Skip to content

Latest commit

 

History

History
43 lines (32 loc) · 1.79 KB

CHANGELOG.md

File metadata and controls

43 lines (32 loc) · 1.79 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog. This project adheres to Semantic Versioning.

[Unreleased]

[1.0.0] 2021-07-14

Changed

  • Support omniauth versions >= 1.9 but < 3. i.e., support version 2 which addresses some CVEs.
  • Standardize syntax and style via Standard.rb

Breaking

  • Loosen omniauth-oauth2 requirement to allow >= 1.7.0. With this change, blocks give to dynamically determine the :scope argument will be passed the Rack env, rather than an instance of the Rack::Request. See the Upgrading to 1.0 docs for more.
  • Remove AuthUrl and ApiUrl constants from OmniAuth::Strategies::Heroku. These were internal details, not meant to be part of the public API.
  • Require Ruby >= 2.3.0. We were only supporting that anyway, but now it's explicit. However, we do recommend only running on actively supported Rubies.

[0.4.1] 2021-07-06

Changed

  • Lock to omniauth-oauth2 ~> 1.6.0 to fix regression in dynamic :scope option. With omniauth-oauth2 >= 1.7.0, the block is passed the Rack env as the parameter. This breaks our expectation the will receive a Rack::Request instance as the argument to dynamically determine the :scope option. i.e., this broken:

    use OmniAuth::Builder do
  provider :heroku, ENV.fetch("HEROKU_OAUTH_ID"), ENV.fetch("HEROKU_OAUTH_SECRET"),
    scope: ->(request) { request.params["scope"] || "identity" }
end

    See PR #22 for more context, workaround, etc...