chore(deps): update dependency @auth0/auth0-spa-js to v2 #53

Ensure cookieDomain is used when using legacy Cookiestorage #1071 (frederikprijck)
Ensure to only clear current client cache when logging out #1068 (frederikprijck)

`v2.0.2`

Compare Source

Full Changelog

Security

Bump jsonwebtoken to v9 #1062 (dependabot)

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

`v2.0.1`

Compare Source

Full Changelog

Changed

Add openUrl and deprecate onRedirect #1058 (frederikprijck)

Fixed

Export MissingRefreshTokenError #1043 (frederikprijck)

`v2.0.0`

Compare Source

Full Changelog

Auth0-SPA-JS v2 includes many significant changes compared to v1:

Refactor module output and avoid default export #942 (frederikprijck)
Do not throw from checkSession #943 (frederikprijck)
Rework ignoreCache to cacheMode and introduce cache-only #950 (ewanharris)
Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
Use form-encoded data by default #945 (frederikprijck)
Remove getIdTokenClaimsOptions type #960 (ewanharris)
Rename client_id to clientId #956 (ewanharris)
Remove polyfills from bundles #951 (frederikprijck)
Update output target to ES2017 #953 (frederikprijck)
Introduce authorizationParams to hold properties sent to Auth0 #959 (ewanharris)
Do not build Common JS module with externals #971 (frederikprijck)
De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
Remove advancedOptions.defaultScope and replace with scope #972 (ewanharris)
Cache and return id token from memory #975 (ewanharris)
Remove buildAuthorizeUrl #980 (frederikprijck)
Make buildLogoutUrl internal #982 (ewanharris)
Fix spelling mistakes in id token validation messages #940 (frederikprijck)

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

`v1.22.6`

Compare Source

Security

Bump jsonwebtoken to v9 #1065 (frederikprijck)

This patch release is identical to 1.22.5 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 1.22.5 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

`v1.22.5`

Compare Source

Full Changelog

Fixed

Ensure getTokenSilently works when mixing return types #1016 (frederikprijck)

`v1.22.4`

Compare Source

Full Changelog

Fixed

Release lock on pagehide #974 (frederikprijck)

`v1.22.3`

Compare Source

Full Changelog

Changed

feat(ClientStorage#remove):added support of cookieDomain #935 (Dannnir)

Fixed

Pin es-cookie to patch versions only #965 (frederikprijck)

`v1.22.2`

Compare Source

Full Changelog

Changed

Avoid sending unnecessary request parameters #920 (frederikprijck)

`v1.22.1`

Compare Source

Full Changelog

Changed

Stronger typing for screen_hint property #912 (iAmWillShepherd)
Add env to auth0Client userAgent #913 (frederikprijck)

`v1.22.0`

Compare Source

Full Changelog

Added

Silent auth fallback when using Refresh Tokens can now be disabled #907 (frederikprijck)

Security

[Snyk] Upgrade core-js 3.22.4 #910 (crew-security)

`v1.21.1`

Compare Source

Full Changelog

Fixed

Organization ID hint cookie now respects cookieDomain config setting #900 (Dannnir)

Security

[Snyk] Upgrade core-js from 3.21.1 to 3.22.0 #901 (snyk-bot)
[Snyk] Upgrade promise-polyfill from 8.2.1 to 8.2.3 #893 (snyk-bot)

`v1.21.0`

Compare Source

Full Changelog

Added

FEAT override cookie domain option #885 (Soviut)

Fixed

fix: handle NPE when no popup is available #888 (stevehobbsdev)

`v1.20.1`

Compare Source

Full Changelog

Fixed

Prevent cache.get when key is undefined #882 (stevehobbsdev)

`v1.20.0`

Compare Source

Full Changelog

Added

[SDK-3105] Add httpTimeoutInSeconds to control fetch timeout #875 (stevehobbsdev)

Changed

clarify documentation comment for getTokenSilently #874 (jdugan1024)

Fixed

Fix getTokenSilently reference in example code #868 (mdlavin)

Security

[Snyk] Upgrade core-js from 3.20.2 to 3.20.3 #873 (snyk-bot)
Bump node-fetch from 2.6.1 to 2.6.7 #870 (dependabot[bot])
[Snyk] Upgrade core-js from 3.20.1 to 3.20.2 #869 (snyk-bot)
[Snyk] Upgrade core-js from 3.20.0 to 3.20.1 #864 (snyk-bot)

