Skip to content

Bump hwi/oauth-bundle from 1.4.5 to 2.4.0 #5010

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump hwi/oauth-bundle from 1.4.5 to 2.4.0 #5010

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 30, 2025
edited
Loading

Bumps hwi/oauth-bundle from 1.4.5 to 2.4.0.

Release notes

Sourced from hwi/oauth-bundle's releases.

2.4.0

  • Added PHP 8.4 test coverage,
  • Added: LinkedIn OpenID resource owner,
  • Added: show_dialog option to Spotify resource owner,
  • Use CSPRNG for generating nonce,

2.3.0

  • BC Break: Dropped support for Symfony: 6.3 and 7.0,
  • Added: Amazon Cognito resource owner,
  • Bugfix: Prevent overwriting failure_path in AuthenticationFailureHandler when connect functionality is not enabled,
  • Bugfix: Prevent overwriting failure_handler in security configuration if set,
  • Bugfix: Type hint AuthenticatorInterface instead of OAuthAuthenticator in RefreshAccessTokenListener,
  • Bugfix: Add missing parameters to OdnoklassnikiResourceOwner,

2.2.0

What's Changed

New Contributors

Full Changelog: hwi/HWIOAuthBundle@2.1.0...2.2.0

2.1.0

What's Changed

New Contributors

For details go and read the CHANGELOG file.

... (truncated)

Changelog

Sourced from hwi/oauth-bundle's changelog.

2.4.0 (2025-05-29)

  • Added PHP 8.4 test coverage,
  • Added: LinkedIn OpenID resource owner,
  • Added: show_dialog option to Spotify resource owner,
  • Use CSPRNG for generating nonce,

2.3.0 (2025-01-01)

  • BC Break: Dropped support for Symfony: 6.3 and 7.0,
  • Added: Amazon Cognito resource owner,
  • Bugfix: Prevent overwriting failure_path in AuthenticationFailureHandler when connect functionality is not enabled,
  • Bugfix: Prevent overwriting failure_handler in security configuration if set,
  • Bugfix: Type hint AuthenticatorInterface instead of OAuthAuthenticator in RefreshAccessTokenListener,
  • Bugfix: Add missing parameters to OdnoklassnikiResourceOwner,

2.2.0 (2024-02-28)

  • BC Break: Dropped support for PHP 7.4 & 8.0,
  • Added: Telegram resource owner,
  • Bugfix: Allow use_authorization_to_get_token to be configured to false for generic OAuth2,
  • Bugfix: Update API version for Facebook to latest available
  • Bugfix: Replace custom authenticator passport with custom badge usage,
  • Bugfix: Fix registration of failure handler,
  • Bugfix: Don't miss refresh token in registration controller,
  • Bugfix: Allow null as $registrationForm in RegisterController,
  • Bugfix: Fix connect functionality with authentication managers,

2.1.0 (2023-11-30)

  • BC Break: Dropped support for Symfony: >6.0, <6.3,
  • Added: New Passage resource owner,
  • Bugfix: Remove deprecations reported by Symfony 6.4,
  • Chore: Added support for Symfony 7,

2.0.0 (2023-10-01)

  • Bugfix: Prevent refreshing non-expired tokens
  • Bugfix: Remove deprecations reported by Symfony 6.x
  • Bugfix: Prevent fatal error when token doesn't have resource owner name set

2.0.0-BETA3 (2023-08-20)

  • BC Break: Dropped support for Symfony: 6.0.*,
  • BC Break: Class Templating\Helper\OAuthHelper was merged into Twig\Extension\OAuthRuntime,
  • BC Break: When resource owner class doesn't define TYPE constant or is null, then key will be calculated by converting its class name without ResourceOwner suffix to snake_case, if neither is felt, then \LogicException will be thrown,
  • Deprecated: method UserResponseInterface::getUsername() was deprecated in favour of UserResponseInterface::getUserIdentifier() to match changes in Symfony Security component,
  • Enhancement: @internal resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended from GenericOAuth[X]ResourceOwner get oauth[X] type. If class only implements ResourceOwnerInterface then its oauth type is unknown. ResourceOwner key (parameter type in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implemented ResourceOwnerInterface will be registered automatically. If autoconfigure option is disabled user have to add the tag hwi_oauth.resource_owner to the service definition,
  • Enhancement: Class ConnectController was split into two smaller ones, Connect\ConnectController & Connect\RegisterController,
  • Bugfix: Added OAuth1ResourceOwner & OAuth2ResourceOwner to cover case of implementing custom oauth resource owners,
  • Bugfix: Fixed Authorization Header in CleverResourceOwner::doGetRequest,
  • Bugfix: Catch also the TransportExceptionInterface in AbstractResourceOwner::getResponseContent() method,
  • Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
  • Bugfix: Prevent fatal error in OAuthUserProvider::loadUserByOAuthUserResponse() when nickname is not available in OAuth response,
  • Bugfix: Use newer version of firebase/php-jwt library,
  • Chore: Removed not used Symfony Templating component

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels May 30, 2025
@dependabot dependabot bot mentioned this pull request May 30, 2025
Closed
@dependabot dependabot bot force-pushed the dependabot/composer/hwi/oauth-bundle-2.4.0 branch from c44836e to b12baf8 Compare June 16, 2025 13:48
@dependabot
Bump hwi/oauth-bundle from 1.4.5 to 2.4.0
efa0855 
Bumps [hwi/oauth-bundle](https://github.com/hwi/HWIOAuthBundle) from 1.4.5 to 2.4.0.
- [Release notes](https://github.com/hwi/HWIOAuthBundle/releases)
- [Changelog](https://github.com/hwi/HWIOAuthBundle/blob/master/CHANGELOG.md)
- [Commits](hwi/HWIOAuthBundle@1.4.5...2.4.0)

---
updated-dependencies:
- dependency-name: hwi/oauth-bundle
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/composer/hwi/oauth-bundle-2.4.0 branch from b12baf8 to efa0855 Compare June 17, 2025 09:54
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 26, 2025

Dependabot can't authenticate to a private package registry. Because of this, Dependabot cannot update this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file php Pull requests that update Php code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants