Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): bump supertokens-node from 15.1.1 to 19.0.0 #831

Closed
wants to merge 1 commit into from
Closed

fix(deps): bump supertokens-node from 15.1.1 to 19.0.0 #831

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 17, 2024

Bumps supertokens-node from 15.1.1 to 19.0.0.

Release notes

Sourced from supertokens-node's releases.

v19.0.0

What's Changed

Full Changelog: supertokens/supertokens-node@v18.0.2...v19.0.0

v18.0.2

Full Changelog: supertokens/supertokens-node@v18.0.1...v18.0.2

v18.0.1

What's Changed

Full Changelog: supertokens/supertokens-node@v18.0.0...v18.0.1

v18.0.0

What's Changed

Full Changelog: supertokens/supertokens-node@v17.1.2...v18.0.0

v17.1.4

Full Changelog: supertokens/supertokens-node@v17.1.3...v17.1.4

v17.1.3

What's Changed

... (truncated)

Changelog

Sourced from supertokens-node's changelog.

[19.0.0] - 2024-07-10

Breaking changes

  • Defined the entry points of the library using the "exports" field in package.json to make ESM imports more comfortable. This can cause some issues for applications using directory imports from the lib/build directory. In those cases we recommend adding index.js to the import path.

  • isEmailChangeAllowed now returns false for unverified addresses if input user is a primary user and there exists another user with the same email address and linking requires verification

  • Generating a password reset token is now denied if all of the following is true:

    • a linked email password user exists
    • the email address is not verified
    • the user has another email address or phone number associated with it

  • Account linking based on emails now require the email to be verified in both users if shouldRequireVerification is set to true instead of only requiring it for the recipe user.

  • The access token cookie expiry has been changed from 100 years to 1 year due to some browsers capping the maximum expiry at 400 days. No action is needed on your part.

  • Recipe functions that update the email address of users now call isEmailChangeAllowed to check if the email update should be allowed or not.

    • This only has an effect if account linking is turned on.
    • This is aimed to help you avoid security issues.
    • isEmailChangeAllowed is now called in functions:
      • updateUser (Passwordless recipe)
      • updateEmailOrPassword (EmailPassword recipe)
      • manuallyCreateOrUpdateUser (ThirdParty recipe)

  • Removes the default maxAgeInSeconds value (previously 300 seconds) in EmailVerification Claim. If the claim value is true and maxAgeInSeconds is not provided, it will not be refetched.

  • In the multitenancy recipe,

    • Removes emailPasswordEnabled, passwordlessEnabled, thirdPartyEnabled inputs from createOrUpdateTenant functions.
    • Recipe implementation uses v2 APIs for creating, fetching and listing tenants. Refer CDI spec for more information.

  • SDK will no longer add .well-known/openid-configuration to the oidcDiscoveryEndpoint config in thirdParty providers. If you have specified any custom oidcDiscoveryEndpoint in the ThirdParty.init or added to the core, please make sure to update them to include .well-known/openid-configuration.

Changes

  • Adds Multitenancy and Multifactor auth related APIs for dashboard:
    • GET /api/tenants
    • GET /api/tenant
    • POST /api/tenant
    • DELETE /api/tenant
    • PUT /api/tenant/first-factor
    • PUT /api/tenant/required-secondary-factor
    • PUT /api/tenant/core-config
    • GET /api/thirdparty/config
    • PUT /api/thirdparty/config
    • DELETE /api/thirdparty/config
  • passwordResetPOST:
    • now verifies the email address in all cases if the EmailVerification recipe is initialized
    • now tries to link accounts based on account info if AccountLinking is enabled
  • Extracted some tests into a separate backend-sdk-testing repo, to reuse tests between our backend SDKs
  • Sends websiteDomain and apiDomain to core for telemetry.
  • boxyURL is no more mandatory input in additionalConfig while adding boxy-saml provider in thirdParty.
  • Fixes issue with OIDC discover when the input url already contains .well-known/openid-configuration.

... (truncated)

Commits
  • 03d9a7b adding dev-v19.0.0 tag to this commit to ensure building
  • 251d80c fix: cicd tests (#887)
  • 24b46c2 adding dev-v19.0.0 tag to this commit to ensure building
  • ddd5f9a fix: cicd tests (#886)
  • 50f3f07 fix: PR checks (#885)
  • 9689ea1 adding dev-v19.0.0 tag to this commit to ensure building
  • 05223e3 fixes test server code
  • 19596f3 adding dev-v19.0.0 tag to this commit to ensure building
  • 1c29599 adds feature flag for auth-react test server due to account linking changes
  • 8fb1b92 adding dev-v19.0.0 tag to this commit to ensure building
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
fix(deps): bump supertokens-node from 15.1.1 to 19.0.0
694785a 
Bumps [supertokens-node](https://github.com/supertokens/supertokens-node) from 15.1.1 to 19.0.0.
- [Release notes](https://github.com/supertokens/supertokens-node/releases)
- [Changelog](https://github.com/supertokens/supertokens-node/blob/master/CHANGELOG.md)
- [Commits](supertokens/supertokens-node@v15.1.1...v19.0.0)

---
updated-dependencies:
- dependency-name: supertokens-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Update a dependency label Jul 17, 2024
@dependabot dependabot bot mentioned this pull request Jul 17, 2024
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 19, 2024

Superseded by #834.

@dependabot dependabot bot closed this Jul 19, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/development/supertokens-node-19.0.0 branch July 19, 2024 06:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Update a dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants