chore(deps): update dependency openid_connect to v1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
openid_connect (source)	prod	major	~> 0.2 → ~> 1.0

---

Release Notes

DockYard/openid_connect (openid_connect)

v1.0.1

Compare Source

v1.0.0

Compare Source

Complete rewrite of the library by @​AndrewDryga

Added

• Add end_session_uri/2 and fetch_userinfo/2
• Adds OpenID claim validation

Removed

• GenServer bottleneck
• Atom requirement for provider name
• Application config from the library

Changed

• Rewrote tests to better cover production code
• Use Finch/Mint as the HTTP client instead of HTTPoison

Please see the documentation for migrating from prior versions.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: mix.lock

Command failed: install-tool elixir v1.19.5

[coveralls]

coverage: 88.776% (-0.4%) from 89.201%
when pulling 0de5fa7 on renovate/openid_connect-1.x
into ce7e5e0 on master.

[sentry]

Bug: The upgrade to openid_connect v1.0 requires the finch HTTP client, but finch is not added to the application's supervision tree, which will cause runtime errors.
_{Severity: CRITICAL}

Suggested Fix

To fix this, first add finch as an explicit dependency in mix.exs. Then, add finch to the application's supervision tree in lib/cadet/application.ex. For example: children = [ {Finch, name: Cadet.Finch}, ... ].

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: mix.exs#L79

Potential issue: The pull request upgrades the `openid_connect` dependency to v1.0. This
new version replaces its internal HTTP client with `finch`. The `finch` library requires
being explicitly started in the application's supervision tree to handle HTTP requests.
The current codebase does not add `finch` to the supervision tree in
`lib/cadet/application.ex`. As a result, when the application attempts OpenID
authentication by calling functions like `OpenIDConnect.fetch_tokens()`, these calls
will fail at runtime because the underlying `finch` process is not running. This will
break the OpenID login flow for all users.