Bump doorkeeper from 5.0.2 to 5.1.0

[dependabot-preview]

Bumps doorkeeper from 5.0.2 to 5.1.0.

Release notes

Sourced from doorkeeper's releases.

v5.1.0

See Upgrade guides for migration to a new version.

• [Bump react-select from 4.3.1 to 5.5.4 #1243]: Add nil check operator in token checking at token introspection.
• [Bump babel-jest from 27.0.2 to 29.2.1 #1241] Explaining foreign key options for resource owner in a single place
• [Bump @babel/preset-env from 7.14.4 to 7.19.4 #1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
• [Bump jest from 26.6.3 to 29.2.0 #1234] Fix StaleRecordsCleaner to properly work with big amount of records.
• [Bump intl-messageformat from 2.2.0 to 10.2.1 #1228] Allow to explicitly set non-expiring tokens in custom_access_token_expires_in configuration
  option using Float::INIFINITY return value.
• [Bump @babel/plugin-proposal-decorators from 7.14.2 to 7.19.3 #1224] Do not try to store token if not found by fallback hashing strategy.
• [Bump jest from 26.6.3 to 29.1.2 #1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
• [Bump intl-messageformat from 2.2.0 to 10.1.5 #1220] Drop Rails 4.2 & Ruby < 2.4 support.

v5.1.0.rc2

• [Bump @babel/plugin-transform-runtime from 7.14.3 to 7.19.1 #1208] Unify hashing implementation into secret storing strategies

  [IMPORTANT]: If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
  use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt.

• [Bump tzinfo-data from 1.2021.1 to 1.2022.4 #1216] Add nil check to expires_at method.

• [Bump webpack-dev-server from 3.11.2 to 4.11.1 #1215] Fix deprecates for Rails 6.

• [Bump strong_migrations from 0.7.6 to 1.3.1 #1214] Scopes field accepts array.

• [Bump @babel/plugin-proposal-decorators from 7.14.2 to 7.19.1 #1209] Fix tokens validation for Token Introspection request.

• [Bump webpack-dev-server from 3.11.2 to 4.11.0 #1202] Use correct HTTP status codes for error responses.

  [IMPORTANT]: this change might break your application if you were relying on the previous
  401 status codes, this is now a 400 by default, or a 401 for invalid_client and invalid_token errors.

• [Bump eslint-plugin-react from 7.24.0 to 7.31.8 #1201] Fix custom TTL block client parameter to always be an Doorkeeper::Application instance.

  [IMPORTANT]: those who defined custom_access_token_expires_in configuration option need to check
  their block implementation: if you are using oauth_client.application to get Doorkeeper::Application
  instance, then you need to replace it with just oauth_client.

• [Bump react-spring from 8.0.8 to 9.5.3 #1200] Increase default Doorkeeper access token value complexity (urlsafe_base64 instead of just hex)
  matching RFC6749/RFC6750.

  [IMPORTANT]: this change have possible side-effects in case you have custom database constraints for
  access token value, application secrets, refresh tokens or you patched Doorkeeper models and introduced
  token value validations, or you are using database with case-insensitive WHERE clause like MySQL
  (you can face some collisions). Before this change access token value matched [a-f0-9] regex, and now
  it matches [a-zA-Z0-9\-_]. In case you have such restrictions and your don't use custom token generator
  please change configuration option default_generator_method to :hex.

• [Bump @babel/core from 7.14.3 to 7.19.0 #1195] Allow to customize Token Introspection response (fixes #1194).

• [Bump sass from 1.34.0 to 1.54.8 #1189] Option to set token_reuse_limit.

• [Bump react-intl from 2.9.0 to 6.1.1 #1191] Try to load bcrypt for hashing of application secrets, but add fallback.

v5.1.0.rc1

... (truncated)

Changelog

Sourced from doorkeeper's changelog.

