From 9cfd910195b8f07c03e709327cebafb91156b718 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 4 Mar 2022 12:10:48 +0100 Subject: [PATCH 001/117] ci: fix hashFiles --- .github/workflows/test.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a89458ed..c3ef6cdf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,7 +44,7 @@ jobs: id: node_modules with: path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('**/package.json') }}-${{ steps.node.outputs.version }} + key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.version }} - name: Install dependencies run: npx panva/npm-install-retry if: ${{ steps.node_modules.outputs.cache-hit != 'true' }} @@ -71,7 +71,7 @@ jobs: id: node_modules with: path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('**/package.json') }}-${{ steps.node.outputs.version }} + key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.version }} - name: Install dependencies run: npx panva/npm-install-retry if: ${{ steps.node_modules.outputs.cache-hit != 'true' }} @@ -91,7 +91,7 @@ jobs: id: cache with: path: ./conformance-suite - key: suite-${{ hashFiles('**/test.yml') }}-${{ env.VERSION }} + key: suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }} - name: Conformance Suite Checkout if: ${{ steps.cache.outputs.cache-hit != 'true' }} run: git clone --depth 1 --single-branch --branch ${{ env.VERSION }} https://gitlab.com/openid/conformance-suite.git @@ -187,12 +187,24 @@ jobs: fapi_jarm_type: plain_oauth steps: + - name: Checkout + uses: actions/checkout@master + - name: Set Conformance Suite Version + run: | + export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) + echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Load Cached Conformance Suite Build uses: actions/cache@v2 id: cache with: path: ./conformance-suite - key: suite-${{ hashFiles('**/test.yml') }} + key: suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }} + - name: Abort if Conformance Suite version changed during the CI run. + if: ${{ steps.cache.outputs.cache-hit != 'true' }} + uses: actions/github-script@v3 + with: + script: | + core.setFailed('Conformance Suite version changed during the CI run') - name: Run Conformance Suite working-directory: ./conformance-suite run: | From f6fa149d11c2ea5c05b77b4fec6ee668fa7658ac Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 4 Mar 2022 12:40:30 +0100 Subject: [PATCH 002/117] fix(dpop): htu without querystring --- lib/helpers/request.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/helpers/request.js b/lib/helpers/request.js index ad86809a..d634c6de 100644 --- a/lib/helpers/request.js +++ b/lib/helpers/request.js @@ -74,7 +74,7 @@ module.exports = async function request(options, { accessToken, mTLS = false, DP opts.headers = opts.headers || {}; opts.headers.DPoP = await this.dpopProof( { - htu: url.href, + htu: `${url.origin}${url.pathname}`, htm: options.method, nonce: nonces.get(nonceKey), }, From 674b7edf0284aed26fe7f8c5656a63b7b3e607f2 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 4 Mar 2022 12:44:33 +0100 Subject: [PATCH 003/117] chore(release): 5.1.4 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a195ef7..b000f99c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.4](https://github.com/panva/node-openid-client/compare/v5.1.3...v5.1.4) (2022-03-04) + + +### Fixes + +* **dpop:** htu without querystring ([f6fa149](https://github.com/panva/node-openid-client/commit/f6fa149d11c2ea5c05b77b4fec6ee668fa7658ac)) + ## [5.1.3](https://github.com/panva/node-openid-client/compare/v5.1.2...v5.1.3) (2022-02-03) diff --git a/package.json b/package.json index 649200fa..9f0939cd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.3", + "version": "5.1.4", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From a315ad4e4d97ac8bfbaa2e7b41c5225240364df7 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 5 Mar 2022 13:47:35 +0100 Subject: [PATCH 004/117] ci: update actions/github-script --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c3ef6cdf..02d2467c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -201,7 +201,7 @@ jobs: key: suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }} - name: Abort if Conformance Suite version changed during the CI run. if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: actions/github-script@v3 + uses: actions/github-script@v6 with: script: | core.setFailed('Conformance Suite version changed during the CI run') From 3adf1a47b5267f7ce20a7c0c29e7207c0ddf34ca Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 4 Apr 2022 16:14:34 +0200 Subject: [PATCH 005/117] ci: audit check in CI --- .github/workflows/test.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 02d2467c..fbeba706 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,6 +11,20 @@ on: - cron: 0 10 * * 1-5 jobs: + audit: + name: NPM Audit (Production) + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@master + - name: Setup node + uses: actions/setup-node@v2 + with: + node-version: 16 + - name: Install dependencies + run: npx panva/npm-install-retry + - run: npm audit --production + test: name: Node Tests + Coverage runs-on: ubuntu-latest @@ -108,6 +122,7 @@ jobs: conformance-suite: runs-on: ubuntu-latest needs: + - audit - test - electron - build-conformance-suite From 7a417c35b703b9b8266a931bcefff9e0c9095d0e Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 14 Apr 2022 12:50:53 +0200 Subject: [PATCH 006/117] chore: prettier --- lib/client.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/client.js b/lib/client.js index a6c82954..bcefb208 100644 --- a/lib/client.js +++ b/lib/client.js @@ -779,7 +779,10 @@ class BaseClient { } } - if (typeof maxAge === 'number' && payload.auth_time + maxAge < timestamp - this[CLOCK_TOLERANCE]) { + if ( + typeof maxAge === 'number' && + payload.auth_time + maxAge < timestamp - this[CLOCK_TOLERANCE] + ) { throw new RPError({ printf: [ 'too much time has elapsed since the last End-User authentication, max_age %i, auth_time: %i, now %i', @@ -794,7 +797,11 @@ class BaseClient { }); } - if (nonce !== skipNonceCheck && (payload.nonce || nonce !== undefined) && payload.nonce !== nonce) { + if ( + nonce !== skipNonceCheck && + (payload.nonce || nonce !== undefined) && + payload.nonce !== nonce + ) { throw new RPError({ printf: ['nonce mismatch, expected %s, got: %s', nonce, payload.nonce], jwt: idToken, From 96b367d920f5bf8cd31d805e159625dd1899b65d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 14 Apr 2022 13:07:17 +0200 Subject: [PATCH 007/117] fix: interoperable audience array value for JWT Client auth assertions (again) - token endpoint is a SHOULD in all definitions - issuer identifier is the defacto identifier that should be accepted too - specific endpoint location is not defined anywhere --- lib/helpers/client.js | 13 +------------ test/client/mtls.test.js | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 24 deletions(-) diff --git a/lib/helpers/client.js b/lib/helpers/client.js index 529f75d0..62bf9be6 100644 --- a/lib/helpers/client.js +++ b/lib/helpers/client.js @@ -90,19 +90,8 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { case 'private_key_jwt': case 'client_secret_jwt': { const timestamp = now(); - - const mTLS = endpoint === 'token' && this.tls_client_certificate_bound_access_tokens; const audience = [ - ...new Set( - [ - this.issuer.issuer, - this.issuer.token_endpoint, - this.issuer[`${endpoint}_endpoint`], - mTLS && this.issuer.mtls_endpoint_aliases - ? this.issuer.mtls_endpoint_aliases.token_endpoint - : undefined, - ].filter(Boolean), - ), + ...new Set([this.issuer.issuer, this.issuer.token_endpoint].filter(Boolean)), ]; const assertion = await clientAssertion.call(this, endpoint, { diff --git a/test/client/mtls.test.js b/test/client/mtls.test.js index 92075bda..4177daf9 100644 --- a/test/client/mtls.test.js +++ b/test/client/mtls.test.js @@ -102,33 +102,32 @@ describe('mutual-TLS', () => { token_endpoint_auth_signing_alg: 'HS256', tls_client_certificate_bound_access_tokens: true, }); + this.jwtAuthClientNoSenderConstraining = new issuer.Client({ + client_id: 'client', + client_secret: 'secret', + token_endpoint_auth_method: 'client_secret_jwt', + token_endpoint_auth_signing_alg: 'HS256', + tls_client_certificate_bound_access_tokens: false, + }); this.client[custom.http_options] = () => ({ key, cert }); }); - it('uses the mtls endpoint alias for token endpoint when using jwt auth and tls certs', async function () { + it('uses the issuer identifier and token endpoint as private_key_jwt audiences', async function () { let { form: { client_assertion: jwt }, } = await clientHelpers.authFor.call(this.jwtAuthClient, 'token'); let { aud } = jose2.JWT.decode(jwt); - expect(aud).to.include('https://mtls.op.example.com/token'); - expect(aud).to.include('https://op.example.com/token'); - expect(aud).to.include('https://op.example.com'); + expect(aud).to.deep.equal(['https://op.example.com', 'https://op.example.com/token']); ({ form: { client_assertion: jwt }, } = await clientHelpers.authFor.call(this.jwtAuthClient, 'introspection')); ({ aud } = jose2.JWT.decode(jwt)); - expect(aud).not.to.include('https://mtls.op.example.com/token/introspect'); - expect(aud).to.include('https://op.example.com/token/introspect'); - expect(aud).to.include('https://op.example.com/token'); - expect(aud).to.include('https://op.example.com'); + expect(aud).to.deep.equal(['https://op.example.com', 'https://op.example.com/token']); ({ form: { client_assertion: jwt }, } = await clientHelpers.authFor.call(this.jwtAuthClient, 'revocation')); ({ aud } = jose2.JWT.decode(jwt)); - expect(aud).not.to.include('https://mtls.op.example.com/token/revoke'); - expect(aud).to.include('https://op.example.com/token/revoke'); - expect(aud).to.include('https://op.example.com/token'); - expect(aud).to.include('https://op.example.com'); + expect(aud).to.deep.equal(['https://op.example.com', 'https://op.example.com/token']); }); it('requires mTLS for userinfo when tls_client_certificate_bound_access_tokens is true', async function () { From 9505cbab42c741a64b5a9b5d586c2c874765adb8 Mon Sep 17 00:00:00 2001 From: Michael Hadley Date: Thu, 14 Apr 2022 05:32:06 -0700 Subject: [PATCH 008/117] fix(typescript): add error constructors (#483) --- types/index.d.ts | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/types/index.d.ts b/types/index.d.ts index 4fcd4b61..9ad40e9d 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -8,6 +8,7 @@ import * as http2 from 'http2'; import { URL } from 'url'; import * as jose from 'jose'; import * as crypto from 'crypto'; +import { format } from 'util'; export type HttpOptions = Partial< Pick< @@ -572,6 +573,18 @@ export namespace errors { scope?: string; session_state?: string; response?: { body?: UnknownObject | Buffer } & http.IncomingMessage; + + constructor( + params: { + error: string; + error_description?: string; + error_uri?: string; + state?: string; + scope?: string; + session_state?: string; + }, + response?: { body?: UnknownObject | Buffer } & http.IncomingMessage, + ); } class RPError extends Error { @@ -586,6 +599,14 @@ export namespace errors { exp?: number; iat?: number; auth_time?: number; + + constructor(...args: Parameters); + constructor(options: { + message?: string; + printf?: Parameters; + response?: { body?: UnknownObject | Buffer } & http.IncomingMessage; + [key: string]: unknown; + }); } } From e25eb16b37028be4517d0b14e0b6a38582770f39 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 14 Apr 2022 14:44:47 +0200 Subject: [PATCH 009/117] chore(release): 5.1.5 --- CHANGELOG.md | 8 ++++++++ package.json | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b000f99c..209ebe3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.5](https://github.com/panva/node-openid-client/compare/v5.1.4...v5.1.5) (2022-04-14) + + +### Fixes + +* interoperable audience array value for JWT Client auth assertions (again) ([96b367d](https://github.com/panva/node-openid-client/commit/96b367d920f5bf8cd31d805e159625dd1899b65d)) +* **typescript:** add error constructors ([#483](https://github.com/panva/node-openid-client/issues/483)) ([9505cba](https://github.com/panva/node-openid-client/commit/9505cbab42c741a64b5a9b5d586c2c874765adb8)) + ## [5.1.4](https://github.com/panva/node-openid-client/compare/v5.1.3...v5.1.4) (2022-03-04) diff --git a/package.json b/package.json index 9f0939cd..c120ea82 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.4", + "version": "5.1.5", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From d51955b4a889dd57c0be4fe34f0b298c9e6a4f7e Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 25 Apr 2022 11:20:20 +0200 Subject: [PATCH 010/117] ci: update lock.yml --- .github/workflows/lock.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 44399fc3..69c4b802 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -2,16 +2,16 @@ name: 'Lock threads' on: schedule: - - cron: '0 9 * * *' + - cron: '5 9 * * *' jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v2 + - uses: dessant/lock-threads@v3 with: github-token: ${{ github.token }} - issue-lock-inactive-days: '90' + issue-inactive-days: '90' issue-lock-reason: '' - pr-lock-inactive-days: '90' + pr-inactive-days: '90' pr-lock-reason: '' From 92fd33d4716260ef61fcaaa8de32119c869e70fb Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 2 May 2022 11:03:10 +0200 Subject: [PATCH 011/117] fix(typescript): add types export for nodenext module resolution --- package.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index c120ea82..0d6f0bdc 100644 --- a/package.json +++ b/package.json @@ -30,11 +30,12 @@ "license": "MIT", "author": "Filip Skokan ", "exports": { + "types": "./types/index.d.ts", "import": "./lib/index.mjs", "require": "./lib/index.js" }, - "main": "lib/index.js", - "types": "types/index.d.ts", + "main": "./lib/index.js", + "types": "./types/index.d.ts", "files": [ "lib", "types/index.d.ts" From 4baa8e279ea25f0e7f5fe409002fe2eb78765ac7 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 10 May 2022 15:37:36 +0200 Subject: [PATCH 012/117] refactor: device flow poll to use client.grant --- lib/device_flow_handle.js | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/lib/device_flow_handle.js b/lib/device_flow_handle.js index 7277ded1..1642a906 100644 --- a/lib/device_flow_handle.js +++ b/lib/device_flow_handle.js @@ -61,23 +61,16 @@ class DeviceFlowHandle { await new Promise((resolve) => setTimeout(resolve, this.#interval)); - const response = await authenticatedPost.call( - this.#client, - 'token', - { - form: { + let tokenset; + try { + tokenset = await this.#client.grant( + { ...this.#exchangeBody, grant_type: 'urn:ietf:params:oauth:grant-type:device_code', device_code: this.device_code, }, - responseType: 'json', - }, - { clientAssertionPayload: this.#clientAssertionPayload, DPoP: this.#DPoP }, - ); - - let responseBody; - try { - responseBody = processResponse(response); + { clientAssertionPayload: this.#clientAssertionPayload, DPoP: this.#DPoP }, + ); } catch (err) { switch (err instanceof OPError && err.error) { case 'slow_down': @@ -89,8 +82,6 @@ class DeviceFlowHandle { } } - const tokenset = new TokenSet(responseBody); - if ('id_token' in tokenset) { await this.#client.decryptIdToken(tokenset); await this.#client.validateIdToken(tokenset, undefined, 'token', this.#maxAge); From 8881f5073cbf0924f7fae642eb9ad48b47ce39f1 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 10 May 2022 16:15:01 +0200 Subject: [PATCH 013/117] chore(release): 5.1.6 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 209ebe3d..cadd4e50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.6](https://github.com/panva/node-openid-client/compare/v5.1.5...v5.1.6) (2022-05-10) + + +### Fixes + +* **typescript:** add types export for nodenext module resolution ([92fd33d](https://github.com/panva/node-openid-client/commit/92fd33d4716260ef61fcaaa8de32119c869e70fb)) + ## [5.1.5](https://github.com/panva/node-openid-client/compare/v5.1.4...v5.1.5) (2022-04-14) diff --git a/package.json b/package.json index 0d6f0bdc..4821f4f0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.5", + "version": "5.1.6", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 941218fcc0303c502ec008f17999d3479d115cf0 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 10 May 2022 16:26:46 +0200 Subject: [PATCH 014/117] chore: remove unused imports --- lib/device_flow_handle.js | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/device_flow_handle.js b/lib/device_flow_handle.js index 1642a906..ed61c7c0 100644 --- a/lib/device_flow_handle.js +++ b/lib/device_flow_handle.js @@ -2,9 +2,6 @@ const { inspect } = require('util'); const { RPError, OPError } = require('./errors'); const now = require('./helpers/unix_timestamp'); -const { authenticatedPost } = require('./helpers/client'); -const processResponse = require('./helpers/process_response'); -const TokenSet = require('./token_set'); class DeviceFlowHandle { #aborted; From ab7f9d3ca060ac2302d6cf7e3894b181b9a1e7a8 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 13 May 2022 11:25:12 +0200 Subject: [PATCH 015/117] ci: dont nag me on intermitten lock failures --- .github/workflows/lock.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 69c4b802..8a9cce87 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -6,6 +6,7 @@ on: jobs: lock: + continue-on-error: true runs-on: ubuntu-latest steps: - uses: dessant/lock-threads@v3 From af735edd04a1a2e2356abfe75b3958d306bbc942 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 31 May 2022 13:17:08 +0200 Subject: [PATCH 016/117] refactor: per feedback from FAPI WG fapi scope checking was removed --- docs/README.md | 3 --- lib/client.js | 24 ------------------------ types/index.d.ts | 2 +- 3 files changed, 1 insertion(+), 28 deletions(-) diff --git a/docs/README.md b/docs/README.md index 7b147d6c..88955eb5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -290,9 +290,6 @@ Performs the callback for Authorization Server's authorization response. - `max_age`: `` When provided the authorization response's ID Token auth_time parameter will be checked to be conform to the max_age value. Use of this check is required if you sent a max_age parameter into an authorization request. **Default:** uses client's `default_max_age`. - - `scope`: `` (FAPI1Client only) When provided the Token Endpoint Authorization Code - exchange response `scope` will be checked to be either an exact match, or containing a subset of - the scope sent in the authorization request. - `extras`: `` - `exchangeBody`: `` extra request body properties to be sent to the AS during code diff --git a/lib/client.js b/lib/client.js index bcefb208..a314e721 100644 --- a/lib/client.js +++ b/lib/client.js @@ -489,18 +489,6 @@ class BaseClient { tokenset.session_state = params.session_state; } - if (tokenset.scope && checks.scope && this.fapi()) { - const expected = new Set(checks.scope.split(' ')); - const actual = tokenset.scope.split(' '); - if (!actual.every(Set.prototype.has, expected)) { - throw new RPError({ - message: 'unexpected scope returned', - checks, - scope: tokenset.scope, - }); - } - } - return tokenset; } @@ -628,18 +616,6 @@ class BaseClient { }); } - if (tokenset.scope && checks.scope && this.fapi()) { - const expected = new Set(checks.scope.split(' ')); - const actual = tokenset.scope.split(' '); - if (!actual.every(Set.prototype.has, expected)) { - throw new RPError({ - message: 'unexpected scope returned', - checks, - scope: tokenset.scope, - }); - } - } - return tokenset; } diff --git a/types/index.d.ts b/types/index.d.ts index 9ad40e9d..0baba3a8 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -161,7 +161,7 @@ export interface OAuthCallbackChecks { state?: string; code_verifier?: string; jarm?: boolean; - scope?: string; + scope?: string; // TODO: remove in v6.x } export interface OpenIDCallbackChecks extends OAuthCallbackChecks { From 128d2013a613142aecfba532fab249a13cba8118 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 31 May 2022 13:35:26 +0200 Subject: [PATCH 017/117] ci: enable workflow_dispatch --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fbeba706..9b8c2b1d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,6 +9,7 @@ on: - '**.md' schedule: - cron: 0 10 * * 1-5 + workflow_dispatch: jobs: audit: From 3f8dde8b891382d9adac586255c521f444b4bb81 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 31 May 2022 14:14:21 +0200 Subject: [PATCH 018/117] ci: update node version --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9b8c2b1d..b66f2f9a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -76,7 +76,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-node@v2 with: - node-version: 12 + node-version: 16 - name: Store node version variable id: node run: | @@ -229,7 +229,7 @@ jobs: - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - uses: actions/setup-node@v2 with: - node-version: 12 + node-version: 16 - run: npx panva/npm-install-retry working-directory: ./runner - run: npm install ${{ github.repository }}#${{ github.sha }} From 9e5ea0facee3eec6b16b647c3e891cbb126fc32e Mon Sep 17 00:00:00 2001 From: snowfy <40699134+snowflake752@users.noreply.github.com> Date: Sat, 25 Jun 2022 16:25:50 +0530 Subject: [PATCH 019/117] fix: improve support of electron BrowserWindow with nodeIntegration Co-authored-by: snowflake --- lib/helpers/request.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/helpers/request.js b/lib/helpers/request.js index d634c6de..45e4f881 100644 --- a/lib/helpers/request.js +++ b/lib/helpers/request.js @@ -3,6 +3,7 @@ const querystring = require('querystring'); const http = require('http'); const https = require('https'); const { once } = require('events'); +const { URL } = require('url'); const LRU = require('lru-cache'); @@ -116,7 +117,7 @@ module.exports = async function request(options, { accessToken, mTLS = false, DP } let response; - const req = (url.protocol === 'https:' ? https.request : http.request)(url, opts); + const req = (url.protocol === 'https:' ? https.request : http.request)(url.href, opts); return (async () => { if (json) { send(req, JSON.stringify(json), 'application/json'); From 296e25d877f7f2a338978a6d5ce3c94b28548646 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 25 Jun 2022 13:57:19 +0300 Subject: [PATCH 020/117] chore(release): 5.1.7 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cadd4e50..8673288a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.7](https://github.com/panva/node-openid-client/compare/v5.1.6...v5.1.7) (2022-06-25) + + +### Fixes + +* improve support of electron BrowserWindow with nodeIntegration ([9e5ea0f](https://github.com/panva/node-openid-client/commit/9e5ea0facee3eec6b16b647c3e891cbb126fc32e)) + ## [5.1.6](https://github.com/panva/node-openid-client/compare/v5.1.5...v5.1.6) (2022-05-10) diff --git a/package.json b/package.json index 4821f4f0..a8b2d295 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.6", + "version": "5.1.7", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 687ba8423a3bd4a604d1dd6dbbd0581a10edba83 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 2 Jul 2022 23:08:02 +0200 Subject: [PATCH 021/117] ci: refactor conformance build version --- .github/workflows/test.yml | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b66f2f9a..723cc242 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,6 +10,10 @@ on: schedule: - cron: 0 10 * * 1-5 workflow_dispatch: + inputs: + conformance-version: + description: 'Conformance Suite Version (commit hash)' + required: false jobs: audit: @@ -94,22 +98,33 @@ jobs: build-conformance-suite: runs-on: ubuntu-latest + outputs: + cache-key: ${{ steps.cache-key.outputs.value }} steps: - name: Checkout uses: actions/checkout@master - - name: Set Conformance Suite Version + - name: Set Conformance Suite Version from GitLab + if: ${{ !github.event.inputs.conformance-version }} run: | export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Set Conformance Suite Version from Workflow Dispatch + if: ${{ github.event.inputs.conformance-version }} + run: | + echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV + - id: cache-key + run: echo "::set-output name=value::suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }}" - name: Load Cached Conformance Suite Build - uses: actions/cache@v2 + uses: actions/cache@v3 id: cache with: path: ./conformance-suite - key: suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }} + key: ${{ steps.cache-key.outputs.value }} - name: Conformance Suite Checkout if: ${{ steps.cache.outputs.cache-hit != 'true' }} - run: git clone --depth 1 --single-branch --branch ${{ env.VERSION }} https://gitlab.com/openid/conformance-suite.git + run: git clone https://gitlab.com/openid/conformance-suite.git + - run: git reset --hard ${{ env.VERSION }} + working-directory: ./conformance-suite - name: Conformance Suite Build working-directory: ./conformance-suite if: ${{ steps.cache.outputs.cache-hit != 'true' }} @@ -210,17 +225,17 @@ jobs: export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Load Cached Conformance Suite Build - uses: actions/cache@v2 + uses: actions/cache@v3 id: cache with: path: ./conformance-suite - key: suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }} - - name: Abort if Conformance Suite version changed during the CI run. + key: ${{ needs.build-conformance-suite.outputs.cache-key }} + - name: Abort if Conformance Suite isn't cached if: ${{ steps.cache.outputs.cache-hit != 'true' }} uses: actions/github-script@v6 with: script: | - core.setFailed('Conformance Suite version changed during the CI run') + core.setFailed('Conformance Suite cache hit failed') - name: Run Conformance Suite working-directory: ./conformance-suite run: | From 34251106d142553f8614665c1cbfe94f8ca1e222 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 4 Jul 2022 10:47:08 +0200 Subject: [PATCH 022/117] fix: ignore non-conform "unrecognized" id_token in oauthCallback() fixes #503 --- lib/client.js | 6 ++++-- test/client/client_instance.test.js | 29 +++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/lib/client.js b/lib/client.js index a314e721..2ba0c35a 100644 --- a/lib/client.js +++ b/lib/client.js @@ -557,13 +557,14 @@ class BaseClient { throw new OPError(params); } - if ('id_token' in params) { + if (typeof params.id_token === 'string' && params.id_token.length) { throw new RPError({ message: 'id_token detected in the response, you must use client.callback() instead of client.oauthCallback()', params, }); } + delete params.id_token const RESPONSE_TYPE_REQUIRED_PARAMS = { code: ['code'], @@ -608,13 +609,14 @@ class BaseClient { { clientAssertionPayload, DPoP }, ); - if ('id_token' in tokenset) { + if (typeof tokenset.id_token === 'string' && tokenset.id_token.length) { throw new RPError({ message: 'id_token detected in the response, you must use client.callback() instead of client.oauthCallback()', params, }); } + delete tokenset.id_token return tokenset; } diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index 459c7218..ff7a1a18 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -1100,6 +1100,18 @@ describe('Client', () => { }); }); + it('ignores the id_token when falsy', function () { + return this.client + .oauthCallback('https://rp.example.com/cb', { + access_token: 'foo', + token_type: 'bearer', + id_token: '', + }) + .then((tokenset) => { + expect(tokenset).not.to.have.property('id_token'); + }); + }); + it('rejects when id_token was issued by the token endpoint', function () { nock('https://op.example.com') .matchHeader('Accept', 'application/json') @@ -1120,6 +1132,23 @@ describe('Client', () => { ); }); }); + + it('ignores the the token endpoint id_token property when falsy', function () { + nock('https://op.example.com') + .matchHeader('Accept', 'application/json') + .matchHeader('Content-Length', isNumber) + .matchHeader('Transfer-Encoding', isUndefined) + .post('/token') + .reply(200, { id_token: '' }); + + return this.client + .oauthCallback('https://rp.example.com/cb', { + code: 'foo', + }) + .then((tokenset) => { + expect(tokenset).not.to.have.property('id_token'); + }); + }); }); describe('response type checks', function () { From 3a2206a309c0330e7bbd214ba0c06424a618dee9 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 4 Jul 2022 10:50:02 +0200 Subject: [PATCH 023/117] style: prettier --- lib/client.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/client.js b/lib/client.js index 2ba0c35a..97ec3ee1 100644 --- a/lib/client.js +++ b/lib/client.js @@ -564,7 +564,7 @@ class BaseClient { params, }); } - delete params.id_token + delete params.id_token; const RESPONSE_TYPE_REQUIRED_PARAMS = { code: ['code'], @@ -616,7 +616,7 @@ class BaseClient { params, }); } - delete tokenset.id_token + delete tokenset.id_token; return tokenset; } From 29717da984115dfe8475a31496f144bf52a98ad2 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 4 Jul 2022 10:51:00 +0200 Subject: [PATCH 024/117] chore(release): 5.1.8 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8673288a..b1e2f662 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.8](https://github.com/panva/node-openid-client/compare/v5.1.7...v5.1.8) (2022-07-04) + + +### Fixes + +* ignore non-conform "unrecognized" id_token in oauthCallback() ([3425110](https://github.com/panva/node-openid-client/commit/34251106d142553f8614665c1cbfe94f8ca1e222)), closes [#503](https://github.com/panva/node-openid-client/issues/503) + ## [5.1.7](https://github.com/panva/node-openid-client/compare/v5.1.6...v5.1.7) (2022-06-25) diff --git a/package.json b/package.json index a8b2d295..98edfd68 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.7", + "version": "5.1.8", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From a61923d81cb78493125420c046e5316be069b2a7 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 15 Jul 2022 12:19:24 +0200 Subject: [PATCH 025/117] ci: cache docker layers --- .github/workflows/test.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 723cc242..cdd780d3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -236,6 +236,8 @@ jobs: with: script: | core.setFailed('Conformance Suite cache hit failed') + - uses: satackey/action-docker-layer-caching@v0.0.11 + continue-on-error: true - name: Run Conformance Suite working-directory: ./conformance-suite run: | @@ -251,6 +253,11 @@ jobs: working-directory: ./runner - run: npm run test working-directory: ./runner + - name: Stop Conformance Suite + if: ${{ always() }} + continue-on-error: true + run: docker-compose -f docker-compose-dev.yml down + working-directory: ./conformance-suite - name: Upload test artifacts uses: actions/upload-artifact@v2 with: From ace199d90425a4e30dd1414048176997cbd94de8 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 15 Jul 2022 16:35:53 +0200 Subject: [PATCH 026/117] Revert "ci: cache docker layers" This reverts commit a61923d81cb78493125420c046e5316be069b2a7. --- .github/workflows/test.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index cdd780d3..723cc242 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -236,8 +236,6 @@ jobs: with: script: | core.setFailed('Conformance Suite cache hit failed') - - uses: satackey/action-docker-layer-caching@v0.0.11 - continue-on-error: true - name: Run Conformance Suite working-directory: ./conformance-suite run: | @@ -253,11 +251,6 @@ jobs: working-directory: ./runner - run: npm run test working-directory: ./runner - - name: Stop Conformance Suite - if: ${{ always() }} - continue-on-error: true - run: docker-compose -f docker-compose-dev.yml down - working-directory: ./conformance-suite - name: Upload test artifacts uses: actions/upload-artifact@v2 with: From 16a09a34bfdfb953175881c1fb3228870e3f6ae9 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 4 Aug 2022 15:42:25 +0200 Subject: [PATCH 027/117] test: refactor json parse failure err matching --- test/client/client_instance.test.js | 4 ++-- test/client/discover_client.test.js | 2 +- test/client/register_client.test.js | 2 +- test/issuer/discover_issuer.test.js | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index ff7a1a18..866017c2 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -1845,7 +1845,7 @@ describe('Client', () => { .reply(200, '{"notavalid"}'); return client.userinfo('foo').then(fail, function (error) { - expect(error.message).to.eql('Unexpected token } in JSON at position 12'); + expect(error.message).to.match(/in JSON at position 12/); expect(error).to.have.property('response'); }); }); @@ -2054,7 +2054,7 @@ describe('Client', () => { }); return client.introspect('tokenValue').then(fail, function (error) { - expect(error.message).to.eql('Unexpected token } in JSON at position 12'); + expect(error.message).to.match(/in JSON at position 12/); expect(error).to.have.property('response'); }); }); diff --git a/test/client/discover_client.test.js b/test/client/discover_client.test.js index 362c704e..095e3f1a 100644 --- a/test/client/discover_client.test.js +++ b/test/client/discover_client.test.js @@ -78,7 +78,7 @@ describe('Client#fromUri()', () => { return issuer.Client.fromUri('https://op.example.com/client/identifier').then( fail, function (error) { - expect(error.message).to.eql('Unexpected token } in JSON at position 12'); + expect(error.message).to.match(/in JSON at position 12/); expect(error).to.have.property('response'); }, ); diff --git a/test/client/register_client.test.js b/test/client/register_client.test.js index 72bb874a..f372c1c7 100644 --- a/test/client/register_client.test.js +++ b/test/client/register_client.test.js @@ -82,7 +82,7 @@ describe('Client#register', () => { nock('https://op.example.com').post('/client/registration').reply(201, '{"notavalid"}'); return issuer.Client.register({}).then(fail, function (error) { - expect(error.message).to.eql('Unexpected token } in JSON at position 12'); + expect(error.message).to.match(/in JSON at position 12/); expect(error).to.have.property('response'); }); }); diff --git a/test/issuer/discover_issuer.test.js b/test/issuer/discover_issuer.test.js index 7a9c9f4c..e0adf068 100644 --- a/test/issuer/discover_issuer.test.js +++ b/test/issuer/discover_issuer.test.js @@ -278,7 +278,7 @@ describe('Issuer#discover()', () => { .reply(200, '{"notavalid"}'); return Issuer.discover('https://op.example.com').then(fail, function (error) { - expect(error.message).to.eql('Unexpected token } in JSON at position 12'); + expect(error.message).to.match(/in JSON at position 12/); expect(error).to.have.property('response'); }); }); From 2e02d5b9dc33959f79b0f5e22b78d1a915f4ed02 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 5 Aug 2022 12:53:56 +0200 Subject: [PATCH 028/117] ci(conformance): update variants --- .github/workflows/test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 723cc242..463c1fbe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -202,20 +202,20 @@ jobs: client_auth_type: mtls fapi_auth_request_method: pushed fapi_response_mode: jarm - fapi_jarm_type: plain_oauth + fapi_client_type: plain_oauth - plan: fapi1-advanced-final-client-test-plan client_auth_type: mtls fapi_response_mode: jarm - fapi_jarm_type: plain_oauth + fapi_client_type: plain_oauth - plan: fapi1-advanced-final-client-test-plan client_auth_type: private_key_jwt fapi_auth_request_method: pushed fapi_response_mode: jarm - fapi_jarm_type: plain_oauth + fapi_client_type: plain_oauth - plan: fapi1-advanced-final-client-test-plan client_auth_type: private_key_jwt fapi_response_mode: jarm - fapi_jarm_type: plain_oauth + fapi_client_type: plain_oauth steps: - name: Checkout From 74686740ffc7c518bd7564dc7c69eb19f775dab8 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 23 Aug 2022 15:24:06 +0200 Subject: [PATCH 029/117] fix: safeguard TokenSet prototype methods closes #511 --- lib/token_set.js | 5 +++++ test/tokenset/tokenset.test.js | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/lib/token_set.js b/lib/token_set.js index cfdb3ce9..cdf2f0d8 100644 --- a/lib/token_set.js +++ b/lib/token_set.js @@ -4,6 +4,11 @@ const now = require('./helpers/unix_timestamp'); class TokenSet { constructor(values) { Object.assign(this, values); + const { constructor, ...properties } = Object.getOwnPropertyDescriptors( + this.constructor.prototype, + ); + + Object.defineProperties(this, properties); } set expires_in(value) { diff --git a/test/tokenset/tokenset.test.js b/test/tokenset/tokenset.test.js index 78530089..c2fe01b8 100644 --- a/test/tokenset/tokenset.test.js +++ b/test/tokenset/tokenset.test.js @@ -54,4 +54,30 @@ describe('TokenSet', function () { expect(JSON.parse(JSON.stringify(ts))).to.eql(ts); }); + + it('cannot have its prototype methods overloaded', function () { + let ts = new TokenSet({ + claims: null, + id_token: + 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', + }); + + expect(ts.claims).to.be.a('function'); + expect(ts.claims()).to.eql({ admin: true, name: 'John Doe', sub: '1234567890' }); + + ts = new TokenSet({ expires_in: 'foo' }); + ts.expires_in = 200; + expect(ts.expires_in).to.be.a('number'); + expect(ts.expired()).to.eql(false); + + const e = new Error(); + class CustomTokenSet extends TokenSet { + expired() { + throw e; + } + } + + ts = new CustomTokenSet({}); + expect(() => ts.expired()).to.throw(e); + }); }); From 719ed262dae625c3fd7e4689765a672d87d93ea3 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 23 Aug 2022 15:28:00 +0200 Subject: [PATCH 030/117] chore(release): 5.1.9 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1e2f662..b89ec93a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.9](https://github.com/panva/node-openid-client/compare/v5.1.8...v5.1.9) (2022-08-23) + + +### Fixes + +* safeguard TokenSet prototype methods ([7468674](https://github.com/panva/node-openid-client/commit/74686740ffc7c518bd7564dc7c69eb19f775dab8)), closes [#511](https://github.com/panva/node-openid-client/issues/511) + ## [5.1.8](https://github.com/panva/node-openid-client/compare/v5.1.7...v5.1.8) (2022-07-04) diff --git a/package.json b/package.json index 98edfd68..8d707fff 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.8", + "version": "5.1.9", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 30460ad64f857b91b8524e8a339afc4eab8b4fad Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 26 Aug 2022 11:15:52 +0200 Subject: [PATCH 031/117] ci: temporarily disable oidcc-client-dynamic-certification-test-plan --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 463c1fbe..3bf5311a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -165,7 +165,8 @@ jobs: - plan: oidcc-client-config-certification-test-plan # OIDC DYNAMIC - - plan: oidcc-client-dynamic-certification-test-plan + # TODO: work around the request_uri lodging service EOL + # - plan: oidcc-client-dynamic-certification-test-plan # FAPI 1.0 ID-2 - plan: fapi-rw-id2-client-test-plan From 9aefba30dcf0e312051e6844b35b06bc457488d5 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 28 Sep 2022 10:30:14 +0100 Subject: [PATCH 032/117] refactor(engines): remove package.json engines restriction --- .github/workflows/test.yml | 8 +------- README.md | 4 +--- package.json | 5 +---- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3bf5311a..83c70a8c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,20 +33,14 @@ jobs: test: name: Node Tests + Coverage runs-on: ubuntu-latest - continue-on-error: ${{ matrix.experimental || false }} strategy: fail-fast: false matrix: node-version: - - 12.19.0 - 12 - - 14.15.0 - 14 - - 16.13.0 - 16 - include: - - experimental: true - node-version: '>=17' + - 18 steps: - name: Checkout uses: actions/checkout@master diff --git a/README.md b/README.md index 940b7e19..8c8907f0 100644 --- a/README.md +++ b/README.md @@ -87,9 +87,7 @@ specific middlewares. Those can however be built using the exposed API, one such ## Install -Node.js LTS releases Codename Erbium (starting with ^12.19.0) and newer LTS releases are supported. -This means ^12.19.0 (Erbium), ^14.15.0 (Fermium), and ^16.13.0 (Gallium). Future LTS releases will -be added to this list as they're released. +Node.js LTS releases Codename Erbium (starting with ^12.19.0) and newer LTS releases are supported. ```console npm install openid-client diff --git a/package.json b/package.json index 8d707fff..3fb00210 100644 --- a/package.json +++ b/package.json @@ -71,9 +71,6 @@ "sinon": "^9.2.0", "timekeeper": "^2.2.0" }, - "engines": { - "node": "^12.19.0 || ^14.15.0 || ^16.13.0" - }, "standard-version": { "scripts": { "postchangelog": "sed -i '' -e 's/### \\[/## [/g' CHANGELOG.md" @@ -102,7 +99,7 @@ { "type": "refactor", "section": "Refactor", - "hidden": true + "hidden": false }, { "type": "perf", From ba5869994ab67edeefbbd40af656e39021d1afa6 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 28 Sep 2022 10:31:59 +0100 Subject: [PATCH 033/117] chore(release): 5.1.10 --- CHANGELOG.md | 7 +++++++ package.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b89ec93a..44ba1f7d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.1.10](https://github.com/panva/node-openid-client/compare/v5.1.9...v5.1.10) (2022-09-28) + + +### Refactor + +* **engines:** remove package.json engines restriction ([9aefba3](https://github.com/panva/node-openid-client/commit/9aefba30dcf0e312051e6844b35b06bc457488d5)) + ## [5.1.9](https://github.com/panva/node-openid-client/compare/v5.1.8...v5.1.9) (2022-08-23) diff --git a/package.json b/package.json index 3fb00210..70f6957f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.9", + "version": "5.1.10", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From d2dce8c236991abb11b7be80272789bb98897ae0 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 10 Oct 2022 17:57:39 +0200 Subject: [PATCH 034/117] ci: update codeql --- .github/workflows/codeql-analysis.yml | 52 ------------------- .github/workflows/codeql.yml | 74 +++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 52 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index df2a3be2..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: "Code scanning - action" - -on: - pull_request: - paths-ignore: - - '**.md' - schedule: - - cron: '0 8 * * 4' - -jobs: - CodeQL-Build: - - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - # Override language selection by uncommenting this and choosing your languages - # with: - # languages: go, javascript, csharp, python, cpp, java - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..b7efa9b5 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,74 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '20 11 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From 3954067d1f5c021bf7ffd465263bac06bc3418f8 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 10 Oct 2022 17:59:39 +0200 Subject: [PATCH 035/117] ci: update actions --- .github/workflows/test.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 83c70a8c..fcf3ec97 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,9 +21,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v3 - name: Setup node - uses: actions/setup-node@v2 + uses: actions/setup-node@v3 with: node-version: 16 - name: Install dependencies @@ -43,9 +43,9 @@ jobs: - 18 steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v3 - name: Setup node - uses: actions/setup-node@v2 + uses: actions/setup-node@v3 with: node-version: ${{ matrix.node-version }} - name: Store node version variable @@ -53,7 +53,7 @@ jobs: run: | echo "::set-output name=version::$(node -v)" - name: Cache node_modules - uses: actions/cache@v2 + uses: actions/cache@v3 id: node_modules with: path: node_modules @@ -71,8 +71,8 @@ jobs: - 12.0.0 - latest steps: - - uses: actions/checkout@master - - uses: actions/setup-node@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-node@v3 with: node-version: 16 - name: Store node version variable @@ -80,7 +80,7 @@ jobs: run: | echo "::set-output name=version::$(node -v)" - name: Cache node_modules - uses: actions/cache@v2 + uses: actions/cache@v3 id: node_modules with: path: node_modules @@ -96,7 +96,7 @@ jobs: cache-key: ${{ steps.cache-key.outputs.value }} steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v3 - name: Set Conformance Suite Version from GitLab if: ${{ !github.event.inputs.conformance-version }} run: | @@ -214,7 +214,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@v3 - name: Set Conformance Suite Version run: | export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) @@ -237,7 +237,7 @@ jobs: docker-compose -f docker-compose-dev.yml up -d while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v3 with: node-version: 16 - run: npx panva/npm-install-retry @@ -247,14 +247,14 @@ jobs: - run: npm run test working-directory: ./runner - name: Upload test artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: path: runner/export-*.zip name: ${{ matrix.setup.plan }} failed html results if-no-files-found: ignore if: ${{ failure() }} - name: Upload test logs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: if-no-files-found: warn name: ${{ matrix.setup.plan }} runner logs From 187ba3828d50a11c08883a7199bb8c7aa11ac2c3 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 11 Oct 2022 16:07:20 +0200 Subject: [PATCH 036/117] ci: remove use of deprecated set-output --- .github/workflows/test.