Bump openid-client from 5.6.5 to 6.8.4 in /Framework

[dependabot]

Bumps openid-client from 5.6.5 to 6.8.4.

Release notes

Sourced from openid-client's releases.

v6.8.4

Fixes

• apply optional non-repudiation on generic grant ID Tokens (6202888)
• filter jwe decryption keys by algorithm (34e2ffd)
• preserve poll abort signals on requests (96a2d17)
• retry dpop nonce errors for generic grants (498c4d9)

v6.8.3

Documentation

• note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

• passport: delete one-time state on callback (1e7dd2e)

v6.8.2

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

v6.8.1

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

... (truncated)

Changelog

Sourced from openid-client's changelog.

6.8.4 (2026-04-27)

Fixes

• apply optional non-repudiation on generic grant ID Tokens (6202888)
• filter jwe decryption keys by algorithm (34e2ffd)
• preserve poll abort signals on requests (96a2d17)
• retry dpop nonce errors for generic grants (498c4d9)

6.8.3 (2026-04-13)

Documentation

• note a workaround for redirect_uri with query string or bare origin (e9689de), closes #868

Fixes

• passport: delete one-time state on callback (1e7dd2e)

6.8.2 (2026-02-07)

Fixes

• use duplex: half for fetchProtectedResource with ReadableStream body input (f6f84e2)

6.8.1 (2025-09-27)

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

... (truncated)

Commits

• c645695 chore(release): 6.8.4
• ee60464 chore: update CHANGELOG.md header
• 96a2d17 fix: preserve poll abort signals on requests
• 34e2ffd fix: filter jwe decryption keys by algorithm
• 6202888 fix: apply optional non-repudiation on generic grant ID Tokens
• 498c4d9 fix: retry dpop nonce errors for generic grants
• 35042cf chore: cleanup after release
• 66e4082 chore(release): 6.8.3
• fa292f2 test: fix typings build issues
• 0600c91 test: deflake pollBackchannelAuthenticationGrant
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openid-client since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)