Skip to content

Release 4.2.0#135

Merged
jankapunkt merged 80 commits intomasterfrom
release-4.2.0
Jun 6, 2022
Merged

Release 4.2.0#135
jankapunkt merged 80 commits intomasterfrom
release-4.2.0

Conversation

@jankapunkt
Copy link
Copy Markdown
Member

@jankapunkt jankapunkt commented Mar 18, 2022
edited
Loading

Summary

This is an ongoing PR for the release 4.2.0 which will only include fixes and minor features (non-breaking).

Linked issue(s)

See changelog.md section 4.2.0

#149

Involved parts of the project

See changelog.md section 4.2.0

Added tests?

See changelog.md section 4.2.0

OAuth2 standard

See changelog.md section 4.2.0

Reproduction

jankapunkt and others added 30 commits October 18, 2021 13:38
@jankapunkt
ci: ignore test.yml workflow on release-* branches PRs #36
d3b335f
@jankapunkt
ci: add tests-release.yml workflow to test release-integrity
8c080ff
@jankapunkt
ci: add release.yml to release a new version to registries
c6459b8
@jankapunkt
ci(tests): make coverage generate lcov.info file
f4fc33b
@jankapunkt
ci(tests): make coverage generate lcov.info file as well as html #36
02e0a4d
@jankapunkt
ci(tests): fix spelling in coverage test script #36
ac7bb86
Updated doc for extension grants
3821ef6
@jankapunkt
fix(handlers): skip varcheck for state when allowEmptyState
4ca8032
@HappyZombies
Merge pull request #88 from node-oauth/release-4.1.1
52ee11d
fixes issue 89, point 18, original pr 646
b56afcd
supported custom validateRedirectUri
3df52fd
Supported state in case of denial
91f27f8
@jankapunkt
feature(): Supported state in case of denialMerge pull request #99 fr…
5824f79 
…om FStefanni/issue_89_20_649

Supported state in case of denial
@jankapunkt
fix(handlers): skip varcheck for state when allowEmptyState #89 #93
aca48ce 
Merge pull request #93 from node-oauth/fix-vcharfail-allowemptystate
@jorenvandeweyer
added test for validateRedirectUri
88ef515
@jorenvandeweyer
updated documentation
0a86e69
@jorenvandeweyer
better implementation of validateRedirectUri
98a9d19
Bearer regular expression matching in authenticate handler
8719d83
@FStefanni @HappyZombies
fixed misssing return statement in doc (#98)
ff9a5d2 
Co-authored-by: Daniel Reguero <daniel.reguero@hotmail.com>
Co-authored-by: Francesco Stefanni <francesco.stefanni@gizeroenergie.it>
@dependabot @HappyZombies
build(deps-dev): bump eslint from 8.2.0 to 8.4.1 (#102)
292774e 
Bumps [eslint](https://github.com/eslint/eslint) from 8.2.0 to 8.4.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.2.0...v8.4.1)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: Daniel Reguero <daniel.reguero@hotmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@jwerre
added @node-oauth/formats module, removed is.js tests
4ff1f07
@jankapunkt
feature(core): extract is.js into standalone package @node-oauth/form…
10fe55d 
…ats #55

Merge pull request #108 from node-oauth/oauth-formats thanks to @jwerre
@dependabot
Bump sinon from 11.1.2 to 12.0.1 (#74)
10bca68 
Bumps [sinon](https://github.com/sinonjs/sinon) from 11.1.2 to 12.0.1.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/docs/changelog.md)
- [Commits](sinonjs/sinon@v11.1.2...v12.0.1)

---
updated-dependencies:
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps-dev): bump eslint from 8.2.0 to 8.4.1 (#106)
643e091 
Bumps [eslint](https://github.com/eslint/eslint) from 8.2.0 to 8.4.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.2.0...v8.4.1)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@jorenvandeweyer
Integration test password grant (#100)
92bea82 
* test example