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fcf3ec97..7529b416 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -46,18 +46,15 @@ jobs: uses: actions/checkout@v3 - name: Setup node uses: actions/setup-node@v3 + id: node with: node-version: ${{ matrix.node-version }} - - name: Store node version variable - id: node - run: | - echo "::set-output name=version::$(node -v)" - name: Cache node_modules uses: actions/cache@v3 id: node_modules with: path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.version }} + key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.node-version }} - name: Install dependencies run: npx panva/npm-install-retry if: ${{ steps.node_modules.outputs.cache-hit != 'true' }} @@ -73,18 +70,15 @@ jobs: steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 + id: node with: node-version: 16 - - name: Store node version variable - id: node - run: | - echo "::set-output name=version::$(node -v)" - name: Cache node_modules uses: actions/cache@v3 id: node_modules with: path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.version }} + key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.node-version }} - name: Install dependencies run: npx panva/npm-install-retry if: ${{ steps.node_modules.outputs.cache-hit != 'true' }} @@ -107,7 +101,7 @@ jobs: run: | echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV - id: cache-key - run: echo "::set-output name=value::suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }}" + run: echo "value=suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }}" >> $GITHUB_OUTPUT - name: Load Cached Conformance Suite Build uses: actions/cache@v3 id: cache From a8eb8967a82c106a92f443cba6b2e8c8845e648b Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 14 Oct 2022 21:44:19 +0200 Subject: [PATCH 037/117] ci: lock actions with a git ref --- .github/workflows/lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 8a9cce87..0a1ec4fd 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -9,7 +9,7 @@ jobs: continue-on-error: true runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v3 + - uses: dessant/lock-threads@e460dfeb36e731f3aeb214be6b0c9a9d9a67eda6 with: github-token: ${{ github.token }} issue-inactive-days: '90' From 6824114d3fe0f02d3a40292fea57a725c38174a9 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 18 Oct 2022 17:27:07 +0200 Subject: [PATCH 038/117] chore: upgrade deps --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 70f6957f..410e941d 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ ] }, "dependencies": { - "jose": "^4.1.4", + "jose": "^4.10.0", "lru-cache": "^6.0.0", "object-hash": "^2.0.1", "oidc-token-hash": "^5.0.1" From 8515c88f6c57d5df6133fef946b34f03aaa82611 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 18 Oct 2022 17:27:18 +0200 Subject: [PATCH 039/117] ci: update, cleanup --- .github/workflows/test.yml | 57 +- .gitignore | 1 - package-lock.json | 2314 ++++++++++++++++++++++++++++++++++++ package.json | 10 +- 4 files changed, 2334 insertions(+), 48 deletions(-) create mode 100644 package-lock.json diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7529b416..5b5aab48 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,12 +1,8 @@ -name: Continuous Integration +name: Test on: push: - paths-ignore: - - '**.md' pull_request: - paths-ignore: - - '**.md' schedule: - cron: 0 10 * * 1-5 workflow_dispatch: @@ -25,22 +21,23 @@ jobs: - name: Setup node uses: actions/setup-node@v3 with: - node-version: 16 + node-version: 18 # lts/hydrogen + cache: 'npm' - name: Install dependencies - run: npx panva/npm-install-retry + run: npm clean-install - run: npm audit --production test: - name: Node Tests + Coverage runs-on: ubuntu-latest strategy: fail-fast: false matrix: node-version: - - 12 - - 14 - - 16 - - 18 + - lts/erbium # 12 + - lts/fermium # 14 + - lts/gallium # 16 + - 18 # lts/hydrogen + - current steps: - name: Checkout uses: actions/checkout@v3 @@ -49,40 +46,23 @@ jobs: id: node with: node-version: ${{ matrix.node-version }} - - name: Cache node_modules - uses: actions/cache@v3 - id: node_modules - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.node-version }} + cache: 'npm' - name: Install dependencies - run: npx panva/npm-install-retry - if: ${{ steps.node_modules.outputs.cache-hit != 'true' }} - - run: npm run coverage + run: npm clean-install + - run: npm run test electron: runs-on: ubuntu-latest - strategy: - matrix: - electron-version: - - 12.0.0 - - latest steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 id: node with: - node-version: 16 - - name: Cache node_modules - uses: actions/cache@v3 - id: node_modules - with: - path: node_modules - key: ${{ runner.os }}-node_modules-${{ hashFiles('package.json') }}-${{ steps.node.outputs.node-version }} + node-version: 18 # lts/hydrogen + cache: 'npm' - name: Install dependencies - run: npx panva/npm-install-retry - if: ${{ steps.node_modules.outputs.cache-hit != 'true' }} - - run: npx xvfb-maybe npx electron@${{ matrix.electron-version }} ./test/electron test/**/*.test.js + run: npm clean-install + - run: npx xvfb-maybe npx electron@latest ./test/electron test/**/*.test.js build-conformance-suite: runs-on: ubuntu-latest @@ -233,8 +213,9 @@ jobs: - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - uses: actions/setup-node@v3 with: - node-version: 16 - - run: npx panva/npm-install-retry + node-version: 18 # lts/hydrogen + cache: 'npm' + - run: npm clean-install working-directory: ./runner - run: npm install ${{ github.repository }}#${{ github.sha }} working-directory: ./runner diff --git a/.gitignore b/.gitignore index ff8e1a32..b97e8b8b 100644 --- a/.gitignore +++ b/.gitignore @@ -28,7 +28,6 @@ build/Release node_modules yarn.lock npm-shrinkwrap.json -package-lock.json # Optional npm cache directory .npm diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 00000000..c6135a3d --- /dev/null +++ b/package-lock.json @@ -0,0 +1,2314 @@ +{ + "name": "openid-client", + "version": "5.1.10", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "openid-client", + "version": "5.1.10", + "license": "MIT", + "dependencies": { + "jose": "^4.10.0", + "lru-cache": "^6.0.0", + "object-hash": "^2.0.1", + "oidc-token-hash": "^5.0.1" + }, + "devDependencies": { + "@types/node": "^16.11.5", + "@types/passport": "^1.0.7", + "base64url": "^3.0.1", + "chai": "^4.2.0", + "jose2": "npm:jose@^2.0.5", + "mocha": "^8.2.0", + "nock": "^13.0.2", + "prettier": "^2.4.1", + "readable-mock-req": "^0.2.2", + "sinon": "^9.2.0", + "timekeeper": "^2.2.0" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "../kms-openid-client": { + "version": "1.0.0", + "extraneous": true, + "license": "MIT", + "dependencies": { + "ecdsa-sig-formatter": "^1.0.11" + }, + "devDependencies": { + "@types/node": "^17.0.31", + "prettier": "^2.6.2", + "typescript": "^4.6.4" + }, + "engines": { + "node": "^14.18.0 || ^16.13.0 || >= 18.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + }, + "peerDependencies": { + "aws-sdk": "^2.1131.0", + "openid-client": "^5.1.5" + } + }, + "node_modules/@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==", + "dev": true, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/@sinonjs/commons": { + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", + "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", + "dev": true, + "dependencies": { + "type-detect": "4.0.8" + } + }, + "node_modules/@sinonjs/fake-timers": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-6.0.1.tgz", + "integrity": "sha512-MZPUxrmFubI36XS1DI3qmI0YdN1gks62JtFZvxR67ljjSNCeK6U08Zx4msEWOXuofgqUt6zPHSi1H9fbjR/NRA==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0" + } + }, + "node_modules/@sinonjs/samsam": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-5.3.1.tgz", + "integrity": "sha512-1Hc0b1TtyfBu8ixF/tpfSHTVWKwCBLY4QJbkgnE7HcwyvT2xArDxb4K7dMgqRm3szI+LJbzmW/s4xxEhv6hwDg==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.6.0", + "lodash.get": "^4.4.2", + "type-detect": "^4.0.8" + } + }, + "node_modules/@sinonjs/text-encoding": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "integrity": "sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ==", + "dev": true + }, + "node_modules/@types/body-parser": { + "version": "1.19.1", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/connect": "*", + "@types/node": "*" + } + }, + "node_modules/@types/connect": { + "version": "3.4.35", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/express": { + "version": "4.17.13", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/body-parser": "*", + "@types/express-serve-static-core": "^4.17.18", + "@types/qs": "*", + "@types/serve-static": "*" + } + }, + "node_modules/@types/express-serve-static-core": { + "version": "4.17.25", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*" + } + }, + "node_modules/@types/mime": { + "version": "1.3.2", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "16.11.7", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/passport": { + "version": "1.0.7", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/express": "*" + } + }, + "node_modules/@types/qs": { + "version": "6.9.7", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/range-parser": { + "version": "1.2.4", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/serve-static": { + "version": "1.13.10", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/mime": "^1", + "@types/node": "*" + } + }, + "node_modules/@ungap/promise-all-settled": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", + "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", + "dev": true + }, + "node_modules/ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/ansi-regex": { + "version": "3.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", + "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/assertion-error": { + "version": "1.1.0", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "dev": true, + "license": "MIT" + }, + "node_modules/base64url": { + "version": "3.0.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browser-stdout": { + "version": "1.3.1", + "dev": true, + "license": "ISC" + }, + "node_modules/chai": { + "version": "4.3.4", + "dev": true, + "license": "MIT", + "dependencies": { + "assertion-error": "^1.1.0", + "check-error": "^1.0.2", + "deep-eql": "^3.0.1", + "get-func-name": "^2.0.0", + "pathval": "^1.1.1", + "type-detect": "^4.0.5" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/check-error": { + "version": "1.0.2", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/chokidar": { + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz", + "integrity": "sha512-9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw==", + "dev": true, + "dependencies": { + "anymatch": "~3.1.1", + "braces": "~3.0.2", + "glob-parent": "~5.1.0", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.5.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "optionalDependencies": { + "fsevents": "~2.3.1" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "dev": true, + "license": "MIT" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "dev": true, + "license": "MIT" + }, + "node_modules/core-util-is": { + "version": "1.0.3", + "dev": true, + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.3.1", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/debug/node_modules/ms": { + "version": "2.1.2", + "dev": true, + "license": "MIT" + }, + "node_modules/deep-eql": { + "version": "3.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "type-detect": "^4.0.0" + }, + "engines": { + "node": ">=0.12" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "dev": true, + "license": "MIT" + }, + "node_modules/escalade": { + "version": "3.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "dev": true, + "bin": { + "flat": "cli.js" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "dev": true, + "license": "ISC" + }, + "node_modules/fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "dev": true, + "license": "ISC", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-func-name": { + "version": "2.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/glob": { + "version": "7.1.6", + "dev": true, + "license": "ISC", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/growl": { + "version": "1.10.5", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4.x" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/he": { + "version": "1.2.0", + "dev": true, + "license": "MIT", + "bin": { + "he": "bin/he" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "dev": true, + "license": "ISC", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "dev": true, + "license": "ISC" + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "2.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-readable-stream": { + "version": "1.0.1", + "dev": true, + "license": "ISC" + }, + "node_modules/isarray": { + "version": "0.0.1", + "dev": true, + "license": "MIT" + }, + "node_modules/isexe": { + "version": "2.0.0", + "dev": true, + "license": "ISC" + }, + "node_modules/jose": { + "version": "4.10.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.10.0.tgz", + "integrity": "sha512-KEhB/eLGLomWGPTb+/RNbYsTjIyx03JmbqAyIyiXBuNSa7CmNrJd5ysFhblayzs/e/vbOPMUaLnjHUMhGp4yLw==", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/jose2": { + "name": "jose", + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.6.tgz", + "integrity": "sha512-FVoPY7SflDodE4lknJmbAHSUjLCzE2H1F6MS0RYKMQ8SR+lNccpMf8R4eqkNYyyUjR5qZReOzZo5C5YiHOCjjg==", + "dev": true, + "dependencies": { + "@panva/asn1.js": "^1.0.0" + }, + "engines": { + "node": ">=10.13.0 < 13 || >=13.7.0" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/json-stringify-safe": { + "version": "5.0.1", + "dev": true, + "license": "ISC" + }, + "node_modules/just-extend": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", + "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", + "dev": true + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true + }, + "node_modules/lodash.get": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==", + "dev": true + }, + "node_modules/log-symbols": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz", + "integrity": "sha512-FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA==", + "dev": true, + "dependencies": { + "chalk": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "3.0.4", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/mocha": { + "version": "8.4.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-8.4.0.tgz", + "integrity": "sha512-hJaO0mwDXmZS4ghXsvPVriOhsxQ7ofcpQdm8dE+jISUOKopitvnXFQmpRR7jd2K6VBG6E26gU3IAbXXGIbu4sQ==", + "dev": true, + "dependencies": { + "@ungap/promise-all-settled": "1.1.2", + "ansi-colors": "4.1.1", + "browser-stdout": "1.3.1", + "chokidar": "3.5.1", + "debug": "4.3.1", + "diff": "5.0.0", + "escape-string-regexp": "4.0.0", + "find-up": "5.0.0", + "glob": "7.1.6", + "growl": "1.10.5", + "he": "1.2.0", + "js-yaml": "4.0.0", + "log-symbols": "4.0.0", + "minimatch": "3.0.4", + "ms": "2.1.3", + "nanoid": "3.1.20", + "serialize-javascript": "5.0.1", + "strip-json-comments": "3.1.1", + "supports-color": "8.1.1", + "which": "2.0.2", + "wide-align": "1.1.3", + "workerpool": "6.1.0", + "yargs": "16.2.0", + "yargs-parser": "20.2.4", + "yargs-unparser": "2.0.0" + }, + "bin": { + "_mocha": "bin/_mocha", + "mocha": "bin/mocha" + }, + "engines": { + "node": ">= 10.12.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/mochajs" + } + }, + "node_modules/mocha/node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/mocha/node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "node_modules/mocha/node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/mocha/node_modules/diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true, + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/mocha/node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mocha/node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mocha/node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/mocha/node_modules/js-yaml": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.0.0.tgz", + "integrity": "sha512-pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/mocha/node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mocha/node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mocha/node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mocha/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/mocha/node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/mocha/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/mocha/node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/mocha/node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/mocha/node_modules/yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "node_modules/nanoid": { + "version": "3.1.20", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz", + "integrity": "sha512-a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw==", + "dev": true, + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/nise": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/nise/-/nise-4.1.0.tgz", + "integrity": "sha512-eQMEmGN/8arp0xsvGoQ+B1qvSkR73B1nWSCh7nOt5neMCtwcQVYQGdzQMhcNscktTsWB54xnlSQFzOAPJD8nXA==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.7.0", + "@sinonjs/fake-timers": "^6.0.0", + "@sinonjs/text-encoding": "^0.7.1", + "just-extend": "^4.0.2", + "path-to-regexp": "^1.7.0" + } + }, + "node_modules/nock": { + "version": "13.2.9", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.2.9.tgz", + "integrity": "sha512-1+XfJNYF1cjGB+TKMWi29eZ0b82QOvQs2YoLNzbpWGqFMtRQHTa57osqdGj4FrFPgkO4D4AZinzUJR9VvW3QUA==", + "dev": true, + "dependencies": { + "debug": "^4.1.0", + "json-stringify-safe": "^5.0.1", + "lodash": "^4.17.21", + "propagate": "^2.0.0" + }, + "engines": { + "node": ">= 10.13" + } + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==", + "engines": { + "node": ">= 6" + } + }, + "node_modules/oidc-token-hash": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.1.tgz", + "integrity": "sha512-EvoOtz6FIEBzE+9q253HsLCVRiK/0doEJ2HCvvqMQb3dHZrP3WlJKYtJ55CRTw4jmYomzH4wkPuCj/I3ZvpKxQ==", + "engines": { + "node": "^10.13.0 || >=12.0.0" + } + }, + "node_modules/once": { + "version": "1.4.0", + "dev": true, + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-to-regexp": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", + "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", + "dev": true, + "dependencies": { + "isarray": "0.0.1" + } + }, + "node_modules/pathval": { + "version": "1.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/prettier": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz", + "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==", + "dev": true, + "bin": { + "prettier": "bin-prettier.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/propagate": { + "version": "2.0.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/readable-mock-req": { + "version": "0.2.2", + "dev": true, + "license": "MIT", + "dependencies": { + "is-readable-stream": "~1.0.0", + "methods": "~1.1.1", + "readable-stream": "~1.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/readable-stream": { + "version": "1.1.14", + "dev": true, + "license": "MIT", + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.1", + "isarray": "0.0.1", + "string_decoder": "~0.10.x" + } + }, + "node_modules/readdirp": { + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz", + "integrity": "sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ==", + "dev": true, + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/safe-buffer": { + "version": "5.1.2", + "dev": true, + "license": "MIT" + }, + "node_modules/serialize-javascript": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz", + "integrity": "sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA==", + "dev": true, + "dependencies": { + "randombytes": "^2.1.0" + } + }, + "node_modules/sinon": { + "version": "9.2.4", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.4.tgz", + "integrity": "sha512-zljcULZQsJxVra28qIAL6ow1Z9tpattkCTEJR4RBP3TGc00FcttsP5pK284Nas5WjMZU5Yzy3kAIp3B3KRf5Yg==", + "dev": true, + "dependencies": { + "@sinonjs/commons": "^1.8.1", + "@sinonjs/fake-timers": "^6.0.1", + "@sinonjs/samsam": "^5.3.1", + "diff": "^4.0.2", + "nise": "^4.0.4", + "supports-color": "^7.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/sinon" + } + }, + "node_modules/sinon/node_modules/diff": { + "version": "4.0.2", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/sinon/node_modules/supports-color": { + "version": "7.2.0", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string_decoder": { + "version": "0.10.31", + "dev": true, + "license": "MIT" + }, + "node_modules/string-width": { + "version": "2.1.1", + "dev": true, + "license": "MIT", + "dependencies": { + "is-fullwidth-code-point": "^2.0.0", + "strip-ansi": "^4.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/strip-ansi": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-regex": "^3.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/timekeeper": { + "version": "2.2.0", + "dev": true, + "license": "MIT" + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/type-detect": { + "version": "4.0.8", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/which": { + "version": "2.0.2", + "dev": true, + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/wide-align": { + "version": "1.1.3", + "dev": true, + "license": "ISC", + "dependencies": { + "string-width": "^1.0.2 || 2" + } + }, + "node_modules/workerpool": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.1.0.tgz", + "integrity": "sha512-toV7q9rWNYha963Pl/qyeZ6wG+3nnsyvolaNUS8+R5Wtw6qJPTxIlOP1ZSvcGhEJw+l3HMMmtiNo9Gl61G4GVg==", + "dev": true + }, + "node_modules/wrappy": { + "version": "1.0.2", + "dev": true, + "license": "ISC" + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "node_modules/yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "dev": true, + "dependencies": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/yargs-unparser/node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/yargs-unparser/node_modules/decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/yargs-unparser/node_modules/is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + } + }, + "dependencies": { + "@panva/asn1.js": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", + "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==", + "dev": true + }, + "@sinonjs/commons": { + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", + "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", + "dev": true, + "requires": { + "type-detect": "4.0.8" + } + }, + "@sinonjs/fake-timers": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-6.0.1.tgz", + "integrity": "sha512-MZPUxrmFubI36XS1DI3qmI0YdN1gks62JtFZvxR67ljjSNCeK6U08Zx4msEWOXuofgqUt6zPHSi1H9fbjR/NRA==", + "dev": true, + "requires": { + "@sinonjs/commons": "^1.7.0" + } + }, + "@sinonjs/samsam": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-5.3.1.tgz", + "integrity": "sha512-1Hc0b1TtyfBu8ixF/tpfSHTVWKwCBLY4QJbkgnE7HcwyvT2xArDxb4K7dMgqRm3szI+LJbzmW/s4xxEhv6hwDg==", + "dev": true, + "requires": { + "@sinonjs/commons": "^1.6.0", + "lodash.get": "^4.4.2", + "type-detect": "^4.0.8" + } + }, + "@sinonjs/text-encoding": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", + "integrity": "sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ==", + "dev": true + }, + "@types/body-parser": { + "version": "1.19.1", + "dev": true, + "requires": { + "@types/connect": "*", + "@types/node": "*" + } + }, + "@types/connect": { + "version": "3.4.35", + "dev": true, + "requires": { + "@types/node": "*" + } + }, + "@types/express": { + "version": "4.17.13", + "dev": true, + "requires": { + "@types/body-parser": "*", + "@types/express-serve-static-core": "^4.17.18", + "@types/qs": "*", + "@types/serve-static": "*" + } + }, + "@types/express-serve-static-core": { + "version": "4.17.25", + "dev": true, + "requires": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*" + } + }, + "@types/mime": { + "version": "1.3.2", + "dev": true + }, + "@types/node": { + "version": "16.11.7", + "dev": true + }, + "@types/passport": { + "version": "1.0.7", + "dev": true, + "requires": { + "@types/express": "*" + } + }, + "@types/qs": { + "version": "6.9.7", + "dev": true + }, + "@types/range-parser": { + "version": "1.2.4", + "dev": true + }, + "@types/serve-static": { + "version": "1.13.10", + "dev": true, + "requires": { + "@types/mime": "^1", + "@types/node": "*" + } + }, + "@ungap/promise-all-settled": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", + "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", + "dev": true + }, + "ansi-colors": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", + "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", + "dev": true + }, + "ansi-regex": { + "version": "3.0.0", + "dev": true + }, + "ansi-styles": { + "version": "4.3.0", + "dev": true, + "requires": { + "color-convert": "^2.0.1" + } + }, + "anymatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", + "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "dev": true, + "requires": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + } + }, + "assertion-error": { + "version": "1.1.0", + "dev": true + }, + "balanced-match": { + "version": "1.0.2", + "dev": true + }, + "base64url": { + "version": "3.0.1", + "dev": true + }, + "binary-extensions": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", + "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dev": true, + "requires": { + "fill-range": "^7.0.1" + } + }, + "browser-stdout": { + "version": "1.3.1", + "dev": true + }, + "chai": { + "version": "4.3.4", + "dev": true, + "requires": { + "assertion-error": "^1.1.0", + "check-error": "^1.0.2", + "deep-eql": "^3.0.1", + "get-func-name": "^2.0.0", + "pathval": "^1.1.1", + "type-detect": "^4.0.5" + } + }, + "chalk": { + "version": "4.1.2", + "dev": true, + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "dependencies": { + "supports-color": { + "version": "7.2.0", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + } + } + }, + "check-error": { + "version": "1.0.2", + "dev": true + }, + "chokidar": { + "version": "3.5.1", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz", + "integrity": "sha512-9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw==", + "dev": true, + "requires": { + "anymatch": "~3.1.1", + "braces": "~3.0.2", + "fsevents": "~2.3.1", + "glob-parent": "~5.1.0", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.5.0" + } + }, + "color-convert": { + "version": "2.0.1", + "dev": true, + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "dev": true + }, + "core-util-is": { + "version": "1.0.3", + "dev": true + }, + "debug": { + "version": "4.3.1", + "dev": true, + "requires": { + "ms": "2.1.2" + }, + "dependencies": { + "ms": { + "version": "2.1.2", + "dev": true + } + } + }, + "deep-eql": { + "version": "3.0.1", + "dev": true, + "requires": { + "type-detect": "^4.0.0" + } + }, + "emoji-regex": { + "version": "8.0.0", + "dev": true + }, + "escalade": { + "version": "3.1.1", + "dev": true + }, + "fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dev": true, + "requires": { + "to-regex-range": "^5.0.1" + } + }, + "flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "dev": true + }, + "fs.realpath": { + "version": "1.0.0", + "dev": true + }, + "fsevents": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", + "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "dev": true, + "optional": true + }, + "get-caller-file": { + "version": "2.0.5", + "dev": true + }, + "get-func-name": { + "version": "2.0.0", + "dev": true + }, + "glob": { + "version": "7.1.6", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "glob-parent": { + "version": "5.1.2", + "dev": true, + "requires": { + "is-glob": "^4.0.1" + } + }, + "growl": { + "version": "1.10.5", + "dev": true + }, + "has-flag": { + "version": "4.0.0", + "dev": true + }, + "he": { + "version": "1.2.0", + "dev": true + }, + "inflight": { + "version": "1.0.6", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "dev": true + }, + "is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "requires": { + "binary-extensions": "^2.0.0" + } + }, + "is-extglob": { + "version": "2.1.1", + "dev": true + }, + "is-fullwidth-code-point": { + "version": "2.0.0", + "dev": true + }, + "is-glob": { + "version": "4.0.3", + "dev": true, + "requires": { + "is-extglob": "^2.1.1" + } + }, + "is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true + }, + "is-readable-stream": { + "version": "1.0.1", + "dev": true + }, + "isarray": { + "version": "0.0.1", + "dev": true + }, + "isexe": { + "version": "2.0.0", + "dev": true + }, + "jose": { + "version": "4.10.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.10.0.tgz", + "integrity": "sha512-KEhB/eLGLomWGPTb+/RNbYsTjIyx03JmbqAyIyiXBuNSa7CmNrJd5ysFhblayzs/e/vbOPMUaLnjHUMhGp4yLw==" + }, + "jose2": { + "version": "npm:jose@2.0.6", + "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.6.tgz", + "integrity": "sha512-FVoPY7SflDodE4lknJmbAHSUjLCzE2H1F6MS0RYKMQ8SR+lNccpMf8R4eqkNYyyUjR5qZReOzZo5C5YiHOCjjg==", + "dev": true, + "requires": { + "@panva/asn1.js": "^1.0.0" + } + }, + "json-stringify-safe": { + "version": "5.0.1", + "dev": true + }, + "just-extend": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", + "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", + "dev": true + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true + }, + "lodash.get": { + "version": "4.4.2", + "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", + "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==", + "dev": true + }, + "log-symbols": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz", + "integrity": "sha512-FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA==", + "dev": true, + "requires": { + "chalk": "^4.0.0" + } + }, + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "requires": { + "yallist": "^4.0.0" + } + }, + "methods": { + "version": "1.1.2", + "dev": true + }, + "minimatch": { + "version": "3.0.4", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "mocha": { + "version": "8.4.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-8.4.0.tgz", + "integrity": "sha512-hJaO0mwDXmZS4ghXsvPVriOhsxQ7ofcpQdm8dE+jISUOKopitvnXFQmpRR7jd2K6VBG6E26gU3IAbXXGIbu4sQ==", + "dev": true, + "requires": { + "@ungap/promise-all-settled": "1.1.2", + "ansi-colors": "4.1.1", + "browser-stdout": "1.3.1", + "chokidar": "3.5.1", + "debug": "4.3.1", + "diff": "5.0.0", + "escape-string-regexp": "4.0.0", + "find-up": "5.0.0", + "glob": "7.1.6", + "growl": "1.10.5", + "he": "1.2.0", + "js-yaml": "4.0.0", + "log-symbols": "4.0.0", + "minimatch": "3.0.4", + "ms": "2.1.3", + "nanoid": "3.1.20", + "serialize-javascript": "5.0.1", + "strip-json-comments": "3.1.1", + "supports-color": "8.1.1", + "which": "2.0.2", + "wide-align": "1.1.3", + "workerpool": "6.1.0", + "yargs": "16.2.0", + "yargs-parser": "20.2.4", + "yargs-unparser": "2.0.0" + }, + "dependencies": { + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true + }, + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, + "cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "requires": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true + }, + "escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true + }, + "find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "requires": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + } + }, + "is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true + }, + "js-yaml": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.0.0.tgz", + "integrity": "sha512-pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q==", + "dev": true, + "requires": { + "argparse": "^2.0.1" + } + }, + "locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "requires": { + "p-locate": "^5.0.0" + } + }, + "p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "requires": { + "yocto-queue": "^0.1.0" + } + }, + "p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "requires": { + "p-limit": "^3.0.2" + } + }, + "string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "requires": { + "ansi-regex": "^5.0.1" + } + }, + "wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + }, + "y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true + }, + "yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "requires": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + } + }, + "yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true + } + } + }, + "ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true + }, + "nanoid": { + "version": "3.1.20", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz", + "integrity": "sha512-a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw==", + "dev": true + }, + "nise": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/nise/-/nise-4.1.0.tgz", + "integrity": "sha512-eQMEmGN/8arp0xsvGoQ+B1qvSkR73B1nWSCh7nOt5neMCtwcQVYQGdzQMhcNscktTsWB54xnlSQFzOAPJD8nXA==", + "dev": true, + "requires": { + "@sinonjs/commons": "^1.7.0", + "@sinonjs/fake-timers": "^6.0.0", + "@sinonjs/text-encoding": "^0.7.1", + "just-extend": "^4.0.2", + "path-to-regexp": "^1.7.0" + } + }, + "nock": { + "version": "13.2.9", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.2.9.tgz", + "integrity": "sha512-1+XfJNYF1cjGB+TKMWi29eZ0b82QOvQs2YoLNzbpWGqFMtRQHTa57osqdGj4FrFPgkO4D4AZinzUJR9VvW3QUA==", + "dev": true, + "requires": { + "debug": "^4.1.0", + "json-stringify-safe": "^5.0.1", + "lodash": "^4.17.21", + "propagate": "^2.0.0" + } + }, + "normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true + }, + "object-hash": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" + }, + "oidc-token-hash": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.1.tgz", + "integrity": "sha512-EvoOtz6FIEBzE+9q253HsLCVRiK/0doEJ2HCvvqMQb3dHZrP3WlJKYtJ55CRTw4jmYomzH4wkPuCj/I3ZvpKxQ==" + }, + "once": { + "version": "1.4.0", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "path-exists": { + "version": "4.0.0", + "dev": true + }, + "path-is-absolute": { + "version": "1.0.1", + "dev": true + }, + "path-to-regexp": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", + "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", + "dev": true, + "requires": { + "isarray": "0.0.1" + } + }, + "pathval": { + "version": "1.1.1", + "dev": true + }, + "picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true + }, + "prettier": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz", + "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==", + "dev": true + }, + "propagate": { + "version": "2.0.1", + "dev": true + }, + "randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dev": true, + "requires": { + "safe-buffer": "^5.1.0" + } + }, + "readable-mock-req": { + "version": "0.2.2", + "dev": true, + "requires": { + "is-readable-stream": "~1.0.0", + "methods": "~1.1.1", + "readable-stream": "~1.1.0" + } + }, + "readable-stream": { + "version": "1.1.14", + "dev": true, + "requires": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.1", + "isarray": "0.0.1", + "string_decoder": "~0.10.x" + } + }, + "readdirp": { + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz", + "integrity": "sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ==", + "dev": true, + "requires": { + "picomatch": "^2.2.1" + } + }, + "require-directory": { + "version": "2.1.1", + "dev": true + }, + "safe-buffer": { + "version": "5.1.2", + "dev": true + }, + "serialize-javascript": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz", + "integrity": "sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA==", + "dev": true, + "requires": { + "randombytes": "^2.1.0" + } + }, + "sinon": { + "version": "9.2.4", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.4.tgz", + "integrity": "sha512-zljcULZQsJxVra28qIAL6ow1Z9tpattkCTEJR4RBP3TGc00FcttsP5pK284Nas5WjMZU5Yzy3kAIp3B3KRf5Yg==", + "dev": true, + "requires": { + "@sinonjs/commons": "^1.8.1", + "@sinonjs/fake-timers": "^6.0.1", + "@sinonjs/samsam": "^5.3.1", + "diff": "^4.0.2", + "nise": "^4.0.4", + "supports-color": "^7.1.0" + }, + "dependencies": { + "diff": { + "version": "4.0.2", + "dev": true + }, + "supports-color": { + "version": "7.2.0", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + } + } + }, + "string_decoder": { + "version": "0.10.31", + "dev": true + }, + "string-width": { + "version": "2.1.1", + "dev": true, + "requires": { + "is-fullwidth-code-point": "^2.0.0", + "strip-ansi": "^4.0.0" + } + }, + "strip-ansi": { + "version": "4.0.0", + "dev": true, + "requires": { + "ansi-regex": "^3.0.0" + } + }, + "strip-json-comments": { + "version": "3.1.1", + "dev": true + }, + "supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dev": true, + "requires": { + "has-flag": "^4.0.0" + } + }, + "timekeeper": { + "version": "2.2.0", + "dev": true + }, + "to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "requires": { + "is-number": "^7.0.0" + } + }, + "type-detect": { + "version": "4.0.8", + "dev": true + }, + "which": { + "version": "2.0.2", + "dev": true, + "requires": { + "isexe": "^2.0.0" + } + }, + "wide-align": { + "version": "1.1.3", + "dev": true, + "requires": { + "string-width": "^1.0.2 || 2" + } + }, + "workerpool": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.1.0.tgz", + "integrity": "sha512-toV7q9rWNYha963Pl/qyeZ6wG+3nnsyvolaNUS8+R5Wtw6qJPTxIlOP1ZSvcGhEJw+l3HMMmtiNo9Gl61G4GVg==", + "dev": true + }, + "wrappy": { + "version": "1.0.2", + "dev": true + }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "dev": true, + "requires": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" + }, + "dependencies": { + "camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "dev": true + }, + "decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true + }, + "is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true + } + } + }, + "yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true + } + } +} diff --git a/package.json b/package.json index 410e941d..ce37e6f0 100644 --- a/package.json +++ b/package.json @@ -41,16 +41,9 @@ "types/index.d.ts" ], "scripts": { - "coverage": "nyc mocha test/**/*.test.js", - "prettier": "npx prettier --loglevel silent --write ./lib ./test ./certification ./types", + "format": "npx prettier --loglevel silent --write ./lib ./test ./certification ./types", "test": "mocha test/**/*.test.js" }, - "nyc": { - "reporter": [ - "lcov", - "text-summary" - ] - }, "dependencies": { "jose": "^4.10.0", "lru-cache": "^6.0.0", @@ -65,7 +58,6 @@ "jose2": "npm:jose@^2.0.5", "mocha": "^8.2.0", "nock": "^13.0.2", - "nyc": "^15.1.0", "prettier": "^2.4.1", "readable-mock-req": "^0.2.2", "sinon": "^9.2.0", From f42073c4fe33d7a3c313f9e5e21e2ec471df9bc6 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 18 Oct 2022 20:34:44 +0200 Subject: [PATCH 040/117] ci: re-add check-latest --- .github/workflows/test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5b5aab48..01a854f1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,6 +23,7 @@ jobs: with: node-version: 18 # lts/hydrogen cache: 'npm' + check-latest: true - name: Install dependencies run: npm clean-install - run: npm audit --production @@ -47,6 +48,7 @@ jobs: with: node-version: ${{ matrix.node-version }} cache: 'npm' + check-latest: true - name: Install dependencies run: npm clean-install - run: npm run test @@ -60,6 +62,7 @@ jobs: with: node-version: 18 # lts/hydrogen cache: 'npm' + check-latest: true - name: Install dependencies run: npm clean-install - run: npx xvfb-maybe npx electron@latest ./test/electron test/**/*.test.js @@ -215,6 +218,7 @@ jobs: with: node-version: 18 # lts/hydrogen cache: 'npm' + check-latest: true - run: npm clean-install working-directory: ./runner - run: npm install ${{ github.repository }}#${{ github.sha }} From 7c5f24a8a9fe1d2582d53f672546df10d81a42b7 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 19 Oct 2022 10:02:58 +0200 Subject: [PATCH 041/117] ci: align workflow cron schedules --- .github/workflows/lock.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 0a1ec4fd..36710eba 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -2,7 +2,7 @@ name: 'Lock threads' on: schedule: - - cron: '5 9 * * *' + - cron: '20 11 * * 1' jobs: lock: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 01a854f1..b25596ce 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,7 +4,7 @@ on: push: pull_request: schedule: - - cron: 0 10 * * 1-5 + - cron: '20 11 * * 1' workflow_dispatch: inputs: conformance-version: From 6fd93509b73a67693fb073d31308a0bfcae0ce3f Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 19 Oct 2022 10:55:54 +0200 Subject: [PATCH 042/117] feat: add client_id to endSessionUrl query strings --- lib/client.js | 1 + test/client/client_instance.test.js | 12 +++++++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/client.js b/lib/client.js index 97ec3ee1..6ec05f0a 100644 --- a/lib/client.js +++ b/lib/client.js @@ -304,6 +304,7 @@ class BaseClient { ...{ post_logout_redirect_uri, id_token_hint: hint, + client_id: this.client_id, }, }; diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index 866017c2..ac028c80 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -241,15 +241,18 @@ describe('Client', () => { }).to.throw('end_session_endpoint must be configured on the issuer'); }); - it('returns the end_session_endpoint only if nothing is passed', function () { - expect(this.client.endSessionUrl()).to.eql('https://op.example.com/session/end'); + it('returns the end_session_endpoint with client_id if nothing is passed', function () { + expect(this.client.endSessionUrl()).to.eql( + 'https://op.example.com/session/end?client_id=identifier', + ); expect(this.clientWithQuery.endSessionUrl()).to.eql( - 'https://op.example.com/session/end?foo=bar', + 'https://op.example.com/session/end?foo=bar&client_id=identifier', ); }); it('defaults the post_logout_redirect_uri if client has some', function () { expect(url.parse(this.clientWithUris.endSessionUrl(), true).query).to.eql({ + client_id: 'identifier', post_logout_redirect_uri: 'https://rp.example.com/logout/cb', }); }); @@ -268,6 +271,7 @@ describe('Client', () => { true, ).query, ).to.eql({ + client_id: 'identifier', id_token_hint: 'eyJhbGciOiJub25lIn0.eyJzdWIiOiJzdWJqZWN0In0.', }); }); @@ -298,6 +302,7 @@ describe('Client', () => { post_logout_redirect_uri: 'https://rp.example.com/logout/cb', state: 'foo', id_token_hint: 'idtoken', + client_id: 'identifier', }); expect( url.parse( @@ -314,6 +319,7 @@ describe('Client', () => { state: 'foo', foo: 'bar', id_token_hint: 'idtoken', + client_id: 'identifier', }); }); }); From 7cc240277c30badc7aa7431c31d72feec1237e23 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 19 Oct 2022 11:10:28 +0200 Subject: [PATCH 043/117] fix: allow endSessionUrl defaults to be overriden --- README.md | 4 ++-- docs/README.md | 1 + lib/client.js | 21 +++++++++++---------- test/client/client_instance.test.js | 15 +++++++++++++++ 4 files changed, 29 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 8c8907f0..92522782 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ openid-client. - self_signed_tls_client_auth - [RFC9101 - OAuth 2.0 JWT-Secured Authorization Request (JAR)][feature-jar] - [RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)][feature-par] -- [OpenID Connect RP-Initiated Logout 1.0 - draft 01][feature-rp-logout] +- [OpenID Connect RP-Initiated Logout 1.0][feature-rp-logout] - [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][feature-fapi] - [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) - ID1][feature-jarm] - [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 04][feature-dpop] @@ -272,7 +272,7 @@ See [Customizing (docs)][documentation-customizing]. [feature-introspection]: https://tools.ietf.org/html/rfc7662 [feature-mtls]: https://tools.ietf.org/html/rfc8705 [feature-device-flow]: https://tools.ietf.org/html/rfc8628 -[feature-rp-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0-01.html +[feature-rp-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0.html [feature-jarm]: https://openid.net/specs/openid-financial-api-jarm-ID1.html [feature-fapi]: https://openid.net/specs/openid-financial-api-part-2-1_0.html [feature-dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-04 diff --git a/docs/README.md b/docs/README.md index 88955eb5..de900597 100644 --- a/docs/README.md +++ b/docs/README.md @@ -242,6 +242,7 @@ parameters. - `parameters`: `` - `id_token_hint`: `` | `` + - `client_id`: `` **Default:** client's client_id - `post_logout_redirect_uri`: `` **Default:** If only a single `client.post_logout_redirect_uris` member is present that one will be used automatically. - `state`: `` diff --git a/lib/client.js b/lib/client.js index 6ec05f0a..f535a144 100644 --- a/lib/client.js +++ b/lib/client.js @@ -288,25 +288,26 @@ class BaseClient { const { post_logout_redirect_uri = length === 1 ? postLogout : undefined } = params; - let hint = params.id_token_hint; - if (hint instanceof TokenSet) { - if (!hint.id_token) { + let id_token_hint; + ({ id_token_hint, ...params } = params); + if (id_token_hint instanceof TokenSet) { + if (!id_token_hint.id_token) { throw new TypeError('id_token not present in TokenSet'); } - hint = hint.id_token; + id_token_hint = id_token_hint.id_token; } const target = url.parse(this.issuer.end_session_endpoint, true); target.search = null; - target.query = { - ...params, - ...target.query, - ...{ + defaults( + target.query, + params, + { post_logout_redirect_uri, - id_token_hint: hint, client_id: this.client_id, }, - }; + { id_token_hint }, + ); Object.entries(target.query).forEach(([key, value]) => { if (value === null || value === undefined) { diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index ac028c80..ba653dec 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -288,6 +288,21 @@ describe('Client', () => { ).to.throw(TypeError, 'id_token not present in TokenSet'); }); + it('allows to override default applied values', function () { + expect( + url.parse( + this.client.endSessionUrl({ + post_logout_redirect_uri: 'override', + client_id: 'override', + }), + true, + ).query, + ).to.eql({ + post_logout_redirect_uri: 'override', + client_id: 'override', + }); + }); + it('allows for recommended and optional query params to be passed in', function () { expect( url.parse( From 7ee76543a171c0c292c6e0a32eb502f1fa8405f2 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 19 Oct 2022 11:16:28 +0200 Subject: [PATCH 044/117] doc: add logout_hint to endSessionUrl docs --- docs/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/README.md b/docs/README.md index de900597..d5296d64 100644 --- a/docs/README.md +++ b/docs/README.md @@ -246,6 +246,7 @@ parameters. - `post_logout_redirect_uri`: `` **Default:** If only a single `client.post_logout_redirect_uris` member is present that one will be used automatically. - `state`: `` + - `logout_hint`: `` - any other end session parameters may be provided - Returns: `` From 1e3892e6222fdd1956735f97584ebc722fcebdd3 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 19 Oct 2022 11:16:35 +0200 Subject: [PATCH 045/117] chore(release): 5.2.0 --- CHANGELOG.md | 12 ++++++++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 44ba1f7d..a4734046 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.2.0](https://github.com/panva/node-openid-client/compare/v5.1.10...v5.2.0) (2022-10-19) + + +### Features + +* add client_id to endSessionUrl query strings ([6fd9350](https://github.com/panva/node-openid-client/commit/6fd93509b73a67693fb073d31308a0bfcae0ce3f)) + + +### Fixes + +* allow endSessionUrl defaults to be overriden ([7cc2402](https://github.com/panva/node-openid-client/commit/7cc240277c30badc7aa7431c31d72feec1237e23)) + ## [5.1.10](https://github.com/panva/node-openid-client/compare/v5.1.9...v5.1.10) (2022-09-28) diff --git a/package-lock.json b/package-lock.json index c6135a3d..5f6c6907 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.1.10", + "version": "5.2.