Skip to content

Comments

chore(deps): update dependency openid_connect to v1#1328

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/openid_connect-1.x
Open

chore(deps): update dependency openid_connect to v1#1328
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/openid_connect-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 3, 2026

This PR contains the following updates:

Package Type Update Change
openid_connect (source) prod major ~> 0.2~> 1.0

Release Notes

DockYard/openid_connect (openid_connect)

v1.0.1

Compare Source

v1.0.0

Compare Source

Complete rewrite of the library by @​AndrewDryga

Added
  • Add end_session_uri/2 and fetch_userinfo/2
  • Adds OpenID claim validation
Removed
  • GenServer bottleneck
  • Atom requirement for provider name
  • Application config from the library
Changed
  • Rewrote tests to better cover production code
  • Use Finch/Mint as the HTTP client instead of HTTPoison

Please see the documentation for migrating from prior versions.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 3, 2026
@renovate
Copy link
Contributor Author

renovate bot commented Feb 3, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: mix.lock
Command failed: install-tool elixir v1.19.5

{:jason, "~> 1.2"},
{:openai, "~> 0.6.2"},
{:openid_connect, "~> 0.2"},
{:openid_connect, "~> 1.0"},

This comment was marked as outdated.

@coveralls
Copy link

coveralls commented Feb 3, 2026

Coverage Status

coverage: 88.776% (-0.4%) from 89.201%
when pulling 0de5fa7 on renovate/openid_connect-1.x
into ce7e5e0 on master.

@renovate renovate bot force-pushed the renovate/openid_connect-1.x branch 2 times, most recently from 5e13f29 to c2ce6c4 Compare February 14, 2026 06:21
@renovate renovate bot force-pushed the renovate/openid_connect-1.x branch from c2ce6c4 to 0de5fa7 Compare February 20, 2026 18:37
{:jason, "~> 1.2"},
{:openai, "~> 0.6.2"},
{:openid_connect, "~> 0.2"},
{:openid_connect, "~> 1.0"},
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The upgrade to openid_connect v1.0 requires the finch HTTP client, but finch is not added to the application's supervision tree, which will cause runtime errors.
Severity: CRITICAL

Suggested Fix

To fix this, first add finch as an explicit dependency in mix.exs. Then, add finch to the application's supervision tree in lib/cadet/application.ex. For example: children = [ {Finch, name: Cadet.Finch}, ... ].

Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: mix.exs#L79

Potential issue: The pull request upgrades the `openid_connect` dependency to v1.0. This
new version replaces its internal HTTP client with `finch`. The `finch` library requires
being explicitly started in the application's supervision tree to handle HTTP requests.
The current codebase does not add `finch` to the supervision tree in
`lib/cadet/application.ex`. As a result, when the application attempts OpenID
authentication by calling functions like `OpenIDConnect.fetch_tokens()`, these calls
will fail at runtime because the underlying `finch` process is not running. This will
break the OpenID login flow for all users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant