Skip to content

fix(deps): bump openid-client from 5.7.1 to 6.8.3#754

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/openid-client-6.8.3
Open

fix(deps): bump openid-client from 5.7.1 to 6.8.3#754
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/openid-client-6.8.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 14, 2026
edited
Loading

Bumps openid-client from 5.7.1 to 6.8.3.

Release notes

Sourced from openid-client's releases.

v6.8.3

Documentation

  • note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

  • passport: delete one-time state on callback (1e7dd2e)

v6.8.2

Fixes

  • use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

v6.8.1

Refactor

  • workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

  • respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

  • remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

  • passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

  • support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

  • recognize N_A in the token exchange grant (770b177)

v6.6.3

Documentation

  • fix TokenEndpointResponseHelpers.claims() note (b77c786)

... (truncated)

Changelog

Sourced from openid-client's changelog.

6.8.3 (2026-04-13)

Documentation

  • note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

  • passport: delete one-time state on callback (1e7dd2e)

6.8.2 (2026-02-07)

Fixes

  • use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

6.8.1 (2025-09-27)

Refactor

  • workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

  • respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

  • remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

Fixes

  • passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

6.7.0 (2025-08-27)

Features

... (truncated)

Commits
  • 66e4082 chore(release): 6.8.3
  • fa292f2 test: fix typings build issues
  • 0600c91 test: deflake pollBackchannelAuthenticationGrant
  • 1e7dd2e fix(passport): delete one-time state on callback
  • da961e2 test: add coverage the passport strategy
  • 14a2d38 chore: bump packages
  • c64adc8 chore: fix typings in the example
  • 70cc56e chore: node --run format
  • e9689de docs: note a workaround for redirect_uri with query string or bare origin
  • a3ffaef example: update dpop example to respect the token_type
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openid-client since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 14, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 14, 2026 13:27
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 14, 2026
@dependabot dependabot Bot mentioned this pull request Apr 14, 2026
Closed
@RicoFactset
Copy link
Copy Markdown

Rico (RicoFactset) commented Apr 14, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsacc84833-3b3a-44e0-a9cb-6d61f16ca427

Great job! No new security vulnerabilities introduced in this pull request

Use Checkmarx (@Checkmarx) to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

@dependabot
fix(deps): bump openid-client from 5.7.1 to 6.8.3
2fcd6d8 
Bumps [openid-client](https://github.com/panva/openid-client) from 5.7.1 to 6.8.3.
- [Release notes](https://github.com/panva/openid-client/releases)
- [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md)
- [Commits](panva/openid-client@v5.7.1...v6.8.3)

---
updated-dependencies:
- dependency-name: openid-client
  dependency-version: 6.8.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/openid-client-6.8.3 branch from 4293fe6 to 2fcd6d8 Compare April 22, 2026 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RicoFactset