auth0 5.17.0 → 5.18.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 001f09f32948583c13fb7a3bf421d34a469ba5cd4b0b8ce080a5febaf2e8369b
-  data.tar.gz: 671271047cdaa71aa6cbf6595d35623b9cfdc79e59aa2a5f9f6e8af59e1d6e52
+  metadata.gz: f9f09b3cbb82970d76ce07a4e20b7791059f9e6c8874e8c7723b9e02fa2f7221
+  data.tar.gz: ac5451e6f51c813f40ad9f233253a9d3556e7aa4a1908aec8d6ed95b3a1a99a9
 SHA512:
-  metadata.gz: 5d95a176bd531635ac2502eb147384da9ac0417020dc17e6e0592ba508ece19c70cd1e7037718ffcfdb4b1bcedb3dd6c2866746923328fe5777c075e542aabb0
-  data.tar.gz: 9e693a863adeabb6940f06832ecfd67c30fbcfb6106108f228c3e3959b1bb0892601cca649a5d3a009ec645b24750f5a467a3942be4202c9c30d353102fb4722
+  metadata.gz: fdaf8bf8869532464bd71f51fbba1503e1d529d9fd06e35a9d88dc346400858a60c4b0de7a85b2a079f45fec342e62fca3042c8872ad3cdd48efa6d27dba1f04
+  data.tar.gz: f43c6fc7a97a0ff55acd7b92f7f6376a52877f3988219b102c8c69625e753ca7540f50be464771f137b4e45e577a4665ee44f87e493c3f814d7d1e74636f1d00

data/.github/CODEOWNERS

@@ -1 +1 @@
-*	@auth0/dx-sdks-engineer
+*	@auth0/project-dx-sdks-engineer-codeowner

data/.github/actions/rl-scanner/action.yml

@@ -0,0 +1,71 @@
+name: 'Reversing Labs Scanner'
+description: 'Runs the Reversing Labs scanner on a specified artifact.'
+inputs:
+  artifact-path:
+    description: 'Path to the artifact to be scanned.'
+    required: true
+  version:
+    description: 'Version of the artifact.'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install Python dependencies
+      shell: bash
+      run: |
+        pip install boto3 requests
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
+        aws-region: us-east-1
+        mask-aws-account-id: true
+
+    - name: Install RL Wrapper
+      shell: bash
+      run: |
+        pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+
+    - name: Run RL Scanner
+      shell: bash
+      env:
+        RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
+        RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
+        SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
+        PYTHONUNBUFFERED: 1
+      run: |
+        if [ ! -f "${{ inputs.artifact-path }}" ]; then
+          echo "Artifact not found: ${{ inputs.artifact-path }}"
+          exit 1
+        fi
+
+        rl-wrapper \
+          --artifact "${{ inputs.artifact-path }}" \
+          --name "${{ github.event.repository.name }}" \
+          --version "${{ inputs.version }}" \
+          --repository "${{ github.repository }}" \
+          --commit "${{ github.sha }}" \
+          --build-env "github_actions" \
+          --suppress_output
+
+        # Check the outcome of the scanner
+        if [ $? -ne 0 ]; then
+          echo "RL Scanner failed."
+          echo "scan-status=failed" >> $GITHUB_ENV
+          exit 1
+        else
+          echo "RL Scanner passed."
+          echo "scan-status=success" >> $GITHUB_ENV
+        fi
+
+outputs:
+  scan-status:
+    description: 'The outcome of the scan process.'
+    value: ${{ env.scan-status }}

data/.github/workflows/codeql.yml

@@ -36,18 +36,18 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{ matrix.language }}"

data/.github/workflows/release.yml

@@ -8,13 +8,27 @@ on:
 
 permissions:
   contents: write
+  id-token: write # This is required for requesting the JWT
 
 ### TODO: Replace instances of './.github/workflow/' w/ `auth0/dx-sdk-actions/` and append `@latest` after the common `dx-sdk-actions` repo is made public.
 ### TODO: Also remove `get-prerelease`, `get-version`, `rubygems-publish`, `release-create`, `tag-create` and `tag-exists` actions from this repo's .github/actions folder and `ruby-release` from `./github/workflows` once the repo is public.
 
