auth0 5.18.0 → 5.18.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6bc03a5197ed3cf51db9076e4d7429e56a418f94eb440b7f69c1542f1014a7cf
-  data.tar.gz: bb4f921acd2af07f5139b0920064265a539e61862827dac10e5f39988297fbf4
+  metadata.gz: f9f09b3cbb82970d76ce07a4e20b7791059f9e6c8874e8c7723b9e02fa2f7221
+  data.tar.gz: ac5451e6f51c813f40ad9f233253a9d3556e7aa4a1908aec8d6ed95b3a1a99a9
 SHA512:
-  metadata.gz: '08beebcb81144352182b6af63c5745d55abcf22ef30fee4928141a89c24f61cd5d81414f63f76f6cf6bd9935b5c49d5fe83b92b29298800fefd4a5bd1a2efa87'
-  data.tar.gz: ac02d18db80d57720502db87c88ab4c3f8d07ef00d2f9792e8e41ae383d5d28082523f2d7cd735cfb2b6f7ec94d39ab8a42856b86fae151b838ad0569cc82dcb
+  metadata.gz: fdaf8bf8869532464bd71f51fbba1503e1d529d9fd06e35a9d88dc346400858a60c4b0de7a85b2a079f45fec342e62fca3042c8872ad3cdd48efa6d27dba1f04
+  data.tar.gz: f43c6fc7a97a0ff55acd7b92f7f6376a52877f3988219b102c8c69625e753ca7540f50be464771f137b4e45e577a4665ee44f87e493c3f814d7d1e74636f1d00

data/.github/workflows/codeql.yml

@@ -36,18 +36,18 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{ matrix.language }}"

data/.github/workflows/rl-scanner.yml

@@ -29,7 +29,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Ruby
         uses: ./.github/actions/setup

data/.github/workflows/ruby-release.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       # Checkout the code
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 

data/.github/workflows/semgrep.yml

@@ -31,7 +31,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

data/.github/workflows/snyk.yml

@@ -29,7 +29,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

data/.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure Ruby
         uses: ./.github/actions/setup
@@ -66,4 +66,4 @@ jobs:
 
       - name: Upload coverage
         if: matrix.ruby == '3.2' || matrix.ruby == '3.3'
-        uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # pin@3.1.5
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@5.5.2

data/.snyk

@@ -9,3 +9,9 @@ ignore:
     - dotenv-rails > railties > actionpack > rack-test:
         reason: No direct upgrade available
         expires: "2023-11-02T12:00:00.000Z"
+  snyk:lic:rubygems:json:Ruby:
+    - '*':
+        reason: Ruby standard library gem, Ruby license is acceptable
+  snyk:lic:rubygems:reline:Ruby:
+    - '*':
+        reason: Ruby standard library gem, Ruby license is acceptable

data/.version

@@ -1 +1 @@
-v5.18.0
+v5.18.1

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Change Log
 
+## [v5.18.1](https://github.com/auth0/ruby-auth0/tree/v5.18.1) (2026-03-13)
+[Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.18.0...v5.18.1)
+
+**Changed**
+- chore(deps): bump zache from 0.15.0 to 0.15.2 [\#691](https://github.com/auth0/ruby-auth0/pull/691) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump jwt from 2.9.3 to 2.10.2 [\#682](https://github.com/auth0/ruby-auth0/pull/682) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump addressable from 2.8.7 to 2.8.8 [\#686](https://github.com/auth0/ruby-auth0/pull/686) ([dependabot[bot]](https://github.com/apps/dependabot))
+- chore(deps): bump zache from 0.13.2 to 0.15.0 [\#649](https://github.com/auth0/ruby-auth0/pull/649) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+**Fixed**
+- fix deleting array content when passing an array as payload [\#697](https://github.com/auth0/ruby-auth0/pull/697) ([carlastabile](https://github.com/carlastabile))
+
+**Security**
+- fix(deps): upgrade dev dependencies to resolve Snyk security vulnerab… [\#704](https://github.com/auth0/ruby-auth0/pull/704) ([arpit-jn](https://github.com/arpit-jn))
+
 ## [v5.18.0](https://github.com/auth0/ruby-auth0/tree/v5.18.0) (2024-11-25)
 [Full Changelog](https://github.com/auth0/ruby-auth0/compare/v5.17.0...v5.18.0)
 

data/Gemfile

@@ -5,10 +5,8 @@ gemspec
 
 group :development do
   gem 'terminal-notifier-guard', require: false unless ENV['CIRCLECI']
-  gem 'coveralls', require: false
   gem 'rubocop', require: false
   gem 'rubocop-rails', require: false
-  gem 'irb', require: false
 end
 
 group :test do

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    auth0 (5.18.0)
+    auth0 (5.18.1)
       addressable (~> 2.8)
       jwt (~> 2.7)
       rest-client (~> 2.1)
@@ -11,83 +11,56 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (8.0.0)
-      actionview (= 8.0.0)
-      activesupport (= 8.0.0)
-      nokogiri (>= 1.8.5)
-      rack (>= 2.2.4)
-      rack-session (>= 1.0.1)
-      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
-      useragent (~> 0.16)
-    actionview (8.0.0)
-      activesupport (= 8.0.0)
-      builder (~> 3.1)
-      erubi (~> 1.11)
-      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.6)
-    activesupport (8.0.0)
+    activesupport (8.1.2)
       base64
-      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      json
       logger (>= 1.4.2)
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
       uri (>= 0.13.1)
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
-    ast (2.4.2)
-    base64 (0.2.0)
-    benchmark (0.4.0)
-    bigdecimal (3.1.8)
-    builder (3.3.0)
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
+    ast (2.4.3)
+    base64 (0.3.0)
+    bigdecimal (4.0.1)
     coderay (1.1.3)
-    concurrent-ruby (1.3.4)
-    connection_pool (2.4.1)
-    coveralls (0.7.1)
-      multi_json (~> 1.3)
-      rest-client
-      simplecov (>= 0.7)
-      term-ansicolor
-      thor
-    crack (1.0.0)
+    concurrent-ruby (1.3.6)
+    connection_pool (3.0.2)
+    crack (1.0.1)
       bigdecimal
       rexml
-    crass (1.0.6)
-    diff-lcs (1.5.1)
+    diff-lcs (1.6.2)
     docile (1.4.1)
     domain_name (0.6.20240107)
-    dotenv (2.8.1)
-    dotenv-rails (2.8.1)
-      dotenv (= 2.8.1)
-      railties (>= 3.2)
-    drb (2.2.1)
-    erubi (1.13.0)
+    dotenv (3.2.0)
+    drb (2.2.3)
     faker (2.23.0)
       i18n (>= 1.8.11, < 2)
-    ffi (1.17.0-aarch64-linux-gnu)
-    ffi (1.17.0-aarch64-linux-musl)
-    ffi (1.17.0-arm-linux-gnu)
-    ffi (1.17.0-arm-linux-musl)
-    ffi (1.17.0-arm64-darwin)
-    ffi (1.17.0-x86-linux-gnu)
-    ffi (1.17.0-x86-linux-musl)
-    ffi (1.17.0-x86_64-darwin)
-    ffi (1.17.0-x86_64-linux-gnu)
-    ffi (1.17.0-x86_64-linux-musl)
-    formatador (1.1.0)
+    ffi (1.17.3-aarch64-linux-gnu)
+    ffi (1.17.3-aarch64-linux-musl)
+    ffi (1.17.3-arm-linux-gnu)
+    ffi (1.17.3-arm-linux-musl)
+    ffi (1.17.3-arm64-darwin)
+    ffi (1.17.3-x86-linux-gnu)
+    ffi (1.17.3-x86-linux-musl)
+    ffi (1.17.3-x86_64-darwin)
+    ffi (1.17.3-x86_64-linux-gnu)
+    ffi (1.17.3-x86_64-linux-musl)
+    formatador (1.2.3)
+      reline
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
-    guard (2.19.0)
+    guard (2.20.1)
       formatador (>= 0.2.4)
       listen (>= 2.7, < 4.0)
+      logger (~> 1.6)
       lumberjack (>= 1.0.12, < 2.0)
       nenv (~> 0.1)
       notiffany (~> 0.0)
@@ -99,97 +72,64 @@ GEM
       guard (~> 2.1)
       guard-compat (~> 1.1)
       rspec (>= 2.99.0, < 4.0)
-    hashdiff (1.1.2)
+    hashdiff (1.2.1)
     http-accept (1.7.0)
-    http-cookie (1.0.7)
+    http-cookie (1.1.0)
       domain_name (~> 0.5)
-    i18n (1.14.6)
+    i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    io-console (0.7.2)
-    irb (1.14.1)
-      rdoc (>= 4.0.0)
-      reline (>= 0.4.2)
-    json (2.8.2)
-    jwt (2.9.3)
+    io-console (0.8.2)
+    json (2.19.1)
+    json-schema (6.2.0)
+      addressable (~> 2.8)
+      bigdecimal (>= 3.1, < 5)
+    jwt (2.10.2)
       base64
-    language_server-protocol (3.17.0.3)
-    listen (3.9.0)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    listen (3.10.0)
+      logger
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    logger (1.6.1)
-    loofah (2.23.1)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.12.0)
-    lumberjack (1.2.10)
+    logger (1.7.0)
+    lumberjack (1.4.2)
+    mcp (0.8.0)
+      json-schema (>= 4.1)
     method_source (1.1.0)
-    mime-types (3.6.0)
+    mime-types (3.7.0)
       logger
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2024.1105)
-    minitest (5.25.2)
-    multi_json (1.15.0)
+      mime-types-data (~> 3.2025, >= 3.2025.0507)
+    mime-types-data (3.2026.0303)
+    minitest (6.0.2)
+      drb (~> 2.0)
+      prism (~> 1.5)
     nenv (0.3.0)
     netrc (0.11.0)
-    nokogiri (1.16.7-aarch64-linux)
-      racc (~> 1.4)
-    nokogiri (1.16.7-arm-linux)
-      racc (~> 1.4)
-    nokogiri (1.16.7-arm64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.16.7-x86-linux)
-      racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.16.7-x86_64-linux)
-      racc (~> 1.4)
     notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
-    parallel (1.26.3)
-    parser (3.3.6.0)
+    parallel (1.27.0)
+    parser (3.3.10.2)
       ast (~> 2.4.1)
       racc
-    pp (0.6.1)
+    pp (0.6.3)
       prettyprint
     prettyprint (0.2.0)
-    pry (0.15.0)
+    prism (1.9.0)
+    pry (0.16.0)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    psych (5.2.0)
-      stringio
-    public_suffix (6.0.1)
+      reline (>= 0.6.0)
+    public_suffix (7.0.5)
     racc (1.8.1)
-    rack (3.1.8)
-    rack-session (2.0.0)
-      rack (>= 3.0.0)
-    rack-test (2.1.0)
-      rack (>= 1.3)
-    rackup (2.2.1)
-      rack (>= 3)
-    rails-dom-testing (2.2.0)
-      activesupport (>= 5.0.0)
-      minitest
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
-      loofah (~> 2.21)
-      nokogiri (~> 1.14)
-    railties (8.0.0)
-      actionpack (= 8.0.0)
-      activesupport (= 8.0.0)
-      irb (~> 1.13)
-      rackup (>= 1.0.0)
-      rake (>= 12.2)
-      thor (~> 1.0, >= 1.2.2)
-      zeitwerk (~> 2.6)
+    rack (3.2.5)
     rainbow (3.1.1)
-    rake (13.2.1)
+    rake (13.3.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)
       ffi (~> 1.0)
-    rdoc (6.8.1)
-      psych (>= 4.0.0)
-    regexp_parser (2.9.2)
-    reline (0.5.11)
+    regexp_parser (2.11.3)
+    reline (0.6.3)
       io-console (~> 0.5)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
@@ -197,72 +137,68 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retryable (3.0.5)
-    rexml (3.3.9)
-    rspec (3.13.0)
+    rexml (3.4.4)
+    rspec (3.13.2)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.2)
+    rspec-core (3.13.6)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.8)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.1)
-    rubocop (1.68.0)
+    rspec-support (3.13.7)
+    rubocop (1.85.1)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
+      mcp (~> 0.6)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 2.4, < 3.0)
-      rubocop-ast (>= 1.32.2, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.36.1)
-      parser (>= 3.3.1.0)
-    rubocop-rails (2.27.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.49.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.7)
+    rubocop-rails (2.34.3)
       activesupport (>= 4.2.0)
+      lint_roller (~> 1.1)
       rack (>= 1.1)
-      rubocop (>= 1.52.0, < 2.0)
-      rubocop-ast (>= 1.31.1, < 2.0)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
     ruby-progressbar (1.13.0)
-    securerandom (0.3.2)
+    securerandom (0.4.1)
     shellany (0.0.1)
     simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
-    simplecov-cobertura (2.1.0)
+    simplecov-cobertura (3.1.0)
       rexml
       simplecov (~> 0.19)
-    simplecov-html (0.13.1)
+    simplecov-html (0.13.2)
     simplecov_json_formatter (0.1.4)
-    stringio (3.1.2)
-    sync (0.5.0)
-    term-ansicolor (1.11.2)
-      tins (~> 1.0)
     terminal-notifier-guard (1.7.0)
-    thor (1.3.2)
+    thor (1.5.0)
     timecop (0.9.10)
-    tins (1.37.0)
-      bigdecimal
-      sync
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.6.0)
-    uri (1.0.2)
-    useragent (0.16.10)
-    vcr (6.3.1)
-      base64
-    webmock (3.24.0)
+    unicode-display_width (3.2.0)
+      unicode-emoji (~> 4.1)
+    unicode-emoji (4.2.0)
+    uri (1.1.1)
+    vcr (6.4.0)
+    webmock (3.26.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    zache (0.13.2)
-    zeitwerk (2.7.1)
+    zache (0.15.2)
 
 PLATFORMS
   aarch64-linux
@@ -283,12 +219,10 @@ PLATFORMS
 DEPENDENCIES
   auth0!
   bundler
-  coveralls
-  dotenv-rails (~> 2.0)
+  dotenv (~> 3.0)
   faker (~> 2.0)
   fuubar (~> 2.0)
   guard-rspec (~> 4.5)
-  irb
   pp
   rake (~> 13.0)
   rspec (~> 3.11)

data/README.md

@@ -7,6 +7,7 @@ Ruby API client for the [Auth0](https://auth0.com) platform.
 [![codecov](https://codecov.io/gh/auth0/ruby-auth0/branch/master/graph/badge.svg)](https://codecov.io/gh/auth0/ruby-auth0)
 [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](http://www.rubydoc.info/github/auth0/ruby-auth0/master/frames)
 [![MIT licensed](https://img.shields.io/dub/l/vibe-d.svg?style=flat)](https://github.com/auth0/ruby-auth0/blob/master/LICENSE)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/auth0/ruby-auth0)
 
 <div>
 📚 <a href="#documentation">Documentation</a> - 🚀 <a href="#getting-started">Getting started</a> - 💻 <a href="#api-reference">API reference</a> - 💬 <a href="#feedback">Feedback</a>
@@ -127,4 +128,4 @@ Please do not report security vulnerabilities on the public GitHub issue tracker
 </p>
 <p align="center">
   This project is licensed under the MIT license. See the <a href="https://github.com/auth0/ruby-auth0/blob/master/LICENSE"> LICENSE</a> file for more info.
-</p>
+</p>

data/auth0.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'fuubar', '~> 2.0'
   s.add_development_dependency 'guard-rspec', '~> 4.5' unless ENV['CIRCLECI']
-  s.add_development_dependency 'dotenv-rails', '~> 2.0'
+  s.add_development_dependency 'dotenv', '~> 3.0'
   s.add_development_dependency 'rspec', '~> 3.11'
   s.add_development_dependency 'simplecov', '~> 0.9'
   s.add_development_dependency 'faker', '~> 2.0'

data/examples/ruby-api/Gemfile

@@ -3,7 +3,7 @@
 source 'http://rubygems.org'
 
 # gem "rails"
-gem 'sinatra', '~> 2.2'
+gem 'sinatra', '~> 4.2'
 gem 'jwt', '~> 2.5'
 gem 'dotenv'
 gem 'puma'

data/examples/ruby-api/Gemfile.lock

@@ -1,23 +1,32 @@
 GEM
   remote: http://rubygems.org/
   specs:
+    base64 (0.3.0)
     dotenv (2.8.1)
     jwt (2.5.0)
-    mustermann (2.0.2)
+    logger (1.7.0)
+    mustermann (3.0.4)
       ruby2_keywords (~> 0.0.1)
     nio4r (2.7.3)
     puma (5.6.9)
       nio4r (~> 2.0)
-    rack (2.2.9)
-    rack-protection (2.2.3)
-      rack
+    rack (3.2.5)
+    rack-protection (4.2.0)
+      base64 (>= 0.1.0)
+      logger (>= 1.6.0)
+      rack (>= 3.0.0, < 4)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
     ruby2_keywords (0.0.5)
-    sinatra (2.2.3)
-      mustermann (~> 2.0)
-      rack (~> 2.2)
-      rack-protection (= 2.2.3)
+    sinatra (4.2.0)
+      logger (>= 1.6.0)
+      mustermann (~> 3.0)
+      rack (>= 3.0.0, < 4)
+      rack-protection (= 4.2.0)
+      rack-session (>= 2.0.0, < 3)
       tilt (~> 2.0)
-    tilt (2.0.11)
+    tilt (2.7.0)
 
 PLATFORMS
   aarch64-linux
@@ -27,7 +36,7 @@ DEPENDENCIES
   dotenv
   jwt (~> 2.5)
   puma
-  sinatra (~> 2.2)
+  sinatra (~> 4.2)
 
 BUNDLED WITH
    2.3.7

data/lib/auth0/api/v2/users.rb

@@ -1,7 +1,7 @@
 module Auth0
   module Api
     module V2
-      # Methods to use the users endpoints
+      # Methods to use the users' endpoints
       module Users
         include Auth0::Mixins::Validation
 
@@ -94,10 +94,10 @@ module Auth0
         # Some considerations:
         # The properties of the new object will replace the old ones.
         # The metadata fields are an exception to this rule (user_metadata and app_metadata). These properties are
-        # merged instead of being replaced but be careful, the merge only occurs on the first level.
+        # merged instead of being replaced, but be careful, the merge only occurs on the first level.
         # If you are updating email_verified, phone_verified, username or password you need to specify the connection
         # property too.
-        # If your are updating email or phone_number you need to specify the connection and the client_id properties.
+        # If you are updating email or phone_number you need to specify the connection and the client_id properties.
         # @see https://auth0.com/docs/api/v2#!/Users/patch_users_by_id
         # @param user_id [string] The user_id of the user to update.
         # @param body [hash] The optional parameters to update.
@@ -137,7 +137,7 @@ module Auth0
         # update:current_user_identities scope. In this case only the link_with param is required in the body,
         # containing the JWT obtained upon the secondary account's authentication.
         # 2. With an API V2 generated token with update:users scope. In this case you need to send provider and user_id
-        # in the body. Optionally you can also send the connection_id param which is suitable for identifying a
+        # in the body. Optionally, you can also send the connection_id param, which is suitable for identifying a
         # particular database connection for the 'auth0' provider.
         # @see https://auth0.com/docs/api/v2#!/Users/post_identities
         # @param user_id [string] The user_id of the primary identity where you are linking the secondary account to.

data/lib/auth0/mixins/httpproxy.rb

@@ -1,6 +1,8 @@
-require "addressable/uri"
-require "retryable"
-require_relative "../exception.rb"
+# frozen_string_literal: true
+
+require 'addressable/uri'
+require 'retryable'
+require_relative '../exception'
 
 module Auth0
   module Mixins
@@ -8,6 +10,7 @@ module Auth0
     # for now, if you want to feel free to use your own http client
     module HTTPProxy
       attr_accessor :headers, :base_uri, :timeout, :retry_count
+
       DEFAULT_RETRIES = 3
       MAX_ALLOWED_RETRIES = 10
       MAX_REQUEST_RETRY_JITTER = 250
@@ -16,10 +19,10 @@ module Auth0
       BASE_DELAY = 100
 
       # proxying requests from instance methods to HTTP class methods
-      %i(get post post_file post_form put patch delete delete_with_body).each do |method|
+      %i[get post post_file post_form put patch delete delete_with_body].each do |method|
         define_method(method) do |uri, body = {}, extra_headers = {}|
-          body = body.delete_if { |_, v| v.nil? }
-          token = get_token()
+          body = safe_merge_body(body, extra_headers)
+          token = get_token
           authorization_header(token) unless token.nil?
           request_with_retry(method, uri, body, extra_headers)
         end
@@ -27,8 +30,8 @@ module Auth0
 
       def retry_options
         sleep_timer = lambda do |attempt|
-          wait = BASE_DELAY * (2**attempt-1) # Exponential delay with each subsequent request attempt.
-          wait += rand(wait+1..wait+MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
+          wait = BASE_DELAY * (2**attempt - 1) # Exponential delay with each subsequent request attempt.
+          wait += rand(wait + 1..wait + MAX_REQUEST_RETRY_JITTER) # Add jitter to the delay window.
           wait = [MAX_REQUEST_RETRY_DELAY, wait].min # Cap delay at MAX_REQUEST_RETRY_DELAY.
           wait = [MIN_REQUEST_RETRY_DELAY, wait].max # Ensure delay is no less than MIN_REQUEST_RETRY_DELAY.
           wait / 1000.to_f.round(2) # convert ms to seconds
@@ -55,6 +58,7 @@ module Auth0
 
       def add_headers(h = {})
         raise ArgumentError, 'Headers must be an object which responds to #to_hash' unless h.respond_to?(:to_hash)
+
         @headers ||= {}
         @headers.merge!(h.to_hash)
       end
@@ -72,28 +76,29 @@ module Auth0
       end
 
       def request(method, uri, body = {}, extra_headers = {})
-        result = if method == :get
-          @headers ||= {}
-          get_headers = @headers.merge({params: body}).merge(extra_headers)
-          call(:get, encode_uri(uri), timeout, get_headers)
-        elsif method == :delete
-          @headers ||= {}
-          delete_headers = @headers.merge({ params: body })
-          call(:delete, encode_uri(uri), timeout, delete_headers)
-        elsif method == :delete_with_body
-          call(:delete, encode_uri(uri), timeout, headers, body.to_json)
-        elsif method == :post_file
-          body.merge!(multipart: true)
-          # Ignore the default Content-Type headers and let the HTTP client define them
-          post_file_headers = headers.except('Content-Type') if headers != nil
-          # Actual call with the altered headers
-          call(:post, encode_uri(uri), timeout, post_file_headers, body)
-        elsif method == :post_form
-          form_post_headers = headers.except('Content-Type') if headers != nil
-          call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
-        else
-          call(method, encode_uri(uri), timeout, headers, body.to_json)
-        end
+        result = case method
+                 when :get
+                   @headers ||= {}
+                   get_headers = @headers.merge({ params: body }).merge(extra_headers)
+                   call(:get, encode_uri(uri), timeout, get_headers)
+                 when :delete
+                   @headers ||= {}
+                   delete_headers = @headers.merge({ params: body })
+                   call(:delete, encode_uri(uri), timeout, delete_headers)
+                 when :delete_with_body
+                   call(:delete, encode_uri(uri), timeout, headers, body.to_json)
+                 when :post_file
+                   body.merge!(multipart: true)
+                   # Ignore the default Content-Type headers and let the HTTP client define them
+                   post_file_headers = headers.except('Content-Type') unless headers.nil?
+                   # Actual call with the altered headers
+                   call(:post, encode_uri(uri), timeout, post_file_headers, body)
+                 when :post_form
+                   form_post_headers = headers.except('Content-Type') unless headers.nil?
+                   call(:post, encode_uri(uri), timeout, form_post_headers, body.compact)
+                 else
+                   call(method, encode_uri(uri), timeout, headers, body.to_json)
+                 end
 
         case result.code
         when 200...226 then safe_parse_json(result.body)
@@ -101,7 +106,8 @@ module Auth0
         when 401       then raise Auth0::Unauthorized.new(result.body, code: result.code, headers: result.headers)
         when 403       then raise Auth0::AccessDenied.new(result.body, code: result.code, headers: result.headers)
         when 404       then raise Auth0::NotFound.new(result.body, code: result.code, headers: result.headers)
-        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code, headers: result.headers)
+        when 429       then raise Auth0::RateLimitEncountered.new(result.body, code: result.code,
+                                                                               headers: result.headers)
         when 500       then raise Auth0::ServerError.new(result.body, code: result.code, headers: result.headers)
         else           raise Auth0::Unsupported.new(result.body, code: result.code, headers: result.headers)
         end
@@ -118,11 +124,19 @@ module Auth0
       rescue RestClient::Exception => e
         case e
         when RestClient::RequestTimeout
-          raise Auth0::RequestTimeout.new(e.message)
+          raise Auth0::RequestTimeout, e.message
         else
-          return e.response
+          e.response
         end
       end
+
+      private
+      
+      def safe_merge_body(body, extra = {})
+        return body unless body.is_a?(Hash)
+        merged = extra.any? ? body.merge(extra) : body
+        merged.compact
+      end
     end
   end
 end

data/lib/auth0/version.rb

@@ -1,4 +1,4 @@
 # current version of gem
 module Auth0
-  VERSION = '5.18.0'.freeze
+  VERSION = '5.18.1'.freeze
 end

data/spec/lib/auth0/mixins/httpproxy_spec.rb

@@ -272,6 +272,55 @@ describe Auth0::Mixins::HTTPProxy do
 
   %i(post post_form put patch).each do |http_method|
     context ".#{http_method}" do
+      context 'when body is an Array' do
+        let(:payload) { [{ permission_name: 'read:data', resource_server_identifier: 'https://api.example.com' }] }
+
+        if http_method == :post_form
+          it 'sends the array as-is without wrapping in a Hash' do
+            expect(RestClient::Request).to receive(:execute) do |args|
+              expect(args[:payload]).to be_an(Array)
+              expect(args[:payload]).to eq(payload)
+            end.and_return(StubResponse.new('[]', true, 200))
+
+            @instance.send(http_method, '/test', payload)
+          end
+        else
+          it 'sends the array as-is without wrapping in a Hash' do
+            expect(RestClient::Request).to receive(:execute) do |args|
+              parsed = JSON.parse(args[:payload], symbolize_names: true)
+              expect(parsed).to be_an(Array)
+              expect(parsed).to eq(payload)
+            end.and_return(StubResponse.new('[]', true, 200))
+
+            @instance.send(http_method, '/test', payload)
+          end
+        end
+      end
+
+      context 'when body is a Hash' do
+        let(:payload) { { permission_name: 'read:data', resource_server_identifier: 'https://api.example.com' } }
+
+        if http_method == :post_form
+          it 'sends the Hash without modification' do
+            expect(RestClient::Request).to receive(:execute) do |args|
+              expect(args[:payload]).to be_a(Hash)
+              expect(args[:payload]).to include(payload)
+            end.and_return(StubResponse.new('{}', true, 200))
+
+            @instance.send(http_method, '/test', payload)
+          end
+        else
+          it 'sends the Hash as JSON without modification' do
+            expect(RestClient::Request).to receive(:execute) do |args|
+              parsed = JSON.parse(args[:payload], symbolize_names: true)
+              expect(parsed).to be_a(Hash)
+              expect(parsed).to eq(payload)
+            end.and_return(StubResponse.new('{}', true, 200))
+
+            @instance.send(http_method, '/test', payload)
+          end
+        end
+      end
       it { expect(@instance).to respond_to(http_method.to_sym) }
       it "should call send http #{http_method} method to path defined through HTTP"do
         expect(RestClient::Request).to receive(:execute).with(expected_payload(http_method))
@@ -279,6 +328,19 @@ describe Auth0::Mixins::HTTPProxy do
         expect { @instance.send(http_method, '/test') }.not_to raise_error
       end
 
+      it "should handle array parameters for #{http_method} method" do
+        array_data = ['param1', 'param2']
+        if http_method == :post_form
+          expected_params = expected_payload(http_method, { payload: array_data })
+        else
+          expected_params = expected_payload(http_method, { payload: array_data.to_json })
+        end
+
+        expect(RestClient::Request).to receive(:execute).with(expected_params)
+          .and_return(StubResponse.new({}, true, 200))
+        expect { @instance.send(http_method, '/test', array_data) }.not_to raise_error
+      end
+
       it 'should not raise exception if data returned not in json format (should be fixed in v2)' do
         allow(RestClient::Request).to receive(:execute).with(expected_payload(http_method))
           .and_return(StubResponse.new('Some random text here', true, 200))
@@ -452,6 +514,7 @@ describe Auth0::Mixins::HTTPProxy do
         end
       end
     end
+
   end
 end
 

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: auth0
 version: !ruby/object:Gem::Version
-  version: 5.18.0
+  version: 5.18.1
 platform: ruby
 authors:
 - Auth0
 - Jose Romaniello
 - Ivan Petroe
 - Patrik Ragnarsson
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-03 00:00:00.000000000 Z
+date: 2026-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -140,19 +140,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '4.5'
 - !ruby/object:Gem::Dependency
-  name: dotenv-rails
+  name: dotenv
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -591,7 +591,7 @@ homepage: https://github.com/auth0/ruby-auth0
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -607,7 +607,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.4.19
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Auth0 API Client
 test_files: []