build(deps): bump ueberauth_oidcc from 0.3.2 to 0.4.0

[dependabot]

Bumps ueberauth_oidcc from 0.3.2 to 0.4.0.

Release notes

Sourced from ueberauth_oidcc's releases.

0.4.0

• feat!: add introspection opt for fetching Token Introspection
• feat: support JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• feat: default to :random backoff for issuers
• fix: use client_secret when generating request URLs

BREAKING CHANGE: the API for UeberauthOidcc.Callback.handle_callback/2 has changed to make the 4th item in the tuple a map, rather than only the userinfo claims.

BREAKING CHANGE: if you're using module for testing, you'll need to implement the TokenIntrospection sub-module.

0.3.3

• fix(session): ensure that we clear the session cookie

0.4.0-pre.5

No release notes provided.

Changelog

Sourced from ueberauth_oidcc's changelog.

v0.4.0 - 2024-04-30

• feat!: add introspection opt for fetching Token Introspection
• feat: support JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• feat: default to :random backoff for issuers
• fix: use client_secret when generating request URLs

BREAKING CHANGE: the API for UeberauthOidcc.Callback.handle_callback/2 has changed to make the 4th item in the tuple a map, rather than only the userinfo claims.

BREAKING CHANGE: if you're using module for testing, you'll need to implement the TokenIntrospection sub-module.

v0.3.3 - 2024-04-20

• fix(session): ensure that we clear the session cookie

Commits

• b75a43d feat: default to :random backoff for issuers
• 6445674 chore: release 0.4.0
• cf85150 chore(deps): update oidcc
• 12e7f81 chore(deps): update ueberauth
• ec5df92 chore(deps-dev): update non-prod dependencies
• ac5fdaf ci: update to latest Elixir/Erlang
• d9e87bb chore: v0.4.0-pre.6
• 5c7b9e9 doc: update CHANGELOG
• 08bee61 refactor: simplify cookie opts in session
• 4c02403 chore: update Oidcc to 3.2.0-beta.3
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Coverage of commit eba0896

Summary coverage rate:
  lines......: 44.5% (2846 of 6395 lines)
  functions..: 42.0% (1019 of 2428 functions)
  branches...: no data found

Files changed coverage rate: n/a

Download coverage report

[digitalcora]

Tried deploying this to dev-green and it doesn't seem to have impacted authentication for us.

[cmaddox5]

@dependabot rebase

[github-actions]

Coverage of commit d7409bf

Summary coverage rate:
  lines......: 45.2% (2953 of 6540 lines)
  functions..: 41.1% (1050 of 2556 functions)
  branches...: no data found

Files changed coverage rate: n/a

Download coverage report

[cmaddox5]

@dependabot merge