chore(deps): update dependency openid_connect to v1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
openid_connect (source)	prod	major	~> 0.2 → ~> 1.0

---

Release Notes

DockYard/openid_connect (openid_connect)

v1.0.1

Compare Source

v1.0.0

Compare Source

Complete rewrite of the library by @​AndrewDryga

Added

• Add end_session_uri/2 and fetch_userinfo/2
• Adds OpenID claim validation

Removed

• GenServer bottleneck
• Atom requirement for provider name
• Application config from the library

Changed

• Rewrote tests to better cover production code
• Use Finch/Mint as the HTTP client instead of HTTPoison

Please see the documentation for migrating from prior versions.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: mix.lock

Command failed: install-tool elixir v1.19.5

[coveralls]

coverage: 88.549% (-0.4%) from 88.926%
when pulling 2f74b69 on renovate/openid_connect-1.x
into fc99fa0 on master.

[sentry]

Bug: The upgrade to openid_connect v1.0 requires the finch HTTP client, but finch is not added to the application's supervision tree, which will cause runtime errors.
_{Severity: CRITICAL}

Suggested Fix

To fix this, first add finch as an explicit dependency in mix.exs. Then, add finch to the application's supervision tree in lib/cadet/application.ex. For example: children = [ {Finch, name: Cadet.Finch}, ... ].

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: mix.exs#L79

Potential issue: The pull request upgrades the `openid_connect` dependency to v1.0. This
new version replaces its internal HTTP client with `finch`. The `finch` library requires
being explicitly started in the application's supervision tree to handle HTTP requests.
The current codebase does not add `finch` to the supervision tree in
`lib/cadet/application.ex`. As a result, when the application attempts OpenID
authentication by calling functions like `OpenIDConnect.fetch_tokens()`, these calls
will fail at runtime because the underlying `finch` process is not running. This will
break the OpenID login flow for all users.

[sentry]

Bug: The openid_connect dependency is updated to v1.0, but the code still uses the old API (e.g., OpenIDConnect.Worker), which was removed, causing application and authentication failures.
_{Severity: CRITICAL}

Suggested Fix

Update the codebase to use the openid_connect v1.0 API. This requires removing the supervision code for the non-existent OpenIDConnect.Worker and updating the authentication provider logic to use the new function signatures and modules provided by the v1.0 library. The tests must also be updated to reflect these API changes.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: mix.exs#L79

Potential issue: The pull request updates the `openid_connect` dependency from `~> 0.2`
to `~> 1.0`, which is a major rewrite of the library. However, the application code has
not been updated to use the new API. The code in `lib/cadet/application.ex` attempts to
start `OpenIDConnect.Worker`, a module that was removed in v1.0. This will cause the
application to fail on startup if `openid_connect_providers` are configured.
Additionally, functions like `OpenIDConnect.fetch_tokens` and `OpenIDConnect.verify` are
called with signatures that are likely outdated for v1.0, which will lead to
authentication failures at runtime.