Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

build(deps): bump jwks-rsa from 1.12.3 to 2.0.0 #288

Merged
merged 1 commit into from
Mar 12, 2021
Merged

build(deps): bump jwks-rsa from 1.12.3 to 2.0.0 #288

merged 1 commit into from
Mar 12, 2021

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 12, 2021

Bumps jwks-rsa from 1.12.3 to 2.0.0.

Release notes

Sourced from jwks-rsa's releases.

v2.0.0

With version 2 we have added full JWK/JWS support, bumped Node version support to minimum 10, removed Axios, and exposed a fetcher option to allow user's to completely override how the request to the jwksUri endpoint is made.

Please take note of the breaking changes and the migration guide below.

Breaking Changes

  • Drops support for Node < 10
  • No more callbacks, using async/await(promises)
  • Removed Axios and changed the API to JwksClient

Changes

Added

Changed

Migration Guide from v1 to v2

Proxies

The proxy option has been removed from the JwksClient. Support for it was a little spotty through Axios, and we wanted to allow users to have more control over the flow. Now you can specify your proxy by overriding the requestAgent used with an agent with built-in proxy support, or by completely overriding the request library with the fetcher option.

// OLD
const oldClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  proxy: 'https://username:pass@address:port'
});
// NEW
const HttpsProxyAgent = require('https-proxy-agent');
const newClient = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
requestAgent: new HttpsProxyAgent('https://username:pass@address:port')
});

Request Agent Options

The library no longer gates what http(s) Agent is used, so we have removed requestAgentOptions and now expose the requestAgent option when creating a jwksClient.

// OLD
const oldClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgentOptions: {
    ca: fs.readFileSync(caFile)
  }
});
</tr></table>

... (truncated)

Changelog

Sourced from jwks-rsa's changelog.

[2.0.0] - (2021-03-01)

With version 2 we have added full JWK/JWS support. With this we have bumped the node version to minimum 10. We have also removed Axios and exposed a fetcher option to allow user's to completely override how the request to the jwksUri endpoint is made.

Breaking Changes

  • Drops support for Node < 10
  • No more callbacks, using async/await(promises)
  • Removed Axios and changed the API to JwksClient

Changes

Added

Changed

Migration Guide from v1 to v2

Proxies

The proxy option has been removed from the JwksClient. Support for it was a little spotty through Axios, and we wanted to allow users to have more control over the flow. Now you can specify your proxy by overriding the requestAgent used with an agent with built-in proxy support, or by completely overriding the request library with the fetcher option.

// OLD
const oldClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  proxy: 'https://username:pass@address:port'
});
// NEW
const HttpsProxyAgent = require('https-proxy-agent');
const newClient = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
requestAgent: new HttpsProxyAgent('https://username:pass@address:port')
});

Request Agent Options

The library no longer gates what http(s) Agent is used, so we have removed requestAgentOptions and now expose the requestAgent option when creating a jwksClient.

// OLD
const oldClient = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgentOptions: {
    ca: fs.readFileSync(caFile)
  }
});
// NEW
const newClient = jwksClient({
</tr></table>

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 12, 2021
@nx-cloud
Copy link

nx-cloud bot commented Mar 12, 2021
edited
Loading

Nx Cloud Report

CI ran the following commands for commit df36a1d. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this branch

Status Command
#000000 nx affected:e2e --scan --base=origin/master
#000000 nx affected:lint --scan --base=origin/master
#000000 nx affected:test --scan --base=origin/master --codeCoverage --coverageReporters=clover,lcovonly,json
#000000 nx run lucifer-api:seed --scan
#000000 nx run lucifer-api:wait
#000000 nx run-many --all --target=build --scan
#000000 nx run-many --all --target=db-migrate --scan

Sent with 💌 from NxCloud.

@codecov
Copy link

codecov bot commented Mar 12, 2021
edited
Loading

Codecov Report

Merging #288 (df36a1d) into master (493cc01) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #288   +/-   ##
=======================================
  Coverage   82.81%   82.81%           
=======================================
  Files         126      126           
  Lines        1676     1676           
  Branches      369      369           
=======================================
  Hits         1388     1388           
  Misses        285      285           
  Partials        3        3
Flag Coverage Δ
e2e 65.53% <ø> (ø)
unit 88.95% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 493cc01...df36a1d. Read the comment docs.

@Jujulego Jujulego merged commit eb28051 into master Mar 12, 2021
@Jujulego Jujulego deleted the dependabot/npm_and_yarn/jwks-rsa-2.0.0 branch March 12, 2021 22:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@Jujulego