* created db & model factories

* added refresh_token grant type test

* removed failing test, not implemented feature

* add reference to issue

* client authentication test

* random client credentials in test

* replace math.random by crypto.randomBytes
@jorenvandeweyer
added warning in docs, added extra tests that actually use parameters
3a1e433
@jorenvandeweyer
Merge branch 'development' into issue_89_4_482
29e081b
@jankapunkt
feature(authorize): allow custom implementations of validateRedirectU…
9fab017 
…ri via model #89 p.4

- support custom validateRedirectUri()
- allow to implement model.validateRedirectUri
- updated AuthorizeHandler
- default conforms with RFC 6819 Section-5.2.3.5
- thanks to @FStefanni and @jorenvandeweyer
@jankapunkt
fix(handler): deny access when body.allowed is 'false' (#94)
4921a1c 
* fix(handler): deny access when body.allowed is 'false'

* fix(authorization): use simplified if-branch to check for body allow value
@jankapunkt
fix(request): set WWW-Authenticate header for invalid requests oauthj…
d1ba63c 
…s#646

Merge pull request #96 from FStefanni/issue_89_18_646
Set WWW-Authenticate header for invalid requests
Related: oauthjs#646
Fixes issue #89, point 18.
Thanks to @FStefanni
jankapunkt and others added 4 commits March 30, 2022 09:18
@jankapunkt
docs: Update extension-grants.rst with example #92
1269719 
Merge pull request #92 from FStefanni/issue_89_5_530
Update extension-grants.rst with example
thanks to @FStefanni
@Uzlopak
remove package-lock.json and set .npmrc to not create package-lock.js…
34bbd0f 
…on files, ignore package-lock.json in .npmignore to avoid publishing a package with package-lock.json, gitignore package-lock.json

We could be prone to a supply-chain-attack when we not carefully review changes in the package-lock.json. urls to packages could be changed to malicious variants. To avoid this, we disable the generation package-lock.json. We should not accept any PRs with package-lock.json.
@Uzlopak
use npm i instad of npm ci in workflows
d0a14d7
@Uzlopak
add yarn.lock to .gitignore and .npmingnore
f0254db
@jankapunkt
Copy link
Copy Markdown
Member Author

jankapunkt commented Apr 15, 2022

If there are no further PRs to merge into 4.2.0 I will resolve the conflicts and create a new release. Is everybody okay with that? I can also create an rc-release if you first want to test it with your setups.

@bmxpiku
Copy link
Copy Markdown

bmxpiku commented May 20, 2022

I am awaiting this :)

@Uzlopak
Copy link
Copy Markdown
Collaborator

Uzlopak commented May 20, 2022

Just do it

@jankapunkt jankapunkt marked this pull request as ready for review June 2, 2022 14:06
@jankapunkt jankapunkt changed the title Draft: Release 4.2.0 Release 4.2.0 Jun 2, 2022
HappyZombies
HappyZombies reviewed Jun 2, 2022
View reviewed changes
@jankapunkt
Copy link
Copy Markdown
Member Author

jankapunkt commented Jun 3, 2022

🎉 all conflicts resolved, we should be good to go. One needs to approve. I will create a new GitHub release and publish to NPM

@jankapunkt jankapunkt linked an issue Jun 3, 2022 that may be closed by this pull request
4.2.0 milestone #149
Closed
HappyZombies
HappyZombies requested changes Jun 4, 2022
View reviewed changes
@jankapunkt jankapunkt requested a review from HappyZombies June 5, 2022 08:39
HappyZombies
HappyZombies approved these changes Jun 5, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@HappyZombies HappyZombies left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Completed

@jankapunkt jankapunkt merged commit e01e841 into master Jun 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HappyZombies HappyZombies HappyZombies approved these changes

@Uzlopak Uzlopak Awaiting requested review from Uzlopak

@jorenvandeweyer jorenvandeweyer Awaiting requested review from jorenvandeweyer

Assignees

No one assigned

Labels

release 🎉 Releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4.2.0 milestone

8 participants

@jankapunkt @bmxpiku @Uzlopak @HappyZombies @jorenvandeweyer @FStefanni @jwerre @chrisfranko