Bump doorkeeper from 5.0.2 to 5.1.0 in /WcaOnRails

[dependabot-preview]

Bumps doorkeeper from 5.0.2 to 5.1.0.

Release notes

Sourced from doorkeeper's releases.

v5.1.0

See Upgrade guides for migration to a new version.

• [Fix every spec in the registrations mailer #1243]: Add nil check operator in token checking at token introspection.
• [Update zh-TW translation. #1241] Explaining foreign key options for resource owner in a single place
• [Events associations attribute name i18n. #1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
• [Fix registrations mailer test #1234] Fix StaleRecordsCleaner to properly work with big amount of records.
• [Update ru translation. #1228] Allow to explicitly set non-expiring tokens in custom_access_token_expires_in configuration
  option using Float::INIFINITY return value.
• [Update pl translation. #1224] Do not try to store token if not found by fallback hashing strategy.
• [Add a "change your mailer language" footer to all our emails #1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
• [Don't allow BOM markers. #1220] Drop Rails 4.2 & Ruby < 2.4 support.

v5.1.0.rc2

• [Enable mysql slow query log #1208] Unify hashing implementation into secret storing strategies

  [IMPORTANT]: If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
  use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt.

• [Do not assume that we know what day people plan on attending a competition. #1216] Add nil check to expires_at method.

• [Include user WCA ID in thewca-bot PR description #1215] Fix deprecates for Rails 6.

• [Update hu translation. #1214] Scopes field accepts array.

• [Include user name in thewca-bot PR description #1209] Fix tokens validation for Token Introspection request.

• [Update nl translation. #1202] Use correct HTTP status codes for error responses.

  [IMPORTANT]: this change might break your application if you were relying on the previous
  401 status codes, this is now a 400 by default, or a 401 for invalid_client and invalid_token errors.

• [Remove key that users never actually end up seeing. #1201] Fix custom TTL block client parameter to always be an Doorkeeper::Application instance.

  [IMPORTANT]: those who defined custom_access_token_expires_in configuration option need to check
  their block implementation: if you are using oauth_client.application to get Doorkeeper::Application
  instance, then you need to replace it with just oauth_client.

• [Prevent from committing \r characters #1200] Increase default Doorkeeper access token value complexity (urlsafe_base64 instead of just hex)
  matching RFC6749/RFC6750.

  [IMPORTANT]: this change have possible side-effects in case you have custom database constraints for
  access token value, application secrets, refresh tokens or you patched Doorkeeper models and introduced
  token value validations, or you are using database with case-insensitive WHERE clause like MySQL
  (you can face some collisions). Before this change access token value matched [a-f0-9] regex, and now
  it matches [a-zA-Z0-9\-_]. In case you have such restrictions and your don't use custom token generator
  please change configuration option default_generator_method to :hex.

• [Update it locale #1195] Allow to customize Token Introspection response (fixes #1194).

• [Add Chinese (traditional) translation #1189] Option to set token_reuse_limit.

• [Update pl translation. #1191] Try to load bcrypt for hashing of application secrets, but add fallback.

v5.1.0.rc1

... (truncated)

Changelog

Sourced from doorkeeper's changelog.

5.1.0

• [Fix every spec in the registrations mailer #1243]: Add nil check operator in token checking at token introspection.
• [Update zh-TW translation. #1241] Explaining foreign key options for resource owner in a single place
• [Events associations attribute name i18n. #1237] Allow to set blank redirect URI if Doorkeeper configured to use redirect URI-less grant flows.
• [Fix registrations mailer test #1234] Fix StaleRecordsCleaner to properly work with big amount of records.
• [Update ru translation. #1228] Allow to explicitly set non-expiring tokens in custom_access_token_expires_in configuration
  option using Float::INIFINITY return value.
• [Update pl translation. #1224] Do not try to store token if not found by fallback hashing strategy.
• [Add a "change your mailer language" footer to all our emails #1223] Update Hound/Rubocop rules, correct Doorkeeper codebase to follow style-guides.
• [Don't allow BOM markers. #1220] Drop Rails 4.2 & Ruby < 2.4 support.

5.1.0.rc2

• [Enable mysql slow query log #1208] Unify hashing implementation into secret storing strategies

  [IMPORTANT]: If you have been using the master branch of doorkeeper with bcrypt in your Gemfile.lock,
  your application secrets have been hashed using BCrypt. To restore this behavior, use the initializer option
  use_application_hashing using: 'Doorkeeper::SecretStoring::BCrypt.

• [Do not assume that we know what day people plan on attending a competition. #1216] Add nil check to expires_at method.

• [Include user WCA ID in thewca-bot PR description #1215] Fix deprecates for Rails 6.

• [Update hu translation. #1214] Scopes field accepts array.

• [Include user name in thewca-bot PR description #1209] Fix tokens validation for Token Introspection request.

• [Update nl translation. #1202] Use correct HTTP status codes for error responses.

  [IMPORTANT]: this change might break your application if you were relying on the previous
  401 status codes, this is now a 400 by default, or a 401 for invalid_client and invalid_token errors.

• [Remove key that users never actually end up seeing. #1201] Fix custom TTL block client parameter to always be an Doorkeeper::Application instance.

  [IMPORTANT]: those who defined custom_access_token_expires_in configuration option need to check
  their block implementation: if you are using oauth_client.application to get Doorkeeper::Application
  instance, then you need to replace it with just oauth_client.

• [Prevent from committing \r characters #1200] Increase default Doorkeeper access token value complexity (urlsafe_base64 instead of just hex)
  matching RFC6749/RFC6750.

  [IMPORTANT]: this change have possible side-effects in case you have custom database constraints for
  access token value, application secrets, refresh tokens or you patched Doorkeeper models and introduced
  token value validations, or you are using database with case-insensitive WHERE clause like MySQL
  (you can face some collisions). Before this change access token value matched [a-f0-9] regex, and now
  it matches [a-zA-Z0-9\-_]. In case you have such restrictions and your don't use custom token generator
  please change configuration option default_generator_method to :hex.

• [Update it locale #1195] Allow to customize Token Introspection response (fixes #1194).

• [Add Chinese (traditional) translation #1189] Option to set token_reuse_limit.

• [Update pl translation. #1191] Try to load bcrypt for hashing of application secrets, but add fallback.

5.1.0.rc1

... (truncated)

Commits

• 2dac191 Release 5.1.0
• 07a3e17 Merge pull request #1243 from linhdangduy/add_nil_check_operator
• c91cef6 add nil check operator in token checking at token introspection
• 9bb03f8 Merge pull request #1241 from doorkeeper-gem/migration-updates
• 67df12c Explaining foreign key options for resource owner in a single place
• a69027c Fix for blank redirect URI check in admin panel
• 48830f7 Merge pull request #1239 from jasl/patch-2
• 3b35c32 [ci skip] Fix README.md
• 666d473 Improve blank redirect URI validation and config
• 119386a Merge pull request #1237 from doorkeeper-gem/optional_redirect_uri
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.