Bump openid-client from 5.4.0 to 5.4.2 (#167)

Bumps [openid-client](https://github.com/panva/node-openid-client) from 5.4.0 to 5.4.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/panva/node-openid-client/releases">openid-client's releases</a>.</em></p> <blockquote> <h2>v5.4.2</h2> <h3>Fixes</h3> <ul> <li>bump oidc-token-hash (<a href="https://github.com/panva/node-openid-client/commit/20607e9eb72ea1dee0cfd714d66cd00285686f5f">20607e9</a>)</li> </ul> <h2>v5.4.1</h2> <p>This release contains only code refactoring, dependency, or documentation updates. The release process now also uses <a href="https://docs.npmjs.com/generating-provenance-statements">provenance statements</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/panva/node-openid-client/blob/main/CHANGELOG.md">openid-client's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/panva/node-openid-client/compare/v5.4.1...v5.4.2">5.4.2</a> (2023-04-25)</h2> <h3>Fixes</h3> <ul> <li>bump oidc-token-hash (<a href="https://github.com/panva/node-openid-client/commit/20607e9eb72ea1dee0cfd714d66cd00285686f5f">20607e9</a>)</li> </ul> <h2><a href="https://github.com/panva/node-openid-client/compare/v5.4.0...v5.4.1">5.4.1</a> (2023-04-21)</h2> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/panva/node-openid-client/commit/69bab2f1899d9fe36033ac6a1c62ef73a236e12f"><code>69bab2f</code></a> chore(release): 5.4.2</li> <li><a href="https://github.com/panva/node-openid-client/commit/20607e9eb72ea1dee0cfd714d66cd00285686f5f"><code>20607e9</code></a> fix: bump oidc-token-hash</li> <li><a href="https://github.com/panva/node-openid-client/commit/f623eb05df51a8b3141ba6b27c907b277763138d"><code>f623eb0</code></a> build: no need to npm i -g npm for provenance on lts/hydrogen</li> <li><a href="https://github.com/panva/node-openid-client/commit/23a7bb8fe7a45a1a9b612983c0d280de6ea467dd"><code>23a7bb8</code></a> build: add default title to gh release</li> <li><a href="https://github.com/panva/node-openid-client/commit/5e4862ea780a639ec94d76acf134ed264cc06a83"><code>5e4862e</code></a> chore(release): 5.4.1</li> <li><a href="https://github.com/panva/node-openid-client/commit/f3776e41b55bcde7831247eb0e90bad9f8527525"><code>f3776e4</code></a> chore: bump dependencies</li> <li><a href="https://github.com/panva/node-openid-client/commit/7275d52866cd7ab08913f91af46a74db649ee324"><code>7275d52</code></a> build: update release process</li> <li><a href="https://github.com/panva/node-openid-client/commit/4d221a58bdb8a3d543b550952274ae000b033628"><code>4d221a5</code></a> build: automate releases with provenance</li> <li><a href="https://github.com/panva/node-openid-client/commit/ae1222c60541a87c650ce9bff8cc3ab5af9b413d"><code>ae1222c</code></a> ci: update lock.yml (<a href="https://redirect.github.com/panva/node-openid-client/issues/577">#577</a>)</li> <li><a href="https://github.com/panva/node-openid-client/commit/563fc6477781fd6e3d2c6a30e53707932ed86480"><code>563fc64</code></a> ci: add check-latest to node tests</li> <li>Additional commits viewable in <a href="https://github.com/panva/node-openid-client/compare/v5.4.0...v5.4.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=openid-client&package-manager=npm_and_yarn&previous-version=5.4.0&new-version=5.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
navikt · May 10, 2023 · 0496c4f · 0496c4f
1 parent 9141da5
commit 0496c4f
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 41 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -19,7 +19,7 @@
     "morgan": "^1.9.1",
     "node-cache": "^5.1.2",
     "npm": "^9.6.2",
-    "openid-client": "^5.4.0",
+    "openid-client": "^5.4.2",
     "swagger-ui-express": "^4.6.2",
     "ulid": "^2.3.0",
     "winston": "^3.8.2"

diff --git a/yarn.lock b/yarn.lock
@@ -1049,9 +1049,9 @@ isexe@^2.0.0:
   version "2.0.0"
   resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz"
 
-jose@^4.10.0, jose@^4.13.1:
-  version "4.13.1"
-  resolved "https://registry.yarnpkg.com/jose/-/jose-4.13.1.tgz#449111bb5ab171db85c03f1bd2cb1647ca06db1c"
+jose@^4.13.1, jose@^4.14.1:
+  version "4.14.1"
+  resolved "https://registry.yarnpkg.com/jose/-/jose-4.14.1.tgz#74f12a621ea2ef850bf0dd8405e2ee4041aea934"
 
 json-parse-even-better-errors@^3.0.0:
   version "3.0.0"
@@ -1591,17 +1591,17 @@ object-assign@^4:
   version "4.1.1"
   resolved "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz"
 
-object-hash@^2.0.1:
+object-hash@^2.2.0:
   version "2.2.0"
-  resolved "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz"
+  resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-2.2.0.tgz#5ad518581eefc443bd763472b8ff2e9c2c0d54a5"
 
 object-inspect@^1.9.0:
   version "1.12.2"
   resolved "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz"
 
-oidc-token-hash@^5.0.1:
-  version "5.0.1"
-  resolved "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.1.tgz"
+oidc-token-hash@^5.0.3:
+  version "5.0.3"
+  resolved "https://registry.yarnpkg.com/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz#9a229f0a1ce9d4fc89bcaee5478c97a889e7b7b6"
 
 on-finished@2.4.1:
   version "2.4.1"
@@ -1631,14 +1631,14 @@ one-time@^1.0.0:
   dependencies:
     fn.name "1.x.x"
 
-openid-client@^5.4.0:
-  version "5.4.0"
-  resolved "https://registry.yarnpkg.com/openid-client/-/openid-client-5.4.0.tgz#77f1cda14e2911446f16ea3f455fc7c405103eac"
+openid-client@^5.4.2:
+  version "5.4.2"
+  resolved "https://registry.yarnpkg.com/openid-client/-/openid-client-5.4.2.tgz#8692bcc2a40ef3426c5ba5c11f7493599e93ccc7"
   dependencies:
-    jose "^4.10.0"
+    jose "^4.14.1"
     lru-cache "^6.0.0"
-    object-hash "^2.0.1"
-    oidc-token-hash "^5.0.1"
+    object-hash "^2.2.0"
+    oidc-token-hash "^5.0.3"
 
 p-map@^4.0.0:
   version "4.0.0"