chore(deps): update dependency doorkeeper to v5.6.6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
doorkeeper (changelog)	5.5.4 -> 5.6.6

GitHub Vulnerability Alerts

CVE-2023-34246

OAuth RFC 8252 says https://www.rfc-editor.org/rfc/rfc8252#section-8.6

the authorization server SHOULD NOT process authorization requests automatically without user consent or interaction, except when the identity of the client can be assured. This includes the case where the user has previously approved an authorization request for a given client id

But Doorkeeper automatically processes authorization requests without user consent for public clients that have been previously approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured.

Issue https://github.com/doorkeeper-gem/doorkeeper/issues/1589

Fix https://github.com/doorkeeper-gem/doorkeeper/pull/1646

---

Release Notes

doorkeeper-gem/doorkeeper (doorkeeper)

v5.6.6

Compare Source

• [#​1644] Update HTTP headers.
• [#​1646] Block public clients automatic authorization skip.
• [#​1648] Add custom token attributes to Refresh Token Request.
• [#​1649] Fixed custom_access_token_attributes related errors.

v5.6.5

Compare Source

• [#​1602] Allow custom data to be stored inside access grants/tokens.
• [#​1634] Code refactoring for custom token attributes.
• [#​1639] Add grant type validation to avoid Internal Server Error for DELETE /oauth/authorize endpoint.

v5.6.4

Compare Source

• [#​1633] Apply ORM configuration in #to_prepare block to avoid autoloading errors.

v5.6.3

Compare Source

• [#​1622] Drop support for Rubies 2.5 and 2.6
• [#​1605] Fix URI validation for Ruby 3.2+.
• [#​1625] Exclude endless access tokens from StaleRecordsCleaner.
• [#​1626] Remove deprecated active_record_options config option.
• [#​1631] Fix regression with redirect behavior after token lookup optimizations (redirect to app URI when found).
• [#​1630] Special case unique index creation for refresh_token on SQL Server.
• [#​1627] Lazy evaluate Doorkeeper config when loading files and executing initializers.

v5.6.2

Compare Source

• [#​1604] Fix fetching of the application when custom application_class defined.

v5.6.1

Compare Source

• [#​1593] Add support for Trilogy ActiveRecord adapter.
• [#​1597] Add optional support to use the url path for the native authorization code flow. Ports forward [#​1143] from 4.4.3
• [#​1599] Remove unnecessarily re-fetch of application object when creating an access token.

v5.6.0

Compare Source

• [#​1581] Consider token_type_hint when searching for access token in TokensController to avoid extra database calls.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.92%. Comparing base (fc879bc) to head (6f6a6c7).
Report is 2 commits behind head on staging.

Additional details and impacted files

@@           Coverage Diff            @@
##           staging     #422   +/-   ##
========================================
  Coverage    99.92%   99.92%           
========================================
  Files          203      203           
  Lines         2714     2714           
========================================
  Hits          2712     2712           
  Misses           2        2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests