@glrs-dev/assume 0.12.0 → 0.12.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/package.json +5 -5
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
# @glrs-dev/assume
|
|
2
2
|
|
|
3
|
+
## 0.12.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#290](https://github.com/iceglober/glrs/pull/290) [`3e80b03`](https://github.com/iceglober/glrs/commit/3e80b034d092843d416cc1ee7797187bb06f4892) Thanks [@iceglober](https://github.com/iceglober)! - Only export a provider's ambient env when glrs has a default for it.
|
|
8
|
+
|
|
9
|
+
shell-init exported `GCE_METADATA_HOST` (and the AWS container vars) for every registered provider unconditionally — so even with GCP logged out, every shell routed all GCP credential resolution through glrs's daemon, shadowing gcloud's own ADC. Under an org that enforces reauth, glrs can't refresh GCP at all (it does raw refresh grants with no reauth flow), so this left GCP wedged with no fallback. Now each provider's ambient vars are emitted only when `gsa` actually has a default for it; `gsa logout gcp` (which clears the default) hands GCP credential resolution back to gcloud, which does handle reauth.
|
|
10
|
+
|
|
11
|
+
## 0.12.1
|
|
12
|
+
|
|
13
|
+
### Patch Changes
|
|
14
|
+
|
|
15
|
+
- [#288](https://github.com/iceglober/glrs/pull/288) [`3050092`](https://github.com/iceglober/glrs/commit/30500922b3d5aa6108fd13a667a3fee3adad5e3f) Thanks [@iceglober](https://github.com/iceglober)! - Surface a needs-relogin provider even when its refresh token hasn't timestamp-expired.
|
|
16
|
+
|
|
17
|
+
GCP stamps its refresh token with a 10-year expiry, so when Google rejects a background refresh — e.g. an org reauth challenge (`invalid_grant` / `invalid_rapt`) — the dead-session banner stayed silent and the raw token-endpoint JSON leaked through. The daemon now writes a per-provider `needs-login` marker whenever a refresh is genuinely rejected; the banner fires on that marker (not only on the timestamp), and any successful token store clears it. The hint wording now covers both AWS SSO expiry and GCP reauth: "session needs re-authentication — run: gsa login <provider>".
|
|
18
|
+
|
|
3
19
|
## 0.12.0
|
|
4
20
|
|
|
5
21
|
### Minor Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@glrs-dev/assume",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.2",
|
|
4
4
|
"publishConfig": {
|
|
5
5
|
"access": "public"
|
|
6
6
|
},
|
|
@@ -51,9 +51,9 @@
|
|
|
51
51
|
"typescript": "^5"
|
|
52
52
|
},
|
|
53
53
|
"optionalDependencies": {
|
|
54
|
-
"@glrs-dev/assume-darwin-arm64": "0.12.
|
|
55
|
-
"@glrs-dev/assume-darwin-x64": "0.12.
|
|
56
|
-
"@glrs-dev/assume-linux-x64": "0.12.
|
|
57
|
-
"@glrs-dev/assume-linux-arm64": "0.12.
|
|
54
|
+
"@glrs-dev/assume-darwin-arm64": "0.12.2",
|
|
55
|
+
"@glrs-dev/assume-darwin-x64": "0.12.2",
|
|
56
|
+
"@glrs-dev/assume-linux-x64": "0.12.2",
|
|
57
|
+
"@glrs-dev/assume-linux-arm64": "0.12.2"
|
|
58
58
|
}
|
|
59
59
|
}
|