Skip to content

Bump hwi/oauth-bundle from 1.4.5 to 2.3.0 #4995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump hwi/oauth-bundle from 1.4.5 to 2.3.0 #4995

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 22, 2025
edited
Loading

Bumps hwi/oauth-bundle from 1.4.5 to 2.3.0.

Release notes

Sourced from hwi/oauth-bundle's releases.

2.3.0

  • BC Break: Dropped support for Symfony: 6.3 and 7.0,
  • Added: Amazon Cognito resource owner,
  • Bugfix: Prevent overwriting failure_path in AuthenticationFailureHandler when connect functionality is not enabled,
  • Bugfix: Prevent overwriting failure_handler in security configuration if set,
  • Bugfix: Type hint AuthenticatorInterface instead of OAuthAuthenticator in RefreshAccessTokenListener,
  • Bugfix: Add missing parameters to OdnoklassnikiResourceOwner,

2.2.0

What's Changed

New Contributors

Full Changelog: hwi/HWIOAuthBundle@2.1.0...2.2.0

2.1.0

What's Changed

New Contributors

For details go and read the CHANGELOG file.

2.0.0

Long awaited 2.0 release!

The main changes:

  • completely reworked resource owners internals,

... (truncated)

Changelog

Sourced from hwi/oauth-bundle's changelog.

2.3.0 (2025-01-01)

  • BC Break: Dropped support for Symfony: 6.3 and 7.0,
  • Added: Amazon Cognito resource owner,
  • Bugfix: Prevent overwriting failure_path in AuthenticationFailureHandler when connect functionality is not enabled,
  • Bugfix: Prevent overwriting failure_handler in security configuration if set,
  • Bugfix: Type hint AuthenticatorInterface instead of OAuthAuthenticator in RefreshAccessTokenListener,
  • Bugfix: Add missing parameters to OdnoklassnikiResourceOwner,

2.2.0 (2024-02-28)

  • BC Break: Dropped support for PHP 7.4 & 8.0,
  • Added: Telegram resource owner,
  • Bugfix: Allow use_authorization_to_get_token to be configured to false for generic OAuth2,
  • Bugfix: Update API version for Facebook to latest available
  • Bugfix: Replace custom authenticator passport with custom badge usage,
  • Bugfix: Fix registration of failure handler,
  • Bugfix: Don't miss refresh token in registration controller,
  • Bugfix: Allow null as $registrationForm in RegisterController,
  • Bugfix: Fix connect functionality with authentication managers,

2.1.0 (2023-11-30)

  • BC Break: Dropped support for Symfony: >6.0, <6.3,
  • Added: New Passage resource owner,
  • Bugfix: Remove deprecations reported by Symfony 6.4,
  • Chore: Added support for Symfony 7,

2.0.0 (2023-10-01)

  • Bugfix: Prevent refreshing non-expired tokens
  • Bugfix: Remove deprecations reported by Symfony 6.x
  • Bugfix: Prevent fatal error when token doesn't have resource owner name set

2.0.0-BETA3 (2023-08-20)

  • BC Break: Dropped support for Symfony: 6.0.*,
  • BC Break: Class Templating\Helper\OAuthHelper was merged into Twig\Extension\OAuthRuntime,
  • BC Break: When resource owner class doesn't define TYPE constant or is null, then key will be calculated by converting its class name without ResourceOwner suffix to snake_case, if neither is felt, then \LogicException will be thrown,
  • Deprecated: method UserResponseInterface::getUsername() was deprecated in favour of UserResponseInterface::getUserIdentifier() to match changes in Symfony Security component,
  • Enhancement: @internal resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended from GenericOAuth[X]ResourceOwner get oauth[X] type. If class only implements ResourceOwnerInterface then its oauth type is unknown. ResourceOwner key (parameter type in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implemented ResourceOwnerInterface will be registered automatically. If autoconfigure option is disabled user have to add the tag hwi_oauth.resource_owner to the service definition,
  • Enhancement: Class ConnectController was split into two smaller ones, Connect\ConnectController & Connect\RegisterController,
  • Bugfix: Added OAuth1ResourceOwner & OAuth2ResourceOwner to cover case of implementing custom oauth resource owners,
  • Bugfix: Fixed Authorization Header in CleverResourceOwner::doGetRequest,
  • Bugfix: Catch also the TransportExceptionInterface in AbstractResourceOwner::getResponseContent() method,
  • Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
  • Bugfix: Prevent fatal error in OAuthUserProvider::loadUserByOAuthUserResponse() when nickname is not available in OAuth response,
  • Bugfix: Use newer version of firebase/php-jwt library,
  • Chore: Removed not used Symfony Templating component

2.0.0-BETA2 (2022-01-16)

  • Deprecated: configuration parameter firewall_names, firewalls are now computed automatically - all firewalls that have defined oauth authenticator/provider will be collected,
  • Added: Ability to automatically refresh expired access tokens (only for derived from GenericOAuth2ResourceOwner resource owners), if option refresh_on_expire set to true,
  • Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option refresh_on_expure set to true,
  • Enhancement: (@internal) Removed/replaced redundant argument $firewallNames from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use $resourceOwnerMapLocator->getFirewallNames(),

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels May 22, 2025
@dependabot dependabot bot force-pushed the dependabot/composer/hwi/oauth-bundle-2.3.0 branch from 17df80d to 97cb4fd Compare May 27, 2025 14:53
@dependabot
Bump hwi/oauth-bundle from 1.4.5 to 2.3.0
70194af 
Bumps [hwi/oauth-bundle](https://github.com/hwi/HWIOAuthBundle) from 1.4.5 to 2.3.0.
- [Release notes](https://github.com/hwi/HWIOAuthBundle/releases)
- [Changelog](https://github.com/hwi/HWIOAuthBundle/blob/master/CHANGELOG.md)
- [Commits](hwi/HWIOAuthBundle@1.4.5...2.3.0)

---
updated-dependencies:
- dependency-name: hwi/oauth-bundle
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/composer/hwi/oauth-bundle-2.3.0 branch from 97cb4fd to 70194af Compare May 27, 2025 15:03
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github May 30, 2025

Superseded by #5010.

@dependabot dependabot bot closed this May 30, 2025
@dependabot dependabot bot deleted the dependabot/composer/hwi/oauth-bundle-2.3.0 branch May 30, 2025 04:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant