diff --git a/go.mod b/go.mod index 81cbda3ef..770627e28 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( github.com/justinas/alice v1.2.0 github.com/leonelquinteros/gotext v1.5.3-0.20230317130943-71a59c05b2c1 github.com/libregraph/idm v0.4.1-0.20231213140724-56a222fb4215 - github.com/libregraph/lico v0.61.1 + github.com/libregraph/lico v0.61.2 github.com/mitchellh/mapstructure v1.5.0 github.com/mna/pigeon v1.2.1 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 diff --git a/go.sum b/go.sum index 4e24f6a4c..12c6daa1b 100644 --- a/go.sum +++ b/go.sum @@ -1623,8 +1623,8 @@ github.com/leonelquinteros/gotext v1.5.3-0.20230317130943-71a59c05b2c1 h1:k56sFO github.com/leonelquinteros/gotext v1.5.3-0.20230317130943-71a59c05b2c1/go.mod h1:AT4NpQrOmyj1L/+hLja6aR0lk81yYYL4ePnj2kp7d6M= github.com/libregraph/idm v0.4.1-0.20231213140724-56a222fb4215 h1:Yw/I6l/0S/zDq2Hnibvwy8cVLpMaBwDe0aUSv/FNU6U= github.com/libregraph/idm v0.4.1-0.20231213140724-56a222fb4215/go.mod h1:h/B7mB5OqrsrobydErMGewHxonYDKjGOaJsFabXyRo8= -github.com/libregraph/lico v0.61.1 h1:md5z939Fq3pUuRWNA0M2y8F7xel+XWgp9vCXwMih8mQ= -github.com/libregraph/lico v0.61.1/go.mod h1:pnRet4pexWmy6rAB2fLAlEU885ShDIJhbjbuekDSlMU= +github.com/libregraph/lico v0.61.2 h1:sU8eQ2E9Uq5wnTkD33YX5+gRj59MkPLgDVoB72L1q8w= +github.com/libregraph/lico v0.61.2/go.mod h1:TgZGBAYzVRQSRdBC8PgGQKjYhtXuTr6UCM3ZZyGTleQ= github.com/libregraph/oidc-go v1.0.0 h1:l2tE/EwLyLXVy0B5BuVKgIFX9pNpz/5J3x5IBw0KEhc= github.com/libregraph/oidc-go v1.0.0/go.mod h1:7TRHrY/H1Vg6JqFjV0oAe1+kN+mGFBqXYvclSyvhRyc= github.com/linode/linodego v0.25.3/go.mod h1:GSBKPpjoQfxEfryoCRcgkuUOCuVtGHWhzI8OMdycNTE= diff --git a/vendor/github.com/libregraph/lico/CHANGELOG.md b/vendor/github.com/libregraph/lico/CHANGELOG.md index f789281e7..ba0848f1a 100644 --- a/vendor/github.com/libregraph/lico/CHANGELOG.md +++ b/vendor/github.com/libregraph/lico/CHANGELOG.md @@ -4,6 +4,14 @@ +## v0.61.2 (2024-02-19) + +- Limit oidc check session iframe postMessage hook scope +- Bump vite from 4.5.0 to 4.5.2 in /identifier +- Bump follow-redirects from 1.14.8 to 1.15.4 in /identifier +- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 + + ## v0.61.1 (2023-11-22) - Fix branding settings cache usage diff --git a/vendor/github.com/libregraph/lico/identifier/package.json b/vendor/github.com/libregraph/lico/identifier/package.json index ff868e749..8ad257719 100644 --- a/vendor/github.com/libregraph/lico/identifier/package.json +++ b/vendor/github.com/libregraph/lico/identifier/package.json @@ -61,7 +61,7 @@ "jsdom": "^22.1.0", "source-map-explorer": "^1.8.0", "typescript": "^5.2.2", - "vite": "^4.5.0", + "vite": "^4.5.2", "vite-plugin-checker": "^0.6.2", "vite-plugin-eslint": "^1.8.1", "vitest": "^0.34.6" diff --git a/vendor/github.com/libregraph/lico/oidc/provider/html.go b/vendor/github.com/libregraph/lico/oidc/provider/html.go index 56a2d2298..a65441ef3 100644 --- a/vendor/github.com/libregraph/lico/oidc/provider/html.go +++ b/vendor/github.com/libregraph/lico/oidc/provider/html.go @@ -188,7 +188,7 @@ c.u(b.B());c.u(n.substr(0,64-(d.f[1]+8&63)));c.c(d.f[0]<<3|d.f[0]>>>28);c.c(d.f[ window.addEventListener('message', function(event) { // Only do something when receiving a message from our parent or // from another window which shares our parent. - if (window.parent === event.source || window.parent === event.source.parent) { + if (window.parent === event.source || (window !== event.source && window.parent === event.source.parent)) { var response = receiveMessage(event.origin, event.data); event.source.postMessage(response, event.origin); } diff --git a/vendor/modules.txt b/vendor/modules.txt index 0de7198da..1de4b9684 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1269,7 +1269,7 @@ github.com/libregraph/idm/server github.com/libregraph/idm/server/handler github.com/libregraph/idm/server/handler/boltdb github.com/libregraph/idm/server/handler/ldif -# github.com/libregraph/lico v0.61.1 +# github.com/libregraph/lico v0.61.2 ## explicit; go 1.18 github.com/libregraph/lico github.com/libregraph/lico/bootstrap