Update ghcr.io/steveiliop56/tinyauth Docker tag to v5.0.4 - autoclosed #224

renovate-bot · 2026-03-15T08:02:34+05:30

renovate-bot commented

2026-03-15 08:02:34 +05:30

This PR contains the following updates:

Package	Update	Change
ghcr.io/steveiliop56/tinyauth	patch	`v5.0.1` → `v5.0.4`

Release Notes

steveiliop56/tinyauth (ghcr.io/steveiliop56/tinyauth)

`v5.0.4`

Compare Source

Tinyauth v5.0.4

Last patch I promise...or not

This release addresses issue #706 regarding the X-Forwarded-URI header.

Improvements

Support for X-Original-URI header

Fixes

X-Forwarded-URI should not be required

Technical

Update dependencies

Please let me know of any issues so as I can fix them as soon as possible.

`v5.0.3`

Compare Source

Tinyauth v5.0.3

[!WARNING]
This release contains security fixes, please update as soon as possible.

This release addresses GHSA-xg2q-62g2-cvcm and GHSA-3q28-qjrv-qr39 discovered by @e1024x.

Fixes

Don't continue authentication on empty X-Forwarded-* headers.
Ensure user is logged in and not in the 2FA flow in the authorize endpoint
Ensure client ID matches the code entry before issuing a token

Technical

Update dependencies
Update translations

Please let me know of any issues so as I can fix them as soon as possible.

`v5.0.2`

Compare Source

Tinyauth v5.0.2

Another small patch addressing issues with the healthcheck command and OIDC key management.

Improvements

Support for PKIX public keys @DarkDare

Fixes

Add kid to ID token JWT header
Make state a non-required field in the authorize request
Accept port and address individually in the healthcheck command @luizfelipefb

Technical

Bump dependencies

New Contributors

@luizfelipefb made their first contribution in #698

Please let me know of any issues so as I can fix them as soon as possible.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/steveiliop56/tinyauth](https://github.com/steveiliop56/tinyauth) | patch | `v5.0.1` → `v5.0.4` | --- ### Release Notes <details> <summary>steveiliop56/tinyauth (ghcr.io/steveiliop56/tinyauth)</summary> ### [`v5.0.4`](https://github.com/steveiliop56/tinyauth/releases/tag/v5.0.4) [Compare Source](https://github.com/steveiliop56/tinyauth/compare/v5.0.3...v5.0.4) ### Tinyauth v5.0.4 *Last patch I promise...or not* This release addresses issue [#706](https://github.com/steveiliop56/tinyauth/issues/706) regarding the `X-Forwarded-URI` header. #### Improvements - Support for `X-Original-URI` header #### Fixes - `X-Forwarded-URI` should not be required #### Technical - Update dependencies Please let me know of any issues so as I can fix them as soon as possible. ### [`v5.0.3`](https://github.com/steveiliop56/tinyauth/releases/tag/v5.0.3) [Compare Source](https://github.com/steveiliop56/tinyauth/compare/v5.0.2...v5.0.3) ### Tinyauth v5.0.3 > \[!WARNING] > This release contains security fixes, please update as soon as possible. This release addresses [GHSA-xg2q-62g2-cvcm](https://github.com/steveiliop56/tinyauth/security/advisories/GHSA-xg2q-62g2-cvcm) and [GHSA-3q28-qjrv-qr39](https://github.com/steveiliop56/tinyauth/security/advisories/GHSA-3q28-qjrv-qr39) discovered by [@e1024x](https://github.com/e1024x). #### Fixes - Don't continue authentication on empty `X-Forwarded-*` headers. - Ensure user is logged in and not in the 2FA flow in the authorize endpoint - Ensure client ID matches the code entry before issuing a token #### Technical - Update dependencies - Update translations Please let me know of any issues so as I can fix them as soon as possible. ### [`v5.0.2`](https://github.com/steveiliop56/tinyauth/releases/tag/v5.0.2) [Compare Source](https://github.com/steveiliop56/tinyauth/compare/v5.0.1...v5.0.2) ### Tinyauth v5.0.2 Another small patch addressing issues with the `healthcheck` command and OIDC key management. #### Improvements - Support for PKIX public keys [@DarkDare](https://github.com/DarkDare) #### Fixes - Add `kid` to ID token JWT header - Make state a non-required field in the authorize request - Accept port and address individually in the `healthcheck` command [@luizfelipefb](https://github.com/luizfelipefb) #### Technical - Bump dependencies #### New Contributors - [@luizfelipefb](https://github.com/luizfelipefb) made their first contribution in [#698](https://github.com/steveiliop56/tinyauth/pull/698) Please let me know of any issues so as I can fix them as soon as possible. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit 2026-03-15 08:02:34 +05:30

Update ghcr.io/steveiliop56/tinyauth Docker tag to v5.0.4 5baf390805

renovate-bot changed title from ~~Update ghcr.io/steveiliop56/tinyauth Docker tag to v5.0.4~~ to Update ghcr.io/steveiliop56/tinyauth Docker tag to v5.0.4 - autoclosed

2026-03-20 18:18:45 +05:30

renovate-bot closed this pull request

2026-03-20 18:18:45 +05:30

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: ryuupendragon/docker-compose#224