Skip to content
This repository has been archived by the owner on May 31, 2024. It is now read-only.

[Snyk] Upgrade jwks-rsa from 1.4.0 to 1.8.0 #3

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented May 1, 2020

Snyk has created this PR to upgrade jwks-rsa from 1.4.0 to 1.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released 17 days ago, on 2020-04-13.

The recommended version fixes:

Severity Issue Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-450202
Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept
Release notes
Package name: jwks-rsa
  • 1.8.0 - 2020-04-13

    [1.8.0] - (2020-04-12)

    Added

    • Added timeout with default value of 30s #132 (Cooke)

    Changed

    Fixed

  • 1.7.0 - 2020-02-18

    Release 1.7.0

  • 1.6.2 - 2020-01-21

    [1.6.2] - (2020-01-21)

    This patch release includes an alias for accessing the public key of a given JSON Web Key (JWK). This is in response to an unintended breaking change that was introduced as part of the last Typescript definitions change, included in the release with version 1.6.0.

    Now, no matter what the public key algorithm is, you can obtain it like this:

    client.getSigningKey(kid, (err, jwk) => {
      const publicKey = jwk.getPublicKey();
    });

    Fixed

  • 1.6.1 - 2020-01-13

    Changed

  • 1.6.0 - 2019-07-10

    Added

  • 1.5.1 - 2019-05-21

    Changed

    • Now includes the jsonwebtoken as a runtime dependency not dev to avoid breaks with 1.5.0 installs
    • Various dependencies in both the library and samples updated
  • 1.5.0 - 2019-05-09

    Added

  • 1.4.0 - 2019-02-08

    [1.4.0] - (2019-02-07)
    Added

    • Allow custom headers in request #77 (Mutmatt)
from jwks-rsa GitHub release notes
Commit messages
Package name: jwks-rsa
  • 26e2fa3 Merge pull request #137 from auth0/davidpatrick-patch-1
  • a9c179f Update package-lock.json
  • 02d6e80 Release 1.8.0 (#136)
  • 8cc9410 Added timeout with default value of 30s (#132)
  • 1ec5217 Migrate from Request (#135)
  • a3ba52e Allow JWT to not contain a "kid" value (#55)
  • 398c05e Merge pull request #130 from auth0/prepare/1.7.0
  • be9600a Release 1.7.0
  • d0c5787 Merge pull request #129 from auth0/fix-linter-issues
  • d122f08 fix linter issues
  • 31177e3 Merge pull request #125 from Ogdentrod/feat/add-proxy
  • 51d99e9 Merge branch 'master' into feat/add-proxy
  • 5fc0f15 Merge pull request #128 from auth0/lbalmaceda-patch-1
  • 6d304e5 Send the explicit commit SHA to Codecov
  • 70efc54 Merge branch 'feat/add-proxy' of github.com:Ogdentrod/node-jwks-rsa into feat/add-proxy
  • bc915d7 test: better testing for proxy
  • 0988ccc Merge branch 'master' into feat/add-proxy
  • b8ffdb6 Merge pull request #127 from auth0/add-ci
  • 6663fc2 add badges to the README
  • 7650ecb add CircleCI build and generate coverage
  • c7c7ba5 feat: add proxy option to jwksClient
  • 73a087d Merge pull request #123 from auth0/cacheChanges
  • 17e83df Modify Cache Defaults
  • 998a32d Merge pull request #121 from auth0/prepare-release

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant