Bump @inrupt/solid-client-authn-node from 2.5.0 to 5.0.0

[dependabot]

Bumps @inrupt/solid-client-authn-node from 2.5.0 to 5.0.0.

Release notes

Sourced from @​inrupt/solid-client-authn-node's releases.

v5.0.0

What's Changed

Breaking change

• Deprecate Node 20 support

Full Changelog: inrupt/solid-client-authn-js@v4.0.0...v5.0.0

v4.0.0

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

• Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.
• Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).
• Changed SigninRequest and OidcClientSettings to type-only exports.

node

• A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and Session.fromTokens to build the Session object.

// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});

• The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client can store for refreshing a session.

Bugfix

core

... (truncated)

Changelog

Sourced from @​inrupt/solid-client-authn-node's changelog.

5.0.0 - 2026-06-03

Breaking changes

• Node 20 is no longer supported after it went end-of-life end of March 2026 (see https://nodejs.org/en/about/previous-releases).

4.0.0 - 2026-03-30

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

• Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.
• Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).
• Changed SigninRequest and OidcClientSettings to type-only exports.

node

• A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and Session.fromTokens to build the Session object.

// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});

• The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client can store for refreshing a session.

Bugfix

core

• Fix issue using the library with Bun by adding missing extractable flag to the DPoP keys so that they can be serialized on the

... (truncated)

Commits

• 183c7c2 Release 5.0.0 (#4286)
• 599c9d6 Bump @​rollup/plugin-commonjs from 29.0.2 to 29.0.3 (#4285)
• 81ee216 Add helmet for use with the e2e express server (#4283)
• 9cec1d2 Bump tmp from 0.2.5 to 0.2.7 (#4284)
• eeafe75 Bump the external-types group with 2 updates (#4280)
• 7a83d05 Bump @​nx/nx-win32-x64-msvc from 22.6.5 to 22.7.3 (#4281)
• 52b95fb Bump ts-jest from 29.4.9 to 29.4.11 (#4282)
• dbc2069 Bump qs from 6.14.2 to 6.15.2 (#4278)
• e7867e5 Bump SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0 (#4279)
• 52460ac Bump eslint-config-next from 16.2.1 to 16.2.6 (#4275)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​inrupt/solid-client-authn-node since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)