5.1.0

• [Bump react-select from 4.3.1 to 5.5.4 #1243]: Add nil check operator in token checking at token introspection.
• [Bump babel-jest from 27.0.2 to 29.2.1 #1241] Explaining foreign key options for resource owner in a single place
• [Bump @babel/preset-env from 7.14.4 to 7.19.4 #1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
• [Bump jest from 26.6.3 to 29.2.0 #1234] Fix StaleRecordsCleaner to properly work with big amount of records.
• [Bump intl-messageformat from 2.2.0 to 10.2.1 #1228] Allow to explicitly set non-expiring tokens in custom_access_token_expires_in configuration
  option using Float::INIFINITY return value.
• [Bump @babel/plugin-proposal-decorators from 7.14.2 to 7.19.3 #1224] Do not try to store token if not found by fallback hashing strategy.
• [Bump jest from 26.6.3 to 29.1.2 #1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
• [Bump intl-messageformat from 2.2.0 to 10.1.5 #1220] Drop Rails 4.2 & Ruby < 2.4 support.

5.1.0.rc2

• [Bump @babel/plugin-transform-runtime from 7.14.3 to 7.19.1 #1208] Unify hashing implementation into secret storing strategies

  [IMPORTANT]: If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
  use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt.

• [Bump tzinfo-data from 1.2021.1 to 1.2022.4 #1216] Add nil check to expires_at method.

• [Bump webpack-dev-server from 3.11.2 to 4.11.1 #1215] Fix deprecates for Rails 6.

• [Bump strong_migrations from 0.7.6 to 1.3.1 #1214] Scopes field accepts array.

• [Bump @babel/plugin-proposal-decorators from 7.14.2 to 7.19.1 #1209] Fix tokens validation for Token Introspection request.

• [Bump webpack-dev-server from 3.11.2 to 4.11.0 #1202] Use correct HTTP status codes for error responses.

  [IMPORTANT]: this change might break your application if you were relying on the previous
  401 status codes, this is now a 400 by default, or a 401 for invalid_client and invalid_token errors.

• [Bump eslint-plugin-react from 7.24.0 to 7.31.8 #1201] Fix custom TTL block client parameter to always be an Doorkeeper::Application instance.

  [IMPORTANT]: those who defined custom_access_token_expires_in configuration option need to check
  their block implementation: if you are using oauth_client.application to get Doorkeeper::Application
  instance, then you need to replace it with just oauth_client.

• [Bump react-spring from 8.0.8 to 9.5.3 #1200] Increase default Doorkeeper access token value complexity (urlsafe_base64 instead of just hex)
  matching RFC6749/RFC6750.

  [IMPORTANT]: this change have possible side-effects in case you have custom database constraints for
  access token value, application secrets, refresh tokens or you patched Doorkeeper models and introduced
  token value validations, or you are using database with case-insensitive WHERE clause like MySQL
  (you can face some collisions). Before this change access token value matched [a-f0-9] regex, and now
  it matches [a-zA-Z0-9\-_]. In case you have such restrictions and your don't use custom token generator
  please change configuration option default_generator_method to :hex.

• [Bump @babel/core from 7.14.3 to 7.19.0 #1195] Allow to customize Token Introspection response (fixes #1194).

• [Bump sass from 1.34.0 to 1.54.8 #1189] Option to set token_reuse_limit.

• [Bump react-intl from 2.9.0 to 6.1.1 #1191] Try to load bcrypt for hashing of application secrets, but add fallback.

5.1.0.rc1

... (truncated)

Commits

• 2dac191 Release 5.1.0
• 07a3e17 Merge pull request #1243 from linhdangduy/add_nil_check_operator
• c91cef6 add nil check operator in token checking at token introspection
• 9bb03f8 Merge pull request #1241 from doorkeeper-gem/migration-updates
• 67df12c Explaining foreign key options for resource owner in a single place
• a69027c Fix for blank redirect URI check in admin panel
• 48830f7 Merge pull request #1239 from jasl/patch-2
• 3b35c32 [ci skip] Fix README.md
• 666d473 Improve blank redirect URI validation and config
• 119386a Merge pull request #1237 from doorkeeper-gem/optional_redirect_uri
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Looks like doorkeeper is up-to-date now, so this is no longer needed.