Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): bump supertokens-node from 15.1.1 to 19.0.1 #834

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 19, 2024

Bumps supertokens-node from 15.1.1 to 19.0.1.

Release notes

Sourced from supertokens-node's releases.

v19.0.1

What's Changed

Full Changelog: supertokens/supertokens-node@v19.0.0...v19.0.1

v19.0.0

What's Changed

Full Changelog: supertokens/supertokens-node@v18.0.2...v19.0.0

v18.0.2

Full Changelog: supertokens/supertokens-node@v18.0.1...v18.0.2

v18.0.1

What's Changed

Full Changelog: supertokens/supertokens-node@v18.0.0...v18.0.1

v18.0.0

What's Changed

... (truncated)

Changelog

Sourced from supertokens-node's changelog.

[19.0.1] - 2024-07-18

  • Fixes issue in fetching thirdPartyConfig for dashboard when OIDC discovery endpoint is added in core.

[19.0.0] - 2024-07-10

Breaking changes

  • Defined the entry points of the library using the "exports" field in package.json to make ESM imports more comfortable. This can cause some issues for applications using directory imports from the lib/build directory. In those cases we recommend adding index.js to the import path.

  • isEmailChangeAllowed now returns false for unverified addresses if input user is a primary user and there exists another user with the same email address and linking requires verification

  • Generating a password reset token is now denied if all of the following is true:

    • a linked email password user exists
    • the email address is not verified
    • the user has another email address or phone number associated with it
  • Account linking based on emails now require the email to be verified in both users if shouldRequireVerification is set to true instead of only requiring it for the recipe user.

  • The access token cookie expiry has been changed from 100 years to 1 year due to some browsers capping the maximum expiry at 400 days. No action is needed on your part.

  • Recipe functions that update the email address of users now call isEmailChangeAllowed to check if the email update should be allowed or not.

    • This only has an effect if account linking is turned on.
    • This is aimed to help you avoid security issues.
    • isEmailChangeAllowed is now called in functions:
      • updateUser (Passwordless recipe)
      • updateEmailOrPassword (EmailPassword recipe)
      • manuallyCreateOrUpdateUser (ThirdParty recipe)
  • Removes the default maxAgeInSeconds value (previously 300 seconds) in EmailVerification Claim. If the claim value is true and maxAgeInSeconds is not provided, it will not be refetched.

  • In the multitenancy recipe,

    • Removes emailPasswordEnabled, passwordlessEnabled, thirdPartyEnabled inputs from createOrUpdateTenant functions.
    • Recipe implementation uses v2 APIs for creating, fetching and listing tenants. Refer CDI spec for more information.
  • SDK will no longer add .well-known/openid-configuration to the oidcDiscoveryEndpoint config in thirdParty providers. If you have specified any custom oidcDiscoveryEndpoint in the ThirdParty.init or added to the core, please make sure to update them to include .well-known/openid-configuration.

Changes

  • Adds Multitenancy and Multifactor auth related APIs for dashboard:
    • GET /api/tenants
    • GET /api/tenant
    • POST /api/tenant
    • DELETE /api/tenant
    • PUT /api/tenant/first-factor
    • PUT /api/tenant/required-secondary-factor
    • PUT /api/tenant/core-config
    • GET /api/thirdparty/config
    • PUT /api/thirdparty/config
    • DELETE /api/thirdparty/config
  • passwordResetPOST:
    • now verifies the email address in all cases if the EmailVerification recipe is initialized
    • now tries to link accounts based on account info if AccountLinking is enabled

... (truncated)

Commits
  • bc37fed adding dev-v19.0.1 tag to this commit to ensure building
  • 19d3ea0 fix: issue in fetching third party config (#889)
  • 746ae7e fix: changelog (#888)
  • 03d9a7b adding dev-v19.0.0 tag to this commit to ensure building
  • 251d80c fix: cicd tests (#887)
  • 24b46c2 adding dev-v19.0.0 tag to this commit to ensure building
  • ddd5f9a fix: cicd tests (#886)
  • 50f3f07 fix: PR checks (#885)
  • 9689ea1 adding dev-v19.0.0 tag to this commit to ensure building
  • 05223e3 fixes test server code
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [supertokens-node](https://github.com/supertokens/supertokens-node) from 15.1.1 to 19.0.1.
- [Release notes](https://github.com/supertokens/supertokens-node/releases)
- [Changelog](https://github.com/supertokens/supertokens-node/blob/master/CHANGELOG.md)
- [Commits](supertokens/supertokens-node@v15.1.1...v19.0.1)

---
updated-dependencies:
- dependency-name: supertokens-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 26, 2024

Superseded by #840.

@dependabot dependabot bot closed this Jul 26, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/development/supertokens-node-19.0.1 branch July 26, 2024 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Update a dependency
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants