refactor: upgrade jwks-rsa from 1.12.3 to 2.0.5

[snyk-bot]

Snyk has created this PR to upgrade jwks-rsa from 1.12.3 to 2.0.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2021-10-15.

Release notes

Package name: jwks-rsa

• 2.0.5 - 2021-10-15
  

  Fixed

  • Destroy the request when reaches the timeout (#270) #271 (amrsalama)
  • SDK-2833 Fix issue where errors were being cached #268 (adamjmcgrath)
• 2.0.4 - 2021-07-16
  

  …386317c08d8

  [Snyk] Upgrade debug from 4.1.1 to 4.3.2

• 2.0.3 - 2021-04-22
  

  [2.0.3] - (2021-04-20)

  Fixed

  • Fix retrieveSigningKeys error #242 (davidpatrick)

  Security

  • Bump jose from 2.0.3 to 2.0.5 #244 (dependabot)
• 2.0.2 - 2021-03-25
  

  [2.0.2] - (2021-03-24)

  Fixed

  • Interceptor bind client #237 (erikfried)
  • Update type def for getSigningKey #236 (davidpatrick)
  • Use hostname instead of host when creating request #233 (cjlpowers)
• 2.0.1 - 2021-03-13
  

  [2.0.1] - (2021-03-12)

  Added

  • Callback backwards compatbility for getSigningKey #227 (davidpatrick)

  Fixed

  • Fix typescript declarations for v2 #229 (davidpatrick)
  • Fix typescript types for fetcher #231 (itajaja)
• 2.0.0 - 2021-03-11
  

  With version 2 we have added full JWK/JWS support, bumped Node version support to minimum 10, removed Axios, and exposed a fetcher option to allow user's to completely override how the request to the jwksUri endpoint is made.

  Please take note of the breaking changes and the migration guide below.

  Breaking Changes

  • Drops support for Node < 10
  • No more callbacks, using async/await(promises)
  • Removed Axios and changed the API to JwksClient

  Changes

  Added

  • Full JWK/JWS Support #205 (panva)

  Changed

  • Simplify request wrapper #218 (davidpatrick)
  • Pins to Node Version 10,12,14 #212 (davidpatrick)
  • Migrate from callbacks to async/await #222 (davidpatrick)

  Migration Guide from v1 to v2

  Proxies

  The proxy option has been removed from the JwksClient. Support for it was a little spotty through Axios, and we wanted to allow users to have more control over the flow. Now you can specify your proxy by overriding the requestAgent used with an agent with built-in proxy support, or by completely overriding the request library with the fetcher option.

  https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgent: new HttpsProxyAgent('https://username:pass@address:port')
  });">

  // OLD
  
  const oldClient = jwksClient({
  
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  
  proxy: 'https://username:pass@address:port'
  
  });
  
  // NEW
  
  const HttpsProxyAgent = require('https-proxy-agent');
  
  const newClient = jwksClient({
  
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  
  requestAgent: new HttpsProxyAgent('https://username:pass@address:port')
  
  });

  Request Agent Options

  The library no longer gates what http(s) Agent is used, so we have removed requestAgentOptions and now expose the requestAgent option when creating a jwksClient.

  https://sandrino.auth0.com/.well-known/jwks.json',
  requestAgent: new https.Agent({
  ca: fs.readFileSync(caFile)
  })
  });">

  // OLD
  
  const oldClient = jwksClient({
  
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  
  requestAgentOptions: {
  
  ca: fs.readFileSync(caFile)
  
  }
  
  });
  
  // NEW
  
  const newClient = jwksClient({
  
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  
  requestAgent: new https.Agent({
  
  ca: fs.readFileSync(caFile)
  
  })
  
  });

  Migrated Callbacks to Async/Await

  The library no longer supports callbacks. We have migrated to async/await(promises).

  // OLD
  client.getSigningKey(kid, (err, key) => {
  const signingKey = key.getPublicKey();
  });

  // NEW
  const key = await client.getSigningKey(kid);
  const signingKey = key.getPublicKey();

  
  


• 
  1.12.3 - 2021-02-26
  

  [1.12.3] - (2021-02-25)

  Added

  • Add alg to SigningKey types #220 (okko)

  Fixed

  • Fix npmjs resolves #221 (adamjmcgrath)
  • Fix Import default Axios instance #216 (dsebastien)

from jwks-rsa GitHub release notes

Commit messages

Package name: jwks-rsa

• 59d47ca Merge pull request Travis test failures #272 from auth0/release/v2.0.5
• 2808cff Release v2.0.5
• fb0ded0 Merge pull request Remove default master key. #271 from amrsalama/master
• b798fd9 Destroy the request when reaches the timeout (Adding link to parse-server-example #270)
• 697c0f1 Merge pull request Get user in cloud function #269 from amrsalama/master
• 1f0e6d4 Fix rateLimitWrapper function name typo
• d65d594 Merge pull request unit tests #268 from auth0/no-cache-errors
• 33bf651 redundant 'to'
• 367aa2b Fix issue where errors were being cached
• bc05ccc Merge pull request Add ability to create classes without creating an object. #267 from josmo/debug-jwks-logger-to-require
• 066f1a5 use debug in require instead or creating a new one in the class which can lead to it's memory now being GC.
• 7dafc61 Update Changelog format (User setPassword cause Object not found #260)
• 35bcf79 Automate release publishing ("Ducpliate key error" on anonymous user signup #259)
• 1e258d9 Bump path-parse from 1.0.6 to 1.0.7 (Schemas endpoint: ignore '_metadata' key, convert 'map' type to Object #256)
• cd52aa2 Merge pull request Is the migration Seamless when I already had a lived database? #255 from auth0/release-2.0.4
• d5f4ecd Release 2.0.4
• 5bf041a Merge pull request Migration Timeline #253 from auth0/snyk-upgrade-cb12c87b566cd886573cc386317c08d8
• cb6314e Merge branch 'master' into snyk-upgrade-cb12c87b566cd886573cc386317c08d8
• a1fd527 Merge pull request Removed extra /logout handler #254 from auth0/snyk-upgrade-2ea8e5c83885746b0f13e95b25debd67
• 8ef0bdd Merge branch 'master' into snyk-upgrade-2ea8e5c83885746b0f13e95b25debd67
• bd315cf Merge pull request Does parse server code include push notifications systems. #251 from auth0/typefix-getKeysInterceptor
• 45575a6 Rename to JSONWebKey
• 557e15c fix: upgrade lru-memoizer from 2.1.2 to 2.1.4
• 81b7810 fix: upgrade debug from 4.1.1 to 4.3.2

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[codecov]

Codecov Report

Merging #7800 (139b0de) into alpha (c6b2032) will decrease coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##            alpha    #7800      +/-   ##
==========================================
- Coverage   94.20%   94.20%   -0.01%     
==========================================
  Files         182      182              
  Lines       13587    13587              
==========================================
- Hits        12800    12799       -1     
- Misses        787      788       +1     

Impacted Files	Coverage Δ
src/batch.js	92.98% <0.00%> (-1.76%)	⬇️
src/ParseServerRESTController.js	96.96% <0.00%> (-1.52%)	⬇️
src/Adapters/Files/GridFSBucketAdapter.js	80.32% <0.00%> (+0.81%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c6b2032...139b0de. Read the comment docs.

[parseplatformorg]

🎉 This change has been released in version 5.0.0-alpha.24

[parseplatformorg]

🎉 This change has been released in version 5.0.0-beta.10

[parseplatformorg]

🎉 This change has been released in version 5.1.0