fix(deps): update dependency keycloak-js to v26.2.3#19
Open
renovate[bot] wants to merge 1 commit intomainfrom
Open
fix(deps): update dependency keycloak-js to v26.2.3#19renovate[bot] wants to merge 1 commit intomainfrom
renovate[bot] wants to merge 1 commit intomainfrom
Conversation
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/keycloak-js-26.x
branch
from
ebdbf40 to
82705f6
Compare
renovate
bot
force-pushed
the
renovate/keycloak-js-26.x
branch
2 times, most recently
from
753c1a4 to
00c0c05
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/keycloak-js-26.x
branch
from
00c0c05 to
a62b7b3
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
26.2.0→26.2.3Release Notes
keycloak/keycloak-js (keycloak-js)
v26.2.3Compare Source
Highlights
This release of Keycloak JS addresses a regression that was introduced in version
26.2.2affecting applications that use hash-based routing in combination with thefragmentresponse mode.Bug Fixes
URL hash fragments are now preserved correctly with 'fragment' response mode
A regression was introduced in version
26.2.2that caused URL fragments with path-style routing (e.g.,#/admin/maintenance/scripts) to be URL-encoded after the OAuth callback, breaking applications that use hash-based routing. This issue affected Angular, React, and other applications that rely on the hash portion of the URL for client-side routing.keycloak/keycloak-js#241
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
v26.2.2Compare Source
Highlights
This release of Keycloak JS focuses on addressing several regressions that were introduced by accident. We apologize for any inconvenience these issues may have caused and thank our community for reporting them quickly and helping to verify the fixes.
Bug Fixes
Destructuring public methods now works correctly
A regression was introduced that caused an error when destructuring public methods from a Keycloak instance. This pattern is commonly used in applications:
This issue has been resolved by binding all public methods to the class instance using arrow functions, ensuring that
thisis always correctly scoped regardless of how the method is called.keycloak/keycloak-js#202
Hash fragments are now preserved in redirect URIs
A regression caused hash fragments in URLs to be stripped from redirect URIs, which broke navigation in applications that rely on fragment-based routing. For example, when logging in to the Keycloak Admin Console with a URL like
http://localhost:8080/admin/master/console/#/demo/users/add-user, the user would be redirected to the default page instead of the intended fragment after authentication.This also caused issues where redirect URIs would have a trailing slash added unexpectedly, breaking login flows for OIDC servers that perform strict URI matching.
The next major of Keycloak JS will start re-enforcing this constraint, as it is not allowed to pass fragments according to the specification.
keycloak/keycloak-js#151, keycloak/keycloak-js#205
Redirect URLs on different domains now work correctly
A regression prevented redirect URLs from being on a different domain than the application origin the navigation to fail with a security error. This affected users who use redirect services that forward authentication requests from an intermediate domain back to the application.
This behavior is likely to be changed in the future to only allow redirect URLs that are on the same origin as where Keycloak JS is initialized, in order to prevent possible open redirects. If this issue affects you please join the discussion.
keycloak/keycloak-js#189
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
v26.2.1Compare Source
Highlights
This release of Keycloak JS is the first release after our initial announcement to split it off from the main project release cycle. This release is the result of a large internal refactor to make the code more maintainable and make use of modern JavaScript language features, as well as to introduce a new test suite with more comprehensive test coverage. Even though much has changed under the hood, this is a patch releases, and there should be no breaking changes for users, only bugfixes and small enhancements.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.