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.1.10", + "version": "5.2.0", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index ce37e6f0..4486a0e1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.1.10", + "version": "5.2.0", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From b7b54384421f9f0fe0d9c42cf731d0877d95c256 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 20 Oct 2022 17:17:04 +0200 Subject: [PATCH 046/117] fix(typescript): add client_id and logout_hint to EndSessionParameters --- types/index.d.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/types/index.d.ts b/types/index.d.ts index 0baba3a8..d54f98a1 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -136,6 +136,8 @@ export interface EndSessionParameters { id_token_hint?: TokenSet | string; post_logout_redirect_uri?: string; state?: string; + client_id?: string; + logout_hint?: string; [key: string]: unknown; } From f54ed18169857c512259a6b9e3bfdad9a54bd640 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 20 Oct 2022 17:21:22 +0200 Subject: [PATCH 047/117] ci: skip flaky on CITGM --- .mocharc.yml | 3 --- test/issuer/issuer_instance.test.js | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 .mocharc.yml diff --git a/.mocharc.yml b/.mocharc.yml deleted file mode 100644 index 3930ec3e..00000000 --- a/.mocharc.yml +++ /dev/null @@ -1,3 +0,0 @@ -retries: 1 -forbid-only: true -forbid-pending: true diff --git a/test/issuer/issuer_instance.test.js b/test/issuer/issuer_instance.test.js index 2f1fff14..9ccc725f 100644 --- a/test/issuer/issuer_instance.test.js +++ b/test/issuer/issuer_instance.test.js @@ -53,6 +53,9 @@ describe('Issuer', () => { }); it('fetches if asked to (one concurrent request at a time)', function () { + if ('CITGM' in process.env) { + this.skip(); + } nock.cleanAll(); // force a fail to fetch to check it tries to load From cd6d87dd6c949a07057bb8dedfc406da658d36ad Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 20 Oct 2022 17:24:04 +0200 Subject: [PATCH 048/117] chore(release): 5.2.1 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4734046..d4d8ae0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.2.1](https://github.com/panva/node-openid-client/compare/v5.2.0...v5.2.1) (2022-10-20) + + +### Fixes + +* **typescript:** add client_id and logout_hint to EndSessionParameters ([b7b5438](https://github.com/panva/node-openid-client/commit/b7b54384421f9f0fe0d9c42cf731d0877d95c256)) + ## [5.2.0](https://github.com/panva/node-openid-client/compare/v5.1.10...v5.2.0) (2022-10-19) diff --git a/package-lock.json b/package-lock.json index 5f6c6907..9bdce3b8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.2.0", + "version": "5.2.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.2.0", + "version": "5.2.1", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index 4486a0e1..ca207db7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.2.0", + "version": "5.2.1", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 8680cb05303ce381e847ba259f072179b58d28b9 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 20 Oct 2022 17:29:17 +0200 Subject: [PATCH 049/117] Revert "ci: skip flaky on CITGM" This reverts commit f54ed18169857c512259a6b9e3bfdad9a54bd640. --- .mocharc.yml | 3 +++ test/issuer/issuer_instance.test.js | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 .mocharc.yml diff --git a/.mocharc.yml b/.mocharc.yml new file mode 100644 index 00000000..3930ec3e --- /dev/null +++ b/.mocharc.yml @@ -0,0 +1,3 @@ +retries: 1 +forbid-only: true +forbid-pending: true diff --git a/test/issuer/issuer_instance.test.js b/test/issuer/issuer_instance.test.js index 9ccc725f..2f1fff14 100644 --- a/test/issuer/issuer_instance.test.js +++ b/test/issuer/issuer_instance.test.js @@ -53,9 +53,6 @@ describe('Issuer', () => { }); it('fetches if asked to (one concurrent request at a time)', function () { - if ('CITGM' in process.env) { - this.skip(); - } nock.cleanAll(); // force a fail to fetch to check it tries to load From 6ebe9fdc1a181775161713c9fcdc83a19ab3cb58 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 20 Oct 2022 17:29:41 +0200 Subject: [PATCH 050/117] test: remove mocharc --- .mocharc.yml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 .mocharc.yml diff --git a/.mocharc.yml b/.mocharc.yml deleted file mode 100644 index 3930ec3e..00000000 --- a/.mocharc.yml +++ /dev/null @@ -1,3 +0,0 @@ -retries: 1 -forbid-only: true -forbid-pending: true From aa837dcd27dca3e38e6f1d0ec1ab7a2b5c0e9f85 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 25 Oct 2022 14:03:17 +0200 Subject: [PATCH 051/117] docs: update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 92522782..f7b07474 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ specific middlewares. Those can however be built using the exposed API, one such ## Install -Node.js LTS releases Codename Erbium (starting with ^12.19.0) and newer LTS releases are supported. +Node.js LTS releases Codename Erbium and newer LTS releases are supported. ```console npm install openid-client From 6ab89b93154266e75a14acb9cc2e7ce62f17c349 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 25 Oct 2022 14:03:24 +0200 Subject: [PATCH 052/117] ci: bump to use lts/hydrogen --- .github/workflows/test.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b25596ce..98cab3e5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: - name: Setup node uses: actions/setup-node@v3 with: - node-version: 18 # lts/hydrogen + node-version: lts/hydrogen # 18 cache: 'npm' check-latest: true - name: Install dependencies @@ -30,6 +30,7 @@ jobs: test: runs-on: ubuntu-latest + continue-on-error: ${{ !startsWith(matrix.node-version, 'lts') }} strategy: fail-fast: false matrix: @@ -37,7 +38,7 @@ jobs: - lts/erbium # 12 - lts/fermium # 14 - lts/gallium # 16 - - 18 # lts/hydrogen + - lts/hydrogen # 18 - current steps: - name: Checkout @@ -60,7 +61,7 @@ jobs: - uses: actions/setup-node@v3 id: node with: - node-version: 18 # lts/hydrogen + node-version: lts/hydrogen # 18 cache: 'npm' check-latest: true - name: Install dependencies @@ -216,7 +217,7 @@ jobs: - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - uses: actions/setup-node@v3 with: - node-version: 18 # lts/hydrogen + node-version: lts/hydrogen # 18 cache: 'npm' check-latest: true - run: npm clean-install From 4a82ab3afe26887fbf5a9f4339991d1409a96170 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Nov 2022 19:55:48 +0100 Subject: [PATCH 053/117] chore(deps): bump nanoid and mocha (#538) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 556 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 277 insertions(+), 281 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9bdce3b8..3d5f1afb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "base64url": "^3.0.1", "chai": "^4.2.0", "jose2": "npm:jose@^2.0.5", - "mocha": "^8.2.0", + "mocha": "^10.1.0", "nock": "^13.0.2", "prettier": "^2.4.1", "readable-mock-req": "^0.2.2", @@ -173,12 +173,6 @@ "@types/node": "*" } }, - "node_modules/@ungap/promise-all-settled": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", - "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", - "dev": true - }, "node_modules/ansi-colors": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", @@ -188,14 +182,6 @@ "node": ">=6" } }, - "node_modules/ansi-regex": { - "version": "3.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4" - } - }, "node_modules/ansi-styles": { "version": "4.3.0", "dev": true, @@ -223,6 +209,12 @@ "node": ">= 8" } }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, "node_modules/assertion-error": { "version": "1.1.0", "dev": true, @@ -233,8 +225,9 @@ }, "node_modules/balanced-match": { "version": "1.0.2", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true }, "node_modules/base64url": { "version": "3.0.1", @@ -254,12 +247,12 @@ } }, "node_modules/brace-expansion": { - "version": "1.1.11", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, - "license": "MIT", "dependencies": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" + "balanced-match": "^1.0.0" } }, "node_modules/braces": { @@ -297,8 +290,9 @@ }, "node_modules/chalk": { "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dev": true, - "license": "MIT", "dependencies": { "ansi-styles": "^4.1.0", "supports-color": "^7.1.0" @@ -312,8 +306,9 @@ }, "node_modules/chalk/node_modules/supports-color": { "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", "dev": true, - "license": "MIT", "dependencies": { "has-flag": "^4.0.0" }, @@ -330,24 +325,30 @@ } }, "node_modules/chokidar": { - "version": "3.5.1", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz", - "integrity": "sha512-9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw==", - "dev": true, + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", + "dev": true, + "funding": [ + { + "type": "individual", + "url": "https://paulmillr.com/funding/" + } + ], "dependencies": { - "anymatch": "~3.1.1", + "anymatch": "~3.1.2", "braces": "~3.0.2", - "glob-parent": "~5.1.0", + "glob-parent": "~5.1.2", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", "normalize-path": "~3.0.0", - "readdirp": "~3.5.0" + "readdirp": "~3.6.0" }, "engines": { "node": ">= 8.10.0" }, "optionalDependencies": { - "fsevents": "~2.3.1" + "fsevents": "~2.3.2" } }, "node_modules/color-convert": { @@ -368,8 +369,9 @@ }, "node_modules/concat-map": { "version": "0.0.1", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true }, "node_modules/core-util-is": { "version": "1.0.3", @@ -377,9 +379,10 @@ "license": "MIT" }, "node_modules/debug": { - "version": "4.3.1", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, - "license": "MIT", "dependencies": { "ms": "2.1.2" }, @@ -444,8 +447,9 @@ }, "node_modules/fs.realpath": { "version": "1.0.0", - "dev": true, - "license": "ISC" + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "dev": true }, "node_modules/fsevents": { "version": "2.3.2", @@ -478,9 +482,10 @@ } }, "node_modules/glob": { - "version": "7.1.6", + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", "dev": true, - "license": "ISC", "dependencies": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", @@ -498,8 +503,9 @@ }, "node_modules/glob-parent": { "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", "dev": true, - "license": "ISC", "dependencies": { "is-glob": "^4.0.1" }, @@ -507,12 +513,26 @@ "node": ">= 6" } }, - "node_modules/growl": { - "version": "1.10.5", + "node_modules/glob/node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", "dev": true, - "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/glob/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "dependencies": { + "brace-expansion": "^1.1.7" + }, "engines": { - "node": ">=4.x" + "node": "*" } }, "node_modules/has-flag": { @@ -533,8 +553,9 @@ }, "node_modules/inflight": { "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", "dev": true, - "license": "ISC", "dependencies": { "once": "^1.3.0", "wrappy": "1" @@ -559,24 +580,18 @@ }, "node_modules/is-extglob": { "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", "dev": true, - "license": "MIT", "engines": { "node": ">=0.10.0" } }, - "node_modules/is-fullwidth-code-point": { - "version": "2.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4" - } - }, "node_modules/is-glob": { "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", "dev": true, - "license": "MIT", "dependencies": { "is-extglob": "^2.1.1" }, @@ -598,16 +613,23 @@ "dev": true, "license": "ISC" }, + "node_modules/is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/isarray": { "version": "0.0.1", "dev": true, "license": "MIT" }, - "node_modules/isexe": { - "version": "2.0.0", - "dev": true, - "license": "ISC" - }, "node_modules/jose": { "version": "4.10.0", "resolved": "https://registry.npmjs.org/jose/-/jose-4.10.0.tgz", @@ -632,6 +654,18 @@ "url": "https://github.com/sponsors/panva" } }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, "node_modules/json-stringify-safe": { "version": "5.0.1", "dev": true, @@ -656,15 +690,19 @@ "dev": true }, "node_modules/log-symbols": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz", - "integrity": "sha512-FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", "dev": true, "dependencies": { - "chalk": "^4.0.0" + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" }, "engines": { "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" } }, "node_modules/lru-cache": { @@ -687,54 +725,51 @@ } }, "node_modules/minimatch": { - "version": "3.0.4", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", "dev": true, - "license": "ISC", "dependencies": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" }, "engines": { - "node": "*" + "node": ">=10" } }, "node_modules/mocha": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-8.4.0.tgz", - "integrity": "sha512-hJaO0mwDXmZS4ghXsvPVriOhsxQ7ofcpQdm8dE+jISUOKopitvnXFQmpRR7jd2K6VBG6E26gU3IAbXXGIbu4sQ==", + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz", + "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==", "dev": true, "dependencies": { - "@ungap/promise-all-settled": "1.1.2", "ansi-colors": "4.1.1", "browser-stdout": "1.3.1", - "chokidar": "3.5.1", - "debug": "4.3.1", + "chokidar": "3.5.3", + "debug": "4.3.4", "diff": "5.0.0", "escape-string-regexp": "4.0.0", "find-up": "5.0.0", - "glob": "7.1.6", - "growl": "1.10.5", + "glob": "7.2.0", "he": "1.2.0", - "js-yaml": "4.0.0", - "log-symbols": "4.0.0", - "minimatch": "3.0.4", + "js-yaml": "4.1.0", + "log-symbols": "4.1.0", + "minimatch": "5.0.1", "ms": "2.1.3", - "nanoid": "3.1.20", - "serialize-javascript": "5.0.1", + "nanoid": "3.3.3", + "serialize-javascript": "6.0.0", "strip-json-comments": "3.1.1", "supports-color": "8.1.1", - "which": "2.0.2", - "wide-align": "1.1.3", - "workerpool": "6.1.0", + "workerpool": "6.2.1", "yargs": "16.2.0", "yargs-parser": "20.2.4", "yargs-unparser": "2.0.0" }, "bin": { "_mocha": "bin/_mocha", - "mocha": "bin/mocha" + "mocha": "bin/mocha.js" }, "engines": { - "node": ">= 10.12.0" + "node": ">= 14.0.0" }, "funding": { "type": "opencollective", @@ -750,12 +785,6 @@ "node": ">=8" } }, - "node_modules/mocha/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, "node_modules/mocha/node_modules/cliui": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", @@ -813,18 +842,6 @@ "node": ">=8" } }, - "node_modules/mocha/node_modules/js-yaml": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.0.0.tgz", - "integrity": "sha512-pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q==", - "dev": true, - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, "node_modules/mocha/node_modules/locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", @@ -956,9 +973,9 @@ "dev": true }, "node_modules/nanoid": { - "version": "3.1.20", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz", - "integrity": "sha512-a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw==", + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz", + "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==", "dev": true, "bin": { "nanoid": "bin/nanoid.cjs" @@ -1022,8 +1039,9 @@ }, "node_modules/once": { "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", "dev": true, - "license": "ISC", "dependencies": { "wrappy": "1" } @@ -1038,8 +1056,9 @@ }, "node_modules/path-is-absolute": { "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", "dev": true, - "license": "MIT", "engines": { "node": ">=0.10.0" } @@ -1130,9 +1149,9 @@ } }, "node_modules/readdirp": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz", - "integrity": "sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ==", + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", "dev": true, "dependencies": { "picomatch": "^2.2.1" @@ -1150,14 +1169,29 @@ } }, "node_modules/safe-buffer": { - "version": "5.1.2", + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", "dev": true, - "license": "MIT" + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] }, "node_modules/serialize-javascript": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz", - "integrity": "sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", "dev": true, "dependencies": { "randombytes": "^2.1.0" @@ -1205,29 +1239,6 @@ "dev": true, "license": "MIT" }, - "node_modules/string-width": { - "version": "2.1.1", - "dev": true, - "license": "MIT", - "dependencies": { - "is-fullwidth-code-point": "^2.0.0", - "strip-ansi": "^4.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/strip-ansi": { - "version": "4.0.0", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/strip-json-comments": { "version": "3.1.1", "dev": true, @@ -1279,38 +1290,17 @@ "node": ">=4" } }, - "node_modules/which": { - "version": "2.0.2", - "dev": true, - "license": "ISC", - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "node-which": "bin/node-which" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/wide-align": { - "version": "1.1.3", - "dev": true, - "license": "ISC", - "dependencies": { - "string-width": "^1.0.2 || 2" - } - }, "node_modules/workerpool": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.1.0.tgz", - "integrity": "sha512-toV7q9rWNYha963Pl/qyeZ6wG+3nnsyvolaNUS8+R5Wtw6qJPTxIlOP1ZSvcGhEJw+l3HMMmtiNo9Gl61G4GVg==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", "dev": true }, "node_modules/wrappy": { "version": "1.0.2", - "dev": true, - "license": "ISC" + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "dev": true }, "node_modules/yallist": { "version": "4.0.0", @@ -1485,22 +1475,12 @@ "@types/node": "*" } }, - "@ungap/promise-all-settled": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz", - "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==", - "dev": true - }, "ansi-colors": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", "dev": true }, - "ansi-regex": { - "version": "3.0.0", - "dev": true - }, "ansi-styles": { "version": "4.3.0", "dev": true, @@ -1518,12 +1498,20 @@ "picomatch": "^2.0.4" } }, + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true + }, "assertion-error": { "version": "1.1.0", "dev": true }, "balanced-match": { "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", "dev": true }, "base64url": { @@ -1537,11 +1525,12 @@ "dev": true }, "brace-expansion": { - "version": "1.1.11", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" + "balanced-match": "^1.0.0" } }, "braces": { @@ -1571,6 +1560,8 @@ }, "chalk": { "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", "dev": true, "requires": { "ansi-styles": "^4.1.0", @@ -1579,6 +1570,8 @@ "dependencies": { "supports-color": { "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", "dev": true, "requires": { "has-flag": "^4.0.0" @@ -1591,19 +1584,19 @@ "dev": true }, "chokidar": { - "version": "3.5.1", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.1.tgz", - "integrity": "sha512-9+s+Od+W0VJJzawDma/gvBNQqkTiqYTWLuZoyAsivsI4AaWTCzHG06/TMjsf1cYe9Cb97UCEhjz7HvnPk2p/tw==", + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", + "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", "dev": true, "requires": { - "anymatch": "~3.1.1", + "anymatch": "~3.1.2", "braces": "~3.0.2", - "fsevents": "~2.3.1", - "glob-parent": "~5.1.0", + "fsevents": "~2.3.2", + "glob-parent": "~5.1.2", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", "normalize-path": "~3.0.0", - "readdirp": "~3.5.0" + "readdirp": "~3.6.0" } }, "color-convert": { @@ -1619,6 +1612,8 @@ }, "concat-map": { "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", "dev": true }, "core-util-is": { @@ -1626,7 +1621,9 @@ "dev": true }, "debug": { - "version": "4.3.1", + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", "dev": true, "requires": { "ms": "2.1.2" @@ -1670,6 +1667,8 @@ }, "fs.realpath": { "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", "dev": true }, "fsevents": { @@ -1688,7 +1687,9 @@ "dev": true }, "glob": { - "version": "7.1.6", + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", + "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", "dev": true, "requires": { "fs.realpath": "^1.0.0", @@ -1697,19 +1698,38 @@ "minimatch": "^3.0.4", "once": "^1.3.0", "path-is-absolute": "^1.0.0" + }, + "dependencies": { + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + } } }, "glob-parent": { "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", "dev": true, "requires": { "is-glob": "^4.0.1" } }, - "growl": { - "version": "1.10.5", - "dev": true - }, "has-flag": { "version": "4.0.0", "dev": true @@ -1720,6 +1740,8 @@ }, "inflight": { "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", "dev": true, "requires": { "once": "^1.3.0", @@ -1741,14 +1763,14 @@ }, "is-extglob": { "version": "2.1.1", - "dev": true - }, - "is-fullwidth-code-point": { - "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", "dev": true }, "is-glob": { "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", "dev": true, "requires": { "is-extglob": "^2.1.1" @@ -1764,12 +1786,14 @@ "version": "1.0.1", "dev": true }, - "isarray": { - "version": "0.0.1", + "is-unicode-supported": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", + "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", "dev": true }, - "isexe": { - "version": "2.0.0", + "isarray": { + "version": "0.0.1", "dev": true }, "jose": { @@ -1786,6 +1810,15 @@ "@panva/asn1.js": "^1.0.0" } }, + "js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "requires": { + "argparse": "^2.0.1" + } + }, "json-stringify-safe": { "version": "5.0.1", "dev": true @@ -1809,12 +1842,13 @@ "dev": true }, "log-symbols": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz", - "integrity": "sha512-FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", + "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", "dev": true, "requires": { - "chalk": "^4.0.0" + "chalk": "^4.1.0", + "is-unicode-supported": "^0.1.0" } }, "lru-cache": { @@ -1830,40 +1864,38 @@ "dev": true }, "minimatch": { - "version": "3.0.4", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", + "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", "dev": true, "requires": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" } }, "mocha": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-8.4.0.tgz", - "integrity": "sha512-hJaO0mwDXmZS4ghXsvPVriOhsxQ7ofcpQdm8dE+jISUOKopitvnXFQmpRR7jd2K6VBG6E26gU3IAbXXGIbu4sQ==", + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz", + "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==", "dev": true, "requires": { - "@ungap/promise-all-settled": "1.1.2", "ansi-colors": "4.1.1", "browser-stdout": "1.3.1", - "chokidar": "3.5.1", - "debug": "4.3.1", + "chokidar": "3.5.3", + "debug": "4.3.4", "diff": "5.0.0", "escape-string-regexp": "4.0.0", "find-up": "5.0.0", - "glob": "7.1.6", - "growl": "1.10.5", + "glob": "7.2.0", "he": "1.2.0", - "js-yaml": "4.0.0", - "log-symbols": "4.0.0", - "minimatch": "3.0.4", + "js-yaml": "4.1.0", + "log-symbols": "4.1.0", + "minimatch": "5.0.1", "ms": "2.1.3", - "nanoid": "3.1.20", - "serialize-javascript": "5.0.1", + "nanoid": "3.3.3", + "serialize-javascript": "6.0.0", "strip-json-comments": "3.1.1", "supports-color": "8.1.1", - "which": "2.0.2", - "wide-align": "1.1.3", - "workerpool": "6.1.0", + "workerpool": "6.2.1", "yargs": "16.2.0", "yargs-parser": "20.2.4", "yargs-unparser": "2.0.0" @@ -1875,12 +1907,6 @@ "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", "dev": true }, - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, "cliui": { "version": "7.0.4", "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", @@ -1920,15 +1946,6 @@ "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", "dev": true }, - "js-yaml": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.0.0.tgz", - "integrity": "sha512-pqon0s+4ScYUvX30wxQi3PogGFAlUyH0awepWvwkj4jD4v+ova3RiYw8bmA6x2rDrEaj8i/oWKoRxpVNW+Re8Q==", - "dev": true, - "requires": { - "argparse": "^2.0.1" - } - }, "locate-path": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", @@ -2023,9 +2040,9 @@ "dev": true }, "nanoid": { - "version": "3.1.20", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz", - "integrity": "sha512-a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw==", + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz", + "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==", "dev": true }, "nise": { @@ -2071,6 +2088,8 @@ }, "once": { "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", "dev": true, "requires": { "wrappy": "1" @@ -2082,6 +2101,8 @@ }, "path-is-absolute": { "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", "dev": true }, "path-to-regexp": { @@ -2142,9 +2163,9 @@ } }, "readdirp": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz", - "integrity": "sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ==", + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", "dev": true, "requires": { "picomatch": "^2.2.1" @@ -2155,13 +2176,15 @@ "dev": true }, "safe-buffer": { - "version": "5.1.2", + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", "dev": true }, "serialize-javascript": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz", - "integrity": "sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA==", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", + "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", "dev": true, "requires": { "randombytes": "^2.1.0" @@ -2198,21 +2221,6 @@ "version": "0.10.31", "dev": true }, - "string-width": { - "version": "2.1.1", - "dev": true, - "requires": { - "is-fullwidth-code-point": "^2.0.0", - "strip-ansi": "^4.0.0" - } - }, - "strip-ansi": { - "version": "4.0.0", - "dev": true, - "requires": { - "ansi-regex": "^3.0.0" - } - }, "strip-json-comments": { "version": "3.1.1", "dev": true @@ -2243,28 +2251,16 @@ "version": "4.0.8", "dev": true }, - "which": { - "version": "2.0.2", - "dev": true, - "requires": { - "isexe": "^2.0.0" - } - }, - "wide-align": { - "version": "1.1.3", - "dev": true, - "requires": { - "string-width": "^1.0.2 || 2" - } - }, "workerpool": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.1.0.tgz", - "integrity": "sha512-toV7q9rWNYha963Pl/qyeZ6wG+3nnsyvolaNUS8+R5Wtw6qJPTxIlOP1ZSvcGhEJw+l3HMMmtiNo9Gl61G4GVg==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", + "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", "dev": true }, "wrappy": { "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true }, "yallist": { diff --git a/package.json b/package.json index ca207db7..93cc3eae 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "base64url": "^3.0.1", "chai": "^4.2.0", "jose2": "npm:jose@^2.0.5", - "mocha": "^8.2.0", + "mocha": "^10.1.0", "nock": "^13.0.2", "prettier": "^2.4.1", "readable-mock-req": "^0.2.2", From 8cc98c33e1c7acbeef15ae8e9d285641eb0e8e10 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 9 Nov 2022 14:51:41 +0100 Subject: [PATCH 054/117] chore: bump dev deps --- package-lock.json | 1100 +++++++++++++++++++++++++-------------------- 1 file changed, 613 insertions(+), 487 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3d5f1afb..3d6ee57a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -31,29 +31,6 @@ "url": "https://github.com/sponsors/panva" } }, - "../kms-openid-client": { - "version": "1.0.0", - "extraneous": true, - "license": "MIT", - "dependencies": { - "ecdsa-sig-formatter": "^1.0.11" - }, - "devDependencies": { - "@types/node": "^17.0.31", - "prettier": "^2.6.2", - "typescript": "^4.6.4" - }, - "engines": { - "node": "^14.18.0 || ^16.13.0 || >= 18.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/panva" - }, - "peerDependencies": { - "aws-sdk": "^2.1131.0", - "openid-client": "^5.1.5" - } - }, "node_modules/@panva/asn1.js": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", @@ -64,9 +41,9 @@ } }, "node_modules/@sinonjs/commons": { - "version": "1.8.3", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", - "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", + "version": "1.8.5", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.5.tgz", + "integrity": "sha512-rTpCA0wG1wUxglBSFdMMY0oTrKYvgf4fNgv/sXbfCVAdf+FnPBdKJR/7XbpTCwbCrvCbdPYnlWaUUYz4V2fPDA==", "dev": true, "dependencies": { "type-detect": "4.0.8" @@ -99,9 +76,10 @@ "dev": true }, "node_modules/@types/body-parser": { - "version": "1.19.1", + "version": "1.19.2", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.2.tgz", + "integrity": "sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==", "dev": true, - "license": "MIT", "dependencies": { "@types/connect": "*", "@types/node": "*" @@ -109,16 +87,18 @@ }, "node_modules/@types/connect": { "version": "3.4.35", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.35.tgz", + "integrity": "sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==", "dev": true, - "license": "MIT", "dependencies": { "@types/node": "*" } }, "node_modules/@types/express": { - "version": "4.17.13", + "version": "4.17.14", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.14.tgz", + "integrity": "sha512-TEbt+vaPFQ+xpxFLFssxUDXj5cWCxZJjIcB7Yg0k0GMHGtgtQgpvx/MUQUeAkNbA9AAGrwkAsoeItdTgS7FMyg==", "dev": true, - "license": "MIT", "dependencies": { "@types/body-parser": "*", "@types/express-serve-static-core": "^4.17.18", @@ -127,9 +107,10 @@ } }, "node_modules/@types/express-serve-static-core": { - "version": "4.17.25", + "version": "4.17.31", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.31.tgz", + "integrity": "sha512-DxMhY+NAsTwMMFHBTtJFNp5qiHKJ7TeqOo23zVEM9alT1Ml27Q3xcTH0xwxn7Q0BbMcVEJOs/7aQtUWupUQN3Q==", "dev": true, - "license": "MIT", "dependencies": { "@types/node": "*", "@types/qs": "*", @@ -137,39 +118,45 @@ } }, "node_modules/@types/mime": { - "version": "1.3.2", - "dev": true, - "license": "MIT" + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-3.0.1.tgz", + "integrity": "sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA==", + "dev": true }, "node_modules/@types/node": { - "version": "16.11.7", - "dev": true, - "license": "MIT" + "version": "16.18.3", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.3.tgz", + "integrity": "sha512-jh6m0QUhIRcZpNv7Z/rpN+ZWXOicUUQbSoWks7Htkbb9IjFQj4kzcX/xFCkjstCj5flMsN8FiSvt+q+Tcs4Llg==", + "dev": true }, "node_modules/@types/passport": { - "version": "1.0.7", + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.11.tgz", + "integrity": "sha512-pz1cx9ptZvozyGKKKIPLcVDVHwae4hrH5d6g5J+DkMRRjR3cVETb4jMabhXAUbg3Ov7T22nFHEgaK2jj+5CBpw==", "dev": true, - "license": "MIT", "dependencies": { "@types/express": "*" } }, "node_modules/@types/qs": { "version": "6.9.7", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.7.tgz", + "integrity": "sha512-FGa1F62FT09qcrueBA6qYTrJPVDzah9a+493+o2PCXsesWHIn27G98TsSMs3WPNbZIEj4+VJf6saSFpvD+3Zsw==", + "dev": true }, "node_modules/@types/range-parser": { "version": "1.2.4", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.4.tgz", + "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==", + "dev": true }, "node_modules/@types/serve-static": { - "version": "1.13.10", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.0.tgz", + "integrity": "sha512-z5xyF6uh8CbjAu9760KDKsH2FcDxZ2tFCsA4HIMWE6IkiYMXfVoa+4f9KX+FN0ZLsaMw1WNG2ETLA6N+/YA+cg==", "dev": true, - "license": "MIT", "dependencies": { - "@types/mime": "^1", + "@types/mime": "*", "@types/node": "*" } }, @@ -182,10 +169,20 @@ "node": ">=6" } }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/ansi-styles": { "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "dev": true, - "license": "MIT", "dependencies": { "color-convert": "^2.0.1" }, @@ -217,8 +214,9 @@ }, "node_modules/assertion-error": { "version": "1.1.0", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", "dev": true, - "license": "MIT", "engines": { "node": "*" } @@ -231,8 +229,9 @@ }, "node_modules/base64url": { "version": "3.0.1", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", + "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", "dev": true, - "license": "MIT", "engines": { "node": ">=6.0.0" } @@ -269,18 +268,33 @@ }, "node_modules/browser-stdout": { "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, + "node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", "dev": true, - "license": "ISC" + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, "node_modules/chai": { - "version": "4.3.4", + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz", + "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==", "dev": true, - "license": "MIT", "dependencies": { "assertion-error": "^1.1.0", "check-error": "^1.0.2", - "deep-eql": "^3.0.1", + "deep-eql": "^4.1.2", "get-func-name": "^2.0.0", + "loupe": "^2.3.1", "pathval": "^1.1.1", "type-detect": "^4.0.5" }, @@ -318,8 +332,9 @@ }, "node_modules/check-error": { "version": "1.0.2", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", + "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==", "dev": true, - "license": "MIT", "engines": { "node": "*" } @@ -351,10 +366,22 @@ "fsevents": "~2.3.2" } }, + "node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, "node_modules/color-convert": { "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", "dev": true, - "license": "MIT", "dependencies": { "color-name": "~1.1.4" }, @@ -364,8 +391,9 @@ }, "node_modules/color-name": { "version": "1.1.4", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true }, "node_modules/concat-map": { "version": "0.0.1", @@ -375,8 +403,9 @@ }, "node_modules/core-util-is": { "version": "1.0.3", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "dev": true }, "node_modules/debug": { "version": "4.3.4", @@ -397,33 +426,70 @@ }, "node_modules/debug/node_modules/ms": { "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "node_modules/decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", "dev": true, - "license": "MIT" + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } }, "node_modules/deep-eql": { - "version": "3.0.1", + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.2.tgz", + "integrity": "sha512-gT18+YW4CcW/DBNTwAmqTtkJh7f9qqScu2qFVlx7kCoeY9tlBu9cUcr7+I+Z/noG8INehS3xQgLpTtd/QUTn4w==", "dev": true, - "license": "MIT", "dependencies": { "type-detect": "^4.0.0" }, "engines": { - "node": ">=0.12" + "node": ">=6" + } + }, + "node_modules/diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true, + "engines": { + "node": ">=0.3.1" } }, "node_modules/emoji-regex": { "version": "8.0.0", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "dev": true }, "node_modules/escalade": { "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", "dev": true, - "license": "MIT", "engines": { "node": ">=6" } }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/fill-range": { "version": "7.0.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", @@ -436,6 +502,22 @@ "node": ">=8" } }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/flat": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", @@ -467,16 +549,18 @@ }, "node_modules/get-caller-file": { "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", "dev": true, - "license": "ISC", "engines": { "node": "6.* || 8.* || >= 10.*" } }, "node_modules/get-func-name": { "version": "2.0.0", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", + "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==", "dev": true, - "license": "MIT", "engines": { "node": "*" } @@ -537,16 +621,18 @@ }, "node_modules/has-flag": { "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true, - "license": "MIT", "engines": { "node": ">=8" } }, "node_modules/he": { "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", "dev": true, - "license": "MIT", "bin": { "he": "bin/he" } @@ -563,8 +649,9 @@ }, "node_modules/inherits": { "version": "2.0.4", - "dev": true, - "license": "ISC" + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true }, "node_modules/is-binary-path": { "version": "2.1.0", @@ -587,6 +674,15 @@ "node": ">=0.10.0" } }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", @@ -608,10 +704,21 @@ "node": ">=0.12.0" } }, + "node_modules/is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/is-readable-stream": { "version": "1.0.1", - "dev": true, - "license": "ISC" + "resolved": "https://registry.npmjs.org/is-readable-stream/-/is-readable-stream-1.0.1.tgz", + "integrity": "sha512-hj/cPKXI7ITRRFeaHPg9WwEzye4cj+xjcUnvelBuCcBsyXYzYXi//Yh+oSVn8bMiyt1b8cNOPwkYxEJXl+6v7w==", + "deprecated": "use is-stream instead", + "dev": true }, "node_modules/is-unicode-supported": { "version": "0.1.0", @@ -627,13 +734,14 @@ }, "node_modules/isarray": { "version": "0.0.1", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", + "dev": true }, "node_modules/jose": { - "version": "4.10.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.10.0.tgz", - "integrity": "sha512-KEhB/eLGLomWGPTb+/RNbYsTjIyx03JmbqAyIyiXBuNSa7CmNrJd5ysFhblayzs/e/vbOPMUaLnjHUMhGp4yLw==", + "version": "4.11.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.11.0.tgz", + "integrity": "sha512-wLe+lJHeG8Xt6uEubS4x0LVjS/3kXXu9dGoj9BNnlhYq7Kts0Pbb2pvv5KiI0yaKH/eaiR0LUOBhOVo9ktd05A==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -668,8 +776,9 @@ }, "node_modules/json-stringify-safe": { "version": "5.0.1", - "dev": true, - "license": "ISC" + "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", + "dev": true }, "node_modules/just-extend": { "version": "4.2.1", @@ -677,6 +786,21 @@ "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", "dev": true }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", @@ -705,6 +829,15 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/loupe": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.6.tgz", + "integrity": "sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==", + "dev": true, + "dependencies": { + "get-func-name": "^2.0.0" + } + }, "node_modules/lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -718,8 +851,9 @@ }, "node_modules/methods": { "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", "dev": true, - "license": "MIT", "engines": { "node": ">= 0.6" } @@ -776,196 +910,6 @@ "url": "https://opencollective.com/mochajs" } }, - "node_modules/mocha/node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/mocha/node_modules/cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", - "dev": true, - "dependencies": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" - } - }, - "node_modules/mocha/node_modules/diff": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", - "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", - "dev": true, - "engines": { - "node": ">=0.3.1" - } - }, - "node_modules/mocha/node_modules/escape-string-regexp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", - "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/mocha/node_modules/find-up": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", - "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", - "dev": true, - "dependencies": { - "locate-path": "^6.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/mocha/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/mocha/node_modules/locate-path": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", - "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", - "dev": true, - "dependencies": { - "p-locate": "^5.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/mocha/node_modules/p-limit": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", - "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", - "dev": true, - "dependencies": { - "yocto-queue": "^0.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/mocha/node_modules/p-locate": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", - "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", - "dev": true, - "dependencies": { - "p-limit": "^3.0.2" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/mocha/node_modules/string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/mocha/node_modules/strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/mocha/node_modules/wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/mocha/node_modules/y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/mocha/node_modules/yargs": { - "version": "16.2.0", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", - "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", - "dev": true, - "dependencies": { - "cliui": "^7.0.2", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.0", - "y18n": "^5.0.5", - "yargs-parser": "^20.2.2" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/mocha/node_modules/yargs-parser": { - "version": "20.2.4", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", - "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", - "dev": true, - "engines": { - "node": ">=10" - } - }, "node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", @@ -1046,10 +990,41 @@ "wrappy": "1" } }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/path-exists": { "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", "dev": true, - "license": "MIT", "engines": { "node": ">=8" } @@ -1074,8 +1049,9 @@ }, "node_modules/pathval": { "version": "1.1.1", + "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", "dev": true, - "license": "MIT", "engines": { "node": "*" } @@ -1109,8 +1085,9 @@ }, "node_modules/propagate": { "version": "2.0.1", + "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==", "dev": true, - "license": "MIT", "engines": { "node": ">= 8" } @@ -1126,8 +1103,9 @@ }, "node_modules/readable-mock-req": { "version": "0.2.2", + "resolved": "https://registry.npmjs.org/readable-mock-req/-/readable-mock-req-0.2.2.tgz", + "integrity": "sha512-SQwHpJeeCsmtZ8mZmi4aoS3ujArujrQp7QMqt4t+O4f9sBztMv0V9Oufdc1vjzU7MMCc9TLOj7tYKoRE/QHMMg==", "dev": true, - "license": "MIT", "dependencies": { "is-readable-stream": "~1.0.0", "methods": "~1.1.1", @@ -1139,8 +1117,9 @@ }, "node_modules/readable-stream": { "version": "1.1.14", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", + "integrity": "sha512-+MeVjFf4L44XUkhM1eYbD8fyEsxcV81pqMSR5gblfcLCHfZvbrqy4/qYHE+/R5HoBUT11WV5O08Cr1n3YXkWVQ==", "dev": true, - "license": "MIT", "dependencies": { "core-util-is": "~1.0.0", "inherits": "~2.0.1", @@ -1162,8 +1141,9 @@ }, "node_modules/require-directory": { "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", "dev": true, - "license": "MIT", "engines": { "node": ">=0.10.0" } @@ -1217,16 +1197,18 @@ }, "node_modules/sinon/node_modules/diff": { "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", "dev": true, - "license": "BSD-3-Clause", "engines": { "node": ">=0.3.1" } }, "node_modules/sinon/node_modules/supports-color": { "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", "dev": true, - "license": "MIT", "dependencies": { "has-flag": "^4.0.0" }, @@ -1236,13 +1218,41 @@ }, "node_modules/string_decoder": { "version": "0.10.31", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "integrity": "sha512-ev2QzSzWPYmy9GuqfIVildA4OdcGLeFZQrq5ys6RtiuF+RQQiZWr8TZNyAcuVXyQRYfEO+MsoB/1BuQVhOJuoQ==", + "dev": true + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", "dev": true, - "license": "MIT" + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } }, "node_modules/strip-json-comments": { "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", "dev": true, - "license": "MIT", "engines": { "node": ">=8" }, @@ -1267,8 +1277,9 @@ }, "node_modules/timekeeper": { "version": "2.2.0", - "dev": true, - "license": "MIT" + "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.2.0.tgz", + "integrity": "sha512-W3AmPTJWZkRwu+iSNxPIsLZ2ByADsOLbbLxe46UJyWj3mlYLlwucKiq+/dPm0l9wTzqoF3/2PH0AGFCebjq23A==", + "dev": true }, "node_modules/to-regex-range": { "version": "5.0.1", @@ -1284,8 +1295,9 @@ }, "node_modules/type-detect": { "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", "dev": true, - "license": "MIT", "engines": { "node": ">=4" } @@ -1296,63 +1308,83 @@ "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", "dev": true }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, "node_modules/wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true, + "engines": { + "node": ">=10" + } + }, "node_modules/yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, - "node_modules/yargs-unparser": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", - "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", + "node_modules/yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", "dev": true, "dependencies": { - "camelcase": "^6.0.0", - "decamelize": "^4.0.0", - "flat": "^5.0.2", - "is-plain-obj": "^2.1.0" + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" }, "engines": { "node": ">=10" } }, - "node_modules/yargs-unparser/node_modules/camelcase": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "node_modules/yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", "dev": true, "engines": { "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/yargs-unparser/node_modules/decamelize": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", - "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "node_modules/yargs-unparser": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", + "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", "dev": true, - "engines": { - "node": ">=10" + "dependencies": { + "camelcase": "^6.0.0", + "decamelize": "^4.0.0", + "flat": "^5.0.2", + "is-plain-obj": "^2.1.0" }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/yargs-unparser/node_modules/is-plain-obj": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", - "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", - "dev": true, "engines": { - "node": ">=8" + "node": ">=10" } }, "node_modules/yocto-queue": { @@ -1376,9 +1408,9 @@ "dev": true }, "@sinonjs/commons": { - "version": "1.8.3", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz", - "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==", + "version": "1.8.5", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.5.tgz", + "integrity": "sha512-rTpCA0wG1wUxglBSFdMMY0oTrKYvgf4fNgv/sXbfCVAdf+FnPBdKJR/7XbpTCwbCrvCbdPYnlWaUUYz4V2fPDA==", "dev": true, "requires": { "type-detect": "4.0.8" @@ -1411,7 +1443,9 @@ "dev": true }, "@types/body-parser": { - "version": "1.19.1", + "version": "1.19.2", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.2.tgz", + "integrity": "sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==", "dev": true, "requires": { "@types/connect": "*", @@ -1420,13 +1454,17 @@ }, "@types/connect": { "version": "3.4.35", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.35.tgz", + "integrity": "sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==", "dev": true, "requires": { "@types/node": "*" } }, "@types/express": { - "version": "4.17.13", + "version": "4.17.14", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.14.tgz", + "integrity": "sha512-TEbt+vaPFQ+xpxFLFssxUDXj5cWCxZJjIcB7Yg0k0GMHGtgtQgpvx/MUQUeAkNbA9AAGrwkAsoeItdTgS7FMyg==", "dev": true, "requires": { "@types/body-parser": "*", @@ -1436,7 +1474,9 @@ } }, "@types/express-serve-static-core": { - "version": "4.17.25", + "version": "4.17.31", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.31.tgz", + "integrity": "sha512-DxMhY+NAsTwMMFHBTtJFNp5qiHKJ7TeqOo23zVEM9alT1Ml27Q3xcTH0xwxn7Q0BbMcVEJOs/7aQtUWupUQN3Q==", "dev": true, "requires": { "@types/node": "*", @@ -1445,15 +1485,21 @@ } }, "@types/mime": { - "version": "1.3.2", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-3.0.1.tgz", + "integrity": "sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA==", "dev": true }, "@types/node": { - "version": "16.11.7", + "version": "16.18.3", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.3.tgz", + "integrity": "sha512-jh6m0QUhIRcZpNv7Z/rpN+ZWXOicUUQbSoWks7Htkbb9IjFQj4kzcX/xFCkjstCj5flMsN8FiSvt+q+Tcs4Llg==", "dev": true }, "@types/passport": { - "version": "1.0.7", + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.11.tgz", + "integrity": "sha512-pz1cx9ptZvozyGKKKIPLcVDVHwae4hrH5d6g5J+DkMRRjR3cVETb4jMabhXAUbg3Ov7T22nFHEgaK2jj+5CBpw==", "dev": true, "requires": { "@types/express": "*" @@ -1461,17 +1507,23 @@ }, "@types/qs": { "version": "6.9.7", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.7.tgz", + "integrity": "sha512-FGa1F62FT09qcrueBA6qYTrJPVDzah9a+493+o2PCXsesWHIn27G98TsSMs3WPNbZIEj4+VJf6saSFpvD+3Zsw==", "dev": true }, "@types/range-parser": { "version": "1.2.4", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.4.tgz", + "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==", "dev": true }, "@types/serve-static": { - "version": "1.13.10", + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.0.tgz", + "integrity": "sha512-z5xyF6uh8CbjAu9760KDKsH2FcDxZ2tFCsA4HIMWE6IkiYMXfVoa+4f9KX+FN0ZLsaMw1WNG2ETLA6N+/YA+cg==", "dev": true, "requires": { - "@types/mime": "^1", + "@types/mime": "*", "@types/node": "*" } }, @@ -1481,8 +1533,16 @@ "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", "dev": true }, + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "dev": true + }, "ansi-styles": { "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", "dev": true, "requires": { "color-convert": "^2.0.1" @@ -1506,6 +1566,8 @@ }, "assertion-error": { "version": "1.1.0", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", + "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", "dev": true }, "balanced-match": { @@ -1516,6 +1578,8 @@ }, "base64url": { "version": "3.0.1", + "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", + "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", "dev": true }, "binary-extensions": { @@ -1544,16 +1608,27 @@ }, "browser-stdout": { "version": "1.3.1", + "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", + "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", + "dev": true + }, + "camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", "dev": true }, "chai": { - "version": "4.3.4", + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz", + "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==", "dev": true, "requires": { "assertion-error": "^1.1.0", "check-error": "^1.0.2", - "deep-eql": "^3.0.1", + "deep-eql": "^4.1.2", "get-func-name": "^2.0.0", + "loupe": "^2.3.1", "pathval": "^1.1.1", "type-detect": "^4.0.5" } @@ -1581,6 +1656,8 @@ }, "check-error": { "version": "1.0.2", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", + "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==", "dev": true }, "chokidar": { @@ -1599,8 +1676,21 @@ "readdirp": "~3.6.0" } }, + "cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dev": true, + "requires": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, "color-convert": { "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", "dev": true, "requires": { "color-name": "~1.1.4" @@ -1608,6 +1698,8 @@ }, "color-name": { "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, "concat-map": { @@ -1618,6 +1710,8 @@ }, "core-util-is": { "version": "1.0.3", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", "dev": true }, "debug": { @@ -1631,23 +1725,49 @@ "dependencies": { "ms": { "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", "dev": true } } }, + "decamelize": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", + "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", + "dev": true + }, "deep-eql": { - "version": "3.0.1", + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.2.tgz", + "integrity": "sha512-gT18+YW4CcW/DBNTwAmqTtkJh7f9qqScu2qFVlx7kCoeY9tlBu9cUcr7+I+Z/noG8INehS3xQgLpTtd/QUTn4w==", "dev": true, "requires": { "type-detect": "^4.0.0" } }, + "diff": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", + "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", + "dev": true + }, "emoji-regex": { "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "dev": true }, "escalade": { "version": "3.1.1", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", + "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", + "dev": true + }, + "escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", "dev": true }, "fill-range": { @@ -1659,6 +1779,16 @@ "to-regex-range": "^5.0.1" } }, + "find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "requires": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + } + }, "flat": { "version": "5.0.2", "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", @@ -1680,10 +1810,14 @@ }, "get-caller-file": { "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", "dev": true }, "get-func-name": { "version": "2.0.0", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", + "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==", "dev": true }, "glob": { @@ -1732,10 +1866,14 @@ }, "has-flag": { "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", "dev": true }, "he": { "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", "dev": true }, "inflight": { @@ -1750,6 +1888,8 @@ }, "inherits": { "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", "dev": true }, "is-binary-path": { @@ -1767,6 +1907,12 @@ "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", "dev": true }, + "is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "dev": true + }, "is-glob": { "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", @@ -1782,8 +1928,16 @@ "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", "dev": true }, + "is-plain-obj": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", + "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", + "dev": true + }, "is-readable-stream": { "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-readable-stream/-/is-readable-stream-1.0.1.tgz", + "integrity": "sha512-hj/cPKXI7ITRRFeaHPg9WwEzye4cj+xjcUnvelBuCcBsyXYzYXi//Yh+oSVn8bMiyt1b8cNOPwkYxEJXl+6v7w==", "dev": true }, "is-unicode-supported": { @@ -1794,12 +1948,14 @@ }, "isarray": { "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", "dev": true }, "jose": { - "version": "4.10.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.10.0.tgz", - "integrity": "sha512-KEhB/eLGLomWGPTb+/RNbYsTjIyx03JmbqAyIyiXBuNSa7CmNrJd5ysFhblayzs/e/vbOPMUaLnjHUMhGp4yLw==" + "version": "4.11.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.11.0.tgz", + "integrity": "sha512-wLe+lJHeG8Xt6uEubS4x0LVjS/3kXXu9dGoj9BNnlhYq7Kts0Pbb2pvv5KiI0yaKH/eaiR0LUOBhOVo9ktd05A==" }, "jose2": { "version": "npm:jose@2.0.6", @@ -1821,6 +1977,8 @@ }, "json-stringify-safe": { "version": "5.0.1", + "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", + "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", "dev": true }, "just-extend": { @@ -1829,6 +1987,15 @@ "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", "dev": true }, + "locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "requires": { + "p-locate": "^5.0.0" + } + }, "lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", @@ -1851,6 +2018,15 @@ "is-unicode-supported": "^0.1.0" } }, + "loupe": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.6.tgz", + "integrity": "sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==", + "dev": true, + "requires": { + "get-func-name": "^2.0.0" + } + }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -1861,6 +2037,8 @@ }, "methods": { "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", "dev": true }, "minimatch": { @@ -1899,138 +2077,6 @@ "yargs": "16.2.0", "yargs-parser": "20.2.4", "yargs-unparser": "2.0.0" - }, - "dependencies": { - "ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true - }, - "cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", - "dev": true, - "requires": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" - } - }, - "diff": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", - "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", - "dev": true - }, - "escape-string-regexp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", - "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", - "dev": true - }, - "find-up": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", - "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", - "dev": true, - "requires": { - "locate-path": "^6.0.0", - "path-exists": "^4.0.0" - } - }, - "is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true - }, - "locate-path": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", - "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", - "dev": true, - "requires": { - "p-locate": "^5.0.0" - } - }, - "p-limit": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", - "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", - "dev": true, - "requires": { - "yocto-queue": "^0.1.0" - } - }, - "p-locate": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", - "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", - "dev": true, - "requires": { - "p-limit": "^3.0.2" - } - }, - "string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "requires": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - } - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "requires": { - "ansi-regex": "^5.0.1" - } - }, - "wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - } - }, - "y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true - }, - "yargs": { - "version": "16.2.0", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", - "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", - "dev": true, - "requires": { - "cliui": "^7.0.2", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.0", - "y18n": "^5.0.5", - "yargs-parser": "^20.2.2" - } - }, - "yargs-parser": { - "version": "20.2.4", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", - "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", - "dev": true - } } }, "ms": { @@ -2095,8 +2141,28 @@ "wrappy": "1" } }, + "p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "requires": { + "yocto-queue": "^0.1.0" + } + }, + "p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "requires": { + "p-limit": "^3.0.2" + } + }, "path-exists": { "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", "dev": true }, "path-is-absolute": { @@ -2116,6 +2182,8 @@ }, "pathval": { "version": "1.1.1", + "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", + "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", "dev": true }, "picomatch": { @@ -2132,6 +2200,8 @@ }, "propagate": { "version": "2.0.1", + "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", + "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==", "dev": true }, "randombytes": { @@ -2145,6 +2215,8 @@ }, "readable-mock-req": { "version": "0.2.2", + "resolved": "https://registry.npmjs.org/readable-mock-req/-/readable-mock-req-0.2.2.tgz", + "integrity": "sha512-SQwHpJeeCsmtZ8mZmi4aoS3ujArujrQp7QMqt4t+O4f9sBztMv0V9Oufdc1vjzU7MMCc9TLOj7tYKoRE/QHMMg==", "dev": true, "requires": { "is-readable-stream": "~1.0.0", @@ -2154,6 +2226,8 @@ }, "readable-stream": { "version": "1.1.14", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", + "integrity": "sha512-+MeVjFf4L44XUkhM1eYbD8fyEsxcV81pqMSR5gblfcLCHfZvbrqy4/qYHE+/R5HoBUT11WV5O08Cr1n3YXkWVQ==", "dev": true, "requires": { "core-util-is": "~1.0.0", @@ -2173,6 +2247,8 @@ }, "require-directory": { "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", "dev": true }, "safe-buffer": { @@ -2206,10 +2282,14 @@ "dependencies": { "diff": { "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", "dev": true }, "supports-color": { "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", "dev": true, "requires": { "has-flag": "^4.0.0" @@ -2219,10 +2299,34 @@ }, "string_decoder": { "version": "0.10.31", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "integrity": "sha512-ev2QzSzWPYmy9GuqfIVildA4OdcGLeFZQrq5ys6RtiuF+RQQiZWr8TZNyAcuVXyQRYfEO+MsoB/1BuQVhOJuoQ==", "dev": true }, + "string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dev": true, + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "requires": { + "ansi-regex": "^5.0.1" + } + }, "strip-json-comments": { "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", "dev": true }, "supports-color": { @@ -2236,6 +2340,8 @@ }, "timekeeper": { "version": "2.2.0", + "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.2.0.tgz", + "integrity": "sha512-W3AmPTJWZkRwu+iSNxPIsLZ2ByADsOLbbLxe46UJyWj3mlYLlwucKiq+/dPm0l9wTzqoF3/2PH0AGFCebjq23A==", "dev": true }, "to-regex-range": { @@ -2249,6 +2355,8 @@ }, "type-detect": { "version": "4.0.8", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", + "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", "dev": true }, "workerpool": { @@ -2257,17 +2365,55 @@ "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", "dev": true }, + "wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dev": true, + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + } + }, "wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true }, + "y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "dev": true + }, "yallist": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" }, + "yargs": { + "version": "16.2.0", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", + "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", + "dev": true, + "requires": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + } + }, + "yargs-parser": { + "version": "20.2.4", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", + "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", + "dev": true + }, "yargs-unparser": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", @@ -2278,26 +2424,6 @@ "decamelize": "^4.0.0", "flat": "^5.0.2", "is-plain-obj": "^2.1.0" - }, - "dependencies": { - "camelcase": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", - "dev": true - }, - "decamelize": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", - "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", - "dev": true - }, - "is-plain-obj": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", - "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", - "dev": true - } } }, "yocto-queue": { From 85f45aa6d74a053e62c23f823db80b01af9b8118 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 9 Nov 2022 15:30:23 +0100 Subject: [PATCH 055/117] docs: update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f7b07474..fdced61a 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ openid-client. - [RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)][feature-par] - [OpenID Connect RP-Initiated Logout 1.0][feature-rp-logout] - [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][feature-fapi] -- [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) - ID1][feature-jarm] +- [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)][feature-jarm] - [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 04][feature-dpop] - [OAuth 2.0 Authorization Server Issuer Identification - draft-04][feature-iss] @@ -273,7 +273,7 @@ See [Customizing (docs)][documentation-customizing]. [feature-mtls]: https://tools.ietf.org/html/rfc8705 [feature-device-flow]: https://tools.ietf.org/html/rfc8628 [feature-rp-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0.html -[feature-jarm]: https://openid.net/specs/openid-financial-api-jarm-ID1.html +[feature-jarm]: https://openid.net/specs/oauth-v2-jarm.html [feature-fapi]: https://openid.net/specs/openid-financial-api-part-2-1_0.html [feature-dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-04 [feature-par]: https://www.rfc-editor.org/rfc/rfc9126.html From 10e3a37efe2635c4b21fba30f5646ef7cf2f4b95 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 9 Nov 2022 15:32:30 +0100 Subject: [PATCH 056/117] feat: JARM is now a stable feature --- README.md | 4 ++-- lib/client.js | 31 +++++-------------------------- 2 files changed, 7 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index fdced61a..81267bbe 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ openid-client. - [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][feature-fapi] - [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)][feature-jarm] - [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 04][feature-dpop] -- [OAuth 2.0 Authorization Server Issuer Identification - draft-04][feature-iss] +- [OAuth 2.0 Authorization Server Issuer Identification][feature-iss] Updates to draft specifications (DPoP, JARM, etc) are released as MINOR library versions, if you utilize these specification implementations consider using the tilde `~` operator in your @@ -278,7 +278,7 @@ See [Customizing (docs)][documentation-customizing]. [feature-dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-04 [feature-par]: https://www.rfc-editor.org/rfc/rfc9126.html [feature-jar]: https://www.rfc-editor.org/rfc/rfc9101.html -[feature-iss]: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-iss-auth-resp-04 +[feature-iss]: https://www.rfc-editor.org/rfc/rfc9207.html [openid-certified-link]: https://openid.net/certification/ [passport-url]: http://passportjs.org [npm-url]: https://www.npmjs.com/package/openid-client diff --git a/lib/client.js b/lib/client.js index f535a144..6ec4b51c 100644 --- a/lib/client.js +++ b/lib/client.js @@ -1606,35 +1606,14 @@ class BaseClient { fapi() { return this.constructor.name === 'FAPI1Client'; } -} -/** - * @name validateJARM - * @api private - */ -async function validateJARM(response) { - const expectedAlg = this.authorization_signed_response_alg; - const { payload } = await this.validateJWT(response, expectedAlg, ['iss', 'exp', 'aud']); - return pickCb(payload); + async validateJARM(response) { + const expectedAlg = this.authorization_signed_response_alg; + const { payload } = await this.validateJWT(response, expectedAlg, ['iss', 'exp', 'aud']); + return pickCb(payload); + } } -Object.defineProperty(BaseClient.prototype, 'validateJARM', { - enumerable: true, - configurable: true, - value(...args) { - process.emitWarning( - "The JARM API implements an OIDF implementer's draft. Breaking draft implementations are included as minor versions of the openid-client library, therefore, the ~ semver operator should be used and close attention be payed to library changelog as well as the drafts themselves.", - 'DraftWarning', - ); - Object.defineProperty(BaseClient.prototype, 'validateJARM', { - enumerable: true, - configurable: true, - value: validateJARM, - }); - return this.validateJARM(...args); - }, -}); - const RSPS = /^(?:RS|PS)(?:256|384|512)$/; function determineRsaAlgorithm(privateKey, privateKeyInput, valuesSupported) { if ( From fb6437fd0d116a56fa7e9f047e69eb2022df2b57 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 9 Nov 2022 16:18:17 +0100 Subject: [PATCH 057/117] chore(release): 5.3.0 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4d8ae0a..0758aee3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.3.0](https://github.com/panva/node-openid-client/compare/v5.2.1...v5.3.0) (2022-11-09) + + +### Features + +* JARM is now a stable feature ([10e3a37](https://github.com/panva/node-openid-client/commit/10e3a37efe2635c4b21fba30f5646ef7cf2f4b95)) + ## [5.2.1](https://github.com/panva/node-openid-client/compare/v5.2.0...v5.2.1) (2022-10-20) diff --git a/package-lock.json b/package-lock.json index 3d6ee57a..b0a01e2a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.2.1", + "version": "5.3.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.2.1", + "version": "5.3.0", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index 93cc3eae..22999bbc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.2.1", + "version": "5.3.0", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 773db60b5db0383a6d01e9513b1fc5e9a33cb98b Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 9 Nov 2022 16:20:39 +0100 Subject: [PATCH 058/117] docs: update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 81267bbe..fead7b74 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ openid-client. - [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 04][feature-dpop] - [OAuth 2.0 Authorization Server Issuer Identification][feature-iss] -Updates to draft specifications (DPoP, JARM, etc) are released as MINOR library versions, +Updates to draft specifications are released as MINOR library versions, if you utilize these specification implementations consider using the tilde `~` operator in your package.json since breaking changes may be introduced as part of these version updates. From 0f9b3f55690070c9cdd088e838e1236c704e811d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 10 Nov 2022 13:37:00 +0100 Subject: [PATCH 059/117] chore: bump dev deps --- .github/workflows/test.yml | 2 + package-lock.json | 1035 +----------------------------------- 2 files changed, 3 insertions(+), 1034 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 98cab3e5..5a1d0338 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -50,6 +50,8 @@ jobs: node-version: ${{ matrix.node-version }} cache: 'npm' check-latest: true + - run: npm install --global npm@8 + if: ${{ startsWith(steps.node.outputs.node-version, 'v12') || startsWith(steps.node.outputs.node-version, 'v14') }} - name: Install dependencies run: npm clean-install - run: npm run test diff --git a/package-lock.json b/package-lock.json index b0a01e2a..41789ab8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,7 +1,7 @@ { "name": "openid-client", "version": "5.3.0", - "lockfileVersion": 2, + "lockfileVersion": 3, "requires": true, "packages": { "": { @@ -1399,1038 +1399,5 @@ "url": "https://github.com/sponsors/sindresorhus" } } - }, - "dependencies": { - "@panva/asn1.js": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", - "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==", - "dev": true - }, - "@sinonjs/commons": { - "version": "1.8.5", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.5.tgz", - "integrity": "sha512-rTpCA0wG1wUxglBSFdMMY0oTrKYvgf4fNgv/sXbfCVAdf+FnPBdKJR/7XbpTCwbCrvCbdPYnlWaUUYz4V2fPDA==", - "dev": true, - "requires": { - "type-detect": "4.0.8" - } - }, - "@sinonjs/fake-timers": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-6.0.1.tgz", - "integrity": "sha512-MZPUxrmFubI36XS1DI3qmI0YdN1gks62JtFZvxR67ljjSNCeK6U08Zx4msEWOXuofgqUt6zPHSi1H9fbjR/NRA==", - "dev": true, - "requires": { - "@sinonjs/commons": "^1.7.0" - } - }, - "@sinonjs/samsam": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-5.3.1.tgz", - "integrity": "sha512-1Hc0b1TtyfBu8ixF/tpfSHTVWKwCBLY4QJbkgnE7HcwyvT2xArDxb4K7dMgqRm3szI+LJbzmW/s4xxEhv6hwDg==", - "dev": true, - "requires": { - "@sinonjs/commons": "^1.6.0", - "lodash.get": "^4.4.2", - "type-detect": "^4.0.8" - } - }, - "@sinonjs/text-encoding": { - "version": "0.7.2", - "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.2.tgz", - "integrity": "sha512-sXXKG+uL9IrKqViTtao2Ws6dy0znu9sOaP1di/jKGW1M6VssO8vlpXCQcpZ+jisQ1tTFAC5Jo/EOzFbggBagFQ==", - "dev": true - }, - "@types/body-parser": { - "version": "1.19.2", - "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.2.tgz", - "integrity": "sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==", - "dev": true, - "requires": { - "@types/connect": "*", - "@types/node": "*" - } - }, - "@types/connect": { - "version": "3.4.35", - "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.35.tgz", - "integrity": "sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==", - "dev": true, - "requires": { - "@types/node": "*" - } - }, - "@types/express": { - "version": "4.17.14", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.14.tgz", - "integrity": "sha512-TEbt+vaPFQ+xpxFLFssxUDXj5cWCxZJjIcB7Yg0k0GMHGtgtQgpvx/MUQUeAkNbA9AAGrwkAsoeItdTgS7FMyg==", - "dev": true, - "requires": { - "@types/body-parser": "*", - "@types/express-serve-static-core": "^4.17.18", - "@types/qs": "*", - "@types/serve-static": "*" - } - }, - "@types/express-serve-static-core": { - "version": "4.17.31", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.31.tgz", - "integrity": "sha512-DxMhY+NAsTwMMFHBTtJFNp5qiHKJ7TeqOo23zVEM9alT1Ml27Q3xcTH0xwxn7Q0BbMcVEJOs/7aQtUWupUQN3Q==", - "dev": true, - "requires": { - "@types/node": "*", - "@types/qs": "*", - "@types/range-parser": "*" - } - }, - "@types/mime": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-3.0.1.tgz", - "integrity": "sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA==", - "dev": true - }, - "@types/node": { - "version": "16.18.3", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.3.tgz", - "integrity": "sha512-jh6m0QUhIRcZpNv7Z/rpN+ZWXOicUUQbSoWks7Htkbb9IjFQj4kzcX/xFCkjstCj5flMsN8FiSvt+q+Tcs4Llg==", - "dev": true - }, - "@types/passport": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.11.tgz", - "integrity": "sha512-pz1cx9ptZvozyGKKKIPLcVDVHwae4hrH5d6g5J+DkMRRjR3cVETb4jMabhXAUbg3Ov7T22nFHEgaK2jj+5CBpw==", - "dev": true, - "requires": { - "@types/express": "*" - } - }, - "@types/qs": { - "version": "6.9.7", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.7.tgz", - "integrity": "sha512-FGa1F62FT09qcrueBA6qYTrJPVDzah9a+493+o2PCXsesWHIn27G98TsSMs3WPNbZIEj4+VJf6saSFpvD+3Zsw==", - "dev": true - }, - "@types/range-parser": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.4.tgz", - "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==", - "dev": true - }, - "@types/serve-static": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.0.tgz", - "integrity": "sha512-z5xyF6uh8CbjAu9760KDKsH2FcDxZ2tFCsA4HIMWE6IkiYMXfVoa+4f9KX+FN0ZLsaMw1WNG2ETLA6N+/YA+cg==", - "dev": true, - "requires": { - "@types/mime": "*", - "@types/node": "*" - } - }, - "ansi-colors": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", - "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==", - "dev": true - }, - "ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true - }, - "ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "requires": { - "color-convert": "^2.0.1" - } - }, - "anymatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", - "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", - "dev": true, - "requires": { - "normalize-path": "^3.0.0", - "picomatch": "^2.0.4" - } - }, - "argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, - "assertion-error": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", - "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", - "dev": true - }, - "balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "dev": true - }, - "base64url": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", - "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", - "dev": true - }, - "binary-extensions": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", - "dev": true - }, - "brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "requires": { - "balanced-match": "^1.0.0" - } - }, - "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", - "dev": true, - "requires": { - "fill-range": "^7.0.1" - } - }, - "browser-stdout": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz", - "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==", - "dev": true - }, - "camelcase": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", - "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", - "dev": true - }, - "chai": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz", - "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==", - "dev": true, - "requires": { - "assertion-error": "^1.1.0", - "check-error": "^1.0.2", - "deep-eql": "^4.1.2", - "get-func-name": "^2.0.0", - "loupe": "^2.3.1", - "pathval": "^1.1.1", - "type-detect": "^4.0.5" - } - }, - "chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "dev": true, - "requires": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - }, - "dependencies": { - "supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dev": true, - "requires": { - "has-flag": "^4.0.0" - } - } - } - }, - "check-error": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", - "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==", - "dev": true - }, - "chokidar": { - "version": "3.5.3", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", - "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", - "dev": true, - "requires": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "fsevents": "~2.3.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - } - }, - "cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", - "dev": true, - "requires": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true - }, - "concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", - "dev": true - }, - "core-util-is": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", - "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", - "dev": true - }, - "debug": { - "version": "4.3.4", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", - "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", - "dev": true, - "requires": { - "ms": "2.1.2" - }, - "dependencies": { - "ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true - } - } - }, - "decamelize": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz", - "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==", - "dev": true - }, - "deep-eql": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.2.tgz", - "integrity": "sha512-gT18+YW4CcW/DBNTwAmqTtkJh7f9qqScu2qFVlx7kCoeY9tlBu9cUcr7+I+Z/noG8INehS3xQgLpTtd/QUTn4w==", - "dev": true, - "requires": { - "type-detect": "^4.0.0" - } - }, - "diff": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz", - "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==", - "dev": true - }, - "emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "escalade": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz", - "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==", - "dev": true - }, - "escape-string-regexp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", - "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", - "dev": true - }, - "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", - "dev": true, - "requires": { - "to-regex-range": "^5.0.1" - } - }, - "find-up": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", - "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", - "dev": true, - "requires": { - "locate-path": "^6.0.0", - "path-exists": "^4.0.0" - } - }, - "flat": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", - "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", - "dev": true - }, - "fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", - "dev": true - }, - "fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "optional": true - }, - "get-caller-file": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", - "dev": true - }, - "get-func-name": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", - "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==", - "dev": true - }, - "glob": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", - "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", - "dev": true, - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.0.4", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "dependencies": { - "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, - "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "dev": true, - "requires": { - "brace-expansion": "^1.1.7" - } - } - } - }, - "glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dev": true, - "requires": { - "is-glob": "^4.0.1" - } - }, - "has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "dev": true - }, - "he": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", - "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", - "dev": true - }, - "inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", - "dev": true, - "requires": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", - "dev": true - }, - "is-binary-path": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", - "dev": true, - "requires": { - "binary-extensions": "^2.0.0" - } - }, - "is-extglob": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", - "dev": true - }, - "is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true - }, - "is-glob": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", - "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "dev": true, - "requires": { - "is-extglob": "^2.1.1" - } - }, - "is-number": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", - "dev": true - }, - "is-plain-obj": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz", - "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==", - "dev": true - }, - "is-readable-stream": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-readable-stream/-/is-readable-stream-1.0.1.tgz", - "integrity": "sha512-hj/cPKXI7ITRRFeaHPg9WwEzye4cj+xjcUnvelBuCcBsyXYzYXi//Yh+oSVn8bMiyt1b8cNOPwkYxEJXl+6v7w==", - "dev": true - }, - "is-unicode-supported": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", - "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", - "dev": true - }, - "isarray": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", - "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", - "dev": true - }, - "jose": { - "version": "4.11.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.11.0.tgz", - "integrity": "sha512-wLe+lJHeG8Xt6uEubS4x0LVjS/3kXXu9dGoj9BNnlhYq7Kts0Pbb2pvv5KiI0yaKH/eaiR0LUOBhOVo9ktd05A==" - }, - "jose2": { - "version": "npm:jose@2.0.6", - "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.6.tgz", - "integrity": "sha512-FVoPY7SflDodE4lknJmbAHSUjLCzE2H1F6MS0RYKMQ8SR+lNccpMf8R4eqkNYyyUjR5qZReOzZo5C5YiHOCjjg==", - "dev": true, - "requires": { - "@panva/asn1.js": "^1.0.0" - } - }, - "js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "requires": { - "argparse": "^2.0.1" - } - }, - "json-stringify-safe": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz", - "integrity": "sha512-ZClg6AaYvamvYEE82d3Iyd3vSSIjQ+odgjaTzRuO3s7toCdFKczob2i0zCh7JE8kWn17yvAWhUVxvqGwUalsRA==", - "dev": true - }, - "just-extend": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", - "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", - "dev": true - }, - "locate-path": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", - "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", - "dev": true, - "requires": { - "p-locate": "^5.0.0" - } - }, - "lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true - }, - "lodash.get": { - "version": "4.4.2", - "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", - "integrity": "sha512-z+Uw/vLuy6gQe8cfaFWD7p0wVv8fJl3mbzXh33RS+0oW2wvUqiRXiQ69gLWSLpgB5/6sU+r6BlQR0MBILadqTQ==", - "dev": true - }, - "log-symbols": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", - "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", - "dev": true, - "requires": { - "chalk": "^4.1.0", - "is-unicode-supported": "^0.1.0" - } - }, - "loupe": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.6.tgz", - "integrity": "sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==", - "dev": true, - "requires": { - "get-func-name": "^2.0.0" - } - }, - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - }, - "methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", - "dev": true - }, - "minimatch": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz", - "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==", - "dev": true, - "requires": { - "brace-expansion": "^2.0.1" - } - }, - "mocha": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz", - "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==", - "dev": true, - "requires": { - "ansi-colors": "4.1.1", - "browser-stdout": "1.3.1", - "chokidar": "3.5.3", - "debug": "4.3.4", - "diff": "5.0.0", - "escape-string-regexp": "4.0.0", - "find-up": "5.0.0", - "glob": "7.2.0", - "he": "1.2.0", - "js-yaml": "4.1.0", - "log-symbols": "4.1.0", - "minimatch": "5.0.1", - "ms": "2.1.3", - "nanoid": "3.3.3", - "serialize-javascript": "6.0.0", - "strip-json-comments": "3.1.1", - "supports-color": "8.1.1", - "workerpool": "6.2.1", - "yargs": "16.2.0", - "yargs-parser": "20.2.4", - "yargs-unparser": "2.0.0" - } - }, - "ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", - "dev": true - }, - "nanoid": { - "version": "3.3.3", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz", - "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==", - "dev": true - }, - "nise": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/nise/-/nise-4.1.0.tgz", - "integrity": "sha512-eQMEmGN/8arp0xsvGoQ+B1qvSkR73B1nWSCh7nOt5neMCtwcQVYQGdzQMhcNscktTsWB54xnlSQFzOAPJD8nXA==", - "dev": true, - "requires": { - "@sinonjs/commons": "^1.7.0", - "@sinonjs/fake-timers": "^6.0.0", - "@sinonjs/text-encoding": "^0.7.1", - "just-extend": "^4.0.2", - "path-to-regexp": "^1.7.0" - } - }, - "nock": { - "version": "13.2.9", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.2.9.tgz", - "integrity": "sha512-1+XfJNYF1cjGB+TKMWi29eZ0b82QOvQs2YoLNzbpWGqFMtRQHTa57osqdGj4FrFPgkO4D4AZinzUJR9VvW3QUA==", - "dev": true, - "requires": { - "debug": "^4.1.0", - "json-stringify-safe": "^5.0.1", - "lodash": "^4.17.21", - "propagate": "^2.0.0" - } - }, - "normalize-path": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", - "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", - "dev": true - }, - "object-hash": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", - "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" - }, - "oidc-token-hash": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.1.tgz", - "integrity": "sha512-EvoOtz6FIEBzE+9q253HsLCVRiK/0doEJ2HCvvqMQb3dHZrP3WlJKYtJ55CRTw4jmYomzH4wkPuCj/I3ZvpKxQ==" - }, - "once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", - "dev": true, - "requires": { - "wrappy": "1" - } - }, - "p-limit": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", - "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", - "dev": true, - "requires": { - "yocto-queue": "^0.1.0" - } - }, - "p-locate": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", - "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", - "dev": true, - "requires": { - "p-limit": "^3.0.2" - } - }, - "path-exists": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", - "dev": true - }, - "path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", - "dev": true - }, - "path-to-regexp": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", - "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", - "dev": true, - "requires": { - "isarray": "0.0.1" - } - }, - "pathval": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", - "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", - "dev": true - }, - "picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", - "dev": true - }, - "prettier": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz", - "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==", - "dev": true - }, - "propagate": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/propagate/-/propagate-2.0.1.tgz", - "integrity": "sha512-vGrhOavPSTz4QVNuBNdcNXePNdNMaO1xj9yBeH1ScQPjk/rhg9sSlCXPhMkFuaNNW/syTvYqsnbIJxMBfRbbag==", - "dev": true - }, - "randombytes": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", - "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", - "dev": true, - "requires": { - "safe-buffer": "^5.1.0" - } - }, - "readable-mock-req": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/readable-mock-req/-/readable-mock-req-0.2.2.tgz", - "integrity": "sha512-SQwHpJeeCsmtZ8mZmi4aoS3ujArujrQp7QMqt4t+O4f9sBztMv0V9Oufdc1vjzU7MMCc9TLOj7tYKoRE/QHMMg==", - "dev": true, - "requires": { - "is-readable-stream": "~1.0.0", - "methods": "~1.1.1", - "readable-stream": "~1.1.0" - } - }, - "readable-stream": { - "version": "1.1.14", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", - "integrity": "sha512-+MeVjFf4L44XUkhM1eYbD8fyEsxcV81pqMSR5gblfcLCHfZvbrqy4/qYHE+/R5HoBUT11WV5O08Cr1n3YXkWVQ==", - "dev": true, - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.1", - "isarray": "0.0.1", - "string_decoder": "~0.10.x" - } - }, - "readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "dev": true, - "requires": { - "picomatch": "^2.2.1" - } - }, - "require-directory": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", - "dev": true - }, - "safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "dev": true - }, - "serialize-javascript": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz", - "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==", - "dev": true, - "requires": { - "randombytes": "^2.1.0" - } - }, - "sinon": { - "version": "9.2.4", - "resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.4.tgz", - "integrity": "sha512-zljcULZQsJxVra28qIAL6ow1Z9tpattkCTEJR4RBP3TGc00FcttsP5pK284Nas5WjMZU5Yzy3kAIp3B3KRf5Yg==", - "dev": true, - "requires": { - "@sinonjs/commons": "^1.8.1", - "@sinonjs/fake-timers": "^6.0.1", - "@sinonjs/samsam": "^5.3.1", - "diff": "^4.0.2", - "nise": "^4.0.4", - "supports-color": "^7.1.0" - }, - "dependencies": { - "diff": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", - "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", - "dev": true - }, - "supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dev": true, - "requires": { - "has-flag": "^4.0.0" - } - } - } - }, - "string_decoder": { - "version": "0.10.31", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", - "integrity": "sha512-ev2QzSzWPYmy9GuqfIVildA4OdcGLeFZQrq5ys6RtiuF+RQQiZWr8TZNyAcuVXyQRYfEO+MsoB/1BuQVhOJuoQ==", - "dev": true - }, - "string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "requires": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - } - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "requires": { - "ansi-regex": "^5.0.1" - } - }, - "strip-json-comments": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", - "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", - "dev": true - }, - "supports-color": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", - "dev": true, - "requires": { - "has-flag": "^4.0.0" - } - }, - "timekeeper": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.2.0.tgz", - "integrity": "sha512-W3AmPTJWZkRwu+iSNxPIsLZ2ByADsOLbbLxe46UJyWj3mlYLlwucKiq+/dPm0l9wTzqoF3/2PH0AGFCebjq23A==", - "dev": true - }, - "to-regex-range": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", - "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "dev": true, - "requires": { - "is-number": "^7.0.0" - } - }, - "type-detect": { - "version": "4.0.8", - "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", - "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", - "dev": true - }, - "workerpool": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz", - "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==", - "dev": true - }, - "wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - } - }, - "wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", - "dev": true - }, - "y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true - }, - "yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, - "yargs": { - "version": "16.2.0", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz", - "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==", - "dev": true, - "requires": { - "cliui": "^7.0.2", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.0", - "y18n": "^5.0.5", - "yargs-parser": "^20.2.2" - } - }, - "yargs-parser": { - "version": "20.2.4", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz", - "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==", - "dev": true - }, - "yargs-unparser": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz", - "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==", - "dev": true, - "requires": { - "camelcase": "^6.0.0", - "decamelize": "^4.0.0", - "flat": "^5.0.2", - "is-plain-obj": "^2.1.0" - } - }, - "yocto-queue": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", - "dev": true - } } } From 666e0656da6e1070ee952a19f67a1e6e5f633c4e Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 11 Nov 2022 12:11:33 +0100 Subject: [PATCH 060/117] chore: update issue config.yml --- .github/ISSUE_TEMPLATE/config.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 4e17abd1..593028c0 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -13,9 +13,3 @@ contact_links: about: Are you asking your nth question? Relying on openid-client for critical operations? Consider supporting the project so that it may continue being maintained. - - name: Report a security vulnerability - url: https://en.wikipedia.org/wiki/Responsible_disclosure - about: - Do not disclose vulnerabilities via issues or discussions. Reach out to the project team - via e.g. email, we'll work together on patching the vulnerability and follow some form of - Responsible disclosure once fixed. Thank you. From 8bc9519d56a9759fedbad2418420f0c5b75f2455 Mon Sep 17 00:00:00 2001 From: Roemer Hendrikx Date: Mon, 28 Nov 2022 14:44:15 +0100 Subject: [PATCH 061/117] fix(typescript): requestResource returns a Promise (#546) Closes #488 --- types/index.d.ts | 2 +- types/openid-client-tests.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/types/index.d.ts b/types/index.d.ts index d54f98a1..d6b5aa0f 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -351,7 +351,7 @@ declare class BaseClient { tokenType?: string; DPoP?: DPoPInput; }, - ): { body?: Buffer } & http.IncomingMessage; + ): Promise<{ body?: Buffer } & http.IncomingMessage>; grant(body: GrantBody, extras?: GrantExtras): Promise; introspect( token: string, diff --git a/types/openid-client-tests.ts b/types/openid-client-tests.ts index 7ca13a5c..dc958155 100644 --- a/types/openid-client-tests.ts +++ b/types/openid-client-tests.ts @@ -167,8 +167,8 @@ async (req: IncomingMessage) => { callbackResponse, { headers: { Accept: 'application/json' } }, ); - console.log(resource.body.byteLength); - console.log(resource.body.toString('utf-8')); + console.log(resource.body!.byteLength); + console.log(resource.body!.toString('utf-8')); // From 3ab9afe5b4a6973687300f868077137c97b906aa Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 28 Nov 2022 14:45:05 +0100 Subject: [PATCH 062/117] chore(release): 5.3.1 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0758aee3..ae27a1ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.3.1](https://github.com/panva/node-openid-client/compare/v5.3.0...v5.3.1) (2022-11-28) + + +### Fixes + +* **typescript:** requestResource returns a Promise ([#546](https://github.com/panva/node-openid-client/issues/546)) ([8bc9519](https://github.com/panva/node-openid-client/commit/8bc9519d56a9759fedbad2418420f0c5b75f2455)), closes [#488](https://github.com/panva/node-openid-client/issues/488) + ## [5.3.0](https://github.com/panva/node-openid-client/compare/v5.2.1...v5.3.0) (2022-11-09) diff --git a/package-lock.json b/package-lock.json index 41789ab8..0b342a76 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.3.0", + "version": "5.3.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.3.0", + "version": "5.3.1", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index 22999bbc..fc061185 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.3.0", + "version": "5.3.1", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From b3c0f3c5f800253dfd5fd793c63faccc0951148e Mon Sep 17 00:00:00 2001 From: Peter Rust Date: Fri, 9 Dec 2022 10:54:11 -0800 Subject: [PATCH 063/117] docs: update clock tolerance text (#549) --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index d5296d64..bee26dc8 100644 --- a/docs/README.md +++ b/docs/README.md @@ -658,7 +658,7 @@ client[custom.http_options] = function (url, options) { #### Customizing clock skew tolerance -It is possible the RP or OP environment has a system clock skew, to set a clock tolerance (in seconds) +It is possible the RP or OP environment has a system clock skew, which can result in the error "JWT not active yet". To set a clock tolerance (in seconds) ```js import { custom } from 'openid-client'; From a78b2ef7f670e06ca4e87e36e5867fbd611a9996 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ca=C3=ADque=20de=20Castro=20Soares=20da=20Silva?= Date: Tue, 3 Jan 2023 16:13:32 -0300 Subject: [PATCH 064/117] docs: update links to main branch (#554) --- CONTRIBUTING.md | 2 +- README.md | 20 ++++++++++---------- docs/README.md | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 86040ccb..10b0095f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,4 +16,4 @@ ask that you keep the language to English and keep on track with the issue at ha be respectful of our fellow contributors and keep an exemplary level of professionalism at all times. -[coc]: https://github.com/panva/node-openid-client/blob/master/CODE_OF_CONDUCT.md +[coc]: https://github.com/panva/node-openid-client/blob/main/CODE_OF_CONDUCT.md diff --git a/README.md b/README.md index fead7b74..14afb8fe 100644 --- a/README.md +++ b/README.md @@ -284,14 +284,14 @@ See [Customizing (docs)][documentation-customizing]. [npm-url]: https://www.npmjs.com/package/openid-client [sponsor-auth0]: https://a0.to/try-auth0 [support-sponsor]: https://github.com/sponsors/panva -[documentation]: https://github.com/panva/node-openid-client/blob/master/docs/README.md -[documentation-issuer]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#issuer -[documentation-client]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#client -[documentation-customizing]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#customizing -[documentation-tokenset]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#tokenset -[documentation-strategy]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#strategy -[documentation-errors]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#errors -[documentation-generators]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#generators -[documentation-methods]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#client-authentication-methods -[documentation-webfinger]: https://github.com/panva/node-openid-client/blob/master/docs/README.md#issuerwebfingerinput +[documentation]: https://github.com/panva/node-openid-client/blob/main/docs/README.md +[documentation-issuer]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#issuer +[documentation-client]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#client +[documentation-customizing]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#customizing +[documentation-tokenset]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#tokenset +[documentation-strategy]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#strategy +[documentation-errors]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#errors +[documentation-generators]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#generators +[documentation-methods]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#client-authentication-methods +[documentation-webfinger]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#issuerwebfingerinput [express-openid-connect]: https://www.npmjs.com/package/express-openid-connect diff --git a/docs/README.md b/docs/README.md index bee26dc8..b2d893ec 100644 --- a/docs/README.md +++ b/docs/README.md @@ -517,7 +517,7 @@ the following are valid values for `token_endpoint_auth_method`. in the request body - `tls_client_auth` and `self_signed_tls_client_auth` - sends client_id in the request body combined with client certificate and key configured via setting `cert` and `key` on a per-request basis - using [`docs#customizing-http-requests`](https://github.com/panva/node-openid-client/tree/master/docs#customizing-http-requests) + using [`docs#customizing-http-requests`](https://github.com/panva/node-openid-client/tree/main/docs#customizing-http-requests) Note: `*_jwt` methods resolve their signature algorithm either via the client's configured alg (`token_endpoint_auth_signing_alg`) or any of the issuer's supported algs From 43daff3d780d10d29e8ac8cd56b94d99aaa37986 Mon Sep 17 00:00:00 2001 From: Peter Rust Date: Fri, 20 Jan 2023 04:06:07 -0800 Subject: [PATCH 065/117] fix(passport): ignore static state and nonce passed to Strategy() (#556) Co-authored-by: Filip Skokan --- docs/README.md | 12 +++++++++++- lib/passport_strategy.js | 5 +++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index b2d893ec..53263447 100644 --- a/docs/README.md +++ b/docs/README.md @@ -840,7 +840,7 @@ Creates a new Strategy - `options`: `` - `client`: `` Client instance. The strategy will use it. - - `params`: `` Authorization Request parameters. The strategy will use these. + - `params`: `` Authorization Request parameters. The strategy will use these for every authorization request. - `passReqToCallback`: `` Boolean specifying whether the verify function should get the request object as first argument instead. **Default:** 'false' - `usePKCE`: `` | `` The PKCE method to use. When 'true' it will resolve based @@ -857,6 +857,16 @@ Creates a new Strategy --- +The strategy automatically generates `state` and `nonce` parameters when required. To provide one for a flow where it is optional (for example the `nonce` for the Authorization Code Flow), it can be passed in the optional `options` argument to `passport.authenticate()`: + +```js +app.post('/auth/oidc', function(req, res, next) { + passport.authenticate('oidc', { nonce: crypto.randomBytes(16).toString('base64url') })(req, res, next); +}); +``` + +--- + ## generators diff --git a/lib/passport_strategy.js b/lib/passport_strategy.js index c6784eb8..aafd253d 100644 --- a/lib/passport_strategy.js +++ b/lib/passport_strategy.js @@ -41,6 +41,11 @@ function OpenIDConnectStrategy( this._usePKCE = usePKCE; this._key = sessionKey || `oidc:${url.parse(this._issuer.issuer).hostname}`; this._params = cloneDeep(params); + + // state and nonce should be provided or generated below on each authenticate() + delete this._params.state; + delete this._params.nonce; + this._extras = cloneDeep(extras); if (!this._params.response_type) this._params.response_type = resolveResponseType.call(client); From 93f788d4846b24f756bbdd2045f128f50571d2aa Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 20 Jan 2023 13:06:58 +0100 Subject: [PATCH 066/117] chore: fixup 43daff3 --- docs/README.md | 10 +++---- lib/passport_strategy.js | 2 +- test/passport/passport_strategy.test.js | 35 ++++++++++++++++++++++++- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/docs/README.md b/docs/README.md index 53263447..c6b624da 100644 --- a/docs/README.md +++ b/docs/README.md @@ -855,13 +855,13 @@ Creates a new Strategy - `done`: `` - Returns: `` ---- - -The strategy automatically generates `state` and `nonce` parameters when required. To provide one for a flow where it is optional (for example the `nonce` for the Authorization Code Flow), it can be passed in the optional `options` argument to `passport.authenticate()`: +Note: You can also set authorization request parameters dynamically using the `options` argument in `passport.authenticate([options])`: ```js -app.post('/auth/oidc', function(req, res, next) { - passport.authenticate('oidc', { nonce: crypto.randomBytes(16).toString('base64url') })(req, res, next); +app.get('/protected-route', function(req, res, next) { + if (shouldReConsent(req)) { + passport.authenticate('oidc', { prompt: 'consent' })(req, res, next); + } }); ``` diff --git a/lib/passport_strategy.js b/lib/passport_strategy.js index aafd253d..4f48f837 100644 --- a/lib/passport_strategy.js +++ b/lib/passport_strategy.js @@ -42,7 +42,7 @@ function OpenIDConnectStrategy( this._key = sessionKey || `oidc:${url.parse(this._issuer.issuer).hostname}`; this._params = cloneDeep(params); - // state and nonce should be provided or generated below on each authenticate() + // state and nonce are handled in authenticate() delete this._params.state; delete this._params.nonce; diff --git a/test/passport/passport_strategy.test.js b/test/passport/passport_strategy.test.js index f3abae68..2c19b94c 100644 --- a/test/passport/passport_strategy.test.js +++ b/test/passport/passport_strategy.test.js @@ -197,13 +197,14 @@ describe('OpenIDConnectStrategy', () => { expect(target).to.include(`resource=${encodeURIComponent('urn:example:foo')}`); }); - it('automatically includes nonce for where it applies', function () { + it('automatically includes nonce for where it applies (and ignores one from params)', function () { const strategy = new Strategy( { client: this.client, params: { response_type: 'code id_token token', response_mode: 'form_post', + nonce: 'foo', }, }, () => {}, @@ -220,6 +221,7 @@ describe('OpenIDConnectStrategy', () => { expect(target).to.include('redirect_uri='); expect(target).to.include('scope='); expect(target).to.include('nonce='); + expect(target).not.to.include('nonce=foo'); expect(target).to.include('response_mode=form_post'); expect(req.session).to.have.property('oidc:op.example.com'); expect(req.session['oidc:op.example.com']).to.have.keys( @@ -230,6 +232,37 @@ describe('OpenIDConnectStrategy', () => { ); }); + it('ignores static state coming from params', function () { + const strategy = new Strategy( + { + client: this.client, + params: { + state: 'foo', + }, + }, + () => {}, + ); + + const req = new MockRequest('GET', '/login/oidc'); + req.session = {}; + + strategy.redirect = sinon.spy(); + strategy.authenticate(req); + + expect(strategy.redirect.calledOnce).to.be.true; + const target = strategy.redirect.firstCall.args[0]; + expect(target).to.include('redirect_uri='); + expect(target).to.include('scope='); + expect(target).to.include('state='); + expect(target).not.to.include('state=foo'); + expect(req.session).to.have.property('oidc:op.example.com'); + expect(req.session['oidc:op.example.com']).to.have.keys( + 'state', + 'response_type', + 'code_verifier', + ); + }); + describe('use pkce', () => { it('will throw when explictly provided value is not supported', function () { expect(() => { From 7ffb0c1b01acad0870e132c7d5939bd99952c52c Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 20 Jan 2023 13:08:35 +0100 Subject: [PATCH 067/117] chore(release): 5.3.2 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae27a1ef..9c2521a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.3.2](https://github.com/panva/node-openid-client/compare/v5.3.1...v5.3.2) (2023-01-20) + + +### Fixes + +* **passport:** ignore static state and nonce passed to Strategy() ([#556](https://github.com/panva/node-openid-client/issues/556)) ([43daff3](https://github.com/panva/node-openid-client/commit/43daff3d780d10d29e8ac8cd56b94d99aaa37986)) + ## [5.3.1](https://github.com/panva/node-openid-client/compare/v5.3.0...v5.3.1) (2022-11-28) diff --git a/package-lock.json b/package-lock.json index 0b342a76..9fbac8e1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.3.1", + "version": "5.3.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.3.1", + "version": "5.3.2", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index fc061185..0976552d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.3.1", + "version": "5.3.2", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From f73caad5eb57b86eee0b834e98fec4a0e077ed69 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 23 Jan 2023 17:05:36 +0100 Subject: [PATCH 068/117] ci: update lock.yml --- .github/workflows/lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 36710eba..f3c9fa2a 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -9,7 +9,7 @@ jobs: continue-on-error: true runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@e460dfeb36e731f3aeb214be6b0c9a9d9a67eda6 + - uses: dessant/lock-threads@c1b35ae # v4.0.0 with: github-token: ${{ github.token }} issue-inactive-days: '90' From 7bd3e8d2794e98cd20270344927121baa5556c94 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 27 Jan 2023 08:28:09 +0100 Subject: [PATCH 069/117] docs: link out to oauth4webapi --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 14afb8fe..c7cbd5b8 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,11 @@ Node.js LTS releases Codename Erbium and newer LTS releases are supported. npm install openid-client ``` +Note: Other javascript runtimes are not supported. +I recommend [panva/oauth4webapi][oauth4webapi], or a derivate thereof, if you're +looking for a similarly compliant and certified client software that's not dependent +on the Node.js runtime builtins. + ## Quick start Discover an Issuer configuration using its published .well-known endpoints @@ -252,8 +257,10 @@ private API and is subject to change between any versions. #### How do I use it outside of Node.js -It is **only built for Node.js** environments - including openid-client in -browser-environment targeted projects is not supported. +It is **only built for Node.js**. Other javascript runtimes are not supported. +I recommend [panva/oauth4webapi][oauth4webapi], or a derivate thereof, if you're +looking for a similarly compliant and certified client software that's not dependent +on the Node.js runtime builtins. #### How to make the client send client_id and client_secret in the body? @@ -295,3 +302,4 @@ See [Customizing (docs)][documentation-customizing]. [documentation-methods]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#client-authentication-methods [documentation-webfinger]: https://github.com/panva/node-openid-client/blob/main/docs/README.md#issuerwebfingerinput [express-openid-connect]: https://www.npmjs.com/package/express-openid-connect +[oauth4webapi]: https://github.com/panva/oauth4webapi#readme From f1881bc61d424df4576864d610d4840101b45631 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 2 Feb 2023 12:23:24 +0100 Subject: [PATCH 070/117] refactor: remove use of Node.js v8 builtin Refs: #442 Refs: #475 Refs: #555 --- lib/helpers/deep_clone.js | 4 +--- lib/helpers/keystore.js | 5 +---- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/lib/helpers/deep_clone.js b/lib/helpers/deep_clone.js index 4ad037bb..b1a3d9c9 100644 --- a/lib/helpers/deep_clone.js +++ b/lib/helpers/deep_clone.js @@ -1,3 +1 @@ -const { serialize, deserialize } = require('v8'); - -module.exports = globalThis.structuredClone || ((obj) => deserialize(serialize(obj))); +module.exports = globalThis.structuredClone || JSON.parse(JSON.stringify(obj)); diff --git a/lib/helpers/keystore.js b/lib/helpers/keystore.js index e9dad799..e8bba155 100644 --- a/lib/helpers/keystore.js +++ b/lib/helpers/keystore.js @@ -1,9 +1,6 @@ -const v8 = require('v8'); - const jose = require('jose'); -const clone = globalThis.structuredClone || ((value) => v8.deserialize(v8.serialize(value))); - +const clone = require('./deep_clone'); const isPlainObject = require('./is_plain_object'); const isKeyObject = require('./is_key_object'); From 5dbe8bc4e5ad7ac82a3e2071c289dd915fe53ca8 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 2 Feb 2023 12:26:17 +0100 Subject: [PATCH 071/117] chore(release): 5.3.3 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c2521a3..9f51cf88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.3.3](https://github.com/panva/node-openid-client/compare/v5.3.2...v5.3.3) (2023-02-02) + + +### Refactor + +* remove use of Node.js v8 builtin ([f1881bc](https://github.com/panva/node-openid-client/commit/f1881bc61d424df4576864d610d4840101b45631)), closes [#442](https://github.com/panva/node-openid-client/issues/442) [#475](https://github.com/panva/node-openid-client/issues/475) [#555](https://github.com/panva/node-openid-client/issues/555) + ## [5.3.2](https://github.com/panva/node-openid-client/compare/v5.3.1...v5.3.2) (2023-01-20) diff --git a/package-lock.json b/package-lock.json index 9fbac8e1..e2f9d259 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.3.2", + "version": "5.3.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.3.2", + "version": "5.3.3", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index 0976552d..43a6460a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.3.2", + "version": "5.3.3", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 4f6e847f126ca531c73d37e1a756ab62f361f86a Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 2 Feb 2023 12:28:48 +0100 Subject: [PATCH 072/117] fix: regression introduced in v5.3.3 --- lib/helpers/deep_clone.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/helpers/deep_clone.js b/lib/helpers/deep_clone.js index b1a3d9c9..0ec848a2 100644 --- a/lib/helpers/deep_clone.js +++ b/lib/helpers/deep_clone.js @@ -1 +1 @@ -module.exports = globalThis.structuredClone || JSON.parse(JSON.stringify(obj)); +module.exports = globalThis.structuredClone || ((obj) => JSON.parse(JSON.stringify(obj))); From 363c2152d125580897b394841bfc785b0cdcb054 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 2 Feb 2023 12:29:25 +0100 Subject: [PATCH 073/117] chore(release): 5.3.4 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f51cf88..b2d7dc31 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.3.4](https://github.com/panva/node-openid-client/compare/v5.3.3...v5.3.4) (2023-02-02) + + +### Fixes + +* regression introduced in v5.3.3 ([4f6e847](https://github.com/panva/node-openid-client/commit/4f6e847f126ca531c73d37e1a756ab62f361f86a)) + ## [5.3.3](https://github.com/panva/node-openid-client/compare/v5.3.2...v5.3.3) (2023-02-02) diff --git a/package-lock.json b/package-lock.json index e2f9d259..72868482 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.3.3", + "version": "5.3.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.3.3", + "version": "5.3.4", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index 43a6460a..f2b516ec 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.3.3", + "version": "5.3.4", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 568709abc786cc8e2d9c8de1543b0c488c284098 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 5 Feb 2023 17:51:10 +0100 Subject: [PATCH 074/117] feat: allow third party initiated login requests to trigger strategy closes #510 closes #564 --- lib/passport_strategy.js | 10 ++++++++-- test/passport/passport_strategy.test.js | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/lib/passport_strategy.js b/lib/passport_strategy.js index 4f48f837..523458f8 100644 --- a/lib/passport_strategy.js +++ b/lib/passport_strategy.js @@ -84,8 +84,14 @@ OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, option const reqParams = client.callbackParams(req); const sessionKey = this._key; - /* start authentication request */ - if (Object.keys(reqParams).length === 0) { + const { 0: parameter, length } = Object.keys(reqParams); + + /** + * Start authentication request if this has no authorization response parameters or + * this might a login initiated from a third party as per + * https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin. + */ + if (length === 0 || (length === 1 && parameter === 'iss')) { // provide options object with extra authentication parameters const params = { state: random(), diff --git a/test/passport/passport_strategy.test.js b/test/passport/passport_strategy.test.js index 2c19b94c..3ac1e1e2 100644 --- a/test/passport/passport_strategy.test.js +++ b/test/passport/passport_strategy.test.js @@ -128,6 +128,28 @@ describe('OpenIDConnectStrategy', () => { ); }); + it('starts authentication requests for TPIL GETs', function () { + const params = { iss: 'https://op.example.com' }; + const strategy = new Strategy({ client: this.client, params }, () => {}); + + const req = new MockRequest('GET', '/login/oidc'); + req.session = {}; + + strategy.redirect = sinon.spy(); + strategy.authenticate(req); + + expect(strategy.redirect.calledOnce).to.be.true; + const target = strategy.redirect.firstCall.args[0]; + expect(target).to.include('redirect_uri='); + expect(target).to.include('scope='); + expect(req.session).to.have.property('oidc:op.example.com'); + expect(req.session['oidc:op.example.com']).to.have.keys( + 'state', + 'response_type', + 'code_verifier', + ); + }); + it('starts authentication requests for POSTs', function () { const strategy = new Strategy({ client: this.client }, () => {}); From a6f3f0afa4b16a0cd6dcd9ff22b41b6147cbf384 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 5 Feb 2023 17:51:52 +0100 Subject: [PATCH 075/117] chore(release): 5.4.0 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2d7dc31..c306c23a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.4.0](https://github.com/panva/node-openid-client/compare/v5.3.4...v5.4.0) (2023-02-05) + + +### Features + +* allow third party initiated login requests to trigger strategy ([568709a](https://github.com/panva/node-openid-client/commit/568709abc786cc8e2d9c8de1543b0c488c284098)), closes [#510](https://github.com/panva/node-openid-client/issues/510) [#564](https://github.com/panva/node-openid-client/issues/564) + ## [5.3.4](https://github.com/panva/node-openid-client/compare/v5.3.3...v5.3.4) (2023-02-02) diff --git a/package-lock.json b/package-lock.json index 72868482..021e67a2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.3.4", + "version": "5.4.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.3.4", + "version": "5.4.0", "license": "MIT", "dependencies": { "jose": "^4.10.0", diff --git a/package.json b/package.json index f2b516ec..f592920c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.3.4", + "version": "5.4.0", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From bd8a12fd533d07d6e1fe5fddd2558f447743640d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 6 Feb 2023 22:03:04 +0100 Subject: [PATCH 076/117] ci: update ci triggers --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5a1d0338..06ebf2e7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,7 +2,9 @@ name: Test on: push: + branches: [main] pull_request: + branches: [main] schedule: - cron: '20 11 * * 1' workflow_dispatch: From 17a04bfefa72e38d0e00e51795ea33fee9e43f3a Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 13:38:15 +0100 Subject: [PATCH 077/117] ci: split test and conformance workflow files --- .github/workflows/conformance.yml | 193 ++++++++++++++++++++++++++++++ .github/workflows/test.yml | 183 +--------------------------- 2 files changed, 199 insertions(+), 177 deletions(-) create mode 100644 .github/workflows/conformance.yml diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml new file mode 100644 index 00000000..f65e6776 --- /dev/null +++ b/.github/workflows/conformance.yml @@ -0,0 +1,193 @@ +name: Test + +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: + - cron: '20 11 * * 1' + workflow_dispatch: + inputs: + conformance-version: + description: 'Conformance Suite Version (commit hash)' + required: false + +jobs: + build-conformance-suite: + runs-on: ubuntu-latest + outputs: + cache-key: ${{ steps.cache-key.outputs.value }} + steps: + - name: Environment Information + run: npx envinfo + - name: Checkout + uses: actions/checkout@v3 + - name: Set Conformance Suite Version from GitLab + if: ${{ !github.event.inputs.conformance-version }} + run: | + export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Set Conformance Suite Version from Workflow Dispatch + if: ${{ github.event.inputs.conformance-version }} + run: | + echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV + - id: cache-key + run: echo "value=suite-${{ hashFiles('.github/workflows/conformance.yml') }}-${{ env.VERSION }}" >> $GITHUB_OUTPUT + - name: Load Cached Conformance Suite Build + uses: actions/cache@v3 + id: cache + with: + path: ./conformance-suite + key: ${{ steps.cache-key.outputs.value }} + - run: | + echo "### Conformance Suite Details" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Version: **${{ env.VERSION }}**" >> $GITHUB_STEP_SUMMARY + echo "Cache Key: **${{ steps.cache-key.outputs.value }}**" >> $GITHUB_STEP_SUMMARY + echo "Cache Hit: **${{ steps.cache.outputs.cache-hit || false }}**" >> $GITHUB_STEP_SUMMARY + - name: Conformance Suite Checkout + if: ${{ steps.cache.outputs.cache-hit != 'true' }} + run: git clone https://gitlab.com/openid/conformance-suite.git + - run: git reset --hard ${{ env.VERSION }} + working-directory: ./conformance-suite + - name: Conformance Suite Build + working-directory: ./conformance-suite + if: ${{ steps.cache.outputs.cache-hit != 'true' }} + env: + MAVEN_CACHE: ./m2 + run: | + sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties + sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml + docker-compose -f builder-compose.yml run builder + + conformance-suite: + runs-on: ubuntu-latest + needs: + - build-conformance-suite + env: + NODE_TLS_REJECT_UNAUTHORIZED: 0 + DEBUG: runner,moduleId* + SUITE_BASE_URL: https://localhost.emobix.co.uk:8443 + PLAN_NAME: ${{ matrix.setup.plan }} + VARIANT: ${{ toJSON(matrix.setup) }} + strategy: + fail-fast: false + matrix: + setup: + # OIDC BASIC + - plan: oidcc-client-basic-certification-test-plan + + # OIDC IMPLICIT + - plan: oidcc-client-implicit-certification-test-plan + + # OIDC HYBRID + - plan: oidcc-client-hybrid-certification-test-plan + + # OIDC CONFIG + - plan: oidcc-client-config-certification-test-plan + + # OIDC DYNAMIC + # TODO: work around the request_uri lodging service EOL + # - plan: oidcc-client-dynamic-certification-test-plan + + # FAPI 1.0 ID-2 + - plan: fapi-rw-id2-client-test-plan + client_auth_type: mtls + - plan: fapi-rw-id2-client-test-plan + client_auth_type: private_key_jwt + + # FAPI 1.0 Advanced Final + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: private_key_jwt + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: mtls + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: mtls + fapi_auth_request_method: pushed + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: private_key_jwt + fapi_auth_request_method: pushed + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: mtls + fapi_response_mode: jarm + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: private_key_jwt + fapi_response_mode: jarm + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: mtls + fapi_auth_request_method: pushed + fapi_response_mode: jarm + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: private_key_jwt + fapi_auth_request_method: pushed + fapi_response_mode: jarm + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: mtls + fapi_auth_request_method: pushed + fapi_response_mode: jarm + fapi_client_type: plain_oauth + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: mtls + fapi_response_mode: jarm + fapi_client_type: plain_oauth + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: private_key_jwt + fapi_auth_request_method: pushed + fapi_response_mode: jarm + fapi_client_type: plain_oauth + - plan: fapi1-advanced-final-client-test-plan + client_auth_type: private_key_jwt + fapi_response_mode: jarm + fapi_client_type: plain_oauth + + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set Conformance Suite Version + run: | + export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Load Cached Conformance Suite Build + uses: actions/cache@v3 + id: cache + with: + path: ./conformance-suite + key: ${{ needs.build-conformance-suite.outputs.cache-key }} + - name: Abort if Conformance Suite isn't cached + if: ${{ steps.cache.outputs.cache-hit != 'true' }} + uses: actions/github-script@v6 + with: + script: | + core.setFailed('Conformance Suite cache hit failed') + - name: Run Conformance Suite + working-directory: ./conformance-suite + run: | + docker-compose -f docker-compose-dev.yml up -d + while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done + - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner + - uses: actions/setup-node@v3 + with: + node-version: lts/hydrogen # 18 + cache: 'npm' + check-latest: true + - run: npm clean-install + working-directory: ./runner + - run: npm install ${{ github.repository }}#${{ github.sha }} + working-directory: ./runner + - run: npm run test + working-directory: ./runner + - name: Upload test artifacts + uses: actions/upload-artifact@v3 + with: + path: runner/export-*.zip + name: ${{ matrix.setup.plan }} failed html results + if-no-files-found: ignore + if: ${{ failure() }} + - name: Upload test logs + uses: actions/upload-artifact@v3 + with: + if-no-files-found: warn + name: ${{ matrix.setup.plan }} runner logs + path: runner/logs/*.log + if: ${{ failure() }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 06ebf2e7..ca88452e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,16 +8,14 @@ on: schedule: - cron: '20 11 * * 1' workflow_dispatch: - inputs: - conformance-version: - description: 'Conformance Suite Version (commit hash)' - required: false jobs: audit: name: NPM Audit (Production) runs-on: ubuntu-latest steps: + - name: Environment Information + run: npx envinfo - name: Checkout uses: actions/checkout@v3 - name: Setup node @@ -43,6 +41,8 @@ jobs: - lts/hydrogen # 18 - current steps: + - name: Environment Information + run: npx envinfo - name: Checkout uses: actions/checkout@v3 - name: Setup node @@ -61,6 +61,8 @@ jobs: electron: runs-on: ubuntu-latest steps: + - name: Environment Information + run: npx envinfo - uses: actions/checkout@v3 - uses: actions/setup-node@v3 id: node @@ -71,176 +73,3 @@ jobs: - name: Install dependencies run: npm clean-install - run: npx xvfb-maybe npx electron@latest ./test/electron test/**/*.test.js - - build-conformance-suite: - runs-on: ubuntu-latest - outputs: - cache-key: ${{ steps.cache-key.outputs.value }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set Conformance Suite Version from GitLab - if: ${{ !github.event.inputs.conformance-version }} - run: | - export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) - echo "VERSION=$VERSION" >> $GITHUB_ENV - - name: Set Conformance Suite Version from Workflow Dispatch - if: ${{ github.event.inputs.conformance-version }} - run: | - echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV - - id: cache-key - run: echo "value=suite-${{ hashFiles('.github/workflows/test.yml') }}-${{ env.VERSION }}" >> $GITHUB_OUTPUT - - name: Load Cached Conformance Suite Build - uses: actions/cache@v3 - id: cache - with: - path: ./conformance-suite - key: ${{ steps.cache-key.outputs.value }} - - name: Conformance Suite Checkout - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - run: git clone https://gitlab.com/openid/conformance-suite.git - - run: git reset --hard ${{ env.VERSION }} - working-directory: ./conformance-suite - - name: Conformance Suite Build - working-directory: ./conformance-suite - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - env: - MAVEN_CACHE: ./m2 - run: | - sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties - sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml - docker-compose -f builder-compose.yml run builder - - conformance-suite: - runs-on: ubuntu-latest - needs: - - audit - - test - - electron - - build-conformance-suite - env: - NODE_TLS_REJECT_UNAUTHORIZED: 0 - DEBUG: runner,moduleId* - SUITE_BASE_URL: https://localhost.emobix.co.uk:8443 - PLAN_NAME: ${{ matrix.setup.plan }} - VARIANT: ${{ toJSON(matrix.setup) }} - strategy: - fail-fast: false - matrix: - setup: - # OIDC BASIC - - plan: oidcc-client-basic-certification-test-plan - - # OIDC IMPLICIT - - plan: oidcc-client-implicit-certification-test-plan - - # OIDC HYBRID - - plan: oidcc-client-hybrid-certification-test-plan - - # OIDC CONFIG - - plan: oidcc-client-config-certification-test-plan - - # OIDC DYNAMIC - # TODO: work around the request_uri lodging service EOL - # - plan: oidcc-client-dynamic-certification-test-plan - - # FAPI 1.0 ID-2 - - plan: fapi-rw-id2-client-test-plan - client_auth_type: mtls - - plan: fapi-rw-id2-client-test-plan - client_auth_type: private_key_jwt - - # FAPI 1.0 Advanced Final - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: private_key_jwt - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: mtls - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: mtls - fapi_auth_request_method: pushed - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: private_key_jwt - fapi_auth_request_method: pushed - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: mtls - fapi_response_mode: jarm - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: private_key_jwt - fapi_response_mode: jarm - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: mtls - fapi_auth_request_method: pushed - fapi_response_mode: jarm - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: private_key_jwt - fapi_auth_request_method: pushed - fapi_response_mode: jarm - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: mtls - fapi_auth_request_method: pushed - fapi_response_mode: jarm - fapi_client_type: plain_oauth - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: mtls - fapi_response_mode: jarm - fapi_client_type: plain_oauth - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: private_key_jwt - fapi_auth_request_method: pushed - fapi_response_mode: jarm - fapi_client_type: plain_oauth - - plan: fapi1-advanced-final-client-test-plan - client_auth_type: private_key_jwt - fapi_response_mode: jarm - fapi_client_type: plain_oauth - - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set Conformance Suite Version - run: | - export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) - echo "VERSION=$VERSION" >> $GITHUB_ENV - - name: Load Cached Conformance Suite Build - uses: actions/cache@v3 - id: cache - with: - path: ./conformance-suite - key: ${{ needs.build-conformance-suite.outputs.cache-key }} - - name: Abort if Conformance Suite isn't cached - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: actions/github-script@v6 - with: - script: | - core.setFailed('Conformance Suite cache hit failed') - - name: Run Conformance Suite - working-directory: ./conformance-suite - run: | - docker-compose -f docker-compose-dev.yml up -d - while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done - - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - - uses: actions/setup-node@v3 - with: - node-version: lts/hydrogen # 18 - cache: 'npm' - check-latest: true - - run: npm clean-install - working-directory: ./runner - - run: npm install ${{ github.repository }}#${{ github.sha }} - working-directory: ./runner - - run: npm run test - working-directory: ./runner - - name: Upload test artifacts - uses: actions/upload-artifact@v3 - with: - path: runner/export-*.zip - name: ${{ matrix.setup.plan }} failed html results - if-no-files-found: ignore - if: ${{ failure() }} - - name: Upload test logs - uses: actions/upload-artifact@v3 - with: - if-no-files-found: warn - name: ${{ matrix.setup.plan }} runner logs - path: runner/logs/*.log - if: ${{ failure() }} From 2d8c1adb59184b60cad7cb258af8292880c3a635 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 13:39:43 +0100 Subject: [PATCH 078/117] ci: update conformance workflow name --- .github/workflows/conformance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index f65e6776..8bf772a8 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -1,4 +1,4 @@ -name: Test +name: Conformance Checks on: push: From e9ac6de702a43dd123705c6f3930fbdd914f1dcd Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 14:46:47 +0100 Subject: [PATCH 079/117] ci: update npm audit job --- .github/workflows/test.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ca88452e..19e5a0bd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,7 +11,8 @@ on: jobs: audit: - name: NPM Audit (Production) + name: Audit NPM Dependencies + continue-on-error: true runs-on: ubuntu-latest steps: - name: Environment Information @@ -24,8 +25,8 @@ jobs: node-version: lts/hydrogen # 18 cache: 'npm' check-latest: true - - name: Install dependencies - run: npm clean-install + - run: npm clean-install + - run: npm upgrade - run: npm audit --production test: From 05df47db8c9b1852f7c566d14f98f14284ebab93 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 21:56:55 +0100 Subject: [PATCH 080/117] ci: cleanup conformance.yml --- .github/workflows/conformance.yml | 40 ++++++++----------------------- 1 file changed, 10 insertions(+), 30 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 8bf772a8..e44f17b7 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -8,32 +8,19 @@ on: schedule: - cron: '20 11 * * 1' workflow_dispatch: - inputs: - conformance-version: - description: 'Conformance Suite Version (commit hash)' - required: false jobs: - build-conformance-suite: + build: runs-on: ubuntu-latest outputs: cache-key: ${{ steps.cache-key.outputs.value }} steps: - name: Environment Information run: npx envinfo - - name: Checkout - uses: actions/checkout@v3 - - name: Set Conformance Suite Version from GitLab - if: ${{ !github.event.inputs.conformance-version }} - run: | - export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) - echo "VERSION=$VERSION" >> $GITHUB_ENV - - name: Set Conformance Suite Version from Workflow Dispatch - if: ${{ github.event.inputs.conformance-version }} - run: | - echo "VERSION=${{ github.event.inputs.conformance-version }}" >> $GITHUB_ENV + - name: Set Conformance Suite Version + run: echo "VERSION=$(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')" >> $GITHUB_ENV - id: cache-key - run: echo "value=suite-${{ hashFiles('.github/workflows/conformance.yml') }}-${{ env.VERSION }}" >> $GITHUB_OUTPUT + run: echo "value=suite-${{ env.VERSION }}" >> $GITHUB_OUTPUT - name: Load Cached Conformance Suite Build uses: actions/cache@v3 id: cache @@ -48,23 +35,21 @@ jobs: echo "Cache Hit: **${{ steps.cache.outputs.cache-hit || false }}**" >> $GITHUB_STEP_SUMMARY - name: Conformance Suite Checkout if: ${{ steps.cache.outputs.cache-hit != 'true' }} - run: git clone https://gitlab.com/openid/conformance-suite.git - - run: git reset --hard ${{ env.VERSION }} - working-directory: ./conformance-suite + run: git clone --branch ${{ env.VERSION }} --depth=1 https://gitlab.com/openid/conformance-suite.git - name: Conformance Suite Build - working-directory: ./conformance-suite if: ${{ steps.cache.outputs.cache-hit != 'true' }} env: MAVEN_CACHE: ./m2 + working-directory: ./conformance-suite run: | sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml docker-compose -f builder-compose.yml run builder - conformance-suite: + run: runs-on: ubuntu-latest needs: - - build-conformance-suite + - build env: NODE_TLS_REJECT_UNAUTHORIZED: 0 DEBUG: runner,moduleId* @@ -153,13 +138,8 @@ jobs: id: cache with: path: ./conformance-suite - key: ${{ needs.build-conformance-suite.outputs.cache-key }} - - name: Abort if Conformance Suite isn't cached - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: actions/github-script@v6 - with: - script: | - core.setFailed('Conformance Suite cache hit failed') + key: ${{ needs.build.outputs.cache-key }} + fail-on-cache-miss: true - name: Run Conformance Suite working-directory: ./conformance-suite run: | From 6b3d234458b7936c218c177ef0aee7820fc8320f Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 22:10:13 +0100 Subject: [PATCH 081/117] ci: add --single-branch to conformance.yml --- .github/workflows/conformance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index e44f17b7..2fe9c905 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -35,7 +35,7 @@ jobs: echo "Cache Hit: **${{ steps.cache.outputs.cache-hit || false }}**" >> $GITHUB_STEP_SUMMARY - name: Conformance Suite Checkout if: ${{ steps.cache.outputs.cache-hit != 'true' }} - run: git clone --branch ${{ env.VERSION }} --depth=1 https://gitlab.com/openid/conformance-suite.git + run: git clone --branch ${{ env.VERSION }} --single-branch --depth=1 https://gitlab.com/openid/conformance-suite.git - name: Conformance Suite Build if: ${{ steps.cache.outputs.cache-hit != 'true' }} env: From 8307eb4c58120570b6322fb67141fd0f04c65754 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 22:25:30 +0100 Subject: [PATCH 082/117] ci: make build a reusable workflow --- .github/workflows/conformance.yml | 35 +------------------------------ 1 file changed, 1 insertion(+), 34 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 2fe9c905..edae0ef9 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -11,40 +11,7 @@ on: jobs: build: - runs-on: ubuntu-latest - outputs: - cache-key: ${{ steps.cache-key.outputs.value }} - steps: - - name: Environment Information - run: npx envinfo - - name: Set Conformance Suite Version - run: echo "VERSION=$(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')" >> $GITHUB_ENV - - id: cache-key - run: echo "value=suite-${{ env.VERSION }}" >> $GITHUB_OUTPUT - - name: Load Cached Conformance Suite Build - uses: actions/cache@v3 - id: cache - with: - path: ./conformance-suite - key: ${{ steps.cache-key.outputs.value }} - - run: | - echo "### Conformance Suite Details" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "Version: **${{ env.VERSION }}**" >> $GITHUB_STEP_SUMMARY - echo "Cache Key: **${{ steps.cache-key.outputs.value }}**" >> $GITHUB_STEP_SUMMARY - echo "Cache Hit: **${{ steps.cache.outputs.cache-hit || false }}**" >> $GITHUB_STEP_SUMMARY - - name: Conformance Suite Checkout - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - run: git clone --branch ${{ env.VERSION }} --single-branch --depth=1 https://gitlab.com/openid/conformance-suite.git - - name: Conformance Suite Build - if: ${{ steps.cache.outputs.cache-hit != 'true' }} - env: - MAVEN_CACHE: ./m2 - working-directory: ./conformance-suite - run: | - sed -i -e 's/localhost/localhost.emobix.co.uk/g' src/main/resources/application.properties - sed -i -e 's/-B clean/-B -DskipTests=true/g' builder-compose.yml - docker-compose -f builder-compose.yml run builder + uses: panva/.github/.github/workflows/build-conformance-suite.yml@main run: runs-on: ubuntu-latest From bece8153562c37b09e3280458e27ef92126f25e4 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 9 Feb 2023 22:30:03 +0100 Subject: [PATCH 083/117] ci: make npm audit a reusable workflow --- .github/workflows/test.yml | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 19e5a0bd..84e837e8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,23 +11,7 @@ on: jobs: audit: - name: Audit NPM Dependencies - continue-on-error: true - runs-on: ubuntu-latest - steps: - - name: Environment Information - run: npx envinfo - - name: Checkout - uses: actions/checkout@v3 - - name: Setup node - uses: actions/setup-node@v3 - with: - node-version: lts/hydrogen # 18 - cache: 'npm' - check-latest: true - - run: npm clean-install - - run: npm upgrade - - run: npm audit --production + uses: panva/.github/.github/workflows/npm-audit.yml@main test: runs-on: ubuntu-latest From 20bb524be095fa3f57da44d850a29086c5a666b2 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 17 Feb 2023 08:05:05 +0100 Subject: [PATCH 084/117] ci: remove check-latest --- .github/workflows/conformance.yml | 1 - .github/workflows/test.yml | 2 -- 2 files changed, 3 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index edae0ef9..44227d22 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -117,7 +117,6 @@ jobs: with: node-version: lts/hydrogen # 18 cache: 'npm' - check-latest: true - run: npm clean-install working-directory: ./runner - run: npm install ${{ github.repository }}#${{ github.sha }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 84e837e8..ed42d83c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,7 +36,6 @@ jobs: with: node-version: ${{ matrix.node-version }} cache: 'npm' - check-latest: true - run: npm install --global npm@8 if: ${{ startsWith(steps.node.outputs.node-version, 'v12') || startsWith(steps.node.outputs.node-version, 'v14') }} - name: Install dependencies @@ -54,7 +53,6 @@ jobs: with: node-version: lts/hydrogen # 18 cache: 'npm' - check-latest: true - name: Install dependencies run: npm clean-install - run: npx xvfb-maybe npx electron@latest ./test/electron test/**/*.test.js From 4e8644afe6161a429b2f77d2ff1a5c19c93c8720 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 28 Feb 2023 09:43:29 +0100 Subject: [PATCH 085/117] chore: bump deps --- package-lock.json | 56 +++++++++++++++++++++++------------------------ package.json | 20 ++++++++--------- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/package-lock.json b/package-lock.json index 021e67a2..93cc20e0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,22 +9,22 @@ "version": "5.4.0", "license": "MIT", "dependencies": { - "jose": "^4.10.0", + "jose": "^4.13.0", "lru-cache": "^6.0.0", - "object-hash": "^2.0.1", + "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.1" }, "devDependencies": { - "@types/node": "^16.11.5", - "@types/passport": "^1.0.7", + "@types/node": "^16.18.13", + "@types/passport": "^1.0.12", "base64url": "^3.0.1", - "chai": "^4.2.0", - "jose2": "npm:jose@^2.0.5", - "mocha": "^10.1.0", - "nock": "^13.0.2", - "prettier": "^2.4.1", + "chai": "^4.3.7", + "jose2": "npm:jose@^2.0.6", + "mocha": "^10.2.0", + "nock": "^13.3.0", + "prettier": "^2.8.4", "readable-mock-req": "^0.2.2", - "sinon": "^9.2.0", + "sinon": "^9.2.4", "timekeeper": "^2.2.0" }, "funding": { @@ -124,15 +124,15 @@ "dev": true }, "node_modules/@types/node": { - "version": "16.18.3", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.3.tgz", - "integrity": "sha512-jh6m0QUhIRcZpNv7Z/rpN+ZWXOicUUQbSoWks7Htkbb9IjFQj4kzcX/xFCkjstCj5flMsN8FiSvt+q+Tcs4Llg==", + "version": "16.18.13", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.13.tgz", + "integrity": "sha512-l0/3XZ153UTlNOnZK8xSNoJlQda9/WnYgiTdcKKPJSZjdjI9MU+A9oMXOesAWLSnqAaaJhj3qfQsU07Dr8OUwg==", "dev": true }, "node_modules/@types/passport": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.11.tgz", - "integrity": "sha512-pz1cx9ptZvozyGKKKIPLcVDVHwae4hrH5d6g5J+DkMRRjR3cVETb4jMabhXAUbg3Ov7T22nFHEgaK2jj+5CBpw==", + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.12.tgz", + "integrity": "sha512-QFdJ2TiAEoXfEQSNDISJR1Tm51I78CymqcBa8imbjo6dNNu+l2huDxxbDEIoFIwOSKMkOfHEikyDuZ38WwWsmw==", "dev": true, "dependencies": { "@types/express": "*" @@ -739,9 +739,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.11.