Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-COOKIEJAR-3149984
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: webtask-tools
The new version differs by 36 commits.- 3da48e1 Merge pull request #26 from rwtombaugh/master
- fb988ca move to latest boom and superagent versions
- 5e02541 3.3.0
- 87501d4 Merge pull request #22 from SkyHacks/rs256
- 324fcab Fixes #11
- c55cf2d Merge pull request #23 from auth0/xproto
- 1c52045 fix handling of x-forwarded-proto header
- 3edc8f2 Add support for tokens signed with RS256
- 37e17df 3.2.0
- 6d756f7 Environment cleanup
- ee4c1bb Merge pull request #17 from auth0/pr-15
- e7d7cc1 Remove redirect. ES6-ify
- 5c6e945 Use future-safe Buffer factories from safe-buffer
- 070b5a4 Merge pull request #3 from scott-parsons/pass-url-state-info
- 7281b27 Pass extra path info and query parameters as 'state' through auth process.
- ee42825 Merge pull request #2 from scott-parsons/secret-base64-encoding
- 2225dc4 Merge pull request #1 from scott-parsons/subdomain-urls
- f1a9414 Support subdomain URLs for webtasks when authenticating.
- f99db61 Handle newer client secrets stored without base64 encoding.
- 3d1c685 Merge pull request #13 from auth0/glennblock-patch-1
- 5a04ad3 Updating functions to use pug.
- 672cf76 Changing jade dependency to pug
- 9730fe8 Adding "jade" to package.json
- 9320479 Merge pull request #12 from glennblock/render
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)