search

paazmaya / renshuu.paazmaya.fi

Training timetable and location planner
http://renshuu.paazmaya.fi
Other
2 stars 2 forks source link

[Snyk] Security upgrade auth0-lock from 11.26.3 to 11.30.1 #85

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 691/1000
Why? Recently disclosed, Has a fix available, CVSS 8.1		 Cross-site Scripting (XSS)
SNYK-JS-AUTH0LOCK-1300548		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: auth0-lock The new version differs by 71 commits.
  • a2f20d9 v11.30.1
  • f8455df Release 11.30.1 (#2003)
  • d139cf0 Merge pull request from GHSA-jr3j-whm4-9wwm
  • ac50559 Update fa.js (#2000)
  • 5af0d6e Update auth0-js + node-fetch (#1996)
  • 1e4c020 [SDK-2588] Avoid multiple simultaneous HTTP calls (#1998)
  • 087ad6d Bump ws from 6.2.1 to 6.2.2 (#2001)
  • 3e40198 Bump dns-packet from 1.3.1 to 1.3.4 (#1997)
  • 5b3e481 Update PULL_REQUEST_TEMPLATE.md (#1994)
  • f2fc2c6 [Security] Bump grunt from 0.4.5 to 1.3.0 (#1992)
  • d7aaf8d Merge pull request #1990 from auth0/snyk-fix-5ff1a31743d44dab3ee70a237346f5ca
  • ee6cd32 Merge branch 'master' into snyk-fix-5ff1a31743d44dab3ee70a237346f5ca
  • a06a4aa [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 (#1993)
  • 5c2c522 fix: package.json & yarn.lock to reduce vulnerabilities
  • 149db45 Release v11.30.0 (#1989)
  • 65ada89 [ESD-12716] Fix issue with recaptcha on mobile when using a different lang (#1988)
  • 80064d2 Feature/recaptcha enterprise cauth 964 (#1987)
  • a30b27e feat: recaptcha enterprise on lockjs (#1986)
  • c14d663 Merge pull request #1981 from auth0/sdk-2383/custom-connections
  • 87e8685 Merge branch 'master' into sdk-2383/custom-connections
  • 2b66092 Release v11.29.1 (#1985)
  • b179895 Merge branch 'master' into sdk-2383/custom-connections
  • 70e9f7f fix ESD-12716: move CSS display override to render function to fix recaptcha on sign-up (#1983)
  • d3fefbd Align stalebot config with other SDKs (#1982)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic