid-client
  dependency-version: 6.8.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/Framework/openid-client-6.8.4 branch from b009479 to 40a9a34 Compare May 5, 2026 09:03
@graduta graduta closed this May 5, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 5, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/Framework/openid-client-6.8.4 branch May 5, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graduta graduta Awaiting requested review from graduta graduta is a code owner

Assignees

No one assigned

Labels

Framework

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@graduta