`v1.19.4`

Compare Source

Full Changelog

Fixed

Org ID hint cookie expiry now aligns with is.authenticated cookie #861 (stevehobbsdev)

Security

Bump follow-redirects from 1.14.0 to 1.14.7 #860 (dependabot[bot])
[Snyk] Upgrade core-js from 3.19.2 to 3.20.0 #858 (snyk-bot)
[Snyk] Upgrade core-js from 3.19.1 to 3.19.2 #851 (snyk-bot)

`v1.19.3`

Compare Source

Full Changelog

Changed

Make RedirectLoginOptions and RedirectLoginResult accept generic AppState #846 (frederikprijck)

Fixed

Getidtokenclaims return type #844 (jmac105)
Add check for state in handleRedirectCallback #841 (stevehobbsdev)
Prevent nowProvider from being passed to authorize endpoint #840 (stevehobbsdev)
Fix cached scopes when using detailed response mode #824 (stevehobbsdev)

`v1.19.2`

Compare Source

Full Changelog

This release fixes an anomoly with a new type we exposed in #803, where it was incorrectly wrapped with Partial. We don't expect this change to introduce any issues, but if you are affected please raise it on our issue tracker.

Fixed

GetTokenSilentlyVerboseResponse no longer uses partial TokenEndpointResponse type #820 (stevehobbsdev)

`v1.19.1`

Compare Source

Full Changelog

Republished version 1.19.0, which got published during a period npm was suffering downtime issues, resulting in 1.19.0 being released but not installable for end users. Users should install 1.19.1 instead.

`v1.19.0`

Compare Source

Full Changelog

Added

[SDK-2794] Return token response in getTokenSilently #803 (stevehobbsdev)
[SDK-2793] Ability to define a custom now provider #802 (frederikprijck)

`v1.18.0`

Compare Source

Full Changelog

Added

[SDK-2750] Expose mfa_token from the mfa_required error when getting new tokens #789 (frederikprijck)

Changed

[SDK-2759] Re-scoping cookies and transactions to client ID #796 (stevehobbsdev)
[SDK-2320] Throw login_required error in SPA SDK if running in a cross-origin is… #790 (frederikprijck)

Fixed

[SDK-2692] Remember organization ID for silent authentication #788 (stevehobbsdev)

`v1.17.1`

Compare Source

Full Changelog

Fixed

Correct cache interface #779 (employee451)

`v1.17.0`

Compare Source

Full Changelog

Added

Add useFormData to enable application/x-www-form-urlencoded requests #768 (stevehobbsdev)

Changed

Allow providing a domain that includes http or https. #768 (stevehobbsdev)

`v1.16.1`

Compare Source

Full Changelog

Fixed

Changes to logout and cache synchronicity #758 (stevehobbsdev)

`v1.16.0`

Compare Source

Full Changelog

Added

[SDK-2555] Extensible Cache #743 (stevehobbsdev)

`v1.15.0`

Compare Source

Full Changelog

Added

Add Popup cancelled event #724 (degrammer)

Fixed

Fix popup blocker showing for loginWithPopup in Firefox & Safari #732 (stevehobbsdev)

`v1.14.0`

Compare Source

Full Changelog

Added

feat(loginWithRedirect): add redirectMethod option #717 (slaywell)
Export errors for type checking #716 (adamjmcgrath)

Changed

Add screen_hint parameter to BaseLoginOptions #721 (damieng)

Fixed

Updated minor syntax, to allow for TypeScript compiler to be happier #714 (kachihro)
Revert [SDK-2183] Add warning when requested scopes differ from retrieved scopes #712 (frederikprijck)

`v1.13.6`

Compare Source

Full Changelog

Changed

Update docs for getIdTokenClaims and getUser #690 (adamjmcgrath)
[SDK-2238] Only use timeout promise when using fetchWithTimeout without a worker #689 (frederikprijck)
Do not use AbortController in the worker if not available #679 (stevehobbsdev)
Do not send useCookiesForTransactions to authorize request #673 (frederikprijck)

Fixed

Remove the nonce check in handleRedirectCallback #678 (stevehobbsdev)

Security

Update wait-on to solve security vulnerability #687 (frederikprijck)
[Security] Bump ini from 1.3.5 to 1.3.7 #672 (dependabot-preview[bot])

