[Snyk] Upgrade jwks-rsa from 1.4.0 to 1.8.0

[snyk-bot]

Snyk has created this PR to upgrade jwks-rsa from 1.4.0 to 1.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 17 days ago, on 2020-04-13.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-450202	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

Release notes

Package name: jwks-rsa

• 1.8.0 - 2020-04-13
  

  [1.8.0] - (2020-04-12)

  Added

  • Added timeout with default value of 30s #132 (Cooke)

  Changed

  • Migrate from Deprecated Request Lib #135 (davidpatrick)

  Fixed

  • Allow JWT to not contain a "kid" value#55 (dejan9393)
• 1.7.0 - 2020-02-18
  

  Release 1.7.0

• 1.6.2 - 2020-01-21
  

  [1.6.2] - (2020-01-21)

  This patch release includes an alias for accessing the public key of a given JSON Web Key (JWK). This is in response to an unintended breaking change that was introduced as part of the last Typescript definitions change, included in the release with version 1.6.0.

  Now, no matter what the public key algorithm is, you can obtain it like this:

  client.getSigningKey(kid, (err, jwk) => {
    const publicKey = jwk.getPublicKey();
  });

  Fixed

  • Add alias for obtaining the public key #119 (lbalmaceda)
  • Handling case when Jwk doesn't have 'use' parameter #116 (manpreet-compro)
• 1.6.1 - 2020-01-13
  

  Changed

  • NPM dependencies update #112 (ecasilla)
  • Update lru-memoizer to 2.0.1 #106 (sobil)
• 1.6.0 - 2019-07-10
  

  Added

  • Add agentOptions to customize request TLS/SSL options. #84
• 1.5.1 - 2019-05-21
  

  Changed

  • Now includes the jsonwebtoken as a runtime dependency not dev to avoid breaks with 1.5.0 installs
  • Various dependencies in both the library and samples updated
• 1.5.0 - 2019-05-09
  

  Added

  • Integrate with passport-jwt #77 (gconnolly)
• 1.4.0 - 2019-02-08
  

  [1.4.0] - (2019-02-07)
  Added

  • Allow custom headers in request #77 (Mutmatt)

from jwks-rsa GitHub release notes

Commit messages

Package name: jwks-rsa

• 26e2fa3 Merge pull request #137 from auth0/davidpatrick-patch-1
• a9c179f Update package-lock.json
• 02d6e80 Release 1.8.0 (#136)
• 8cc9410 Added timeout with default value of 30s (#132)
• 1ec5217 Migrate from Request (#135)
• a3ba52e Allow JWT to not contain a "kid" value (#55)
• 398c05e Merge pull request #130 from auth0/prepare/1.7.0
• be9600a Release 1.7.0
• d0c5787 Merge pull request #129 from auth0/fix-linter-issues
• d122f08 fix linter issues
• 31177e3 Merge pull request #125 from Ogdentrod/feat/add-proxy
• 51d99e9 Merge branch 'master' into feat/add-proxy
• 5fc0f15 Merge pull request #128 from auth0/lbalmaceda-patch-1
• 6d304e5 Send the explicit commit SHA to Codecov
• 70efc54 Merge branch 'feat/add-proxy' of github.com:Ogdentrod/node-jwks-rsa into feat/add-proxy
• bc915d7 test: better testing for proxy
• 0988ccc Merge branch 'master' into feat/add-proxy
• b8ffdb6 Merge pull request #127 from auth0/add-ci
• 6663fc2 add badges to the README
• 7650ecb add CircleCI build and generate coverage
• c7c7ba5 feat: add proxy option to jwksClient
• 73a087d Merge pull request #123 from auth0/cacheChanges
• 17e83df Modify Cache Defaults
• 998a32d Merge pull request #121 from auth0/prepare-release

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs