[Snyk] Security upgrade @auth0/nextjs-auth0 from 1.4.0 to 1.6.2

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	606/1000 Why? Recently disclosed, Has a fix available, CVSS 6.4	Information Exposure SNYK-JS-AUTH0NEXTJSAUTH0-2321384	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @auth0/nextjs-auth0

The new version differs by 107 commits.

• 762da1e Merge pull request #558 from auth0/release/v1.6.2
• 35f3f89 Release v1.6.2
• 0bbd9f8 Enforce configured host on user supplied returnTo (#557)
• 129650d Bump next from 11.1.2 to 11.1.3 (#556)
• c5d4fff fix: upgrade http-errors from 1.8.0 to 1.8.1 (#553)
• f7323d0 Merge pull request #543 from auth0/error-instanceof
• 1954087 Fix issue where error reporting wrong instanceof
• 3060c89 Merge pull request #531 from auth0/snyk-upgrade-fbe7e8fa031d12c55e1e6a76583750d5
• d1eea0d fix: upgrade openid-client from 4.9.0 to 4.9.1
• 994bd60 Merge pull request #530 from auth0/caching-readme
• cf07f2c Add README on caching and security
• a08d82f Merge pull request #519 from auth0/release/v1.6.1
• 967e4e7 Release v1.6.1
• 57e433a fix: upgrade openid-client from 4.8.0 to 4.9.0 (#518)
• e7fa509 Merge pull request #516 from auth0/release/v1.6.0
• b1c0b34 Release v1.6.0
• ffe5fd1 Merge pull request #513 from auth0/fix-coverage
• ce47cc2 Merge branch 'main' into fix-coverage
• 436595d Fix the coverage checker
• 5ef6a7b Fix #309 (#512)
• 3c2839b Merge pull request #511 from auth0/snyk-upgrade-981bb9f1395f8c0e4332a35364084bfd
• 16204ee fix: upgrade openid-client from 4.7.5 to 4.8.0
• a3b6fd1 Merge pull request #509 from auth0/deploy-docs
• 02daabe Highlight e2e testing and deployment in README

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[vercel[bot]]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/yurikrupnik/mussia5-next/FcAT6C1HaEQkBFZDqQPixx8mCuPf
✅ Preview: Failed

[Deployment for 2376470 failed]

[secure-code-warrior-for-github[bot]]

Micro-Learning Topic: Information disclosure (Detected by phrase)

Matched on "Information Exposure"

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try this challenge in Secure Code Warrior

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication