Bump @inrupt/solid-client-authn-browser from 3.1.1 to 4.0.0 in /e2e/browser/test-app by dependabot[bot] · Pull Request #2825 · inrupt/solid-client-js

dependabot · 2026-04-06T07:06:05Z

Bumps @inrupt/solid-client-authn-browser from 3.1.1 to 4.0.0.

Release notes

Sourced from @inrupt/solid-client-authn-browser's releases.

v4.0.0

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.

Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).

Changed SigninRequest and OidcClientSettings to type-only exports.

node

A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and Session.fromTokens to build the Session object.
// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});
The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client can store for refreshing a session.

Bugfix

core

Fix issue using the library with Bun by adding missing extractable flag to the DPoP keys so that they can be serialized on the appropriate events. Thanks to @NoelDeMartin for fixing this issue.

node

Sessions built from Session.fromTokens now have a correct expiration time triggering refresh in the fetch. Thanks to @NoelDeMartin for fixing this issue.

browser

... (truncated)

Changelog

Sourced from @inrupt/solid-client-authn-browser's changelog.

4.0.0 - 2026-03-30

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.

Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).

Changed SigninRequest and OidcClientSettings to type-only exports.

node

A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and Session.fromTokens to build the Session object.
// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});
The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client can store for refreshing a session.

Bugfix

core

Fix issue using the library with Bun by adding missing extractable flag to the DPoP keys so that they can be serialized on the appropriate events. Thanks to @NoelDeMartin for fixing this issue.

node

Sessions built from Session.fromTokens now have a correct expiration time triggering refresh in the fetch. Thanks to @NoelDeMartin for fixing this issue.

... (truncated)

Commits

0e92414 Release 4.0.0 (#4242)
cfc2316 Bump @rollup/plugin-commonjs from 29.0.0 to 29.0.2 (#4240)
5e3bbc6 Bump @nx/nx-win32-x64-msvc from 22.6.1 to 22.6.3 (#4241)
898efa8 Bump actions/deploy-pages from 4 to 5 (#4238)
4940574 Fix silent auth redirect with expired client credentials (#4237)
5df8792 Bump next from 16.1.7 to 16.2.1 (#4234)
79e7620 Bump typedoc from 0.28.17 to 0.28.18 (#4235)
3360d69 Bump handlebars from 4.7.8 to 4.7.9 (#4236)
7fdea74 Bump picomatch from 2.3.1 to 2.3.2 (#4231)
07e1470 Migrate to oidc-client-ts (#4230)
Additional commits viewable in compare view

Bumps [@inrupt/solid-client-authn-browser](https://github.com/inrupt/solid-client-authn-js) from 3.1.1 to 4.0.0. - [Release notes](https://github.com/inrupt/solid-client-authn-js/releases) - [Changelog](https://github.com/inrupt/solid-client-authn-js/blob/main/CHANGELOG.md) - [Commits](inrupt/solid-client-authn-js@v3.1.1...v4.0.0) --- updated-dependencies: - dependency-name: "@inrupt/solid-client-authn-browser" dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026

dependabot bot requested a review from a team as a code owner April 6, 2026 07:06

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026

dependabot bot temporarily deployed to ESS PodSpaces April 6, 2026 07:06 Inactive