Bump yiisoft/yii2-authclient from 2.2.11 to 2.2.15

[dependabot]

Bumps yiisoft/yii2-authclient from 2.2.11 to 2.2.15.

Changelog

Sourced from yiisoft/yii2-authclient's changelog.

2.2.15 December 16, 2023

• Enh GHSA-w8vh-p74j-x9xp: Improved security for OAuth1, OAuth2 and OpenID Connect clients by using timing attack safe string comparsion (rhertogh)
• Enh GHSA-rw54-6826-c8j5: Improved security for OAuth2 client by requiring an authCodeVerifier if PKCE is enabled and clearing it after usage (rhertogh)
• Bug #364: Use issuer claim from OpenID Configuration (radwouters)
• Enh #367: Throw more specific ClientErrorResponseException when the response code in BaseOAuth::sendRequest() is a 4xx (rhertogh)

2.2.14 November 18, 2022

• Bug #351: Unable to set TokenParamKey in OAuth2 config, gets hard overwritten in OAuth2::createToken() (DSTester)

2.2.13 September 04, 2022

• Bug #354: Fix PHP 8.1 deprecated message in BaseOAuth stripos(): Passing null to parameter [#1](https://github.com/yiisoft/yii2-authclient/issues/1) ($haystack) of type string is deprecated (marty-macfly)

2.2.12 December 03, 2021

• Bug #330: OpenID Connect client now defaults to 'client_secret_basic' in case token_endpoint_auth_methods_supported isn't specified (rhertogh)
• Bug #331: OpenID Connect aud claim can either be a string or a list of strings (azmeuk)
• Bug #332: OpenID Connect aud nonce is passed from the authentication request to the token request (azmeuk)
• Bug #339: OpenID Connect client now regenerates a new nonce when refreshing the access token (rhertogh)
• Bug #344: Fix Facebook OAuth 400 error when latin characters are used in App name (pawelkania)
• Enh #279: Add AuthAction::$defaultClientId and AuthAction::getClientId() (ditibal)
• Enh #341: OpenID Connect client now uses access token 'id_token' claim for getUserAttributes() if userinfo_endpoint is not available (rhertogh)
• Enh #342: OpenID Connect client support for JWT in userinfo_endpoint response (rhertogh)

Commits

• a11cbb0 release version 2.2.15
• dabddf2 Merge pull request from GHSA-w8vh-p74j-x9xp
• 721ed97 Merge pull request from GHSA-rw54-6826-c8j5
• 0d1c388 Merge pull request #377 from Arhell/fix
• ccec9d7 fix CONTRIBUTING.md link
• a1d77a9 Merge pull request #376 from Arhell/root
• a96d8d5 update root folder links
• e12ef1f Merge pull request #374 from Arhell/src
• 4e2c14c update src folder links
• 9816aed Merge pull request #372 from Arhell/docs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[ghost]

👇 Click on the image for a new way to code review

Legend