`v1.13.5`

Compare Source

Full Changelog

Changed

[SDK-2173] Expand on behaviour of checkSession in docs #666 (stevehobbsdev)
[SDK-2183] Add warning when requested scopes differ from retrieved scopes #665 (frederikprijck)
[SDK-2170] Avoid the possibility to do simultaneous calls to the token endpoint #664 (frederikprijck)
[SDK-2025] Internal module refactor #661 (stevehobbsdev)
[SDK-2039] Change cache lookup mechanism #652 (frederikprijck)

Fixed

[SDK-1739] Recover and logout when throwing invalid_grant on Refresh Token #668 (frederikprijck)

Remarks

This release updates the getUser return type to be more correct. Instead of returning Promise<TUser>, it now returns Promise<TUser | undefined>, which might lead to an Object is possible 'undefined' compiler error in situation where the return value is not checked for being undefined while having set the TypeScript's --strictNullChecks compiler flag to true.

`v1.13.4`

Compare Source

Full Changelog

Added

[SDK-2172] Add SDK metrics to all API calls #659 (frederikprijck)

Changed

[SDK-1159] Use generics for getUser #651 (frederikprijck)

`v1.13.3`

Compare Source

Full Changelog

Fixed

[SDK-2156] Heed timeoutInSeconds when calling getTokenSilently with refresh tokens #639 (stevehobbsdev)

`v1.13.2`

Compare Source

Full Changelog

Added

[SDK-2121] Add support for token validation for Organizations #631 (stevehobbsdev)

`v1.13.1`

Compare Source

Full Changelog

Changed

[SDK-2037] Remove cacheLocation guard from checkSession #613 (frederikprijck)
[SDK-2092] Do not use Web Worker for Safari < 12.1 #612 (frederikprijck)

Fixed

Fix leaking windows message event listener #422 (yinzara)

`v1.13.0`

Compare Source

Full Changelog

Added

[SDK-2042] Fallback option for transactions using cookies #603 (stevehobbsdev)
Refactor logout to use buildLogoutUrl #595 (rnwolfe)
Add an option to extend cookie expire day #586 (luisfmsouza)

Fixed

Use AbortController polyfill in Web Worker #598 (frederikprijck)
[SDK-1994] GMaps breaks SPA JS on IE11 #592 (adamjmcgrath)

`v1.12.1`

Compare Source

Full Changelog

Fixed

Remove sessionStorage requirement from instantiation to fix SSR environments #578 (adamjmcgrath)

`v1.12.0`

Compare Source

Full Changelog

Added

[SDK-1858] Create legacy samsite cookie by default #568 (adamjmcgrath)

Changed

Dependency updates #569 (stevehobbsdev)
Update FAQ.md with information on silent authentication problems #550 (stevehobbsdev)

Fixed

[SDK-1837] Session storage support for transactions #564 (stevehobbsdev)
[SDK-1924] client methods should handle partially filled arguments #561 (adamjmcgrath)
[SDK-1885] Add some additional state validation #560 (adamjmcgrath)
[SDK-1912] Unnecessary latency in getTokenSilently with primed cache #558 (adamjmcgrath)
fix: add missing types to utils.ts and errors.ts #547 (SeyyedKhandon)
Exclude windows absolute paths as well as posix #534 (adamjmcgrath)

`v1.11.0`

Compare Source

Full Changelog

Added

[SDK-1560] Allow issuer as url #523 (adamjmcgrath)
[SDK-1790] use refresh_tokens with multiple audiences #521 (adamjmcgrath)
[SDK-1650] Add message to errors that don't have one #520 (adamjmcgrath)

Fixed

[SDK-1798] prevent unnecessary token requests #525 (adamjmcgrath)
[SDK-1789] Add custom initial options to the 2 getToken methods #524 (adamjmcgrath)

`v1.10.0`

Compare Source

Full Changelog

Changed

[SDK-1696] Allow caller of cache.get to specify an expiry time adjustment #491 (stevehobbsdev)

Fixed

Don't include mocks in build #503 (adamjmcgrath)
[SDK-1699] Fix ID token validation for auth_time #497 (stevehobbsdev)
Add secure attribute to cookies if served over HTTPS #472 (ties-v)

`v1.9.0`

Compare Source

Full Changelog

Added

[SDK-1695] Add auth0Client option so wrapper libraries can send their own client info #490 (adamjmcgrath)
Add checkSession and ignore recoverable errors #482 (adamjmcgrath)

Fixed

Update docs for returnTo and client_id params on logout #484 (stevehobbsdev)

`v1.8.2`

Compare Source

Full Changelog

Fixed

[SDK-1640] Allow the client to be constructed in a Node SSR environment #471 (adamjmcgrath)
[SDK-1634] Pass custom options to the token endpoint #465 (stevehobbsdev)
[SDK-1649] Fix issue where cache was missed when scope parameter was provided #461 (adamjmcgrath)

`v1.8.1`

Compare Source

Full Changelog

Fixed

Fix issue with create-react-app webpack build #451 (adamjmcgrath)

`v1.8.0`

Compare Source

Full Changelog

Added

[SDK-1417] Customizable default scopes #435 (stevehobbsdev)
include polyfill for Set #426 (tony-aq)

Fixed

Update rollup-plugin-web-worker-loader to 1.1.1 #443 (stevehobbsdev)
Updated login_hint js docs to clarify usage with Lock #441 (stevehobbsdev)

`v1.7.0`

Compare Source

Full Changelog

Added

Support for rotating refresh tokens #315 (stevehobbsdev)
Export types from global TypeScript file. #310 (maxswa)
Local Storage caching mechanism #303 (stevehobbsdev)

Changed

Use Web Workers for token endpoint call for in-memory storage #409 (adamjmcgrath)
Export constructor #385 (adamjmcgrath)
Fall back to iframe method if no refresh token is available #364 (stevehobbsdev)
Removed setTimeout cache removal in favour of removal-on-read #354 (stevehobbsdev)
Stop checking isAuthenticated cookie on initialization when using local storage #352 (stevehobbsdev)
getTokenSilently retry logic #336 (stevehobbsdev)
Fixed issue with cache not retaining refresh token #333 (stevehobbsdev)

Fixed

Check if source of event exists before closing it #410 (gerritdeperrit)
Check if iframe is still in body before removing #399 (paulfalgout)
Fix typings to allow custom claims in ID token #386 (picosam)
Fix error in library type definitions #367 (devoto13)

Security

Dependency upgrade #405 (stevehobbsdev)

`v1.6.5`

Compare Source

Full Changelog

Changed

[SDK-1395] Refactor loginWithPopup to optionally accept an existing popup window #368 (stevehobbsdev)
handleRedirectCallback wont pass redirect_uri undefined if not set in transaction #374 (albertlockett)
Update dependencies within semver ranges #371 (stevehobbsdev)
[SDK-1099] Add localOnly logout option #362 (adamjmcgrath)
center popup over owner window #356 (ggascoigne)

Fixed

[SDK-1127] Delay removal of iframe to prevent Chrome hanging status bug #240 #376 (adamjmcgrath)
[SDK-1125] createAuth0Client now throws errors that are not login_required #369 (stevehobbsdev)

`v1.6.4`

Compare Source

Full Changelog

Changed

[SDK-1308] Return appState value on error from handleRedirectCallback #348 (stevehobbsdev)
Configurable timeout for getTokenSilently() #347 (Serjlee)

`v1.6.3`

Compare Source

Full Changelog

Fixed

Send same redirect_uri as /authorize to /token #341 (stevehobbsdev)
No longer acquires a browser lock if there was a hit on the cache #339 (stevehobbsdev)
Use user provided params on silent login #318 (nkete)

`v1.6.2`

Compare Source

Full Changelog

Removed

Removed future issued-at claim check stevehobbsdev - https://github.com/auth0/auth0-spa-js/pull/329

`v1.6.1`

Compare Source

Fixed

Included core-js polyfill for String.includes to fix an issue with browser-tabs-lock in IE11 stevehobbsdev - https://github.com/auth0/auth0-spa-js/pull/325
Added import definition to Getting Started section in the Readme for clarity thundermiracle - https://github.com/auth0/auth0-spa-js/pull/294

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update dependency @auth0/auth0-spa-js to v2

649d9b0

renovate bot force-pushed the renovate/auth0-auth0-spa-js-2.x branch from 7e4026c to 649d9b0 Compare February 22, 2024 14:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency @auth0/auth0-spa-js to v2 #53

chore(deps): update dependency @auth0/auth0-spa-js to v2 #53

renovate bot commented Feb 12, 2024 •

edited

Loading

chore(deps): update dependency @auth0/auth0-spa-js to v2 #53

Are you sure you want to change the base?

chore(deps): update dependency @auth0/auth0-spa-js to v2 #53

Conversation

renovate bot commented Feb 12, 2024 • edited Loading

Release Notes

Configuration

renovate bot commented Feb 12, 2024 •

edited

Loading