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.11.0.tgz", - "integrity": "sha512-wLe+lJHeG8Xt6uEubS4x0LVjS/3kXXu9dGoj9BNnlhYq7Kts0Pbb2pvv5KiI0yaKH/eaiR0LUOBhOVo9ktd05A==", + "version": "4.13.0", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.13.0.tgz", + "integrity": "sha512-v6BN7fuPVfG9XIxcPT2jzyAg5EmA/mtNeJEXJ7d31Wz7fFOqOZeN8mPtNJYQmnuAIxJII7EcURcbZ7qXs9a4kA==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -871,9 +871,9 @@ } }, "node_modules/mocha": { - "version": "10.1.0", - "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.1.0.tgz", - "integrity": "sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==", + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.2.0.tgz", + "integrity": "sha512-IDY7fl/BecMwFHzoqF2sg/SHHANeBoMMXFlS9r0OXKDssYE1M5O43wUY/9BVPeIvfH2zmEbBfseqN9gBQZzXkg==", "dev": true, "dependencies": { "ansi-colors": "4.1.1", @@ -942,9 +942,9 @@ } }, "node_modules/nock": { - "version": "13.2.9", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.2.9.tgz", - "integrity": "sha512-1+XfJNYF1cjGB+TKMWi29eZ0b82QOvQs2YoLNzbpWGqFMtRQHTa57osqdGj4FrFPgkO4D4AZinzUJR9VvW3QUA==", + "version": "13.3.0", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.0.tgz", + "integrity": "sha512-HHqYQ6mBeiMc+N038w8LkMpDCRquCHWeNmN3v6645P3NhN2+qXOBqvPqo7Rt1VyCMzKhJ733wZqw5B7cQVFNPg==", "dev": true, "dependencies": { "debug": "^4.1.0", @@ -1069,9 +1069,9 @@ } }, "node_modules/prettier": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz", - "integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==", + "version": "2.8.4", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.4.tgz", + "integrity": "sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw==", "dev": true, "bin": { "prettier": "bin-prettier.js" diff --git a/package.json b/package.json index f592920c..9a9f4884 100644 --- a/package.json +++ b/package.json @@ -45,22 +45,22 @@ "test": "mocha test/**/*.test.js" }, "dependencies": { - "jose": "^4.10.0", + "jose": "^4.13.0", "lru-cache": "^6.0.0", - "object-hash": "^2.0.1", + "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.1" }, "devDependencies": { - "@types/node": "^16.11.5", - "@types/passport": "^1.0.7", + "@types/node": "^16.18.13", + "@types/passport": "^1.0.12", "base64url": "^3.0.1", - "chai": "^4.2.0", - "jose2": "npm:jose@^2.0.5", - "mocha": "^10.1.0", - "nock": "^13.0.2", - "prettier": "^2.4.1", + "chai": "^4.3.7", + "jose2": "npm:jose@^2.0.6", + "mocha": "^10.2.0", + "nock": "^13.3.0", + "prettier": "^2.8.4", "readable-mock-req": "^0.2.2", - "sinon": "^9.2.0", + "sinon": "^9.2.4", "timekeeper": "^2.2.0" }, "standard-version": { From d3642296a08da05c1c2ecce8a3145b2096df20f4 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 28 Feb 2023 12:48:55 +0100 Subject: [PATCH 086/117] ci: cleanup workflows --- .github/workflows/test.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ed42d83c..65fb8955 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,8 +26,6 @@ jobs: - lts/hydrogen # 18 - current steps: - - name: Environment Information - run: npx envinfo - name: Checkout uses: actions/checkout@v3 - name: Setup node @@ -45,8 +43,6 @@ jobs: electron: runs-on: ubuntu-latest steps: - - name: Environment Information - run: npx envinfo - uses: actions/checkout@v3 - uses: actions/setup-node@v3 id: node From 563fc6477781fd6e3d2c6a30e53707932ed86480 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Mon, 13 Mar 2023 11:40:21 +0100 Subject: [PATCH 087/117] ci: add check-latest to node tests --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 65fb8955..9d82d047 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,6 +34,7 @@ jobs: with: node-version: ${{ matrix.node-version }} cache: 'npm' + check-latest: true - run: npm install --global npm@8 if: ${{ startsWith(steps.node.outputs.node-version, 'v12') || startsWith(steps.node.outputs.node-version, 'v14') }} - name: Install dependencies From ae1222c60541a87c650ce9bff8cc3ab5af9b413d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aran=C4=91el=20=C5=A0arenac?= <11753867+big-kahuna-burger@users.noreply.github.com> Date: Mon, 13 Mar 2023 12:04:15 +0100 Subject: [PATCH 088/117] ci: update lock.yml (#577) --- .github/workflows/lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index f3c9fa2a..f00f60c0 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -9,7 +9,7 @@ jobs: continue-on-error: true runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@c1b35ae # v4.0.0 + - uses: dessant/lock-threads@c1b35aecc5cdb1a34539d14196df55838bb2f836 # v4.0.0 with: github-token: ${{ github.token }} issue-inactive-days: '90' From 4d221a58bdb8a3d543b550952274ae000b033628 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 21 Apr 2023 19:32:28 +0200 Subject: [PATCH 089/117] build: automate releases with provenance --- .github/workflows/create-github-release.yml | 25 ++++++++++++++++ .github/workflows/publish.yml | 33 +++++++++++++++++++++ .release-notes.cjs | 20 +++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 .github/workflows/create-github-release.yml create mode 100644 .github/workflows/publish.yml create mode 100644 .release-notes.cjs diff --git a/.github/workflows/create-github-release.yml b/.github/workflows/create-github-release.yml new file mode 100644 index 00000000..8b95ee10 --- /dev/null +++ b/.github/workflows/create-github-release.yml @@ -0,0 +1,25 @@ +name: Create GitHub Release + +on: + workflow_run: + workflows: [NPM Release] + types: + - completed + +jobs: + create-github-release: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'success' }} + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 2 + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: lts/hydrogen # 18 + cache: 'npm' + - run: node .release-notes.cjs + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..095a42e7 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,33 @@ +name: NPM Release + +on: + workflow_dispatch: + +jobs: + release: + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: lts/hydrogen # 18 + cache: 'npm' + registry-url: https://registry.npmjs.org + always-auth: true + - run: npm clean-install + - run: npm install --global standard-version@9 npm + - run: | + git config --local user.name "github-actions[bot]" + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + - run: standard-version + - run: npm publish --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: git push --follow-tags origin main diff --git a/.release-notes.cjs b/.release-notes.cjs new file mode 100644 index 00000000..664fe593 --- /dev/null +++ b/.release-notes.cjs @@ -0,0 +1,20 @@ +const fs = require('node:fs') +const { execSync } = require('node:child_process') + +execSync('git show HEAD -- CHANGELOG.md > CHANGELOG.diff') + +const tag = execSync('git tag --points-at HEAD').toString().trim() + +fs.writeFileSync( + 'notes.md', + fs + .readFileSync('CHANGELOG.diff') + .toString() + .split('\n') + .filter((line) => line.startsWith('+') && !line.startsWith('+++')) + .map((line) => line.slice(1)) + .slice(3) + .join('\n'), +) + +execSync(`gh release create ${tag} -F notes.md --discussion-category Releases`) From 7275d52866cd7ab08913f91af46a74db649ee324 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 21 Apr 2023 21:55:17 +0200 Subject: [PATCH 090/117] build: update release process --- .github/workflows/create-github-release.yml | 25 --------- .github/workflows/publish.yml | 33 ------------ .github/workflows/release.yml | 58 +++++++++++++++++++++ 3 files changed, 58 insertions(+), 58 deletions(-) delete mode 100644 .github/workflows/create-github-release.yml delete mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/create-github-release.yml b/.github/workflows/create-github-release.yml deleted file mode 100644 index 8b95ee10..00000000 --- a/.github/workflows/create-github-release.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Create GitHub Release - -on: - workflow_run: - workflows: [NPM Release] - types: - - completed - -jobs: - create-github-release: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' }} - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 2 - - name: Setup node - uses: actions/setup-node@v3 - with: - node-version: lts/hydrogen # 18 - cache: 'npm' - - run: node .release-notes.cjs - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 095a42e7..00000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: NPM Release - -on: - workflow_dispatch: - -jobs: - release: - runs-on: ubuntu-latest - permissions: - contents: write - id-token: write - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Setup node - uses: actions/setup-node@v3 - with: - node-version: lts/hydrogen # 18 - cache: 'npm' - registry-url: https://registry.npmjs.org - always-auth: true - - run: npm clean-install - - run: npm install --global standard-version@9 npm - - run: | - git config --local user.name "github-actions[bot]" - git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" - - run: standard-version - - run: npm publish --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - run: git push --follow-tags origin main diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..3dcb811a --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,58 @@ +name: Release + +on: + push: + tags: ['v[0-9]+.[0-9]+.[0-9]+'] + +jobs: + npm: + runs-on: ubuntu-latest + permissions: + id-token: write + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: lts/hydrogen # 18 + registry-url: https://registry.npmjs.org + always-auth: true + - run: npm install -g npm + - run: npm publish --provenance + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + cleanup: + needs: + - npm + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git push origin $GITHUB_SHA:v5.x + - run: git push origin HEAD:main + + github: + needs: + - npm + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 2 + - name: Setup node + uses: actions/setup-node@v3 + with: + node-version: lts/hydrogen # 18 + cache: 'npm' + - run: node .release-notes.cjs + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f3776e41b55bcde7831247eb0e90bad9f8527525 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 21 Apr 2023 22:25:04 +0200 Subject: [PATCH 091/117] chore: bump dependencies --- package-lock.json | 70 +++++++++++++++++++++++------------------------ package.json | 8 +++--- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/package-lock.json b/package-lock.json index 93cc20e0..c97beca4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,20 +9,20 @@ "version": "5.4.0", "license": "MIT", "dependencies": { - "jose": "^4.13.0", + "jose": "^4.14.1", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.1" + "oidc-token-hash": "^5.0.2" }, "devDependencies": { - "@types/node": "^16.18.13", + "@types/node": "^16.18.24", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", "jose2": "npm:jose@^2.0.6", "mocha": "^10.2.0", "nock": "^13.3.0", - "prettier": "^2.8.4", + "prettier": "^2.8.7", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", "timekeeper": "^2.2.0" @@ -41,9 +41,9 @@ } }, "node_modules/@sinonjs/commons": { - "version": "1.8.5", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.5.tgz", - "integrity": "sha512-rTpCA0wG1wUxglBSFdMMY0oTrKYvgf4fNgv/sXbfCVAdf+FnPBdKJR/7XbpTCwbCrvCbdPYnlWaUUYz4V2fPDA==", + "version": "1.8.6", + "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", + "integrity": "sha512-Ky+XkAkqPZSm3NLBeUng77EBQl3cmeJhITaGHdYH8kjVB+aun3S4XBRti2zt17mtt0mIUDiNxYeoJm6drVvBJQ==", "dev": true, "dependencies": { "type-detect": "4.0.8" @@ -95,21 +95,21 @@ } }, "node_modules/@types/express": { - "version": "4.17.14", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.14.tgz", - "integrity": "sha512-TEbt+vaPFQ+xpxFLFssxUDXj5cWCxZJjIcB7Yg0k0GMHGtgtQgpvx/MUQUeAkNbA9AAGrwkAsoeItdTgS7FMyg==", + "version": "4.17.17", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.17.tgz", + "integrity": "sha512-Q4FmmuLGBG58btUnfS1c1r/NQdlp3DMfGDGig8WhfpA2YRUtEkxAjkZb0yvplJGYdF1fsQ81iMDcH24sSCNC/Q==", "dev": true, "dependencies": { "@types/body-parser": "*", - "@types/express-serve-static-core": "^4.17.18", + "@types/express-serve-static-core": "^4.17.33", "@types/qs": "*", "@types/serve-static": "*" } }, "node_modules/@types/express-serve-static-core": { - "version": "4.17.31", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.31.tgz", - "integrity": "sha512-DxMhY+NAsTwMMFHBTtJFNp5qiHKJ7TeqOo23zVEM9alT1Ml27Q3xcTH0xwxn7Q0BbMcVEJOs/7aQtUWupUQN3Q==", + "version": "4.17.33", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.33.tgz", + "integrity": "sha512-TPBqmR/HRYI3eC2E5hmiivIzv+bidAfXofM+sbonAGvyDhySGw9/PQZFt2BLOrjUUR++4eJVpx6KnLQK1Fk9tA==", "dev": true, "dependencies": { "@types/node": "*", @@ -124,9 +124,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "16.18.13", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.13.tgz", - "integrity": "sha512-l0/3XZ153UTlNOnZK8xSNoJlQda9/WnYgiTdcKKPJSZjdjI9MU+A9oMXOesAWLSnqAaaJhj3qfQsU07Dr8OUwg==", + "version": "16.18.24", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.24.tgz", + "integrity": "sha512-zvSN2Esek1aeLdKDYuntKAYjti9Z2oT4I8bfkLLhIxHlv3dwZ5vvATxOc31820iYm4hQRCwjUgDpwSMFjfTUnw==", "dev": true }, "node_modules/@types/passport": { @@ -151,9 +151,9 @@ "dev": true }, "node_modules/@types/serve-static": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.0.tgz", - "integrity": "sha512-z5xyF6uh8CbjAu9760KDKsH2FcDxZ2tFCsA4HIMWE6IkiYMXfVoa+4f9KX+FN0ZLsaMw1WNG2ETLA6N+/YA+cg==", + "version": "1.15.1", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.1.tgz", + "integrity": "sha512-NUo5XNiAdULrJENtJXZZ3fHtfMolzZwczzBbnAeBbqBwG+LaG6YaJtuwzwGSQZ2wsCrxjEhNNjAkKigy3n8teQ==", "dev": true, "dependencies": { "@types/mime": "*", @@ -194,9 +194,9 @@ } }, "node_modules/anymatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", - "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", "dev": true, "dependencies": { "normalize-path": "^3.0.0", @@ -443,9 +443,9 @@ } }, "node_modules/deep-eql": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.2.tgz", - "integrity": "sha512-gT18+YW4CcW/DBNTwAmqTtkJh7f9qqScu2qFVlx7kCoeY9tlBu9cUcr7+I+Z/noG8INehS3xQgLpTtd/QUTn4w==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.3.tgz", + "integrity": "sha512-WaEtAOpRA1MQ0eohqZjpGD8zdI0Ovsm8mmFhaDN8dvDZzyoUMcYDnf5Y6iu7HTXxf8JDS23qWa4a+hKCDyOPzw==", "dev": true, "dependencies": { "type-detect": "^4.0.0" @@ -739,9 +739,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.13.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.13.0.tgz", - "integrity": "sha512-v6BN7fuPVfG9XIxcPT2jzyAg5EmA/mtNeJEXJ7d31Wz7fFOqOZeN8mPtNJYQmnuAIxJII7EcURcbZ7qXs9a4kA==", + "version": "4.14.1", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.1.tgz", + "integrity": "sha512-SgjXLpP7jhQkUNKL6RpowoR/IF4QKE+WjLDMpNnh2vmhiFs67NftrNpvFtgbwpvRdtueFliahYYWz9E+XZZQlg==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -974,9 +974,9 @@ } }, "node_modules/oidc-token-hash": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.1.tgz", - "integrity": "sha512-EvoOtz6FIEBzE+9q253HsLCVRiK/0doEJ2HCvvqMQb3dHZrP3WlJKYtJ55CRTw4jmYomzH4wkPuCj/I3ZvpKxQ==", + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.2.tgz", + "integrity": "sha512-U91Ba78GtVBxcExLI7U+hC2AwJQqXQEW/D3fjmJC4hhSVIgdl954KO4Gu95WqAlgDKJdLATxkmuxraWLT0fVRQ==", "engines": { "node": "^10.13.0 || >=12.0.0" } @@ -1069,9 +1069,9 @@ } }, "node_modules/prettier": { - "version": "2.8.4", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.4.tgz", - "integrity": "sha512-vIS4Rlc2FNh0BySk3Wkd6xmwxB0FpOndW5fisM5H8hsZSxU2VWVB5CWIkIjWvrHjIhxk2g3bfMKM87zNTrZddw==", + "version": "2.8.7", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.7.tgz", + "integrity": "sha512-yPngTo3aXUUmyuTjeTUT75txrf+aMh9FiD7q9ZE/i6r0bPb22g4FsE6Y338PQX1bmfy08i9QQCB7/rcUAVntfw==", "dev": true, "bin": { "prettier": "bin-prettier.js" diff --git a/package.json b/package.json index 9a9f4884..9662f122 100644 --- a/package.json +++ b/package.json @@ -45,20 +45,20 @@ "test": "mocha test/**/*.test.js" }, "dependencies": { - "jose": "^4.13.0", + "jose": "^4.14.1", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.1" + "oidc-token-hash": "^5.0.2" }, "devDependencies": { - "@types/node": "^16.18.13", + "@types/node": "^16.18.24", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", "jose2": "npm:jose@^2.0.6", "mocha": "^10.2.0", "nock": "^13.3.0", - "prettier": "^2.8.4", + "prettier": "^2.8.7", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", "timekeeper": "^2.2.0" From 5e4862ea780a639ec94d76acf134ed264cc06a83 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 21 Apr 2023 22:30:42 +0200 Subject: [PATCH 092/117] chore(release): 5.4.1 --- CHANGELOG.md | 2 ++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c306c23a..5ce98846 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.4.1](https://github.com/panva/node-openid-client/compare/v5.4.0...v5.4.1) (2023-04-21) + ## [5.4.0](https://github.com/panva/node-openid-client/compare/v5.3.4...v5.4.0) (2023-02-05) diff --git a/package-lock.json b/package-lock.json index c97beca4..aef312bd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.4.0", + "version": "5.4.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.4.0", + "version": "5.4.1", "license": "MIT", "dependencies": { "jose": "^4.14.1", diff --git a/package.json b/package.json index 9662f122..4bf13bbd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.4.0", + "version": "5.4.1", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 23a7bb8fe7a45a1a9b612983c0d280de6ea467dd Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 21 Apr 2023 23:08:50 +0200 Subject: [PATCH 093/117] build: add default title to gh release --- .release-notes.cjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release-notes.cjs b/.release-notes.cjs index 664fe593..63d7bd68 100644 --- a/.release-notes.cjs +++ b/.release-notes.cjs @@ -17,4 +17,4 @@ fs.writeFileSync( .join('\n'), ) -execSync(`gh release create ${tag} -F notes.md --discussion-category Releases`) +execSync(`gh release create ${tag} -F notes.md --title ${tag} --discussion-category Releases`) From f623eb05df51a8b3141ba6b27c907b277763138d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 22 Apr 2023 14:21:05 +0200 Subject: [PATCH 094/117] build: no need to npm i -g npm for provenance on lts/hydrogen --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3dcb811a..f5422802 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,6 @@ jobs: node-version: lts/hydrogen # 18 registry-url: https://registry.npmjs.org always-auth: true - - run: npm install -g npm - run: npm publish --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From 20607e9eb72ea1dee0cfd714d66cd00285686f5f Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 25 Apr 2023 20:47:33 +0200 Subject: [PATCH 095/117] fix: bump oidc-token-hash --- package-lock.json | 16 ++++++++-------- package.json | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index aef312bd..75182bbd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "jose": "^4.14.1", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.2" + "oidc-token-hash": "^5.0.3" }, "devDependencies": { "@types/node": "^16.18.24", @@ -22,7 +22,7 @@ "jose2": "npm:jose@^2.0.6", "mocha": "^10.2.0", "nock": "^13.3.0", - "prettier": "^2.8.7", + "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", "timekeeper": "^2.2.0" @@ -974,9 +974,9 @@ } }, "node_modules/oidc-token-hash": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.2.tgz", - "integrity": "sha512-U91Ba78GtVBxcExLI7U+hC2AwJQqXQEW/D3fjmJC4hhSVIgdl954KO4Gu95WqAlgDKJdLATxkmuxraWLT0fVRQ==", + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", + "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==", "engines": { "node": "^10.13.0 || >=12.0.0" } @@ -1069,9 +1069,9 @@ } }, "node_modules/prettier": { - "version": "2.8.7", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.7.tgz", - "integrity": "sha512-yPngTo3aXUUmyuTjeTUT75txrf+aMh9FiD7q9ZE/i6r0bPb22g4FsE6Y338PQX1bmfy08i9QQCB7/rcUAVntfw==", + "version": "2.8.8", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz", + "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==", "dev": true, "bin": { "prettier": "bin-prettier.js" diff --git a/package.json b/package.json index 4bf13bbd..3bdc61c5 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "jose": "^4.14.1", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.2" + "oidc-token-hash": "^5.0.3" }, "devDependencies": { "@types/node": "^16.18.24", @@ -58,7 +58,7 @@ "jose2": "npm:jose@^2.0.6", "mocha": "^10.2.0", "nock": "^13.3.0", - "prettier": "^2.8.7", + "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", "timekeeper": "^2.2.0" From 69bab2f1899d9fe36033ac6a1c62ef73a236e12f Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 25 Apr 2023 20:48:03 +0200 Subject: [PATCH 096/117] chore(release): 5.4.2 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ce98846..37fb5261 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.4.2](https://github.com/panva/node-openid-client/compare/v5.4.1...v5.4.2) (2023-04-25) + + +### Fixes + +* bump oidc-token-hash ([20607e9](https://github.com/panva/node-openid-client/commit/20607e9eb72ea1dee0cfd714d66cd00285686f5f)) + ## [5.4.1](https://github.com/panva/node-openid-client/compare/v5.4.0...v5.4.1) (2023-04-21) ## [5.4.0](https://github.com/panva/node-openid-client/compare/v5.3.4...v5.4.0) (2023-02-05) diff --git a/package-lock.json b/package-lock.json index 75182bbd..46271f02 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.4.1", + "version": "5.4.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.4.1", + "version": "5.4.2", "license": "MIT", "dependencies": { "jose": "^4.14.1", diff --git a/package.json b/package.json index 3bdc61c5..a7af531e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.4.1", + "version": "5.4.2", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From d571ceb2e74cb703467cf717b4582627f2dcc1af Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 27 Apr 2023 17:29:22 +0200 Subject: [PATCH 097/117] chore: bump deps --- package-lock.json | 49 +++++++++++++++++++++++++++++------------------ package.json | 6 +++--- 2 files changed, 33 insertions(+), 22 deletions(-) diff --git a/package-lock.json b/package-lock.json index 46271f02..50f08b28 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,19 +9,19 @@ "version": "5.4.2", "license": "MIT", "dependencies": { - "jose": "^4.14.1", + "jose": "^4.14.3", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.24", + "@types/node": "^16.18.25", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", "jose2": "npm:jose@^2.0.6", "mocha": "^10.2.0", - "nock": "^13.3.0", + "nock": "^13.3.1", "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", @@ -107,26 +107,27 @@ } }, "node_modules/@types/express-serve-static-core": { - "version": "4.17.33", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.33.tgz", - "integrity": "sha512-TPBqmR/HRYI3eC2E5hmiivIzv+bidAfXofM+sbonAGvyDhySGw9/PQZFt2BLOrjUUR++4eJVpx6KnLQK1Fk9tA==", + "version": "4.17.34", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.34.tgz", + "integrity": "sha512-fvr49XlCGoUj2Pp730AItckfjat4WNb0lb3kfrLWffd+RLeoGAMsq7UOy04PAPtoL01uKwcp6u8nhzpgpDYr3w==", "dev": true, "dependencies": { "@types/node": "*", "@types/qs": "*", - "@types/range-parser": "*" + "@types/range-parser": "*", + "@types/send": "*" } }, "node_modules/@types/mime": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-3.0.1.tgz", - "integrity": "sha512-Y4XFY5VJAuw0FgAqPNd6NNoV44jbq9Bz2L7Rh/J6jLTiHBSBJa9fxqQIvkIld4GsoDOcCbvzOUAbLPsSKKg+uA==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.2.tgz", + "integrity": "sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw==", "dev": true }, "node_modules/@types/node": { - "version": "16.18.24", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.24.tgz", - "integrity": "sha512-zvSN2Esek1aeLdKDYuntKAYjti9Z2oT4I8bfkLLhIxHlv3dwZ5vvATxOc31820iYm4hQRCwjUgDpwSMFjfTUnw==", + "version": "16.18.25", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.25.tgz", + "integrity": "sha512-rUDO6s9Q/El1R1I21HG4qw/LstTHCPO/oQNAwI/4b2f9EWvMnqt4d3HJwPMawfZ3UvodB8516Yg+VAq54YM+eA==", "dev": true }, "node_modules/@types/passport": { @@ -150,6 +151,16 @@ "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==", "dev": true }, + "node_modules/@types/send": { + "version": "0.17.1", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.1.tgz", + "integrity": "sha512-Cwo8LE/0rnvX7kIIa3QHCkcuF21c05Ayb0ZfxPiv0W8VRiZiNW/WuRupHKpqqGVGf7SUA44QSOUKaEd9lIrd/Q==", + "dev": true, + "dependencies": { + "@types/mime": "^1", + "@types/node": "*" + } + }, "node_modules/@types/serve-static": { "version": "1.15.1", "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.1.tgz", @@ -739,9 +750,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.14.1", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.1.tgz", - "integrity": "sha512-SgjXLpP7jhQkUNKL6RpowoR/IF4QKE+WjLDMpNnh2vmhiFs67NftrNpvFtgbwpvRdtueFliahYYWz9E+XZZQlg==", + "version": "4.14.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.3.tgz", + "integrity": "sha512-YPM9Q+dmsna4CGWNn5+oHFsuXJdxvKAOVoNjpe2nje3odSoX5Xz4s71rP50vM8uUKJyQtMnEGPmbVCVR+G4W5g==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -942,9 +953,9 @@ } }, "node_modules/nock": { - "version": "13.3.0", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.0.tgz", - "integrity": "sha512-HHqYQ6mBeiMc+N038w8LkMpDCRquCHWeNmN3v6645P3NhN2+qXOBqvPqo7Rt1VyCMzKhJ733wZqw5B7cQVFNPg==", + "version": "13.3.1", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.1.tgz", + "integrity": "sha512-vHnopocZuI93p2ccivFyGuUfzjq2fxNyNurp7816mlT5V5HF4SzXu8lvLrVzBbNqzs+ODooZ6OksuSUNM7Njkw==", "dev": true, "dependencies": { "debug": "^4.1.0", diff --git a/package.json b/package.json index a7af531e..fed40bc4 100644 --- a/package.json +++ b/package.json @@ -45,19 +45,19 @@ "test": "mocha test/**/*.test.js" }, "dependencies": { - "jose": "^4.14.1", + "jose": "^4.14.3", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.24", + "@types/node": "^16.18.25", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", "jose2": "npm:jose@^2.0.6", "mocha": "^10.2.0", - "nock": "^13.3.0", + "nock": "^13.3.1", "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", From 8360f84ea4eb5c07ba2a7a70b832c850795461ca Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 3 May 2023 11:49:01 +0200 Subject: [PATCH 098/117] chore: bump deps --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 50f08b28..d4f899c5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "5.4.2", "license": "MIT", "dependencies": { - "jose": "^4.14.3", + "jose": "^4.14.4", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" @@ -750,9 +750,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.14.3", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.3.tgz", - "integrity": "sha512-YPM9Q+dmsna4CGWNn5+oHFsuXJdxvKAOVoNjpe2nje3odSoX5Xz4s71rP50vM8uUKJyQtMnEGPmbVCVR+G4W5g==", + "version": "4.14.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.4.tgz", + "integrity": "sha512-j8GhLiKmUAh+dsFXlX1aJCbt5KMibuKb+d7j1JaOJG6s2UjX1PQlW+OKB/sD4a/5ZYF4RcmYmLSndOoU3Lt/3g==", "funding": { "url": "https://github.com/sponsors/panva" } diff --git a/package.json b/package.json index fed40bc4..9bfcd1af 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "test": "mocha test/**/*.test.js" }, "dependencies": { - "jose": "^4.14.3", + "jose": "^4.14.4", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" From 3cd6f08d5bdba9780bbc55b5418bf9b4f9a80d87 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 3 May 2023 11:54:47 +0200 Subject: [PATCH 099/117] ci: auto-retry conformance tests --- .github/workflows/retry.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/retry.yml diff --git a/.github/workflows/retry.yml b/.github/workflows/retry.yml new file mode 100644 index 00000000..c13c54f9 --- /dev/null +++ b/.github/workflows/retry.yml @@ -0,0 +1,17 @@ +name: Retry + +on: + workflow_run: + workflows: + - Conformance Checks + types: + - completed + +jobs: + retry: + runs-on: ubuntu-latest + if: ${{ github.event.workflow_run.conclusion == 'failure' && github.event.workflow_run.run_attempt == 1 }} + steps: + - run: gh api -XPOST ${{ github.event.workflow_run.rerun_url }}-failed-jobs + env: + GH_TOKEN: ${{ github.token }} From 98053d4201e2343e543de61471460f37f3297629 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 9 May 2023 21:05:55 +0200 Subject: [PATCH 100/117] chore: bump dev deps --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index d4f899c5..311fe2fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.25", + "@types/node": "^16.18.27", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", @@ -125,9 +125,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "16.18.25", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.25.tgz", - "integrity": "sha512-rUDO6s9Q/El1R1I21HG4qw/LstTHCPO/oQNAwI/4b2f9EWvMnqt4d3HJwPMawfZ3UvodB8516Yg+VAq54YM+eA==", + "version": "16.18.27", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.27.tgz", + "integrity": "sha512-GFfndd/RINWD19W+xNJ9Qh/sOZ5ieTiOSagA86ER/12i/l+MEnQxsbldGRF23azWjRfe7zUlAldyrwN84a1E5w==", "dev": true }, "node_modules/@types/passport": { diff --git a/package.json b/package.json index 9bfcd1af..6486c91d 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.25", + "@types/node": "^16.18.27", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", From 35758419489ff751a71f5b66f5020087a63e1e88 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 20 May 2023 08:41:23 +0200 Subject: [PATCH 101/117] chore: bump dev deps --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 311fe2fe..027d95dc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.27", + "@types/node": "^16.18.31", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", @@ -107,9 +107,9 @@ } }, "node_modules/@types/express-serve-static-core": { - "version": "4.17.34", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.34.tgz", - "integrity": "sha512-fvr49XlCGoUj2Pp730AItckfjat4WNb0lb3kfrLWffd+RLeoGAMsq7UOy04PAPtoL01uKwcp6u8nhzpgpDYr3w==", + "version": "4.17.35", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.35.tgz", + "integrity": "sha512-wALWQwrgiB2AWTT91CB62b6Yt0sNHpznUXeZEcnPU3DRdlDIz74x8Qg1UUYKSVFi+va5vKOLYRBI1bRKiLLKIg==", "dev": true, "dependencies": { "@types/node": "*", @@ -125,9 +125,9 @@ "dev": true }, "node_modules/@types/node": { - "version": "16.18.27", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.27.tgz", - "integrity": "sha512-GFfndd/RINWD19W+xNJ9Qh/sOZ5ieTiOSagA86ER/12i/l+MEnQxsbldGRF23azWjRfe7zUlAldyrwN84a1E5w==", + "version": "16.18.31", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.31.tgz", + "integrity": "sha512-KPXltf4z4g517OlVJO9XQ2357CYw7fvuJ3ZuBynjXC5Jos9i+K7LvFb7bUIwtJXSZj0vTp9Q6NJBSQpkwwO8Zw==", "dev": true }, "node_modules/@types/passport": { diff --git a/package.json b/package.json index 6486c91d..6d9bd399 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.27", + "@types/node": "^16.18.31", "@types/passport": "^1.0.12", "base64url": "^3.0.1", "chai": "^4.3.7", From 7747fd91ac1986ff99e444dcd8c62b724adf1244 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 22 Jun 2023 09:15:28 +0200 Subject: [PATCH 102/117] chore: update lock.yml --- .github/workflows/lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index f00f60c0..24cc867c 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -9,7 +9,7 @@ jobs: continue-on-error: true runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@c1b35aecc5cdb1a34539d14196df55838bb2f836 # v4.0.0 + - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4.0.1 with: github-token: ${{ github.token }} issue-inactive-days: '90' From 402c711fde93d5644c3b70861c462213bc87ab34 Mon Sep 17 00:00:00 2001 From: Exidex <16986685+Exidex@users.noreply.github.com> Date: Thu, 6 Jul 2023 11:11:13 +0200 Subject: [PATCH 103/117] fix: handle empty client_secret with basic and post client auth (#610) closes #609 --- lib/helpers/client.js | 4 ++-- test/client/client_instance.test.js | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/helpers/client.js b/lib/helpers/client.js index 62bf9be6..7c002482 100644 --- a/lib/helpers/client.js +++ b/lib/helpers/client.js @@ -81,7 +81,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { case 'none': return { form: { client_id: this.client_id } }; case 'client_secret_post': - if (!this.client_secret) { + if (typeof this.client_secret !== 'string') { throw new TypeError( 'client_secret_post client authentication method requires a client_secret', ); @@ -120,7 +120,7 @@ async function authFor(endpoint, { clientAssertionPayload } = {}) { // > Appendix B, and the encoded value is used as the username; the client // > password is encoded using the same algorithm and used as the // > password. - if (!this.client_secret) { + if (typeof this.client_secret !== 'string') { throw new TypeError( 'client_secret_basic client authentication method requires a client_secret', ); diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index ba653dec..dac0adbb 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -2253,6 +2253,18 @@ describe('Client', () => { ); }); }); + + it('allows client_secret to be empty string', async function () { + const issuer = new Issuer(); + const client = new issuer.Client({ + client_id: 'an:identifier', + client_secret: '', + token_endpoint_auth_method: 'client_secret_post', + }); + expect(await clientInternal.authFor.call(client, 'token')).to.eql({ + form: { client_id: 'an:identifier', client_secret: '' }, + }); + }); }); describe('when client_secret_basic', function () { @@ -2288,6 +2300,14 @@ describe('Client', () => { ); }); }); + + it('allows client_secret to be empty string', async function () { + const issuer = new Issuer(); + const client = new issuer.Client({ client_id: 'an:identifier', client_secret: '' }); + expect(await clientInternal.authFor.call(client, 'token')).to.eql({ + headers: { Authorization: 'Basic YW4lM0FpZGVudGlmaWVyOg==' }, + }); + }); }); describe('when client_secret_jwt', function () { From 7e045ca1d7026359d32ba3be5becc1965b959e01 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 6 Jul 2023 11:12:03 +0200 Subject: [PATCH 104/117] chore(release): 5.4.3 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37fb5261..218dbce0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.4.3](https://github.com/panva/node-openid-client/compare/v5.4.2...v5.4.3) (2023-07-06) + + +### Fixes + +* handle empty client_secret with basic and post client auth ([#610](https://github.com/panva/node-openid-client/issues/610)) ([402c711](https://github.com/panva/node-openid-client/commit/402c711fde93d5644c3b70861c462213bc87ab34)), closes [#609](https://github.com/panva/node-openid-client/issues/609) + ## [5.4.2](https://github.com/panva/node-openid-client/compare/v5.4.1...v5.4.2) (2023-04-25) diff --git a/package-lock.json b/package-lock.json index 027d95dc..547b713e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.4.2", + "version": "5.4.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.4.2", + "version": "5.4.3", "license": "MIT", "dependencies": { "jose": "^4.14.4", diff --git a/package.json b/package.json index 6d9bd399..b298eeb3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.4.2", + "version": "5.4.3", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 133a022cce8e0d7a386b59163c18c100c80df2ab Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 8 Sep 2023 08:40:54 +0200 Subject: [PATCH 105/117] feat(DPoP): remove experimental warning, DPoP is now RFC9449 --- README.md | 4 +- lib/client.js | 137 ++++++++++++++++++++++---------------------------- 2 files changed, 62 insertions(+), 79 deletions(-) diff --git a/README.md b/README.md index c7cbd5b8..f4d4bbe6 100644 --- a/README.md +++ b/README.md @@ -42,10 +42,10 @@ openid-client. - self_signed_tls_client_auth - [RFC9101 - OAuth 2.0 JWT-Secured Authorization Request (JAR)][feature-jar] - [RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)][feature-par] +- [RFC9449 - OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)][feature-dpop] - [OpenID Connect RP-Initiated Logout 1.0][feature-rp-logout] - [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][feature-fapi] - [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)][feature-jarm] -- [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 04][feature-dpop] - [OAuth 2.0 Authorization Server Issuer Identification][feature-iss] Updates to draft specifications are released as MINOR library versions, @@ -282,7 +282,7 @@ See [Customizing (docs)][documentation-customizing]. [feature-rp-logout]: https://openid.net/specs/openid-connect-rpinitiated-1_0.html [feature-jarm]: https://openid.net/specs/oauth-v2-jarm.html [feature-fapi]: https://openid.net/specs/openid-financial-api-part-2-1_0.html -[feature-dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-04 +[feature-dpop]: https://www.rfc-editor.org/rfc/rfc9449.html [feature-par]: https://www.rfc-editor.org/rfc/rfc9126.html [feature-jar]: https://www.rfc-editor.org/rfc/rfc9101.html [feature-iss]: https://www.rfc-editor.org/rfc/rfc9207.html diff --git a/lib/client.js b/lib/client.js index 6ec4b51c..069f9b56 100644 --- a/lib/client.js +++ b/lib/client.js @@ -1612,6 +1612,66 @@ class BaseClient { const { payload } = await this.validateJWT(response, expectedAlg, ['iss', 'exp', 'aud']); return pickCb(payload); } + + /** + * @name dpopProof + * @api private + */ + async dpopProof(payload, privateKeyInput, accessToken) { + if (!isPlainObject(payload)) { + throw new TypeError('payload must be a plain object'); + } + + let privateKey; + if (isKeyObject(privateKeyInput)) { + privateKey = privateKeyInput; + } else { + privateKey = crypto.createPrivateKey(privateKeyInput); + } + + if (privateKey.type !== 'private') { + throw new TypeError('"DPoP" option must be a private key'); + } + let alg; + switch (privateKey.asymmetricKeyType) { + case 'ed25519': + case 'ed448': + alg = 'EdDSA'; + break; + case 'ec': + alg = determineEcAlgorithm(privateKey, privateKeyInput); + break; + case 'rsa': + case rsaPssParams && 'rsa-pss': + alg = determineRsaAlgorithm( + privateKey, + privateKeyInput, + this.issuer.dpop_signing_alg_values_supported, + ); + break; + default: + throw new TypeError('unsupported DPoP private key asymmetric key type'); + } + + if (!alg) { + throw new TypeError('could not determine DPoP JWS Algorithm'); + } + + return new jose.SignJWT({ + ath: accessToken + ? base64url.encode(crypto.createHash('sha256').update(accessToken).digest()) + : undefined, + ...payload, + }) + .setProtectedHeader({ + alg, + typ: 'dpop+jwt', + jwk: await getJwk(privateKey, privateKeyInput), + }) + .setIssuedAt() + .setJti(random()) + .sign(privateKey); + } } const RSPS = /^(?:RS|PS)(?:256|384|512)$/; @@ -1706,83 +1766,6 @@ async function getJwk(privateKey, privateKeyInput) { return jwk; } -/** - * @name dpopProof - * @api private - */ -async function dpopProof(payload, privateKeyInput, accessToken) { - if (!isPlainObject(payload)) { - throw new TypeError('payload must be a plain object'); - } - - let privateKey; - if (isKeyObject(privateKeyInput)) { - privateKey = privateKeyInput; - } else { - privateKey = crypto.createPrivateKey(privateKeyInput); - } - - if (privateKey.type !== 'private') { - throw new TypeError('"DPoP" option must be a private key'); - } - let alg; - switch (privateKey.asymmetricKeyType) { - case 'ed25519': - case 'ed448': - alg = 'EdDSA'; - break; - case 'ec': - alg = determineEcAlgorithm(privateKey, privateKeyInput); - break; - case 'rsa': - case rsaPssParams && 'rsa-pss': - alg = determineRsaAlgorithm( - privateKey, - privateKeyInput, - this.issuer.dpop_signing_alg_values_supported, - ); - break; - default: - throw new TypeError('unsupported DPoP private key asymmetric key type'); - } - - if (!alg) { - throw new TypeError('could not determine DPoP JWS Algorithm'); - } - - return new jose.SignJWT({ - ath: accessToken - ? base64url.encode(crypto.createHash('sha256').update(accessToken).digest()) - : undefined, - ...payload, - }) - .setProtectedHeader({ - alg, - typ: 'dpop+jwt', - jwk: await getJwk(privateKey, privateKeyInput), - }) - .setIssuedAt() - .setJti(random()) - .sign(privateKey); -} - -Object.defineProperty(BaseClient.prototype, 'dpopProof', { - enumerable: true, - configurable: true, - value(...args) { - process.emitWarning( - 'The DPoP APIs implements an IETF draft (https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-04.html). Breaking draft implementations are included as minor versions of the openid-client library, therefore, the ~ semver operator should be used and close attention be payed to library changelog as well as the drafts themselves.', - 'DraftWarning', - ); - Object.defineProperty(BaseClient.prototype, 'dpopProof', { - enumerable: true, - configurable: true, - value: dpopProof, - }); - return this.dpopProof(...args); - }, -}); - module.exports = (issuer, aadIssValidation = false) => class Client extends BaseClient { constructor(...args) { From 0f7d3b4f03c799fa74c480e7ee9d32f33344f9df Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 8 Sep 2023 08:41:03 +0200 Subject: [PATCH 106/117] chore(release): 5.5.0 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 218dbce0..0328eab1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.5.0](https://github.com/panva/node-openid-client/compare/v5.4.3...v5.5.0) (2023-09-08) + + +### Features + +* **DPoP:** remove experimental warning, DPoP is now RFC9449 ([133a022](https://github.com/panva/node-openid-client/commit/133a022cce8e0d7a386b59163c18c100c80df2ab)) + ## [5.4.3](https://github.com/panva/node-openid-client/compare/v5.4.2...v5.4.3) (2023-07-06) diff --git a/package-lock.json b/package-lock.json index 547b713e..ec142647 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.4.3", + "version": "5.5.