dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

Build(deps): bump @auth0/auth0-spa-js from 2.0.1 to 2.0.2 #864

Merged
argoyle merged 1 commits from dependabot-npm_and_yarn-auth0-auth0-spa-js-2.0.2 into master 2023-01-13 07:54:49 +00:00
Conversation 0 Commits 1 Files Changed 2
+5 -5
argoyle commented 2023-01-13 04:37:56 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

Bumps @auth0/auth0-spa-js from 2.0.1 to 2.0.2.

Release notes

Sourced from @​auth0/auth0-spa-js's releases.

v2.0.2

Security

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

Changelog

Sourced from @​auth0/auth0-spa-js's changelog.

v2.0.2 (2023-01-12)

Full Changelog

Security

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts
Bumps [@auth0/auth0-spa-js](https://github.com/auth0/auth0-spa-js) from 2.0.1 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/auth0/auth0-spa-js/releases"><code>@​auth0/auth0-spa-js</code>'s releases</a>.</em></p> <blockquote> <h2>v2.0.2</h2> <p><strong>Security</strong></p> <ul> <li>Bump jsonwebtoken to v9 <a href="https://github.com/auth0/auth0-spa-js/pull/1062">#1062</a> (<a href="https://github.com/apps/dependabot">dependabot</a>)</li> </ul> <p>This patch release is identical to <code>2.0.1</code> but has been released to ensure tooling no longer detects a vulnerable version of <code>jsonwebtoken</code> being used.</p> <p>Even though 2.0.1 was not vulnerable for the related <a href="https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/">CVE</a> because of the fact that <code>jsonwebtoken</code> is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/auth0-spa-js/blob/master/CHANGELOG.md"><code>@​auth0/auth0-spa-js</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/auth0/auth0-spa-js/tree/v2.0.2">v2.0.2</a> (2023-01-12)</h2> <p><a href="https://github.com/auth0/auth0-spa-js/compare/v2.0.1...v2.0.2">Full Changelog</a></p> <p><strong>Security</strong></p> <ul> <li>Bump jsonwebtoken to v9 <a href="https://github.com/auth0/auth0-spa-js/pull/1062">#1062</a> (<a href="https://github.com/apps/dependabot">dependabot</a>)</li> </ul> <p>This patch release is identical to <code>2.0.1</code> but has been released to ensure tooling no longer detects a vulnerable version of <code>jsonwebtoken</code> being used.</p> <p>Even though 2.0.1 was not vulnerable for the related <a href="https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/">CVE</a> because of the fact that <code>jsonwebtoken</code> is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/auth0/auth0-spa-js/commit/34ee7f3c5e02c4e40d54f5910267594acc903350"><code>34ee7f3</code></a> Release 2.0.2 (<a href="https://github.com/auth0/auth0-spa-js/issues/1067">#1067</a>)</li> <li><a href="https://github.com/auth0/auth0-spa-js/commit/3c883a07e97c3e37d672bd72d94daccc8630d32d"><code>3c883a0</code></a> build(deps-dev): bump jsonwebtoken from 8.5.1 to 9.0.0 (<a href="https://github.com/auth0/auth0-spa-js/issues/1062">#1062</a>)</li> <li><a href="https://github.com/auth0/auth0-spa-js/commit/d8d3f6bad7101dc36eb5b059f77c6208014c8f23"><code>d8d3f6b</code></a> build(deps): bump json5 from 2.2.1 to 2.2.3</li> <li><a href="https://github.com/auth0/auth0-spa-js/commit/ab09110da603cf4c979ca9ae7304e43892768f52"><code>ab09110</code></a> Use URLSearchParams when parsing callback querystring (<a href="https://github.com/auth0/auth0-spa-js/issues/1061">#1061</a>)</li> <li>See full diff in <a href="https://github.com/auth0/auth0-spa-js/compare/v2.0.1...v2.0.2">compare view</a></li> </ul> </details> <br /> --- <details> <summary>Dependabot commands</summary> <br /> You can trigger Dependabot actions by commenting on this MR - `$dependabot rebase` will rebase this MR - `$dependabot recreate` will recreate this MR rewriting all the manual changes and resolving conflicts </details>
argoyle (Migrated from gitlab.com) merged commit into master 2023-01-13 07:54:49 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label dependencies javascript
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#864
Delete Branch "dependabot-npm_and_yarn-auth0-auth0-spa-js-2.0.2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?