vendor: golang.org/x/oauth2 v0.29.0

notable changes - fixes CVE-2025-22868 - oauth2.go: use a more straightforward return value - oauth2: Deep copy context client in NewClient - jws: improve fix for CVE-2025-22868 full diff: https://github.com/golang/oauth2/compare/v0.23.0...v0.29.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2025-07-23 03:38:03 +08:00 · 2025-04-22 12:26:36 +02:00
parent 9730a20f6b
commit 67ccbd06f6
7 changed files with 20 additions and 21 deletions
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -56,7 +56,7 @@ type Config struct {
 	// the OAuth flow, after the resource owner's URLs.
 	RedirectURL string

-	// Scope specifies optional requested permissions.
+	// Scopes specifies optional requested permissions.
 	Scopes []string

 	// authStyleCache caches which auth style to use when Endpoint.AuthStyle is
@@ -288,7 +288,7 @@ func (tf *tokenRefresher) Token() (*Token, error) {
 	if tf.refreshToken != tk.RefreshToken {
 		tf.refreshToken = tk.RefreshToken
 	}
-	return tk, err
+	return tk, nil
 }

 // reuseTokenSource is a TokenSource that holds a single token in memory
@@ -356,11 +356,15 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {
 	if src == nil {
 		return internal.ContextClient(ctx)
 	}
+	cc := internal.ContextClient(ctx)
 	return &http.Client{
 		Transport: &Transport{
-			Base:   internal.ContextClient(ctx).Transport,
+			Base:   cc.Transport,
 			Source: ReuseTokenSource(nil, src),
 		},
+		CheckRedirect: cc.CheckRedirect,
+		Jar:           cc.Jar,
+		Timeout:       cc.Timeout,
 	}
 }