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.4.3", + "version": "5.5.0", "license": "MIT", "dependencies": { "jose": "^4.14.4", diff --git a/package.json b/package.json index b298eeb3..1c5e9206 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.4.3", + "version": "5.5.0", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From a9d3a87d2727bb37a535aeac9da9851ffdef8613 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 3 Oct 2023 16:47:38 +0200 Subject: [PATCH 107/117] feat: experimental Bun support This attempts to work around: - missing Node.js APIs in Bun - Bun's bugs in url.parse(..., true) - Bun loading `jose`'s bun target instead of the require one It is not possible to run openid-client's test suite due to other Bun Node.js compatibility bugs which is why this is "experimental" Refs #622 Refs #623 --- docs/README.md | 42 ++- lib/client.js | 280 +++++++++++-------- lib/helpers/client.js | 2 +- lib/helpers/keystore.js | 56 ++-- package-lock.json | 166 ++++++------ package.json | 13 +- test/client/client_instance.test.js | 340 ++++++++++++------------ test/client/dpop.test.js | 268 ++++++++++--------- test/client/implicit_kid.test.js | 4 +- test/client/mtls.test.js | 8 +- test/client/register_client.test.js | 10 +- test/client/self_issued.test.js | 56 ++-- test/issuer/issuer_instance.test.js | 10 +- test/keystore.js | 97 +++++++ test/passport/passport_strategy.test.js | 2 +- 15 files changed, 756 insertions(+), 598 deletions(-) create mode 100644 test/keystore.js diff --git a/docs/README.md b/docs/README.md index c6b624da..9d6ada90 100644 --- a/docs/README.md +++ b/docs/README.md @@ -299,10 +299,9 @@ Performs the callback for Authorization Server's authorization response. - `clientAssertionPayload`: `` extra client assertion payload parameters to be sent as part of a client JWT assertion. This is only used when the client's `token_endpoint_auth_method` is either `client_secret_jwt` or `private_key_jwt`. - - `DPoP`: `` When provided the client will send a DPoP Proof JWT to the - Token Endpoint. The value must be a private key in the form of a crypto.KeyObject, or any - valid crypto.createPrivateKey input. The algorithm is determined[^dpop-exception] automatically - based on the type of key and the issuer metadata. + - `DPoP`: `` or `` When provided the client will send a DPoP Proof JWT to the + Token Endpoint. The DPoP Proof JWT's algorithm is determined[^dpop-exception] automatically based + on the type of key and the issuer metadata. - Returns: `Promise` Parsed token endpoint response as a TokenSet. Tip: If you're using pure @@ -324,10 +323,9 @@ Performs `refresh_token` grant type exchange. - `clientAssertionPayload`: `` extra client assertion payload parameters to be sent as part of a client JWT assertion. This is only used when the client's `token_endpoint_auth_method` is either `client_secret_jwt` or `private_key_jwt`. - - `DPoP`: `` When provided the client will send a DPoP Proof JWT to the - Token Endpoint. The value must be a private key in the form of a crypto.KeyObject, or any - valid crypto.createPrivateKey input. The algorithm is determined[^dpop-exception] automatically - based on the type of key and the issuer metadata. + - `DPoP`: `` or `` When provided the client will send a DPoP Proof JWT to the + Token Endpoint. The DPoP Proof JWT's algorithm is determined[^dpop-exception] automatically based + on the type of key and the issuer metadata. - Returns: `Promise` Parsed token endpoint response as a TokenSet. --- @@ -348,10 +346,9 @@ will also be checked to match the on in the TokenSet's ID Token. or the `token_type` property from a passed in TokenSet. - `params`: `` additional parameters to send with the userinfo request (as query string when GET, as x-www-form-urlencoded body when POST). - - `DPoP`: `` When provided the client will send a DPoP Proof JWT to the - Userinfo Endpoint. The value must be a private key in the form of a crypto.KeyObject, or any - valid crypto.createPrivateKey input. The algorithm is determined[^dpop-exception] automatically - based on the type of key and the issuer metadata. + - `DPoP`: `` or `` When provided the client will send a DPoP Proof JWT to the + Userinfo Endpoint. The DPoP Proof JWT's algorithm is determined[^dpop-exception] automatically based + on the type of key and the issuer metadata. - Returns: `Promise` Parsed userinfo response. --- @@ -369,10 +366,9 @@ Fetches an arbitrary resource with the provided Access Token in an Authorization - `method`: `` The HTTP method to use for the request. **Default:** 'GET' - `tokenType`: `` The token type as the Authorization Header scheme. **Default:** 'Bearer' or the `token_type` property from a passed in TokenSet. - - `DPoP`: `` When provided the client will send a DPoP Proof JWT to the - Userinfo Endpoint. The value must be a private key in the form of a crypto.KeyObject, or any - valid crypto.createPrivateKey input. The algorithm is determined[^dpop-exception] automatically - based on the type of key and the issuer metadata. + - `DPoP`: `` or `` When provided the client will send a DPoP Proof JWT to the + Userinfo Endpoint. The DPoP Proof JWT's algorithm is determined[^dpop-exception] automatically based + on the type of key and the issuer metadata. - Returns: `Promise` Response is a [Got Response](https://github.com/sindresorhus/got/tree/v11.8.0#response) with the `body` property being a `` @@ -390,10 +386,9 @@ Performs an arbitrary `grant_type` exchange at the `token_endpoint`. - `clientAssertionPayload`: `` extra client assertion payload parameters to be sent as part of a client JWT assertion. This is only used when the client's `token_endpoint_auth_method` is either `client_secret_jwt` or `private_key_jwt`. - - `DPoP`: `` When provided the client will send a DPoP Proof JWT to the - Token Endpoint. The value must be a private key in the form of a crypto.KeyObject, or any - valid crypto.createPrivateKey input. The algorithm is determined[^dpop-exception] automatically - based on the type of key and the issuer metadata. + - `DPoP`: `` or `` When provided the client will send a DPoP Proof JWT to the + Token Endpoint. The DPoP Proof JWT's algorithm is determined[^dpop-exception] automatically based + on the type of key and the issuer metadata. - Returns: `Promise` --- @@ -467,10 +462,9 @@ a handle for subsequent Device Access Token Request polling. - `clientAssertionPayload`: `` extra client assertion payload parameters to be sent as part of a client JWT assertion. This is only used when the client's `token_endpoint_auth_method` is either `client_secret_jwt` or `private_key_jwt`. - - `DPoP`: `` When provided the client will send a DPoP Proof JWT to the - Token Endpoint. The value must be a private key in the form of a crypto.KeyObject, or any - valid crypto.createPrivateKey input. The algorithm is determined[^dpop-exception] automatically - based on the type of key and the issuer metadata. + - `DPoP`: `` or `` When provided the client will send a DPoP Proof JWT to the + Token Endpoint. The DPoP Proof JWT's algorithm is determined[^dpop-exception] automatically based + on the type of key and the issuer metadata. - Returns: `Promise` --- diff --git a/lib/client.js b/lib/client.js index 069f9b56..25431579 100644 --- a/lib/client.js +++ b/lib/client.js @@ -4,6 +4,7 @@ const crypto = require('crypto'); const { strict: assert } = require('assert'); const querystring = require('querystring'); const url = require('url'); +const { URL, URLSearchParams } = require('url'); const jose = require('jose'); const tokenHash = require('oidc-token-hash'); @@ -62,6 +63,12 @@ function authorizationHeaderValue(token, tokenType = 'Bearer') { return `${tokenType} ${token}`; } +function getSearchParams(input) { + const parsed = url.parse(input); + if (!parsed.search) return {}; + return querystring.parse(parsed.search.substring(1)); +} + function verifyPresence(payload, jwt, prop) { if (payload[prop] === undefined) { throw new RPError({ @@ -251,13 +258,21 @@ class BaseClient { throw new TypeError('params must be a plain object'); } assertIssuerConfiguration(this.issuer, 'authorization_endpoint'); - const target = url.parse(this.issuer.authorization_endpoint, true); - target.search = null; - target.query = { - ...target.query, - ...authorizationParams.call(this, params), - }; - return url.format(target); + const target = new URL(this.issuer.authorization_endpoint); + + for (const [name, value] of Object.entries(authorizationParams.call(this, params))) { + if (Array.isArray(value)) { + target.searchParams.delete(name); + for (const member of value) { + target.searchParams.append(name, member); + } + } else { + target.searchParams.set(name, value); + } + } + + // TODO: is the replace needed? + return target.href.replace('+', '%20'); } authorizationPost(params = {}) { @@ -297,10 +312,9 @@ class BaseClient { id_token_hint = id_token_hint.id_token; } - const target = url.parse(this.issuer.end_session_endpoint, true); - target.search = null; - defaults( - target.query, + const target = url.parse(this.issuer.end_session_endpoint); + const query = defaults( + getSearchParams(this.issuer.end_session_endpoint), params, { post_logout_redirect_uri, @@ -309,12 +323,15 @@ class BaseClient { { id_token_hint }, ); - Object.entries(target.query).forEach(([key, value]) => { + Object.entries(query).forEach(([key, value]) => { if (value === null || value === undefined) { - delete target.query[key]; + delete query[key]; } }); + target.search = null; + target.query = query; + return url.format(target); } @@ -331,7 +348,7 @@ class BaseClient { if (isIncomingMessage) { switch (input.method) { case 'GET': - return pickCb(url.parse(input.url, true).query); + return pickCb(getSearchParams(input.url)); case 'POST': if (input.body === undefined) { throw new TypeError( @@ -356,7 +373,7 @@ class BaseClient { throw new TypeError('invalid IncomingMessage method'); } } else { - return pickCb(url.parse(input, true).query); + return pickCb(getSearchParams(input)); } } @@ -703,11 +720,15 @@ class BaseClient { if (expectedAlg.match(/^(?:RSA|ECDH)/)) { const keystore = await keystores.get(this); - for (const { keyObject: key } of keystore.all({ - ...jose.decodeProtectedHeader(jwe), + const protectedHeader = jose.decodeProtectedHeader(jwe); + + for (const key of keystore.all({ + ...protectedHeader, use: 'enc', })) { - plaintext = await jose.compactDecrypt(jwe, key).then(getPlaintext, () => {}); + plaintext = await jose + .compactDecrypt(jwe, await key.keyObject(protectedHeader.alg)) + .then(getPlaintext, () => {}); if (plaintext) break; } } else { @@ -1016,7 +1037,13 @@ class BaseClient { assert(isPlainObject(payload.sub_jwk)); const key = await jose.importJWK(payload.sub_jwk, header.alg); assert.equal(key.type, 'public'); - keys = [{ keyObject: key }]; + keys = [ + { + keyObject() { + return key; + }, + }, + ]; } catch (err) { throw new RPError({ message: 'failed to use sub_jwk claim as an asymmetric JSON Web Key', @@ -1041,7 +1068,7 @@ class BaseClient { for (const key of keys) { const verified = await jose - .compactVerify(jwt, key instanceof Uint8Array ? key : key.keyObject) + .compactVerify(jwt, key instanceof Uint8Array ? key : await key.keyObject(header.alg)) .catch(() => {}); if (verified) { return { @@ -1195,12 +1222,12 @@ class BaseClient { targetUrl = this.issuer.mtls_endpoint_aliases.userinfo_endpoint; } - targetUrl = new url.URL(targetUrl || this.issuer.userinfo_endpoint); + targetUrl = new URL(targetUrl || this.issuer.userinfo_endpoint); if (via === 'body') { options.headers.Authorization = undefined; options.headers['Content-Type'] = 'application/x-www-form-urlencoded'; - options.body = new url.URLSearchParams(); + options.body = new URLSearchParams(); options.body.append( 'access_token', accessToken instanceof TokenSet ? accessToken.access_token : accessToken, @@ -1220,7 +1247,7 @@ class BaseClient { }); } else { // POST && via header - options.body = new url.URLSearchParams(); + options.body = new URLSearchParams(); options.headers['Content-Type'] = 'application/x-www-form-urlencoded'; Object.entries(params).forEach(([key, value]) => { options.body.append(key, value); @@ -1515,7 +1542,7 @@ class BaseClient { ...header, kid: symmetric ? undefined : key.jwk.kid, }) - .sign(symmetric ? key : key.keyObject); + .sign(symmetric ? key : await key.keyObject(signingAlgorithm)); } if (!eKeyManagement) { @@ -1539,7 +1566,7 @@ class BaseClient { ...fields, kid: key instanceof Uint8Array ? undefined : key.jwk.kid, }) - .encrypt(key instanceof Uint8Array ? key : key.keyObject); + .encrypt(key instanceof Uint8Array ? key : await key.keyObject(fields.alg)); } async pushedAuthorizationRequest(params = {}, { clientAssertionPayload } = {}) { @@ -1625,33 +1652,18 @@ class BaseClient { let privateKey; if (isKeyObject(privateKeyInput)) { privateKey = privateKeyInput; - } else { + } else if (privateKeyInput[Symbol.toStringTag] === 'CryptoKey') { + privateKey = privateKeyInput; + } else if (jose.cryptoRuntime === 'node:crypto') { privateKey = crypto.createPrivateKey(privateKeyInput); + } else { + throw new TypeError('unrecognized crypto runtime'); } if (privateKey.type !== 'private') { throw new TypeError('"DPoP" option must be a private key'); } - let alg; - switch (privateKey.asymmetricKeyType) { - case 'ed25519': - case 'ed448': - alg = 'EdDSA'; - break; - case 'ec': - alg = determineEcAlgorithm(privateKey, privateKeyInput); - break; - case 'rsa': - case rsaPssParams && 'rsa-pss': - alg = determineRsaAlgorithm( - privateKey, - privateKeyInput, - this.issuer.dpop_signing_alg_values_supported, - ); - break; - default: - throw new TypeError('unsupported DPoP private key asymmetric key type'); - } + let alg = determineDPoPAlgorithm.call(this, privateKey, privateKeyInput); if (!alg) { throw new TypeError('could not determine DPoP JWS Algorithm'); @@ -1674,81 +1686,138 @@ class BaseClient { } } -const RSPS = /^(?:RS|PS)(?:256|384|512)$/; -function determineRsaAlgorithm(privateKey, privateKeyInput, valuesSupported) { - if ( - typeof privateKeyInput === 'object' && - typeof privateKeyInput.key === 'object' && - privateKeyInput.key.alg - ) { - return privateKeyInput.key.alg; +function determineDPoPAlgorithmFromCryptoKey(cryptoKey) { + switch (cryptoKey.algorithm.name) { + case 'Ed25519': + case 'Ed448': + return 'EdDSA'; + case 'ECDSA': { + switch (cryptoKey.algorithm.namedCurve) { + case 'P-256': + return 'ES256'; + case 'P-384': + return 'ES384'; + case 'P-521': + return 'ES512'; + default: + break; + } + break; + } + case 'RSASSA-PKCS1-v1_5': + return `RS${cryptoKey.algorithm.hash.name.slice(4)}`; + case 'RSA-PSS': + return `PS${cryptoKey.algorithm.hash.name.slice(4)}`; + default: + throw new TypeError('unsupported DPoP private key'); } +} - if (Array.isArray(valuesSupported)) { - let candidates = valuesSupported.filter(RegExp.prototype.test.bind(RSPS)); - if (privateKey.asymmetricKeyType === 'rsa-pss') { - candidates = candidates.filter((value) => value.startsWith('PS')); +let determineDPoPAlgorithm; +if (jose.cryptoRuntime === 'node:crypto') { + determineDPoPAlgorithm = function (privateKey, privateKeyInput) { + if (privateKeyInput[Symbol.toStringTag] === 'CryptoKey') { + return determineDPoPAlgorithmFromCryptoKey(privateKey); } - return ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS384'].find((preferred) => - candidates.includes(preferred), - ); - } - return 'PS256'; -} + switch (privateKey.asymmetricKeyType) { + case 'ed25519': + case 'ed448': + return 'EdDSA'; + case 'ec': + return determineEcAlgorithm(privateKey, privateKeyInput); + case 'rsa': + case rsaPssParams && 'rsa-pss': + return determineRsaAlgorithm( + privateKey, + privateKeyInput, + this.issuer.dpop_signing_alg_values_supported, + ); + default: + throw new TypeError('unsupported DPoP private key'); + } + }; -const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); -const p384 = Buffer.from([43, 129, 4, 0, 34]); -const p521 = Buffer.from([43, 129, 4, 0, 35]); -const secp256k1 = Buffer.from([43, 129, 4, 0, 10]); + const RSPS = /^(?:RS|PS)(?:256|384|512)$/; + function determineRsaAlgorithm(privateKey, privateKeyInput, valuesSupported) { + if ( + typeof privateKeyInput === 'object' && + privateKeyInput.format === 'jwk' && + privateKeyInput.key && + privateKeyInput.key.alg + ) { + return privateKeyInput.key.alg; + } -function determineEcAlgorithm(privateKey, privateKeyInput) { - // If input was a JWK - switch ( - typeof privateKeyInput === 'object' && - typeof privateKeyInput.key === 'object' && - privateKeyInput.key.crv - ) { - case 'P-256': + if (Array.isArray(valuesSupported)) { + let candidates = valuesSupported.filter(RegExp.prototype.test.bind(RSPS)); + if (privateKey.asymmetricKeyType === 'rsa-pss') { + candidates = candidates.filter((value) => value.startsWith('PS')); + } + return ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS384'].find((preferred) => + candidates.includes(preferred), + ); + } + + return 'PS256'; + } + + const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); + const p384 = Buffer.from([43, 129, 4, 0, 34]); + const p521 = Buffer.from([43, 129, 4, 0, 35]); + const secp256k1 = Buffer.from([43, 129, 4, 0, 10]); + + function determineEcAlgorithm(privateKey, privateKeyInput) { + // If input was a JWK + switch ( + typeof privateKeyInput === 'object' && + typeof privateKeyInput.key === 'object' && + privateKeyInput.key.crv + ) { + case 'P-256': + return 'ES256'; + case 'secp256k1': + return 'ES256K'; + case 'P-384': + return 'ES384'; + case 'P-512': + return 'ES512'; + default: + break; + } + + const buf = privateKey.export({ format: 'der', type: 'pkcs8' }); + const i = buf[1] < 128 ? 17 : 18; + const len = buf[i]; + const curveOid = buf.slice(i + 1, i + 1 + len); + if (curveOid.equals(p256)) { return 'ES256'; - case 'secp256k1': - return 'ES256K'; - case 'P-384': + } + + if (curveOid.equals(p384)) { return 'ES384'; - case 'P-512': + } + if (curveOid.equals(p521)) { return 'ES512'; - default: - break; - } - - const buf = privateKey.export({ format: 'der', type: 'pkcs8' }); - const i = buf[1] < 128 ? 17 : 18; - const len = buf[i]; - const curveOid = buf.slice(i + 1, i + 1 + len); - if (curveOid.equals(p256)) { - return 'ES256'; - } + } - if (curveOid.equals(p384)) { - return 'ES384'; - } - if (curveOid.equals(p521)) { - return 'ES512'; - } + if (curveOid.equals(secp256k1)) { + return 'ES256K'; + } - if (curveOid.equals(secp256k1)) { - return 'ES256K'; + throw new TypeError('unsupported DPoP private key curve'); } - - throw new TypeError('unsupported DPoP private key curve'); +} else { + determineDPoPAlgorithm = determineDPoPAlgorithmFromCryptoKey; } const jwkCache = new WeakMap(); -async function getJwk(privateKey, privateKeyInput) { +async function getJwk(keyObject, privateKeyInput) { if ( + jose.cryptoRuntime === 'node:crypto' && typeof privateKeyInput === 'object' && typeof privateKeyInput.key === 'object' && - privateKeyInput.key.crv + privateKeyInput.format === 'jwk' ) { return pick(privateKeyInput.key, 'kty', 'crv', 'x', 'y', 'e', 'n'); } @@ -1757,9 +1826,9 @@ async function getJwk(privateKey, privateKeyInput) { return jwkCache.get(privateKeyInput); } - const jwk = pick(await jose.exportJWK(privateKey), 'kty', 'crv', 'x', 'y', 'e', 'n'); + const jwk = pick(await jose.exportJWK(keyObject), 'kty', 'crv', 'x', 'y', 'e', 'n'); - if (isKeyObject(privateKeyInput)) { + if (isKeyObject(privateKeyInput) || jose.cryptoRuntime === 'WebCryptoAPI') { jwkCache.set(privateKeyInput, jwk); } @@ -1776,4 +1845,5 @@ module.exports = (issuer, aadIssValidation = false) => return issuer; } }; + module.exports.BaseClient = BaseClient; diff --git a/lib/helpers/client.js b/lib/helpers/client.js index 7c002482..8c2f7fc7 100644 --- a/lib/helpers/client.js +++ b/lib/helpers/client.js @@ -70,7 +70,7 @@ async function clientAssertion(endpoint, payload) { return new jose.CompactSign(Buffer.from(JSON.stringify(payload))) .setProtectedHeader({ alg, kid: key.jwk && key.jwk.kid }) - .sign(key.keyObject); + .sign(await key.keyObject(alg)); } async function authFor(endpoint, { clientAssertionPayload } = {}) { diff --git a/lib/helpers/keystore.js b/lib/helpers/keystore.js index e8bba155..6118430f 100644 --- a/lib/helpers/keystore.js +++ b/lib/helpers/keystore.js @@ -2,7 +2,6 @@ const jose = require('jose'); const clone = require('./deep_clone'); const isPlainObject = require('./is_plain_object'); -const isKeyObject = require('./is_key_object'); const internal = Symbol(); @@ -51,7 +50,7 @@ function getKtyFromAlg(alg) { function getAlgorithms(use, alg, kty, crv) { // Ed25519, Ed448, and secp256k1 always have "alg" - // OKP always has use + // OKP always has "use" if (alg) { return new Set([alg]); } @@ -65,7 +64,20 @@ function getAlgorithms(use, alg, kty, crv) { } if (use === 'sig' || use === undefined) { - algs = algs.concat([`ES${crv.slice(-3)}`.replace('21', '12')]); + switch (crv) { + case 'P-256': + case 'P-384': + algs = algs.concat([`ES${crv.slice(-3)}`.replace('21', '12')]); + break; + case 'P-521': + algs = algs.concat(['ES512']); + break; + case 'secp256k1': + if (jose.cryptoRuntime === 'node:crypto') { + algs = algs.concat(['ES256K']); + } + break; + } } return new Set(algs); @@ -77,7 +89,10 @@ function getAlgorithms(use, alg, kty, crv) { let algs = []; if (use === 'enc' || use === undefined) { - algs = algs.concat(['RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5']); + algs = algs.concat(['RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512']); + if (jose.cryptoRuntime === 'node:crypto') { + algs = algs.concat(['RSA1_5']); + } } if (use === 'sig' || use === undefined) { @@ -225,36 +240,25 @@ module.exports = class KeyStore { } } - const keyObject = await jose.importJWK(jwk, alg || fauxAlg(jwk.kty)).catch(() => {}); - - if (!keyObject) continue; - - if (keyObject instanceof Uint8Array || keyObject.type === 'secret') { - if (onlyPrivate) { - throw new Error('jwks must only contain private keys'); - } - continue; - } - - if (!isKeyObject(keyObject)) { - throw new Error('what?!'); - } - - if (onlyPrivate && keyObject.type !== 'private') { + if (onlyPrivate && (jwk.kty === 'oct' || !jwk.d)) { throw new Error('jwks must only contain private keys'); } - if (onlyPublic && keyObject.type !== 'public') { - continue; - } - - if (kty === 'RSA' && keyObject.asymmetricKeySize < 2048) { + if (onlyPublic && (jwk.d || jwk.k)) { continue; } keys.push({ jwk: { ...jwk, alg, use }, - keyObject, + async keyObject(alg) { + if (this[alg]) { + return this[alg]; + } + + const keyObject = await jose.importJWK(this.jwk, alg); + this[alg] = keyObject; + return keyObject; + }, get algorithms() { Object.defineProperty(this, 'algorithms', { value: getAlgorithms(this.jwk.use, this.jwk.alg, this.jwk.kty, this.jwk.crv), diff --git a/package-lock.json b/package-lock.json index ec142647..7cb111f8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,37 +9,27 @@ "version": "5.5.0", "license": "MIT", "dependencies": { - "jose": "^4.14.4", + "jose": "^4.15.1", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.31", - "@types/passport": "^1.0.12", + "@types/node": "^16.18.55", + "@types/passport": "^1.0.13", "base64url": "^3.0.1", - "chai": "^4.3.7", - "jose2": "npm:jose@^2.0.6", + "chai": "^4.3.10", "mocha": "^10.2.0", - "nock": "^13.3.1", + "nock": "^13.3.3", "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", - "timekeeper": "^2.2.0" + "timekeeper": "^2.3.1" }, "funding": { "url": "https://github.com/sponsors/panva" } }, - "node_modules/@panva/asn1.js": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@panva/asn1.js/-/asn1.js-1.0.0.tgz", - "integrity": "sha512-UdkG3mLEqXgnlKsWanWcgb6dOjUzJ+XC5f+aWw30qrtjxeNUSfKX1cd5FBzOaXQumoe9nIqeZUvrRJS03HCCtw==", - "dev": true, - "engines": { - "node": ">=10.13.0" - } - }, "node_modules/@sinonjs/commons": { "version": "1.8.6", "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", @@ -76,9 +66,9 @@ "dev": true }, "node_modules/@types/body-parser": { - "version": "1.19.2", - "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.2.tgz", - "integrity": "sha512-ALYone6pm6QmwZoAgeyNksccT9Q4AWZQ6PvfwR37GT6r6FWUPguq6sUmNGSMV2Wr761oQoBxwGGa6DR5o1DC9g==", + "version": "1.19.3", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.3.tgz", + "integrity": "sha512-oyl4jvAfTGX9Bt6Or4H9ni1Z447/tQuxnZsytsCaExKlmJiU8sFgnIBRzJUpKwB5eWn9HuBYlUlVA74q/yN0eQ==", "dev": true, "dependencies": { "@types/connect": "*", @@ -86,18 +76,18 @@ } }, "node_modules/@types/connect": { - "version": "3.4.35", - "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.35.tgz", - "integrity": "sha512-cdeYyv4KWoEgpBISTxWvqYsVy444DOqehiF3fM3ne10AmJ62RSyNkUnxMJXHQWRQQX2eR94m5y1IZyDwBjV9FQ==", + "version": "3.4.36", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.36.tgz", + "integrity": "sha512-P63Zd/JUGq+PdrM1lv0Wv5SBYeA2+CORvbrXbngriYY0jzLUWfQMQQxOhjONEz/wlHOAxOdY7CY65rgQdTjq2w==", "dev": true, "dependencies": { "@types/node": "*" } }, "node_modules/@types/express": { - "version": "4.17.17", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.17.tgz", - "integrity": "sha512-Q4FmmuLGBG58btUnfS1c1r/NQdlp3DMfGDGig8WhfpA2YRUtEkxAjkZb0yvplJGYdF1fsQ81iMDcH24sSCNC/Q==", + "version": "4.17.18", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.18.tgz", + "integrity": "sha512-Sxv8BSLLgsBYmcnGdGjjEjqET2U+AKAdCRODmMiq02FgjwuV75Ut85DRpvFjyw/Mk0vgUOliGRU0UUmuuZHByQ==", "dev": true, "dependencies": { "@types/body-parser": "*", @@ -107,9 +97,9 @@ } }, "node_modules/@types/express-serve-static-core": { - "version": "4.17.35", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.35.tgz", - "integrity": "sha512-wALWQwrgiB2AWTT91CB62b6Yt0sNHpznUXeZEcnPU3DRdlDIz74x8Qg1UUYKSVFi+va5vKOLYRBI1bRKiLLKIg==", + "version": "4.17.37", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.37.tgz", + "integrity": "sha512-ZohaCYTgGFcOP7u6aJOhY9uIZQgZ2vxC2yWoArY+FeDXlqeH66ZVBjgvg+RLVAS/DWNq4Ap9ZXu1+SUQiiWYMg==", "dev": true, "dependencies": { "@types/node": "*", @@ -118,43 +108,49 @@ "@types/send": "*" } }, + "node_modules/@types/http-errors": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.2.tgz", + "integrity": "sha512-lPG6KlZs88gef6aD85z3HNkztpj7w2R7HmR3gygjfXCQmsLloWNARFkMuzKiiY8FGdh1XDpgBdrSf4aKDiA7Kg==", + "dev": true + }, "node_modules/@types/mime": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.2.tgz", - "integrity": "sha512-YATxVxgRqNH6nHEIsvg6k2Boc1JHI9ZbH5iWFFv/MTkchz3b1ieGDa5T0a9RznNdI0KhVbdbWSN+KWWrQZRxTw==", + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.3.tgz", + "integrity": "sha512-Ys+/St+2VF4+xuY6+kDIXGxbNRO0mesVg0bbxEfB97Od1Vjpjx9KD1qxs64Gcb3CWPirk9Xe+PT4YiiHQ9T+eg==", "dev": true }, "node_modules/@types/node": { - "version": "16.18.31", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.31.tgz", - "integrity": "sha512-KPXltf4z4g517OlVJO9XQ2357CYw7fvuJ3ZuBynjXC5Jos9i+K7LvFb7bUIwtJXSZj0vTp9Q6NJBSQpkwwO8Zw==", + "version": "16.18.57", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.57.tgz", + "integrity": "sha512-piPoDozdPaX1hNWFJQzzgWqE40gh986VvVx/QO9RU4qYRE55ld7iepDVgZ3ccGUw0R4wge0Oy1dd+3xOQNkkUQ==", "dev": true }, "node_modules/@types/passport": { - "version": "1.0.12", - "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.12.tgz", - "integrity": "sha512-QFdJ2TiAEoXfEQSNDISJR1Tm51I78CymqcBa8imbjo6dNNu+l2huDxxbDEIoFIwOSKMkOfHEikyDuZ38WwWsmw==", + "version": "1.0.13", + "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.13.tgz", + "integrity": "sha512-XXURryL+EZAWtbQFOHX1eNB+RJwz5XMPPz1xrGpEKr2xUZCXM4NCPkHMtZQ3B2tTSG/1IRaAcTHjczRA4sSFCw==", "dev": true, "dependencies": { "@types/express": "*" } }, "node_modules/@types/qs": { - "version": "6.9.7", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.7.tgz", - "integrity": "sha512-FGa1F62FT09qcrueBA6qYTrJPVDzah9a+493+o2PCXsesWHIn27G98TsSMs3WPNbZIEj4+VJf6saSFpvD+3Zsw==", + "version": "6.9.8", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.8.tgz", + "integrity": "sha512-u95svzDlTysU5xecFNTgfFG5RUWu1A9P0VzgpcIiGZA9iraHOdSzcxMxQ55DyeRaGCSxQi7LxXDI4rzq/MYfdg==", "dev": true }, "node_modules/@types/range-parser": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.4.tgz", - "integrity": "sha512-EEhsLsD6UsDM1yFhAvy0Cjr6VwmpMWqFBCb9w07wVugF7w9nfajxLuVmngTIpgS6svCnm6Vaw+MZhoDCKnOfsw==", + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.5.tgz", + "integrity": "sha512-xrO9OoVPqFuYyR/loIHjnbvvyRZREYKLjxV4+dY6v3FQR3stQ9ZxIGkaclF7YhI9hfjpuTbu14hZEy94qKLtOA==", "dev": true }, "node_modules/@types/send": { - "version": "0.17.1", - "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.1.tgz", - "integrity": "sha512-Cwo8LE/0rnvX7kIIa3QHCkcuF21c05Ayb0ZfxPiv0W8VRiZiNW/WuRupHKpqqGVGf7SUA44QSOUKaEd9lIrd/Q==", + "version": "0.17.2", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.2.tgz", + "integrity": "sha512-aAG6yRf6r0wQ29bkS+x97BIs64ZLxeE/ARwyS6wrldMm3C1MdKwCcnnEwMC1slI8wuxJOpiUH9MioC0A0i+GJw==", "dev": true, "dependencies": { "@types/mime": "^1", @@ -162,11 +158,12 @@ } }, "node_modules/@types/serve-static": { - "version": "1.15.1", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.1.tgz", - "integrity": "sha512-NUo5XNiAdULrJENtJXZZ3fHtfMolzZwczzBbnAeBbqBwG+LaG6YaJtuwzwGSQZ2wsCrxjEhNNjAkKigy3n8teQ==", + "version": "1.15.3", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.3.tgz", + "integrity": "sha512-yVRvFsEMrv7s0lGhzrggJjNOSmZCdgCjw9xWrPr/kNNLp6FaDfMC1KaYl3TSJ0c58bECwNBMoQrZJ8hA8E1eFg==", "dev": true, "dependencies": { + "@types/http-errors": "*", "@types/mime": "*", "@types/node": "*" } @@ -296,18 +293,18 @@ } }, "node_modules/chai": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.7.tgz", - "integrity": "sha512-HLnAzZ2iupm25PlN0xFreAlBA5zaBSv3og0DdeGA4Ar6h6rJ3A0rolRUKJhSF2V10GZKDgWF/VmAEsNWjCRB+A==", + "version": "4.3.10", + "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.10.tgz", + "integrity": "sha512-0UXG04VuVbruMUYbJ6JctvH0YnC/4q3/AkT18q4NaITo91CUm0liMS9VqzT9vZhVQ/1eqPanMWjBM+Juhfb/9g==", "dev": true, "dependencies": { "assertion-error": "^1.1.0", - "check-error": "^1.0.2", - "deep-eql": "^4.1.2", - "get-func-name": "^2.0.0", - "loupe": "^2.3.1", + "check-error": "^1.0.3", + "deep-eql": "^4.1.3", + "get-func-name": "^2.0.2", + "loupe": "^2.3.6", "pathval": "^1.1.1", - "type-detect": "^4.0.5" + "type-detect": "^4.0.8" }, "engines": { "node": ">=4" @@ -342,10 +339,13 @@ } }, "node_modules/check-error": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz", - "integrity": "sha512-BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", + "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", "dev": true, + "dependencies": { + "get-func-name": "^2.0.2" + }, "engines": { "node": "*" } @@ -545,9 +545,9 @@ "dev": true }, "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", "dev": true, "hasInstallScript": true, "optional": true, @@ -568,9 +568,9 @@ } }, "node_modules/get-func-name": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz", - "integrity": "sha512-Hm0ixYtaSZ/V7C8FJrtZIuBBI+iSgL+1Aq82zSu8VQNB4S3Gk8e7Qs3VwBDJAhmRZcFqkl3tQu36g/Foh5I5ig==", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", + "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", "dev": true, "engines": { "node": "*" @@ -750,25 +750,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.14.4", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.14.4.tgz", - "integrity": "sha512-j8GhLiKmUAh+dsFXlX1aJCbt5KMibuKb+d7j1JaOJG6s2UjX1PQlW+OKB/sD4a/5ZYF4RcmYmLSndOoU3Lt/3g==", - "funding": { - "url": "https://github.com/sponsors/panva" - } - }, - "node_modules/jose2": { - "name": "jose", - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.6.tgz", - "integrity": "sha512-FVoPY7SflDodE4lknJmbAHSUjLCzE2H1F6MS0RYKMQ8SR+lNccpMf8R4eqkNYyyUjR5qZReOzZo5C5YiHOCjjg==", - "dev": true, - "dependencies": { - "@panva/asn1.js": "^1.0.0" - }, - "engines": { - "node": ">=10.13.0 < 13 || >=13.7.0" - }, + "version": "4.15.1", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.1.tgz", + "integrity": "sha512-CinpaEMmwb/59YG0N6SC3DY1imdTU5iNl08HPWR7NdyxACPeFuQbqjaocEjCDGq04KbnxSqQu702vL3ZTvKe5w==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -953,9 +937,9 @@ } }, "node_modules/nock": { - "version": "13.3.1", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.1.tgz", - "integrity": "sha512-vHnopocZuI93p2ccivFyGuUfzjq2fxNyNurp7816mlT5V5HF4SzXu8lvLrVzBbNqzs+ODooZ6OksuSUNM7Njkw==", + "version": "13.3.3", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.3.tgz", + "integrity": "sha512-z+KUlILy9SK/RjpeXDiDUEAq4T94ADPHE3qaRkf66mpEhzc/ytOMm3Bwdrbq6k1tMWkbdujiKim3G2tfQARuJw==", "dev": true, "dependencies": { "debug": "^4.1.0", @@ -1287,9 +1271,9 @@ } }, "node_modules/timekeeper": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.2.0.tgz", - "integrity": "sha512-W3AmPTJWZkRwu+iSNxPIsLZ2ByADsOLbbLxe46UJyWj3mlYLlwucKiq+/dPm0l9wTzqoF3/2PH0AGFCebjq23A==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/timekeeper/-/timekeeper-2.3.1.tgz", + "integrity": "sha512-LeQRS7/4JcC0PgdSFnfUiStQEdiuySlCj/5SJ18D+T1n9BoY7PxKFfCwLulpHXoLUFr67HxBddQdEX47lDGx1g==", "dev": true }, "node_modules/to-regex-range": { diff --git a/package.json b/package.json index 1c5e9206..f67c67aa 100644 --- a/package.json +++ b/package.json @@ -45,23 +45,22 @@ "test": "mocha test/**/*.test.js" }, "dependencies": { - "jose": "^4.14.4", + "jose": "^4.15.1", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.31", - "@types/passport": "^1.0.12", + "@types/node": "^16.18.55", + "@types/passport": "^1.0.13", "base64url": "^3.0.1", - "chai": "^4.3.7", - "jose2": "npm:jose@^2.0.6", + "chai": "^4.3.10", "mocha": "^10.2.0", - "nock": "^13.3.1", + "nock": "^13.3.3", "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", - "timekeeper": "^2.2.0" + "timekeeper": "^2.3.1" }, "standard-version": { "scripts": { diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index dac0adbb..100ec71b 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -8,7 +8,7 @@ const { expect } = require('chai'); const base64url = require('base64url'); const nock = require('nock'); const sinon = require('sinon'); -const jose2 = require('jose2'); +const jose = require('jose'); const timekeeper = require('timekeeper'); const TokenSet = require('../../lib/token_set'); @@ -17,12 +17,19 @@ const now = require('../../lib/helpers/unix_timestamp'); const { Issuer, custom } = require('../../lib'); const clientInternal = require('../../lib/helpers/client'); const issuerInternal = require('../../lib/helpers/issuer'); +const KeyStore = require('../keystore'); const fail = () => { throw new Error('expected promise to be rejected'); }; const encode = (object) => base64url.encode(JSON.stringify(object)); +function getSearchParams(input) { + const parsed = url.parse(input); + if (!parsed.search) return {}; + return querystring.parse(parsed.search.substring(1)); +} + describe('Client', () => { afterEach(timekeeper.reset); afterEach(nock.cleanAll); @@ -57,12 +64,11 @@ describe('Client', () => { it('returns a string with the url with some basic defaults', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ redirect_uri: 'https://rp.example.com/cb', }), - true, - ).query, + ), ).to.eql({ client_id: 'identifier', redirect_uri: 'https://rp.example.com/cb', @@ -73,12 +79,11 @@ describe('Client', () => { it('returns a string with the url and client meta specific defaults', function () { expect( - url.parse( + getSearchParams( this.clientWithMeta.authorizationUrl({ nonce: 'foo', }), - true, - ).query, + ), ).to.eql({ nonce: 'foo', client_id: 'identifier', @@ -89,7 +94,7 @@ describe('Client', () => { }); it('returns a string with the url and no defaults if client has more metas', function () { - expect(url.parse(this.clientWithMultipleMetas.authorizationUrl(), true).query).to.eql({ + expect(getSearchParams(this.clientWithMultipleMetas.authorizationUrl())).to.eql({ client_id: 'identifier', scope: 'openid', }); @@ -97,12 +102,11 @@ describe('Client', () => { it('keeps original query parameters', function () { expect( - url.parse( + getSearchParams( this.clientWithQuery.authorizationUrl({ redirect_uri: 'https://rp.example.com/cb', }), - true, - ).query, + ), ).to.eql({ client_id: 'identifier', redirect_uri: 'https://rp.example.com/cb', @@ -114,15 +118,14 @@ describe('Client', () => { it('allows to overwrite the defaults', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ scope: 'openid offline_access', redirect_uri: 'https://rp.example.com/cb', response_type: 'id_token', nonce: 'foobar', }), - true, - ).query, + ), ).to.eql({ client_id: 'identifier', scope: 'openid offline_access', @@ -134,13 +137,12 @@ describe('Client', () => { it('allows any other params to be provide too', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ state: 'state', custom: 'property', }), - true, - ).query, + ), ).to.contain({ state: 'state', custom: 'property', @@ -149,12 +151,11 @@ describe('Client', () => { it('allows resource to passed as an array', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ resource: ['urn:example:com', 'urn:example-2:com'], }), - true, - ).query, + ), ).to.deep.contain({ resource: ['urn:example:com', 'urn:example-2:com'], }); @@ -162,12 +163,11 @@ describe('Client', () => { it('auto-stringifies claims parameter', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ claims: { id_token: { email: null } }, }), - true, - ).query, + ), ).to.contain({ claims: '{"id_token":{"email":null}}', }); @@ -175,25 +175,23 @@ describe('Client', () => { it('removes null and undefined values', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ state: null, prompt: undefined, }), - true, - ).query, + ), ).not.to.have.keys('state', 'prompt'); }); it('stringifies other values', function () { expect( - url.parse( + getSearchParams( this.client.authorizationUrl({ max_age: 300, foo: true, }), - true, - ).query, + ), ).to.contain({ max_age: '300', foo: 'true', @@ -251,7 +249,7 @@ describe('Client', () => { }); it('defaults the post_logout_redirect_uri if client has some', function () { - expect(url.parse(this.clientWithUris.endSessionUrl(), true).query).to.eql({ + expect(getSearchParams(this.clientWithUris.endSessionUrl())).to.eql({ client_id: 'identifier', post_logout_redirect_uri: 'https://rp.example.com/logout/cb', }); @@ -264,12 +262,11 @@ describe('Client', () => { access_token: 'tokenValue', }); expect( - url.parse( + getSearchParams( this.client.endSessionUrl({ id_token_hint: hint, }), - true, - ).query, + ), ).to.eql({ client_id: 'identifier', id_token_hint: 'eyJhbGciOiJub25lIn0.eyJzdWIiOiJzdWJqZWN0In0.', @@ -290,13 +287,12 @@ describe('Client', () => { it('allows to override default applied values', function () { expect( - url.parse( + getSearchParams( this.client.endSessionUrl({ post_logout_redirect_uri: 'override', client_id: 'override', }), - true, - ).query, + ), ).to.eql({ post_logout_redirect_uri: 'override', client_id: 'override', @@ -305,14 +301,13 @@ describe('Client', () => { it('allows for recommended and optional query params to be passed in', function () { expect( - url.parse( + getSearchParams( this.client.endSessionUrl({ post_logout_redirect_uri: 'https://rp.example.com/logout/cb', state: 'foo', id_token_hint: 'idtoken', }), - true, - ).query, + ), ).to.eql({ post_logout_redirect_uri: 'https://rp.example.com/logout/cb', state: 'foo', @@ -320,15 +315,14 @@ describe('Client', () => { client_id: 'identifier', }); expect( - url.parse( + getSearchParams( this.clientWithQuery.endSessionUrl({ post_logout_redirect_uri: 'https://rp.example.com/logout/cb', state: 'foo', id_token_hint: 'idtoken', foo: 'this will be ignored', }), - true, - ).query, + ), ).to.eql({ post_logout_redirect_uri: 'https://rp.example.com/logout/cb', state: 'foo', @@ -569,17 +563,15 @@ describe('Client', () => { authorization_signed_response_alg: 'HS256', }); - const response = jose2.JWT.sign( - { - code: 'foo', - }, - client.client_secret, - { - issuer: this.issuerWithIssResponse.issuer, - audience: client.client_id, - expiresIn: '5m', - }, - ); + const response = await new jose.SignJWT({ + code: 'foo', + iss: this.issuerWithIssResponse.issuer, + aud: client.client_id, + }) + .setIssuedAt() + .setExpirationTime('5m') + .setProtectedHeader({ alg: 'HS256' }) + .sign(new TextEncoder().encode(client.client_secret)); nock('https://op.example.com') .matchHeader('Accept', 'application/json') @@ -622,24 +614,24 @@ describe('Client', () => { authorization_encrypted_response_enc: 'A128GCM', }); - const response = jose2.JWE.encrypt( - jose2.JWT.sign( - { - code: 'foo', - }, - client.client_secret, - { - issuer: this.issuerWithIssResponse.issuer, - audience: client.client_id, - expiresIn: '5m', - }, - ), - await client.secretForAlg('A128GCM'), - { + const cleartext = new TextEncoder().encode( + await new jose.SignJWT({ + code: 'foo', + iss: this.issuerWithIssResponse.issuer, + aud: client.client_id, + }) + .setIssuedAt() + .setExpirationTime('5m') + .setProtectedHeader({ alg: 'HS256' }) + .sign(new TextEncoder().encode(client.client_secret)), + ); + + const response = await new jose.CompactEncrypt(cleartext) + .setProtectedHeader({ alg: 'dir', enc: 'A128GCM', - }, - ); + }) + .encrypt(await client.secretForAlg('A128GCM')); nock('https://op.example.com') .matchHeader('Accept', 'application/json') @@ -697,17 +689,15 @@ describe('Client', () => { authorization_signed_response_alg: 'HS256', }); - const response = jose2.JWT.sign( - { - code: 'foo', - }, - client.client_secret, - { - issuer: this.issuerWithIssResponse.issuer, - audience: client.client_id, - expiresIn: '5m', - }, - ); + const response = await new jose.SignJWT({ + code: 'foo', + iss: this.issuerWithIssResponse.issuer, + aud: client.client_id, + }) + .setIssuedAt() + .setProtectedHeader({ alg: 'HS256' }) + .setExpirationTime('5m') + .sign(new TextEncoder().encode(client.client_secret)); return this.client .callback( @@ -945,17 +935,15 @@ describe('Client', () => { authorization_signed_response_alg: 'HS256', }); - const response = jose2.JWT.sign( - { - code: 'foo', - }, - client.client_secret, - { - issuer: this.issuerWithIssResponse.issuer, - audience: client.client_id, - expiresIn: '5m', - }, - ); + const response = await new jose.SignJWT({ + code: 'foo', + iss: this.issuerWithIssResponse.issuer, + aud: client.client_id, + }) + .setIssuedAt() + .setProtectedHeader({ alg: 'HS256' }) + .setExpirationTime('5m') + .sign(new TextEncoder().encode(client.client_secret)); nock('https://op.example.com') .matchHeader('Accept', 'application/json') @@ -998,24 +986,24 @@ describe('Client', () => { authorization_encrypted_response_enc: 'A128GCM', }); - const response = jose2.JWE.encrypt( - jose2.JWT.sign( - { - code: 'foo', - }, - client.client_secret, - { - issuer: this.issuerWithIssResponse.issuer, - audience: client.client_id, - expiresIn: '5m', - }, - ), - await client.secretForAlg('A128GCM'), - { + const cleartext = new TextEncoder().encode( + await new jose.SignJWT({ + code: 'foo', + iss: this.issuerWithIssResponse.issuer, + aud: client.client_id, + }) + .setIssuedAt() + .setExpirationTime('5m') + .setProtectedHeader({ alg: 'HS256' }) + .sign(new TextEncoder().encode(client.client_secret)), + ); + + const response = await new jose.CompactEncrypt(cleartext) + .setProtectedHeader({ alg: 'dir', enc: 'A128GCM', - }, - ); + }) + .encrypt(await client.secretForAlg('A128GCM')); nock('https://op.example.com') .matchHeader('Accept', 'application/json') @@ -1073,17 +1061,15 @@ describe('Client', () => { authorization_signed_response_alg: 'HS256', }); - const response = jose2.JWT.sign( - { - code: 'foo', - }, - client.client_secret, - { - issuer: this.issuer.issuer, - audience: client.client_id, - expiresIn: '5m', - }, - ); + const response = await new jose.SignJWT({ + code: 'foo', + iss: this.issuer.issuer, + aud: client.client_id, + }) + .setIssuedAt() + .setProtectedHeader({ alg: 'HS256' }) + .setExpirationTime('5m') + .sign(new TextEncoder().encode(client.client_secret)); return this.client .oauthCallback( @@ -1379,63 +1365,57 @@ describe('Client', () => { }); }); - it('passes ID Token validations when ID Token is returned', function () { + it('passes ID Token validations when ID Token is returned', async function () { nock('https://op.example.com') .matchHeader('Accept', 'application/json') .post('/token') // to make sure filteringRequestBody works .reply(200, { access_token: 'present', refresh_token: 'refreshValue', - id_token: jose2.JWT.sign( - { - sub: 'foo', - }, - this.client.client_secret, - { - issuer: this.client.issuer.issuer, - audience: this.client.client_id, - expiresIn: '5m', - }, - ), + id_token: await new jose.SignJWT({ + sub: 'foo', + iss: this.client.issuer.issuer, + aud: this.client.client_id, + }) + .setIssuedAt() + .setProtectedHeader({ alg: 'HS256' }) + .setExpirationTime('5m') + .sign(new TextEncoder().encode(this.client.client_secret)), }); return this.client.refresh( new TokenSet({ access_token: 'present', refresh_token: 'refreshValue', - id_token: jose2.JWT.sign( - { - sub: 'foo', - }, - this.client.client_secret, - { - issuer: this.client.issuer.issuer, - audience: this.client.client_id, - expiresIn: '6m', - }, - ), + id_token: await new jose.SignJWT({ + sub: 'foo', + iss: this.client.issuer.issuer, + aud: this.client.client_id, + }) + .setIssuedAt() + .setProtectedHeader({ alg: 'HS256' }) + .setExpirationTime('6m') + .sign(new TextEncoder().encode(this.client.client_secret)), }), ); }); - it('rejects when returned ID Token sub does not match the one passed in', function () { + it('rejects when returned ID Token sub does not match the one passed in', async function () { nock('https://op.example.com') .matchHeader('Accept', 'application/json') .post('/token') // to make sure filteringRequestBody works .reply(200, { access_token: 'present', refresh_token: 'refreshValue', - id_token: jose2.JWT.sign( - { - sub: 'bar', - }, - this.client.client_secret, - { - issuer: this.client.issuer.issuer, - audience: this.client.client_id, - expiresIn: '5m', - }, - ), + id_token: await new jose.SignJWT({ + sub: 'bar', + iss: this.client.issuer.issuer, + aud: this.client.client_id, + }) + .setProtectedHeader({ alg: 'HS256' }) + .setIssuedAt() + .setExpirationTime('5m') + .sign(new TextEncoder().encode(this.client.client_secret)), }); return this.client @@ -1443,17 +1423,15 @@ describe('Client', () => { new TokenSet({ access_token: 'present', refresh_token: 'refreshValue', - id_token: jose2.JWT.sign( - { - sub: 'foo', - }, - this.client.client_secret, - { - issuer: this.client.issuer.issuer, - audience: this.client.client_id, - expiresIn: '5m', - }, - ), + id_token: await new jose.SignJWT({ + sub: 'foo', + iss: this.client.issuer.issuer, + aud: this.client.client_id, + }) + .setProtectedHeader({ alg: 'HS256' }) + .setExpirationTime('5m') + .setIssuedAt() + .sign(new TextEncoder().encode(this.client.client_secret)), }), ) .then(fail, (error) => { @@ -2404,7 +2382,7 @@ describe('Client', () => { token_endpoint_auth_signing_alg_values_supported: ['ES256', 'ES384'], }); - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); return keystore.generate('EC', 'P-256').then(() => { const client = new issuer.Client( @@ -2505,7 +2483,7 @@ describe('Client', () => { token_endpoint: 'https://op.example.com/token', }); - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); return keystore.generate('EC', 'P-256').then(() => { const client = new issuer.Client( @@ -2537,7 +2515,7 @@ describe('Client', () => { }); before(function () { - this.keystore = new jose2.JWKS.KeyStore(); + this.keystore = new KeyStore(); return this.keystore.generate('RSA'); }); @@ -2572,12 +2550,20 @@ describe('Client', () => { token_endpoint_auth_method: 'tls_client_auth', }); - this.IdToken = async (key, alg, payload) => { - return jose2.JWS.sign(payload, key, { - alg, - typ: 'oauth-authz-req+jwt', - kid: alg.startsWith('HS') ? undefined : key.kid, - }); + this.IdToken = async (jwkOrSecret, alg, payload) => { + let key; + if (jwkOrSecret instanceof Uint8Array) { + key = jwkOrSecret; + } else { + key = await jose.importJWK(jwkOrSecret, alg); + } + return new jose.SignJWT(payload) + .setProtectedHeader({ + alg, + typ: 'oauth-authz-req+jwt', + kid: alg.startsWith('HS') ? undefined : key.kid, + }) + .sign(key); }; }); @@ -3537,7 +3523,7 @@ describe('Client', () => { describe('signed and encrypted responses', function () { before(function () { - this.keystore = jose2.JWKS.asKeyStore({ + this.keystore = new KeyStore({ keys: [ { kty: 'EC', @@ -3859,7 +3845,7 @@ describe('Client', () => { describe('#requestObject', function () { before(function () { - this.keystore = new jose2.JWKS.KeyStore(); + this.keystore = new KeyStore(); return this.keystore.generate('RSA'); }); @@ -3894,7 +3880,7 @@ describe('Client', () => { }); it('verifies keystore has the appropriate key', async function () { - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); await keystore.generate('EC'); const client = new this.issuer.Client( { client_id: 'identifier', request_object_signing_alg: 'EdDSA' }, @@ -4165,7 +4151,7 @@ describe('Client', () => { describe('#requestObject (encryption when multiple keys match)', function () { before(function () { - this.keystore = new jose2.JWKS.KeyStore(); + this.keystore = new KeyStore(); return Promise.all([this.keystore.generate('RSA'), this.keystore.generate('RSA')]); }); diff --git a/test/client/dpop.test.js b/test/client/dpop.test.js index 04aa4ef8..4b1311bc 100644 --- a/test/client/dpop.test.js +++ b/test/client/dpop.test.js @@ -2,7 +2,7 @@ const { isUndefined } = require('util'); const { expect } = require('chai'); const nock = require('nock'); -const jose2 = require('jose2'); +const jose = require('jose'); const { Issuer, @@ -20,8 +20,6 @@ const issuer = new Issuer({ dpop_signing_alg_values_supported: ['PS512', 'PS384'], }); -const privateKey = jose2.JWK.generateSync('EC').keyObject; - const fail = () => { throw new Error('expected promise to be rejected'); }; @@ -49,42 +47,58 @@ describe('DPoP', () => { }); }); - it('DPoP Private Key can be passed also as valid createPrivateKey input', async function () { - if (parseInt(process.versions.node, 10) >= 16) { - const jwk = (await jose2.JWK.generate('EC')).toJWK(true); - await this.client.dpopProof({}, { format: 'jwk', key: jwk }); - } + if (jose.cryptoRuntime === 'node:crypto') { + it('DPoP Private Key can be passed also as valid createPrivateKey input', async function () { + if (parseInt(process.versions.node, 10) >= 16) { + const jwk = await jose.exportJWK( + ( + await jose.generateKeyPair('ES256', { extractable: true }) + ).privateKey, + ); + await this.client.dpopProof({}, { format: 'jwk', key: jwk }); + } - { - const pem = (await jose2.JWK.generate('EC')).toPEM(true); - await this.client.dpopProof({}, pem); - await this.client.dpopProof({}, { key: pem, format: 'pem' }); - } + { + const pem = await jose.exportPKCS8( + ( + await jose.generateKeyPair('ES256', { extractable: true }) + ).privateKey, + ); + await this.client.dpopProof({}, pem); + await this.client.dpopProof({}, { key: pem, format: 'pem' }); + } - { - const der = (await jose2.JWK.generate('EC')).keyObject.export({ - format: 'der', - type: 'pkcs8', - }); - await this.client.dpopProof({}, { key: der, format: 'der', type: 'pkcs8' }); - } + { + const der = ( + await jose.generateKeyPair('ES256', { extractable: true }) + ).privateKey.export({ + format: 'der', + type: 'pkcs8', + }); + await this.client.dpopProof({}, { key: der, format: 'der', type: 'pkcs8' }); + } - { - const der = (await jose2.JWK.generate('EC')).keyObject.export({ - format: 'der', - type: 'sec1', - }); - await this.client.dpopProof({}, { key: der, format: 'der', type: 'sec1' }); - } + { + const der = ( + await jose.generateKeyPair('ES256', { extractable: true }) + ).privateKey.export({ + format: 'der', + type: 'sec1', + }); + await this.client.dpopProof({}, { key: der, format: 'der', type: 'sec1' }); + } - { - const der = (await jose2.JWK.generate('RSA')).keyObject.export({ - format: 'der', - type: 'pkcs1', - }); - await this.client.dpopProof({}, { key: der, format: 'der', type: 'pkcs1' }); - } - }); + { + const der = ( + await jose.generateKeyPair('RS256', { extractable: true }) + ).privateKey.export({ + format: 'der', + type: 'pkcs1', + }); + await this.client.dpopProof({}, { key: der, format: 'der', type: 'pkcs1' }); + } + }); + } it('DPoP Proof JWT w/o ath', async function () { const proof = await this.client.dpopProof( @@ -94,151 +108,140 @@ describe('DPoP', () => { baz: true, }, ( - await jose2.JWK.generate('RSA') - ).keyObject, + await jose.generateKeyPair('RS256', { extractable: true }) + ).privateKey, ); - const decoded = jose2.JWT.decode(proof, { complete: true }); - expect(decoded).to.have.nested.property('header.typ', 'dpop+jwt'); - expect(decoded).to.have.nested.property('payload.iat'); - expect(decoded).to.have.nested.property('payload.jti'); - expect(decoded).to.have.nested.property('payload.htu', 'foo'); - expect(decoded).to.have.nested.property('payload.htm', 'bar'); - expect(decoded).to.have.nested.property('payload.baz', true); - expect(decoded).to.have.nested.property('header.jwk').that.has.keys('kty', 'e', 'n'); + const header = jose.decodeProtectedHeader(proof); + const payload = jose.decodeJwt(proof); + expect(header).to.have.property('jwk').that.has.keys('kty', 'e', 'n'); + expect(header).to.have.property('typ', 'dpop+jwt'); + expect(payload).to.have.property('iat'); + expect(payload).to.have.property('jti'); + expect(payload).to.have.property('htu', 'foo'); + expect(payload).to.have.property('htm', 'bar'); + expect(payload).to.have.property('baz', true); expect( - jose2.JWT.decode( - await this.client.dpopProof({}, (await jose2.JWK.generate('EC')).keyObject), + jose.decodeProtectedHeader( + await this.client.dpopProof( + {}, + ( + await jose.generateKeyPair('ES256', { extractable: true }) + ).privateKey, + ), { complete: true }, ), ) - .to.have.nested.property('header.jwk') + .to.have.property('jwk') .that.has.keys('kty', 'crv', 'x', 'y'); expect( - jose2.JWT.decode( - await this.client.dpopProof({}, (await jose2.JWK.generate('OKP')).keyObject), - { complete: true }, + jose.decodeProtectedHeader( + await this.client.dpopProof( + {}, + ( + await jose.generateKeyPair('EdDSA', { extractable: true }) + ).privateKey, + ), ), ) - .to.have.nested.property('header.jwk') + .to.have.property('jwk') .that.has.keys('kty', 'crv', 'x'); }); it('DPoP Proof JWT w/ ath', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); const proof = await this.client.dpopProof( { htu: 'foo', htm: 'bar', }, - ( - await jose2.JWK.generate('EC') - ).keyObject, + privateKey, 'foo', ); - const decoded = jose2.JWT.decode(proof, { complete: true }); - expect(decoded).to.have.nested.property( - 'payload.ath', - 'LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564', - ); + const payload = jose.decodeJwt(proof); + expect(payload).to.have.property('ath', 'LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564'); }); - it('else this.issuer.dpop_signing_alg_values_supported is used', async function () { - const proof = await this.client.dpopProof( - {}, - ( - await jose2.JWK.generate('RSA', 2048) - ).keyObject, - ); - // 256 is not supported by the issuer, next one in line is PS384 - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'PS384', - ); - }); + if (jose.cryptoRuntime === 'node:crypto') { + it('else this.issuer.dpop_signing_alg_values_supported is used', async function () { + const proof = await this.client.dpopProof( + {}, + ( + await jose.generateKeyPair('RS256', { extractable: true }) + ).privateKey, + ); + // 256 is not supported by the issuer, next one in line is PS384 + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'PS384'); + }); + } it('unless the key dictates an algorithm', async function () { { const proof = await this.client.dpopProof( {}, ( - await jose2.JWK.generate('OKP', 'Ed25519') - ).keyObject, - ); - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'EdDSA', + await jose.generateKeyPair('EdDSA', { extractable: true }) + ).privateKey, ); + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'EdDSA'); } - if (!('electron' in process.versions)) { + if (!('electron' in process.versions) && jose.cryptoRuntime === 'node:crypto') { const proof = await this.client.dpopProof( {}, ( - await jose2.JWK.generate('OKP', 'Ed448') - ).keyObject, - ); - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'EdDSA', + await jose.generateKeyPair('EdDSA', { crv: 'Ed448' }) + ).privateKey, ); + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'EdDSA'); } { const proof = await this.client.dpopProof( {}, ( - await jose2.JWK.generate('EC', 'P-256') - ).keyObject, - ); - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'ES256', + await jose.generateKeyPair('ES256', { extractable: true }) + ).privateKey, ); + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'ES256'); } - if (!('electron' in process.versions)) { + if (!('electron' in process.versions) && jose.cryptoRuntime === 'node:crypto') { const proof = await this.client.dpopProof( {}, ( - await jose2.JWK.generate('EC', 'secp256k1') - ).keyObject, - ); - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'ES256K', + await jose.generateKeyPair('ES256K', { extractable: true }) + ).privateKey, ); + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'ES256K'); } { const proof = await this.client.dpopProof( {}, ( - await jose2.JWK.generate('EC', 'P-384') - ).keyObject, - ); - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'ES384', + await jose.generateKeyPair('ES384', { extractable: true }) + ).privateKey, ); + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'ES384'); } { const proof = await this.client.dpopProof( {}, ( - await jose2.JWK.generate('EC', 'P-521') - ).keyObject, - ); - expect(jose2.JWT.decode(proof, { complete: true })).to.have.nested.property( - 'header.alg', - 'ES512', + await jose.generateKeyPair('ES512', { extractable: true }) + ).privateKey, ); + expect(jose.decodeProtectedHeader(proof)).to.have.property('alg', 'ES512'); } }); }); it('is enabled for userinfo', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); + nock('https://op.example.com').get('/me').reply(200, { sub: 'foo' }); await this.client.userinfo('foo', { DPoP: privateKey }); @@ -246,15 +249,17 @@ describe('DPoP', () => { expect(this.httpOpts).to.have.nested.property('headers.DPoP'); const proof = this.httpOpts.headers.DPoP; - const proofJWT = jose2.JWT.decode(proof, { complete: true }); - expect(proofJWT).to.have.nested.property('payload.ath'); + const proofJWT = jose.decodeJwt(proof); + expect(proofJWT).to.have.property('ath'); }); it('handles DPoP nonce in userinfo', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); + nock('https://op.example.com') .get('/me') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.be.undefined; return true; }) @@ -264,21 +269,21 @@ describe('DPoP', () => { }) .get('/me') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) .reply(200, { sub: 'foo' }) .get('/me') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) .reply(200, { sub: 'foo' }) .get('/me') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) @@ -295,10 +300,12 @@ describe('DPoP', () => { }); it('handles DPoP nonce in grant', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); + nock('https://op.example.com') .post('/token') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.be.undefined; return true; }) @@ -311,21 +318,21 @@ describe('DPoP', () => { ) .post('/token') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) .reply(200, { access_token: 'foo' }) .post('/token') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) .reply(200, { access_token: 'foo' }) .post('/token') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) @@ -342,10 +349,11 @@ describe('DPoP', () => { }); it('handles DPoP nonce in requestResource', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://rs.example.com') .get('/resource') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.be.undefined; return true; }) @@ -355,21 +363,21 @@ describe('DPoP', () => { }) .get('/resource') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) .reply(200, { sub: 'foo' }) .get('/resource') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) .reply(200, { sub: 'foo' }) .get('/resource') .matchHeader('DPoP', (proof) => { - const { nonce } = jose2.JWT.decode(proof); + const { nonce } = jose.decodeJwt(proof); expect(nonce).to.eq('eyJ7S_zG.eyJH0-Z.HX4w-7v'); return true; }) @@ -393,6 +401,7 @@ describe('DPoP', () => { }); it('is enabled for requestResource', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://rs.example.com') .matchHeader('Transfer-Encoding', isUndefined) .matchHeader('Content-Length', isUndefined) @@ -407,11 +416,12 @@ describe('DPoP', () => { expect(this.httpOpts).to.have.nested.property('headers.DPoP'); const proof = this.httpOpts.headers.DPoP; - const proofJWT = jose2.JWT.decode(proof, { complete: true }); - expect(proofJWT).to.have.nested.property('payload.ath'); + const proofJWT = jose.decodeJwt(proof); + expect(proofJWT).to.have.property('ath'); }); it('is enabled for grant', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://op.example.com').post('/token').reply(200, { access_token: 'foo' }); await this.client.grant({ grant_type: 'foo' }, { DPoP: privateKey }); @@ -420,6 +430,7 @@ describe('DPoP', () => { }); it('is enabled for refresh', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://op.example.com').post('/token').reply(200, { access_token: 'foo' }); await this.client.refresh('foo', { DPoP: privateKey }); @@ -428,6 +439,7 @@ describe('DPoP', () => { }); it('is enabled for oauthCallback', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://op.example.com').post('/token').reply(200, { access_token: 'foo' }); await this.client.oauthCallback('foo', { code: 'foo' }, {}, { DPoP: privateKey }); @@ -436,6 +448,7 @@ describe('DPoP', () => { }); it('is enabled for callback', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://op.example.com').post('/token').reply(200, { access_token: 'foo' }); try { @@ -446,6 +459,7 @@ describe('DPoP', () => { }); it('is enabled for deviceAuthorization', async function () { + const { privateKey } = await jose.generateKeyPair('ES256', { extractable: true }); nock('https://op.example.com').post('/device').reply(200, { expires_in: 60, device_code: 'foo', diff --git a/test/client/implicit_kid.test.js b/test/client/implicit_kid.test.js index 728f3b9e..445b9e16 100644 --- a/test/client/implicit_kid.test.js +++ b/test/client/implicit_kid.test.js @@ -1,12 +1,12 @@ const { expect } = require('chai'); -const jose2 = require('jose2'); const nock = require('nock'); const Issuer = require('../../lib/issuer'); const clientInternal = require('../../lib/helpers/client'); +const KeyStore = require('../keystore'); async function noKidJWKS() { - const store = new jose2.JWKS.KeyStore(); + const store = new KeyStore(); await store.generate('EC'); const jwks = store.toJWKS(true); delete jwks.keys[0].kid; diff --git a/test/client/mtls.test.js b/test/client/mtls.test.js index 4177daf9..59c55a8b 100644 --- a/test/client/mtls.test.js +++ b/test/client/mtls.test.js @@ -3,7 +3,7 @@ const path = require('path'); const { expect } = require('chai'); const nock = require('nock'); -const jose2 = require('jose2'); +const jose = require('jose'); const { Issuer, custom } = require('../../lib'); const clientHelpers = require('../../lib/helpers/client'); @@ -116,17 +116,17 @@ describe('mutual-TLS', () => { let { form: { client_assertion: jwt }, } = await clientHelpers.authFor.call(this.jwtAuthClient, 'token'); - let { aud } = jose2.JWT.decode(jwt); + let { aud } = jose.decodeJwt(jwt); expect(aud).to.deep.equal(['https://op.example.com', 'https://op.example.com/token']); ({ form: { client_assertion: jwt }, } = await clientHelpers.authFor.call(this.jwtAuthClient, 'introspection')); - ({ aud } = jose2.JWT.decode(jwt)); + ({ aud } = jose.decodeJwt(jwt)); expect(aud).to.deep.equal(['https://op.example.com', 'https://op.example.com/token']); ({ form: { client_assertion: jwt }, } = await clientHelpers.authFor.call(this.jwtAuthClient, 'revocation')); - ({ aud } = jose2.JWT.decode(jwt)); + ({ aud } = jose.decodeJwt(jwt)); expect(aud).to.deep.equal(['https://op.example.com', 'https://op.example.com/token']); }); diff --git a/test/client/register_client.test.js b/test/client/register_client.test.js index f372c1c7..0d5f2386 100644 --- a/test/client/register_client.test.js +++ b/test/client/register_client.test.js @@ -1,11 +1,11 @@ const { isNumber, isUndefined } = require('util'); const { expect } = require('chai'); -const jose2 = require('jose2'); const sinon = require('sinon'); const nock = require('nock'); const { Issuer, custom } = require('../../lib'); +const KeyStore = require('../keystore'); const fail = () => { throw new Error('expected promise to be rejected'); @@ -89,7 +89,7 @@ describe('Client#register', () => { describe('with keystore (as option)', function () { it('enriches the registration with jwks if not provided (or jwks_uri)', function () { - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); nock('https://op.example.com') .filteringRequestBody(function (body) { @@ -109,7 +109,7 @@ describe('Client#register', () => { }); it('ignores the keystore during registration if jwks is provided', function () { - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); nock('https://op.example.com') .filteringRequestBody(function (body) { @@ -134,7 +134,7 @@ describe('Client#register', () => { }); it('ignores the keystore during registration if jwks_uri is provided', function () { - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); nock('https://op.example.com') .filteringRequestBody(function (body) { @@ -166,7 +166,7 @@ describe('Client#register', () => { }); it('does not accept oct keys', function () { - const keystore = new jose2.JWKS.KeyStore(); + const keystore = new KeyStore(); return keystore.generate('oct', 32).then(() => { return issuer.Client.register({}, { jwks: keystore.toJWKS(true) }).then( diff --git a/test/client/self_issued.test.js b/test/client/self_issued.test.js index cda850ce..f43ed4da 100644 --- a/test/client/self_issued.test.js +++ b/test/client/self_issued.test.js @@ -1,7 +1,7 @@ const { expect } = require('chai'); const nock = require('nock'); const timekeeper = require('timekeeper'); -const jose2 = require('jose2'); +const jose = require('jose'); const { Issuer } = require('../../lib'); @@ -35,29 +35,33 @@ describe('Validating Self-Issued OP responses', () => { Object.assign(this, { issuer, client }); }); - const idToken = (claims = {}) => { - const jwk = jose2.JWK.generateSync('EC'); - return jose2.JWT.sign( - { - sub_jwk: jwk.toJWK(), - sub: jwk.thumbprint, - ...claims, - }, - jwk, - { expiresIn: '2h', issuer: 'https://self-issued.me', audience: 'https://rp.example.com/cb' }, - ); - }; + async function idToken(claims = {}) { + const kp = await jose.generateKeyPair('ES256', { extractable: true }); + const jwk = await jose.exportJWK(kp.publicKey); + const sub = await jose.calculateJwkThumbprint(jwk); + return await new jose.SignJWT({ + sub_jwk: jwk, + sub, + ...claims, + }) + .setIssuedAt() + .setProtectedHeader({ alg: 'ES256' }) + .setIssuer('https://self-issued.me') + .setAudience('https://rp.example.com/cb') + .setExpirationTime('2h') + .sign(kp.privateKey); + } describe('consuming an ID Token response', () => { - it('consumes a self-issued response', function () { + it('consumes a self-issued response', async function () { const { client } = this; - return client.callback(undefined, { id_token: idToken() }); + return client.callback(undefined, { id_token: await idToken() }); }); - it('expects sub_jwk to be in the ID Token claims', function () { + it('expects sub_jwk to be in the ID Token claims', async function () { const { client } = this; return client - .callback(undefined, { id_token: idToken({ sub_jwk: undefined }) }) + .callback(undefined, { id_token: await idToken({ sub_jwk: undefined }) }) .then(fail, (err) => { expect(err.name).to.equal('RPError'); expect(err.message).to.equal('missing required JWT property sub_jwk'); @@ -65,10 +69,10 @@ describe('Validating Self-Issued OP responses', () => { }); }); - it('expects sub_jwk to be a public JWK', function () { + it('expects sub_jwk to be a public JWK', async function () { const { client } = this; return client - .callback(undefined, { id_token: idToken({ sub_jwk: 'foobar' }) }) + .callback(undefined, { id_token: await idToken({ sub_jwk: 'foobar' }) }) .then(fail, (err) => { expect(err.name).to.equal('RPError'); expect(err.message).to.equal('failed to use sub_jwk claim as an asymmetric JSON Web Key'); @@ -76,13 +80,15 @@ describe('Validating Self-Issued OP responses', () => { }); }); - it('expects sub to be the thumbprint of the sub_jwk', function () { + it('expects sub to be the thumbprint of the sub_jwk', async function () { const { client } = this; - return client.callback(undefined, { id_token: idToken({ sub: 'foo' }) }).then(fail, (err) => { - expect(err.name).to.equal('RPError'); - expect(err.message).to.equal('failed to match the subject with sub_jwk'); - expect(err).to.have.property('jwt'); - }); + return client + .callback(undefined, { id_token: await idToken({ sub: 'foo' }) }) + .then(fail, (err) => { + expect(err.name).to.equal('RPError'); + expect(err.message).to.equal('failed to match the subject with sub_jwk'); + expect(err).to.have.property('jwt'); + }); }); }); }); diff --git a/test/issuer/issuer_instance.test.js b/test/issuer/issuer_instance.test.js index 2f1fff14..f58bfcb4 100644 --- a/test/issuer/issuer_instance.test.js +++ b/test/issuer/issuer_instance.test.js @@ -2,10 +2,10 @@ const { expect } = require('chai'); const LRU = require('lru-cache'); const nock = require('nock'); const sinon = require('sinon'); -const jose2 = require('jose2'); const { Issuer, custom } = require('../../lib'); const issuerInternal = require('../../lib/helpers/issuer'); +const KeyStore = require('../keystore'); const fail = () => { throw new Error('expected promise to be rejected'); @@ -22,7 +22,7 @@ describe('Issuer', () => { }); before(function () { - this.keystore = new jose2.JWKS.KeyStore(); + this.keystore = new KeyStore(); return this.keystore.generate('RSA'); }); @@ -115,7 +115,11 @@ describe('Issuer', () => { return this.keystore.generate('RSA', undefined, { kid }).then(() => { nock('https://op.example.com').get('/certs').reply(200, this.keystore.toJWKS()); - return issuerInternal.queryKeyStore.call(this.issuer, { alg: 'RS256', kid, use: 'sig' }); + return issuerInternal.queryKeyStore + .call(this.issuer, { alg: 'RS256', kid, use: 'sig' }) + .then((result) => { + expect(result).to.have.lengthOf(2); + }); }); }); diff --git a/test/keystore.js b/test/keystore.js new file mode 100644 index 00000000..40007ead --- /dev/null +++ b/test/keystore.js @@ -0,0 +1,97 @@ +const jose = require('jose'); +const crypto = require('crypto'); +const base64url = require('../lib/helpers/base64url'); + +module.exports = class KeyStore { + constructor({ keys } = {}) { + this.keys = keys || []; + } + + async generate(kty, crvOrSize, { alg, kid, use } = {}) { + let kp; + if (kty !== 'oct' && alg) { + kp = await jose.generateKeyPair(alg); + } else { + switch (kty) { + case 'EC': { + switch (crvOrSize) { + case undefined: + case 'P-256': + kp = await jose.generateKeyPair('ES256', { extractable: true }); + break; + case 'P-384': + kp = await jose.generateKeyPair('ES384', { extractable: true }); + break; + case 'P-521': + kp = await jose.generateKeyPair('ES512', { extractable: true }); + break; + case 'secp256k1': + kp = await jose.generateKeyPair('ES256K', { extractable: true }); + break; + } + break; + } + case 'oct': { + const secret = crypto.randomBytes((crvOrSize || 256) >> 3); + const jwk = { + kty: 'oct', + use: use, + alg, + k: base64url.encode(secret), + }; + jwk.kid = kid || (await jose.calculateJwkThumbprint(jwk)); + this.keys.push(jwk); + return; + } + case 'RSA': { + kp = await jose.generateKeyPair('RS256', { modulusLength: crvOrSize, extractable: true }); + break; + } + case 'OKP': { + switch (crvOrSize) { + case undefined: + case 'Ed25519': + case 'Ed448': + kp = await jose.generateKeyPair('EdDSA', { crv: crvOrSize, extractable: true }); + break; + case 'X25519': + case 'X448': + kp = await jose.generateKeyPair('ECDH-ES', { crv: crvOrSize, extractable: true }); + break; + } + break; + } + } + } + const jwk = { + ...(await jose.exportJWK(kp.privateKey)), + kid, + }; + jwk.kid || (jwk.kid = await jose.calculateJwkThumbprint(jwk)); + if (use) jwk.use = use; + this.keys.push(jwk); + } + + get(query) { + if (!query) { + return this.keys[0]; + } + const { kty } = query || {}; + return this.keys.find((jwk) => { + return jwk.kty === kty; + }); + } + + toJWKS(includePrivate) { + if (includePrivate) { + return { keys: this.keys }; + } + + return { + keys: this.keys.map((privateKey) => { + const { k, d, dp, dq, p, q, qi, ...jwk } = privateKey; + return jwk; + }), + }; + } +}; diff --git a/test/passport/passport_strategy.test.js b/test/passport/passport_strategy.test.js index 3ac1e1e2..71e715c1 100644 --- a/test/passport/passport_strategy.test.js +++ b/test/passport/passport_strategy.test.js @@ -104,7 +104,7 @@ describe('OpenIDConnectStrategy', () => { }); }); - describe('initate', function () { + describe('initiate', function () { it('starts authentication requests for GETs', function () { const params = { foo: 'bar' }; const strategy = new Strategy({ client: this.client, params }, () => {}); From f0c9275b7cf16e36bcb6a0895091583b56244b86 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 3 Oct 2023 17:03:08 +0200 Subject: [PATCH 108/117] test: add failing bun test run to CI to observe improvements --- .github/workflows/test.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9d82d047..941fe977 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -41,6 +41,24 @@ jobs: run: npm clean-install - run: npm run test + bun: + runs-on: ubuntu-latest + continue-on-error: true + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup node + uses: actions/setup-node@v3 + id: node + with: + node-version: lts/hydrogen # 18 + cache: 'npm' + check-latest: true + - name: Install dependencies + run: npm clean-install + - run: curl https://bun.sh/install | bash + - run: ~/.bun/bin/bun ./node_modules/.bin/mocha test/**/*.test.js + electron: runs-on: ubuntu-latest steps: From d698b462f0bde8405486d65ae681a0562843a530 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 3 Oct 2023 17:06:02 +0200 Subject: [PATCH 109/117] chore(release): 5.6.0 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0328eab1..676a03e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.6.0](https://github.com/panva/node-openid-client/compare/v5.5.0...v5.6.0) (2023-10-03) + + +### Features + +* experimental Bun support ([a9d3a87](https://github.com/panva/node-openid-client/commit/a9d3a87d2727bb37a535aeac9da9851ffdef8613)), closes [#622](https://github.com/panva/node-openid-client/issues/622) [#623](https://github.com/panva/node-openid-client/issues/623) + ## [5.5.0](https://github.com/panva/node-openid-client/compare/v5.4.3...v5.5.0) (2023-09-08) diff --git a/package-lock.json b/package-lock.json index 7cb111f8..bf29455f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.5.0", + "version": "5.6.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.5.0", + "version": "5.6.0", "license": "MIT", "dependencies": { "jose": "^4.15.1", diff --git a/package.json b/package.json index f67c67aa..374d0cb9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.5.0", + "version": "5.6.0", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 53458e0dab4a39f5d03c90f7129999653c38d16f Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 4 Oct 2023 10:17:22 +0200 Subject: [PATCH 110/117] ci: use oven-sh/setup-bun --- .github/workflows/test.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 941fe977..3e208709 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -56,8 +56,10 @@ jobs: check-latest: true - name: Install dependencies run: npm clean-install - - run: curl https://bun.sh/install | bash - - run: ~/.bun/bin/bun ./node_modules/.bin/mocha test/**/*.test.js + - uses: oven-sh/setup-bun@v1 + with: + bun-version: latest + - run: bun ./node_modules/.bin/mocha test/**/*.test.js electron: runs-on: ubuntu-latest From ad6822333d713733655865e234290417ea59382b Mon Sep 17 00:00:00 2001 From: 56 Date: Wed, 11 Oct 2023 21:15:07 +0900 Subject: [PATCH 111/117] fix: consistent space encoding in authorizationUrl (#627) Fixes #626 --- lib/client.js | 2 +- test/client/client_instance.test.js | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/client.js b/lib/client.js index 25431579..dc8f927c 100644 --- a/lib/client.js +++ b/lib/client.js @@ -272,7 +272,7 @@ class BaseClient { } // TODO: is the replace needed? - return target.href.replace('+', '%20'); + return target.href.replace(/\+/g, '%20'); } authorizationPost(params = {}) { diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index 100ec71b..8466721e 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -203,6 +203,16 @@ describe('Client', () => { this.client.authorizationUrl(true); }).to.throw(TypeError, 'params must be a plain object'); }); + + it('returns a space-delimited scope parameter', function () { + expect( + this.client.authorizationUrl({ + state: 'state', + scope: 'openid profile email', + }), + ).to.eql('https://op.example.com/auth?client_id=identifier&scope=openid%20profile%20email&response_type=code&state=state'); + }); + }); describe('#endSessionUrl', function () { From d1aa935f3b4489cd43591e72aecb562073499959 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 11 Oct 2023 14:15:26 +0200 Subject: [PATCH 112/117] chore(release): 5.6.1 --- CHANGELOG.md | 7 +++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 676a03e3..d9405139 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. +## [5.6.1](https://github.com/panva/node-openid-client/compare/v5.6.0...v5.6.1) (2023-10-11) + + +### Fixes + +* consistent space encoding in authorizationUrl ([#627](https://github.com/panva/node-openid-client/issues/627)) ([ad68223](https://github.com/panva/node-openid-client/commit/ad6822333d713733655865e234290417ea59382b)), closes [#626](https://github.com/panva/node-openid-client/issues/626) + ## [5.6.0](https://github.com/panva/node-openid-client/compare/v5.5.0...v5.6.0) (2023-10-03) diff --git a/package-lock.json b/package-lock.json index bf29455f..a8a876b0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "openid-client", - "version": "5.6.0", + "version": "5.6.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "openid-client", - "version": "5.6.0", + "version": "5.6.1", "license": "MIT", "dependencies": { "jose": "^4.15.1", diff --git a/package.json b/package.json index 374d0cb9..99ffb1b1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openid-client", - "version": "5.6.0", + "version": "5.6.1", "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs", "keywords": [ "auth", From 52a059ed3418a3a0f3f7486341d5b995a61f67b2 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 24 Oct 2023 17:59:12 +0200 Subject: [PATCH 113/117] ci: unleash dependabot on github actions --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..7b3bebd8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + # Check for updates to GitHub Actions every week + interval: "weekly" From afce48177402ac50a0e52a75c425c8584dab43d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 18:09:37 +0200 Subject: [PATCH 114/117] chore(deps): bump actions/checkout from 3 to 4 (#631) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/conformance.yml | 2 +- .github/workflows/release.yml | 6 +++--- .github/workflows/test.yml | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b7efa9b5..6da1af56 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 44227d22..0fe3ecb2 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -95,7 +95,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set Conformance Suite Version run: | export VERSION=($(curl --silent "https://gitlab.com/api/v4/projects/4175605/releases" | jq -r '.[0].tag_name')) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f5422802..17973e01 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Setup node @@ -32,7 +32,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - run: git push origin $GITHUB_SHA:v5.x @@ -44,7 +44,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 2 - name: Setup node diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3e208709..8d2c3dea 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,7 +27,7 @@ jobs: - current steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup node uses: actions/setup-node@v3 id: node @@ -46,7 +46,7 @@ jobs: continue-on-error: true steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup node uses: actions/setup-node@v3 id: node @@ -64,7 +64,7 @@ jobs: electron: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-node@v3 id: node with: From f468f9946331e84a80238470eade239b9d8f61c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Oct 2023 18:53:17 +0200 Subject: [PATCH 115/117] chore(deps): bump actions/setup-node from 3 to 4 (#632) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/conformance.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/test.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 0fe3ecb2..dd7e56b8 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -113,7 +113,7 @@ jobs: docker-compose -f docker-compose-dev.yml up -d while ! curl -skfail https://localhost.emobix.co.uk:8443/api/runner/available >/dev/null; do sleep 2; done - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: node-version: lts/hydrogen # 18 cache: 'npm' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 17973e01..950a079d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: with: fetch-depth: 0 - name: Setup node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: lts/hydrogen # 18 registry-url: https://registry.npmjs.org @@ -48,7 +48,7 @@ jobs: with: fetch-depth: 2 - name: Setup node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: lts/hydrogen # 18 cache: 'npm' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8d2c3dea..1fa93cdd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -29,7 +29,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Setup node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 id: node with: node-version: ${{ matrix.node-version }} @@ -48,7 +48,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Setup node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 id: node with: node-version: lts/hydrogen # 18 @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 id: node with: node-version: lts/hydrogen # 18 From 9f79b6e6f93c6fbd3ca183e20c8431b19fe8fa52 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 25 Oct 2023 14:36:53 +0200 Subject: [PATCH 116/117] chore: bump deps --- package-lock.json | 108 ++++++++++++++++++++++------------------------ package.json | 8 ++-- 2 files changed, 55 insertions(+), 61 deletions(-) diff --git a/package-lock.json b/package-lock.json index a8a876b0..902aed01 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,18 +9,18 @@ "version": "5.6.1", "license": "MIT", "dependencies": { - "jose": "^4.15.1", + "jose": "^4.15.4", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.55", - "@types/passport": "^1.0.13", + "@types/node": "^16.18.59", + "@types/passport": "^1.0.14", "base64url": "^3.0.1", "chai": "^4.3.10", "mocha": "^10.2.0", - "nock": "^13.3.3", + "nock": "^13.3.6", "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", @@ -66,9 +66,9 @@ "dev": true }, "node_modules/@types/body-parser": { - "version": "1.19.3", - "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.3.tgz", - "integrity": "sha512-oyl4jvAfTGX9Bt6Or4H9ni1Z447/tQuxnZsytsCaExKlmJiU8sFgnIBRzJUpKwB5eWn9HuBYlUlVA74q/yN0eQ==", + "version": "1.19.4", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.4.tgz", + "integrity": "sha512-N7UDG0/xiPQa2D/XrVJXjkWbpqHCd2sBaB32ggRF2l83RhPfamgKGF8gwwqyksS95qUS5ZYF9aF+lLPRlwI2UA==", "dev": true, "dependencies": { "@types/connect": "*", @@ -76,18 +76,18 @@ } }, "node_modules/@types/connect": { - "version": "3.4.36", - "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.36.tgz", - "integrity": "sha512-P63Zd/JUGq+PdrM1lv0Wv5SBYeA2+CORvbrXbngriYY0jzLUWfQMQQxOhjONEz/wlHOAxOdY7CY65rgQdTjq2w==", + "version": "3.4.37", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.37.tgz", + "integrity": "sha512-zBUSRqkfZ59OcwXon4HVxhx5oWCJmc0OtBTK05M+p0dYjgN6iTwIL2T/WbsQZrEsdnwaF9cWQ+azOnpPvIqY3Q==", "dev": true, "dependencies": { "@types/node": "*" } }, "node_modules/@types/express": { - "version": "4.17.18", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.18.tgz", - "integrity": "sha512-Sxv8BSLLgsBYmcnGdGjjEjqET2U+AKAdCRODmMiq02FgjwuV75Ut85DRpvFjyw/Mk0vgUOliGRU0UUmuuZHByQ==", + "version": "4.17.20", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.20.tgz", + "integrity": "sha512-rOaqlkgEvOW495xErXMsmyX3WKBInbhG5eqojXYi3cGUaLoRDlXa5d52fkfWZT963AZ3v2eZ4MbKE6WpDAGVsw==", "dev": true, "dependencies": { "@types/body-parser": "*", @@ -97,9 +97,9 @@ } }, "node_modules/@types/express-serve-static-core": { - "version": "4.17.37", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.37.tgz", - "integrity": "sha512-ZohaCYTgGFcOP7u6aJOhY9uIZQgZ2vxC2yWoArY+FeDXlqeH66ZVBjgvg+RLVAS/DWNq4Ap9ZXu1+SUQiiWYMg==", + "version": "4.17.39", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.39.tgz", + "integrity": "sha512-BiEUfAiGCOllomsRAZOiMFP7LAnrifHpt56pc4Z7l9K6ACyN06Ns1JLMBxwkfLOjJRlSf06NwWsT7yzfpaVpyQ==", "dev": true, "dependencies": { "@types/node": "*", @@ -109,48 +109,48 @@ } }, "node_modules/@types/http-errors": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.2.tgz", - "integrity": "sha512-lPG6KlZs88gef6aD85z3HNkztpj7w2R7HmR3gygjfXCQmsLloWNARFkMuzKiiY8FGdh1XDpgBdrSf4aKDiA7Kg==", + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.3.tgz", + "integrity": "sha512-pP0P/9BnCj1OVvQR2lF41EkDG/lWWnDyA203b/4Fmi2eTyORnBtcDoKDwjWQthELrBvWkMOrvSOnZ8OVlW6tXA==", "dev": true }, "node_modules/@types/mime": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.3.tgz", - "integrity": "sha512-Ys+/St+2VF4+xuY6+kDIXGxbNRO0mesVg0bbxEfB97Od1Vjpjx9KD1qxs64Gcb3CWPirk9Xe+PT4YiiHQ9T+eg==", + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.4.tgz", + "integrity": "sha512-1Gjee59G25MrQGk8bsNvC6fxNiRgUlGn2wlhGf95a59DrprnnHk80FIMMFG9XHMdrfsuA119ht06QPDXA1Z7tw==", "dev": true }, "node_modules/@types/node": { - "version": "16.18.57", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.57.tgz", - "integrity": "sha512-piPoDozdPaX1hNWFJQzzgWqE40gh986VvVx/QO9RU4qYRE55ld7iepDVgZ3ccGUw0R4wge0Oy1dd+3xOQNkkUQ==", + "version": "16.18.59", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.59.tgz", + "integrity": "sha512-PJ1w2cNeKUEdey4LiPra0ZuxZFOGvetswE8qHRriV/sUkL5Al4tTmPV9D2+Y/TPIxTHHgxTfRjZVKWhPw/ORhQ==", "dev": true }, "node_modules/@types/passport": { - "version": "1.0.13", - "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.13.tgz", - "integrity": "sha512-XXURryL+EZAWtbQFOHX1eNB+RJwz5XMPPz1xrGpEKr2xUZCXM4NCPkHMtZQ3B2tTSG/1IRaAcTHjczRA4sSFCw==", + "version": "1.0.14", + "resolved": "https://registry.npmjs.org/@types/passport/-/passport-1.0.14.tgz", + "integrity": "sha512-D6p2ygR2S7Cq5PO7iUaEIQu/5WrM0tONu6Lxgk0C9r3lafQIlVpWCo3V/KI9To3OqHBxcfQaOeK+8AvwW5RYmw==", "dev": true, "dependencies": { "@types/express": "*" } }, "node_modules/@types/qs": { - "version": "6.9.8", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.8.tgz", - "integrity": "sha512-u95svzDlTysU5xecFNTgfFG5RUWu1A9P0VzgpcIiGZA9iraHOdSzcxMxQ55DyeRaGCSxQi7LxXDI4rzq/MYfdg==", + "version": "6.9.9", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.9.tgz", + "integrity": "sha512-wYLxw35euwqGvTDx6zfY1vokBFnsK0HNrzc6xNHchxfO2hpuRg74GbkEW7e3sSmPvj0TjCDT1VCa6OtHXnubsg==", "dev": true }, "node_modules/@types/range-parser": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.5.tgz", - "integrity": "sha512-xrO9OoVPqFuYyR/loIHjnbvvyRZREYKLjxV4+dY6v3FQR3stQ9ZxIGkaclF7YhI9hfjpuTbu14hZEy94qKLtOA==", + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.6.tgz", + "integrity": "sha512-+0autS93xyXizIYiyL02FCY8N+KkKPhILhcUSA276HxzreZ16kl+cmwvV2qAM/PuCCwPXzOXOWhiPcw20uSFcA==", "dev": true }, "node_modules/@types/send": { - "version": "0.17.2", - "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.2.tgz", - "integrity": "sha512-aAG6yRf6r0wQ29bkS+x97BIs64ZLxeE/ARwyS6wrldMm3C1MdKwCcnnEwMC1slI8wuxJOpiUH9MioC0A0i+GJw==", + "version": "0.17.3", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.3.tgz", + "integrity": "sha512-/7fKxvKUoETxjFUsuFlPB9YndePpxxRAOfGC/yJdc9kTjTeP5kRCTzfnE8kPUKCeyiyIZu0YQ76s50hCedI1ug==", "dev": true, "dependencies": { "@types/mime": "^1", @@ -158,9 +158,9 @@ } }, "node_modules/@types/serve-static": { - "version": "1.15.3", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.3.tgz", - "integrity": "sha512-yVRvFsEMrv7s0lGhzrggJjNOSmZCdgCjw9xWrPr/kNNLp6FaDfMC1KaYl3TSJ0c58bECwNBMoQrZJ8hA8E1eFg==", + "version": "1.15.4", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.4.tgz", + "integrity": "sha512-aqqNfs1XTF0HDrFdlY//+SGUxmdSUbjeRXb5iaZc3x0/vMbYmdw9qvOgHWOyyLFxSSRnUuP5+724zBgfw8/WAw==", "dev": true, "dependencies": { "@types/http-errors": "*", @@ -750,9 +750,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.15.1", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.1.tgz", - "integrity": "sha512-CinpaEMmwb/59YG0N6SC3DY1imdTU5iNl08HPWR7NdyxACPeFuQbqjaocEjCDGq04KbnxSqQu702vL3ZTvKe5w==", + "version": "4.15.4", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.4.tgz", + "integrity": "sha512-W+oqK4H+r5sITxfxpSU+MMdr/YSWGvgZMQDIsNoBDGGy4i7GBPTtvFKibQzW06n3U3TqHjhvBJsirShsEJ6eeQ==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -796,12 +796,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true - }, "node_modules/lodash.get": { "version": "4.4.2", "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz", @@ -825,12 +819,12 @@ } }, "node_modules/loupe": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.6.tgz", - "integrity": "sha512-RaPMZKiMy8/JruncMU5Bt6na1eftNoo++R4Y+N2FrxkDVTrGvcyzFTsaGif4QTeKESheMGegbhw6iUAq+5A8zA==", + "version": "2.3.7", + "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", + "integrity": "sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==", "dev": true, "dependencies": { - "get-func-name": "^2.0.0" + "get-func-name": "^2.0.1" } }, "node_modules/lru-cache": { @@ -937,14 +931,13 @@ } }, "node_modules/nock": { - "version": "13.3.3", - "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.3.tgz", - "integrity": "sha512-z+KUlILy9SK/RjpeXDiDUEAq4T94ADPHE3qaRkf66mpEhzc/ytOMm3Bwdrbq6k1tMWkbdujiKim3G2tfQARuJw==", + "version": "13.3.6", + "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.6.tgz", + "integrity": "sha512-lT6YuktKroUFM+27mubf2uqQZVy2Jf+pfGzuh9N6VwdHlFoZqvi4zyxFTVR1w/ChPqGY6yxGehHp6C3wqCASCw==", "dev": true, "dependencies": { "debug": "^4.1.0", "json-stringify-safe": "^5.0.1", - "lodash": "^4.17.21", "propagate": "^2.0.0" }, "engines": { @@ -1176,6 +1169,7 @@ "version": "9.2.4", "resolved": "https://registry.npmjs.org/sinon/-/sinon-9.2.4.tgz", "integrity": "sha512-zljcULZQsJxVra28qIAL6ow1Z9tpattkCTEJR4RBP3TGc00FcttsP5pK284Nas5WjMZU5Yzy3kAIp3B3KRf5Yg==", + "deprecated": "16.1.1", "dev": true, "dependencies": { "@sinonjs/commons": "^1.8.1", diff --git a/package.json b/package.json index 99ffb1b1..0c12c561 100644 --- a/package.json +++ b/package.json @@ -45,18 +45,18 @@ "test": "mocha test/**/*.test.js" }, "dependencies": { - "jose": "^4.15.1", + "jose": "^4.15.4", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" }, "devDependencies": { - "@types/node": "^16.18.55", - "@types/passport": "^1.0.13", + "@types/node": "^16.18.59", + "@types/passport": "^1.0.14", "base64url": "^3.0.1", "chai": "^4.3.10", "mocha": "^10.2.0", - "nock": "^13.3.3", + "nock": "^13.3.6", "prettier": "^2.8.8", "readable-mock-req": "^0.2.2", "sinon": "^9.2.4", From a84d022f195f82ca1c97f8f6b2567ebcef8738c3 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Wed, 25 Oct 2023 14:37:23 +0200 Subject: [PATCH 117/117] ci: use lts/iron (Node.js 20 LTS) --- .github/workflows/conformance.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/test.yml | 5 +++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index dd7e56b8..cf5334fc 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -115,7 +115,7 @@ jobs: - run: git clone --depth 1 --single-branch --branch main https://github.com/panva/openid-client-certification-suite.git runner - uses: actions/setup-node@v4 with: - node-version: lts/hydrogen # 18 + node-version: lts/iron # 20 cache: 'npm' - run: npm clean-install working-directory: ./runner diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 950a079d..92596e17 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4 with: - node-version: lts/hydrogen # 18 + node-version: lts/iron # 20 registry-url: https://registry.npmjs.org always-auth: true - run: npm publish --provenance @@ -50,7 +50,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4 with: - node-version: lts/hydrogen # 18 + node-version: lts/iron # 20 cache: 'npm' - run: node .release-notes.cjs env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1fa93cdd..1bf37718 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,6 +24,7 @@ jobs: - lts/fermium # 14 - lts/gallium # 16 - lts/hydrogen # 18 + - lts/iron # 20 - current steps: - name: Checkout @@ -51,7 +52,7 @@ jobs: uses: actions/setup-node@v4 id: node with: - node-version: lts/hydrogen # 18 + node-version: lts/iron # 20 cache: 'npm' check-latest: true - name: Install dependencies @@ -68,7 +69,7 @@ jobs: - uses: actions/setup-node@v4 id: node with: - node-version: lts/hydrogen # 18 + node-version: lts/iron # 20 cache: 'npm' - name: Install dependencies run: npm clean-install