search

yurikrupnik / mussia8

Mussia8 base project monorepo poc for api gateway
alfred-lake.vercel.app
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade @auth0/nextjs-auth0 from 1.5.0 to 1.6.2 #240

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 606/1000
Why? Recently disclosed, Has a fix available, CVSS 6.4		 Information Exposure
SNYK-JS-AUTH0NEXTJSAUTH0-2321384		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @auth0/nextjs-auth0 The new version differs by 75 commits.
  • 762da1e Merge pull request #558 from auth0/release/v1.6.2
  • 35f3f89 Release v1.6.2
  • 0bbd9f8 Enforce configured host on user supplied returnTo (#557)
  • 129650d Bump next from 11.1.2 to 11.1.3 (#556)
  • c5d4fff fix: upgrade http-errors from 1.8.0 to 1.8.1 (#553)
  • f7323d0 Merge pull request #543 from auth0/error-instanceof
  • 1954087 Fix issue where error reporting wrong instanceof
  • 3060c89 Merge pull request #531 from auth0/snyk-upgrade-fbe7e8fa031d12c55e1e6a76583750d5
  • d1eea0d fix: upgrade openid-client from 4.9.0 to 4.9.1
  • 994bd60 Merge pull request #530 from auth0/caching-readme
  • cf07f2c Add README on caching and security
  • a08d82f Merge pull request #519 from auth0/release/v1.6.1
  • 967e4e7 Release v1.6.1
  • 57e433a fix: upgrade openid-client from 4.8.0 to 4.9.0 (#518)
  • e7fa509 Merge pull request #516 from auth0/release/v1.6.0
  • b1c0b34 Release v1.6.0
  • ffe5fd1 Merge pull request #513 from auth0/fix-coverage
  • ce47cc2 Merge branch 'main' into fix-coverage
  • 436595d Fix the coverage checker
  • 5ef6a7b Fix #309 (#512)
  • 3c2839b Merge pull request #511 from auth0/snyk-upgrade-981bb9f1395f8c0e4332a35364084bfd
  • 16204ee fix: upgrade openid-client from 4.7.5 to 4.8.0
  • a3b6fd1 Merge pull request #509 from auth0/deploy-docs
  • 02daabe Highlight e2e testing and deployment in README
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

vercel[bot] commented 2 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.

batman – ./packages/ui/clients/batman

🔍 Inspect: https://vercel.com/yurikrupnik/batman/4A5e6wSHdi1MG5Ght3tG9FBK37Eb
✅ Preview: https://batman-git-snyk-fix-913fa30b9793ff4e288cf1d9-253ae5-yurikrupnik.vercel.app

alfred – ./packages/ui/clients/alfred

🔍 Inspect: https://vercel.com/yurikrupnik/alfred/35RHrqmrsPC5jkfbsEgtJtaqWTok
✅ Preview: https://alfred-git-snyk-fix-913fa30b9793ff4e288cf1d9-117416-yurikrupnik.vercel.app

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: Information disclosure (Detected by phrase)

Matched on "Information Exposure"

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try this challenge in Secure Code Warrior