Merge branch 'main' into dependabot/npm_and_yarn/examples/users-api/multi-ceff1a497b

Author: arpit-jn

.github/actions/rl-scanner/action.yml

@@ -0,0 +1,71 @@
+name: 'Reversing Labs Scanner'
+description: 'Runs the Reversing Labs scanner on a specified artifact.'
+inputs:
+  artifact-path:
+    description: 'Path to the artifact to be scanned.'
+    required: true
+  version:
+    description: 'Version of the artifact.'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install Python dependencies
+      shell: bash
+      run: |
+        pip install boto3 requests
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        role-to-assume: ${{ env.PRODSEC_TOOLS_ARN }}
+        aws-region: us-east-1
+        mask-aws-account-id: true
+
+    - name: Install RL Wrapper
+      shell: bash
+      run: |
+        pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
+
+    - name: Run RL Scanner
+      shell: bash
+      env:
+        RLSECURE_LICENSE: ${{ env.RLSECURE_LICENSE }}
+        RLSECURE_SITE_KEY: ${{ env.RLSECURE_SITE_KEY }}
+        SIGNAL_HANDLER_TOKEN: ${{ env.SIGNAL_HANDLER_TOKEN }}
+        PYTHONUNBUFFERED: 1
+      run: |
+        if [ ! -f "${{ inputs.artifact-path }}" ]; then
+          echo "Artifact not found: ${{ inputs.artifact-path }}"
+          exit 1
+        fi
+
+        rl-wrapper \
+          --artifact "${{ inputs.artifact-path }}" \
+          --name "${{ github.event.repository.name }}" \
+          --version "${{ inputs.version }}" \
+          --repository "${{ github.repository }}" \
+          --commit "${{ github.sha }}" \
+          --build-env "github_actions" \
+          --suppress_output
+
+        # Check the outcome of the scanner
+        if [ $? -ne 0 ]; then
+          echo "RL Scanner failed."
+          echo "scan-status=failed" >> $GITHUB_ENV
+          exit 1
+        else
+          echo "RL Scanner passed."
+          echo "scan-status=success" >> $GITHUB_ENV
+        fi
+
+outputs:
+  scan-status:
+    description: 'The outcome of the scan process.'
+    value: ${{ env.scan-status }}

.github/workflows/browserstack.yml

@@ -3,7 +3,7 @@ name: Browserstack
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -22,15 +22,8 @@ env:
   NODE_VERSION: 18
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   browserstack:
-    needs: authorize # Require approval before running on forked pull requests
 
     name: BrowserStack Tests
     runs-on: ubuntu-latest

.github/workflows/integration.yml

@@ -3,7 +3,7 @@ name: Integration Tests
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -22,16 +22,7 @@ env:
   NODE_VERSION: 18
 
 jobs:
-
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   test-examples:
-    needs: authorize # Require approval before running on forked pull requests
     name: Run example tests
     runs-on: ubuntu-latest
 

.github/workflows/npm-release.yml

@@ -7,7 +7,7 @@ on:
         required: true
         type: string
       require-build:
-        default: true
+        default: "true"
         type: string
       release-directory:
         default: './'
@@ -32,17 +32,17 @@ jobs:
 
       # Get the version from the branch name
       - id: get_version
-        uses: ./get-version
+        uses: ./.github/actions/get-version
 
       # Get the prerelease flag from the branch name
       - id: get_prerelease
-        uses: ./get-prerelease
+        uses: ./.github/actions/get-prerelease
         with:
           version: ${{ steps.get_version.outputs.version }}
 
       # Get the release notes
       - id: get_release_notes
-        uses: ./get-release-notes
+        uses: ./.github/actions/get-release-notes
         with:
           token: ${{ secrets.github-token }}
           version: ${{ steps.get_version.outputs.version }}
@@ -51,7 +51,7 @@ jobs:
 
       # Check if the tag already exists
       - id: tag_exists
-        uses: ./tag-exists
+        uses: ./.github/actions/tag-exists
         with:
           tag: ${{ steps.get_version.outputs.version }}
           token: ${{ secrets.github-token }}
@@ -61,7 +61,7 @@ jobs:
         run: exit 1
 
       # Publish the release to our package manager
-      - uses: ./npm-publish
+      - uses: ./.github/actions/npm-publish
         with:
           node-version: ${{ inputs.node-version }}
           require-build: ${{ inputs.require-build }}
@@ -70,7 +70,7 @@ jobs:
           release-directory: ${{ inputs.release-directory }}
 
       # Create a release for the tag
-      - uses: ./release-create
+      - uses: ./.github/actions/release-create
         with:
           token: ${{ secrets.github-token }}
           name: ${{ steps.get_version.outputs.version }}

.github/workflows/release.yml

@@ -5,7 +5,6 @@ on:
     types:
       - closed
   workflow_dispatch:
-
 permissions:
   contents: write
   id-token: write # For publishing to npm using --provenance
@@ -15,11 +14,24 @@ permissions:
 ### TODO: Also remove `npm-release` workflow from this repo's .github/workflows folder once the repo is public.
 
 jobs:
+  rl-scanner:
+    uses: ./.github/workflows/rl-secure.yml
+    with:
+      node-version: 18
+      artifact-name: 'auth0-react.tgz'
+    secrets:
+      RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+      RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+      SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+      PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+      PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+      PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
   release:
     uses: ./.github/workflows/npm-release.yml
+    needs: rl-scanner
     with:
       node-version: 18
       require-build: true
     secrets:
       npm-token: ${{ secrets.NPM_TOKEN }}
-      github-token: ${{ secrets.GITHUB_TOKEN }}
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/rl-secure.yml

@@ -0,0 +1,67 @@
+name: RL-Secure Workflow
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        required: true
+        type: string
+      artifact-name:
+        required: true
+        type: string
+    secrets:
+      RLSECURE_LICENSE:
+        required: true
+      RLSECURE_SITE_KEY:
+        required: true
+      SIGNAL_HANDLER_TOKEN:
+        required: true
+      PRODSEC_TOOLS_USER:
+        required: true
+      PRODSEC_TOOLS_TOKEN:
+        required: true
+      PRODSEC_TOOLS_ARN:
+        required: true
+
+jobs:
+  rl-scanner:
+    name: Run Reversing Labs Scanner
+    if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
+    runs-on: ubuntu-latest
+    outputs:
+      scan-status: ${{ steps.rl-scan-conclusion.outcome }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build package
+        uses: ./.github/actions/build
+        with:
+          node: ${{ inputs.node-version }}
+
+      - name: Create tgz build artifact
+        run: |
+          tar -czvf ${{ inputs.artifact-name }} *
+
+      - id: get_version
+        uses: ./.github/actions/get-version
+
+      - name: Run RL Scanner
+        id: rl-scan-conclusion
+        uses: ./.github/actions/rl-scanner
+        with:
+          artifact-path: "$(pwd)/${{ inputs.artifact-name }}"
+          version: "${{ steps.get_version.outputs.version }}"
+        env:
+          RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
+          RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
+          SIGNAL_HANDLER_TOKEN: ${{ secrets.SIGNAL_HANDLER_TOKEN }}
+          PRODSEC_TOOLS_USER: ${{ secrets.PRODSEC_TOOLS_USER }}
+          PRODSEC_TOOLS_TOKEN: ${{ secrets.PRODSEC_TOOLS_TOKEN }}
+          PRODSEC_TOOLS_ARN: ${{ secrets.PRODSEC_TOOLS_ARN }}
+
+      - name: Output scan result
+        run: echo "scan-status=${{ steps.rl-scan-conclusion.outcome }}" >> $GITHUB_ENV

.github/workflows/semgrep.yml

@@ -2,7 +2,7 @@ name: Semgrep
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -21,16 +21,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   run:
-    needs: authorize # Require approval before running on forked pull requests
-
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
 

.github/workflows/snyk.yml

@@ -3,7 +3,7 @@ name: Snyk
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -22,15 +22,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   check:
-    needs: authorize
 
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest

.version

@@ -1 +1 @@
-v2.2.4
+v2.3.0

CHANGELOG.md

@@ -1,5 +1,40 @@
 # Change Log
 
+## [v2.3.0](https://github.com/auth0/auth0-react/tree/v2.3.0) (2025-01-21)
+[Full Changelog](https://github.com/auth0/auth0-react/compare/v2.2.4...v2.3.0)
+
+**Added**
+- Release v2.3.0 [\#825](https://github.com/auth0/auth0-react/pull/825) ([tusharpandey13](https://github.com/tusharpandey13))
+- Feature/react19 [\#824](https://github.com/auth0/auth0-react/pull/824) ([tusharpandey13](https://github.com/tusharpandey13))
+- Add  ReversingLabs Workflow (Don't Merge) [\#782](https://github.com/auth0/auth0-react/pull/782) ([developerkunal](https://github.com/developerkunal))
+
+**Changed**
+- ci: changed pull_request_target to pull_request and removed the authorize step [\#796](https://github.com/auth0/auth0-react/pull/796) ([desusai7](https://github.com/desusai7))
+- Bump @testing-library/react from 14.1.2 to 14.3.1 [\#757](https://github.com/auth0/auth0-react/pull/757) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ts-jest from 29.1.1 to 29.1.5 [\#766](https://github.com/auth0/auth0-react/pull/766) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump cypress from 13.6.1 to 13.12.0 [\#770](https://github.com/auth0/auth0-react/pull/770) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump @types/jest from 29.5.11 to 29.5.12 [\#750](https://github.com/auth0/auth0-react/pull/750) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump @types/react from 18.2.45 to 18.2.64 [\#747](https://github.com/auth0/auth0-react/pull/747) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump browserstack-cypress-cli from 1.28.0 to 1.28.1 [\#715](https://github.com/auth0/auth0-react/pull/715) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+**Fixed**
+- fix npm release workflow [\#826](https://github.com/auth0/auth0-react/pull/826) ([tusharpandey13](https://github.com/tusharpandey13))
+- Update codeowner file with new GitHub team name [\#790](https://github.com/auth0/auth0-react/pull/790) ([stevenwong-okta](https://github.com/stevenwong-okta))
+- Workaround for failing "integration test (CRA)" [\#769](https://github.com/auth0/auth0-react/pull/769) ([nandan-bhat](https://github.com/nandan-bhat))
+
+**Removed**
+- Revert "Release v2.3.0" [\#827](https://github.com/auth0/auth0-react/pull/827) ([tusharpandey13](https://github.com/tusharpandey13))
+
+**Security**
+- Bump pretty-quick from 3.1.3 to 3.3.1 [\#736](https://github.com/auth0/auth0-react/pull/736) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump next from 13.5.6 to 14.1.1 in /examples/nextjs-app [\#761](https://github.com/auth0/auth0-react/pull/761) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump jose from 4.11.0 to 4.15.5 in /examples/users-api [\#749](https://github.com/auth0/auth0-react/pull/749) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump express from 4.18.2 to 4.19.2 in /examples/users-api [\#754](https://github.com/auth0/auth0-react/pull/754) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump follow-redirects from 1.15.3 to 1.15.6 [\#752](https://github.com/auth0/auth0-react/pull/752) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump ws from 7.5.9 to 7.5.10 [\#768](https://github.com/auth0/auth0-react/pull/768) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump braces from 3.0.2 to 3.0.3 [\#773](https://github.com/auth0/auth0-react/pull/773) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump oidc-provider from 8.4.3 to 8.4.5 [\#720](https://github.com/auth0/auth0-react/pull/720) ([dependabot[bot]](https://github.com/apps/dependabot))
+
 ## [v2.2.4](https://github.com/auth0/auth0-react/tree/v2.2.4) (2023-12-11)
 [Full Changelog](https://github.com/auth0/auth0-react/compare/v2.2.3...v2.2.4)