Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade jwks-rsa from 1.3.0 to 1.7.0 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 7, 2020

Snyk has created this PR to upgrade jwks-rsa from 1.3.0 to 1.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2020-02-18.

The recommended version fixes:

Severity Issue Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-450202
Proof of Concept
Release notes
Package name: jwks-rsa
  • 1.7.0 - 2020-02-18

    Release 1.7.0

  • 1.6.2 - 2020-01-21

    [1.6.2] - (2020-01-21)

    This patch release includes an alias for accessing the public key of a given JSON Web Key (JWK). This is in response to an unintended breaking change that was introduced as part of the last Typescript definitions change, included in the release with version 1.6.0.

    Now, no matter what the public key algorithm is, you can obtain it like this:

    client.getSigningKey(kid, (err, jwk) => {
      const publicKey = jwk.getPublicKey();
    });

    Fixed

  • 1.6.1 - 2020-01-13

    Changed

  • 1.6.0 - 2019-07-10

    Added

  • 1.5.1 - 2019-05-21

    Changed

    • Now includes the jsonwebtoken as a runtime dependency not dev to avoid breaks with 1.5.0 installs
    • Various dependencies in both the library and samples updated
  • 1.5.0 - 2019-05-09

    Added

  • 1.4.0 - 2019-02-08

    [1.4.0] - (2019-02-07)
    Added

    • Allow custom headers in request #77 (Mutmatt)
  • 1.3.0 - 2018-06-26

    Added

    Fixed

from jwks-rsa GitHub release notes
Commit messages
Package name: jwks-rsa
  • 398c05e Merge pull request #130 from auth0/prepare/1.7.0
  • be9600a Release 1.7.0
  • d0c5787 Merge pull request #129 from auth0/fix-linter-issues
  • d122f08 fix linter issues
  • 31177e3 Merge pull request #125 from Ogdentrod/feat/add-proxy
  • 51d99e9 Merge branch 'master' into feat/add-proxy
  • 5fc0f15 Merge pull request #128 from auth0/lbalmaceda-patch-1
  • 6d304e5 Send the explicit commit SHA to Codecov
  • 70efc54 Merge branch 'feat/add-proxy' of github.com:Ogdentrod/node-jwks-rsa into feat/add-proxy
  • bc915d7 test: better testing for proxy
  • 0988ccc Merge branch 'master' into feat/add-proxy
  • b8ffdb6 Merge pull request #127 from auth0/add-ci
  • 6663fc2 add badges to the README
  • 7650ecb add CircleCI build and generate coverage
  • c7c7ba5 feat: add proxy option to jwksClient
  • 73a087d Merge pull request #123 from auth0/cacheChanges
  • 17e83df Modify Cache Defaults
  • 998a32d Merge pull request #121 from auth0/prepare-release
  • d3d147e update package version
  • b0321a2 Merge pull request #120 from auth0/prepare-release
  • 13c05ed Apply suggestions from code review
  • 7173c26 add changelog notes and migration guide
  • 25cf2e7 Merge pull request #119 from auth0/fix-type-bc
  • 73266e8 refactor the jwk object creation code

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant