Update openid-client to v6#1394
Conversation
v6 is a complete rewrite, with API changes: https://github.com/panva/openid-client/releases/tag/v6.0.0 Closes #1230
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
sadiqkhoja
left a comment
There was a problem hiding this comment.
Looks good to me!
Nothing to change here but I'd like mention that I am getting Support for loading ES Module in require() is an experimental feature and might change at any time warning. Maybe this feature will get matured or we may consider migrating to ESM 🤷♂️
Good spot - I'll take a look into this.
I think we should avoid that migration as long as possible. |
Current status:
which means
I'll hold of merging for now. |
Current NodeJS version for this repo: Since It will be reasonable to consider this PR for merging very soon. |
|
@alxndrsn You're planning on merging this one for the release, right? Are you waiting until the node version upgrade to 24.17.0 is in? Seems to me like it would be ok to merge this one first and helpful to have it on the staging server for a little bit before regression testing. |
I hadn't been planning specifically, just waiting for the required feature to be fully supported by NodeJS. I don't recall a specific need to update to |
|
I don't think there's anything specific prompting the upgrade other than wanting to stay up-to-date. If you don't think it's a must-have for this release, then how about we merge it at the beginning of the next release cycle. |
openid-clientv6 is a complete rewrite, with API changes: https://github.com/panva/openid-client/releases/tag/v6.0.0API reference: https://github.com/panva/openid-client/blob/v6.1.7/docs/README.md
Closes getodk/central#1225
What has been done to verify that this works as intended?
Existing tests.
Why is this the best possible solution? Were any other approaches considered?
Staying up-to-date with security-focussed libraries seems like a sensible approach. An alternative might be to fork the
openid-clientlibrary, but this seems like high-risk, unnecessary work for no obvious benefit.How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?
It should not affect users.
Does this change require updates to the API documentation? If so, please update docs/api.yaml as part of this PR.
No.
Before submitting this PR, please make sure you have:
make testand confirmed all checks still pass OR confirm CircleCI build passes