 jobs:
+  rl-scanner:
+    uses: ./.github/workflows/rl-scanner.yml
+    with:
+      ruby-version: 3.2
+    secrets:
+      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
   release:
     uses: ./.github/workflows/ruby-release.yml
+    needs: rl-scanner
     with:
       ruby-version: 3.2
     secrets:

data/.github/workflows/rl-scanner.yml

@@ -0,0 +1,65 @@
+name: RL-Secure Workflow
+
+on:
+  workflow_call:
+    inputs:
+      ruby-version:
+        required: true
+        type: string
+    secrets:
+      RLSECURE_LICENSE:
+        required: true
+      RLSECURE_SITE_KEY:
+        required: true
+      SIGNAL_HANDLER_TOKEN:
+        required: true
+      PRODSEC_TOOLS_USER:
+        required: true
+      PRODSEC_TOOLS_TOKEN:
+        required: true
+      PRODSEC_TOOLS_ARN:
+        required: true
+
+jobs:
+  rl-scanner:
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
+    runs-on: ubuntu-latest
+    outputs:
+      scan-status: ${{ steps.rl-scan-conclusion.outcome }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+
+      - name: Configure Ruby
+        uses: ./.github/actions/setup
+        with:
+          ruby-version: ${{ inputs.ruby-version }}
+
+      - name: Build RubyGems
+        shell: bash
+        run: |
+          gem build *.gemspec
+          export GEM_FILE=$(ls *.gem)
+          echo "gem_file=$GEM_FILE" >> $GITHUB_ENV
+
+      - name: Get Artifact Version
+        id: get_version
+        uses: ./.github/actions/get-version
+
+      - name: Run RL Scanner
+        id: rl-scan-conclusion
+        uses: ./.github/actions/rl-scanner
+        with:
+          artifact-path: "$(pwd)/${{ env.gem_file }}"
+          version: "${{ steps.get_version.outputs.version }}"
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+          PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+          PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
+      - name: Output scan result
+        run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV

data/.github/workflows/ruby-release.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       # Checkout the code
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

data/.github/workflows/semgrep.yml

@@ -2,7 +2,7 @@ name: Semgrep
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -20,16 +20,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   run:
-    needs: authorize # Require approval before running on forked pull requests
-
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
 
@@ -40,7 +31,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

data/.github/workflows/snyk.yml

@@ -3,7 +3,7 @@ name: Snyk
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -21,16 +21,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   check:
-    needs: authorize
-
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
 
@@ -38,7 +29,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

data/.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Ruby
         uses: ./.github/actions/setup
@@ -66,4 +66,4 @@ jobs:
 
       - name: Upload coverage
         if: matrix.ruby == '3.2' || matrix.ruby == '3.3'
-        uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # pin@3.1.5
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@5.5.2

data/.snyk

@@ -9,3 +9,9 @@ ignore:
     - dotenv-rails > railties > actionpack > rack-test:
         reason: No direct upgrade available
         expires: "2023-11-02T12:00:00.000Z"
+  snyk:lic:rubygems:json:Ruby:
+    - '*':
+        reason: Ruby standard library gem, Ruby license is acceptable
+  snyk:lic:rubygems:reline:Ruby:
+    - '*':
+        reason: Ruby standard library gem, Ruby license is acceptable

data/.version

@@ -1 +1 @@
-v5.17.0
+v5.18.1

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Change Log
 
+## [v5.18.1](https://github.com/auth0/ruby-auth0/tree/v5.18.1) (2026-03-13)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.18.0...v5.18.1)
+
+**Changed**
+- chore(deps): bump zache from 0.15.0 to 0.15.2 [\#691](https://github.com/auth0/ruby-auth0/pull/691) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump jwt from 2.9.3 to 2.10.2 [\#682](https://github.com/auth0/ruby-auth0/pull/682) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump addressable from 2.8.7 to 2.8.8 [\#686](https://github.com/auth0/ruby-auth0/pull/686) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump zache from 0.13.2 to 0.15.0 [\#649](https://github.com/auth0/ruby-auth0/pull/649) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+**Fixed**
+- fix deleting array content when passing an array as payload [\#697](https://github.com/auth0/ruby-auth0/pull/697) ([carlastabile](https://github.com/carlastabile))
+
+**Security**
+- fix(deps): upgrade dev dependencies to resolve Snyk security vulnerab… [\#704](https://github.com/auth0/ruby-auth0/pull/704) ([arpit-jn](https://github.com/arpit-jn))
+
+## [v5.18.0](https://github.com/auth0/ruby-auth0/tree/v5.18.0) (2024-11-25)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.17.0...v5.18.0)
+
+**Added**
+- Add Refresh Token endpoints for the Auth0 Management API #614 [\#623](https://github.com/auth0/ruby-auth0/pull/623) ([arpit-jn](https://github.com/arpit-jn))
+- Add Management API calls for session API endpoints #613 [\#616](https://github.com/auth0/ruby-auth0/pull/616) ([arpit-jn](https://github.com/arpit-jn))
+
 ## [v5.17.0](https://github.com/auth0/ruby-auth0/tree/v5.17.0) (2024-05-24)
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.16.0...v5.17.0)
 

data/Gemfile

@@ -5,10 +5,8 @@ gemspec
 
 group :development do
   gem 'terminal-notifier-guard', require: false unless ENV['CIRCLECI']
-  gem 'coveralls', require: false
   gem 'rubocop', require: false
   gem 'rubocop-rails', require: false
-  gem 'irb', require: false
 end
 
 group :test do