Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Open Redirect
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 5.4
SNYK-JS-GOT-2932019
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-WS-1296835
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: openid-client
The new version differs by 72 commits.- 67b6b7e chore(release): 4.0.0
- 735b581 docs: add note on draft updatse in the readme
- 8f04a4b refactor: treat drafts with a warning
- 5cd1ecf refactor: remove deprecated `issuer.key()`
- a98d9ab ci: add electron@10
- 417d993 chore: upgrade jose dependency
- 3ac37e8 feat: added support for ESM (ECMAScript modules)
- c72b5e8 refactor: upgrade got from v9.x to v11.x
- 641a42f fix: request object type changed from 'JWT' to 'oauth.authz.req+jwt'
- 821b93e refactor: default http timeout increased to 3500ms
- 56f9fe7 feat: passport strategy will now use PKCE by default where applicable
- 4cb21a4 refactor: rename `client.userinfo()` `verb` parameter to `method`
- a007c9d test: update jwt client authentication method tests
- c0ec865 refactor: remove deprecated `client.resource()`
- ba56b29 chore(release): 3.15.10
- d39a423 chore: update package.json
- 49e0ff0 fix(typescript): add missing types (#284)
- e9dd562 chore: update standard-version to v8.x
- 3120e36 ci: refactor test.yml
- ae105fb docs: remove links to certification packages
- 00d0127 docs: link to final RFC8705
- 944a3d6 ci: trigger tests on latest node 14
- 97b99f0 chore(release): 3.15.9
- 5ce2a73 fix(typescript): max_age in AuthorizationParameters is a number
See the full diffPackage name: ws
The new version differs by 85 commits.- f5297f7 [dist] 7.4.6
- 00c425e [security] Fix ReDoS vulnerability
- 990306d [lint] Fix prettier error
- 32e3a84 [security] Remove reference to Node Security Project
- 8c914d1 [minor] Fix nits
- fc7e27d [ci] Test on node 16
- 587c201 [ci] Do not test on node 15
- f672710 [dist] 7.4.5
- 67e25ff [fix] Fix case where `abortHandshake()` does not close the connection
- 23ba6b2 [fix] Make UTF-8 validation work even if utf-8-validate is not installed
- 114de9e [ci] Use a unique ID instead of commit SHA
- d75a62e [ci] Include commit SHA in `flag-name`
- a74dd2e [dist] 7.4.4
- 9277437 [fix] Recreate the inflate stream if it ends
- cbff929 [doc] Improve `websocket.terminate()` documentation
- 489a295 [ci] Use GitHub Actions (#1853)
- 77370e0 [pkg] Update eslint-config-prettier to version 8.1.0
- 99338f7 [doc] Fix `data` argument type (#1843)
- 223194e [dist] 7.4.3
- 4e9607b [perf] Reset compressor/decompressor instead of re-initialize (#1840)
- 2789887 [minor] Use `request.socket` instead of `request.connection`
- 2079ca5 [test] Increase code coverage
- d1a8af4 [dist] 7.4.2
- 48a2349 [pkg] Update eslint-config-prettier to version 7.1.0
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Adjust project settings
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Open Redirect