[Snyk] Upgrade openid-client from 4.1.1 to 4.9.1 #96

roma8389 · 2023-10-19T01:37:11Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade openid-client from 4.1.1 to 4.9.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 21 versions ahead of your current version.
The recommended version was released 2 years ago, on 2021-10-13.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Open Redirect SNYK-JS-GOT-2932019	270/1000 Why? CVSS 5.4	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	270/1000 Why? CVSS 5.4	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: openid-client

4.9.1 - 2021-10-13
Bug Fixes
- do not implicitly calculate key ids for Client instances (46e44e7), closes #379
4.9.0 - 2021-09-20
Features
- update DPoP support to draft-03 (#407) (5565ee1), closes #406
4.8.0 - 2021-09-15
Features
- OAuth 2.0 Pushed Authorization Requests (PAR) is now a stable feature (327f366)
4.7.5 - 2021-08-30
Bug Fixes
- typescript: add remaining properties from RFC7662 (#398) (166e89b)
4.7.4 - 2021-05-25
Bug Fixes
- typescript: add a missing PATCH method to requestResource (6b2c3ce), closes #368
4.7.3 - 2021-04-30
Bug Fixes
- fapi: validate ID Token's iat regardless of which channel it came from (b68b9ab)
4.7.2 - 2021-04-23
Bug Fixes
- typescript: add types for 4.6.0 additions (9064136)
4.7.1 - 2021-04-22
Bug Fixes
- typescript: add types for 4.7.0 additions (2c1d2ab)
4.7.0 - 2021-04-22
Features
- add abort control over Device Flow Handle polling (#357) (f6faa68), closes #355 #356
4.6.0 - 2021-03-25
Features
- added OAuth 2.0 Pushed Authorization Requests client API (e7af9f5), closes #259
4.5.2 - 2021-03-24
4.5.1 - 2021-03-15
4.5.0 - 2021-03-10
4.4.2 - 2021-03-07
4.4.1 - 2021-02-26
4.4.0 - 2021-01-29
4.3.0 - 2021-01-22
4.2.3 - 2021-01-18
4.2.2 - 2020-11-30
4.2.1 - 2020-10-27
4.2.0 - 2020-10-03
4.1.1 - 2020-09-14

from openid-client GitHub release notes

Commit messages

Package name: openid-client

61a7743 chore(release): 4.9.1
46e44e7 fix: do not implicitly calculate key ids for Client instances
3ae206d refactor: inline dpop ath
179c210 chore(release): 4.9.0
5565ee1 feat: update DPoP support to draft-03 (Update to version 0.11.2 kubernetes-client/javascript#407)
2a84e46 chore(release): 4.8.0
327f366 feat: OAuth 2.0 Pushed Authorization Requests (PAR) is now a stable feature
fb5a7ba chore: rm .github/workflows/label-sponsors.yml
5419d0e ci: remove lint-ts
c265688 chore(release): 4.7.5
166e89b fix(typescript): add remaining properties from RFC7662 (k8s pod issue in getting IP after creation kubernetes-client/javascript#398)
772306c docs: update docs/README.md
e1531c3 docs: update docs/README.md (Bump handlebars from 4.1.2 to 4.5.3 kubernetes-client/javascript#384)
e0b36c1 docs: give examples of other authorization parameters (Update Npm package NPM kubernetes-client/javascript#382)
51dc47d chore(release): 4.7.4
6b2c3ce fix(typescript): add a missing PATCH method to requestResource
e7ded61 chore(release): 4.7.3
b68b9ab fix(fapi): validate ID Token's iat regardless of which channel it came from
0d684f4 chore(release): 4.7.2
9064136 fix(typescript): add types for 4.6.0 additions
6281962 chore(release): 4.7.1
2c1d2ab fix(typescript): add types for 4.7.0 additions
01d0698 chore(release): 4.7.0
f6faa68 feat: add abort control over Device Flow Handle polling (Fix OIDC refresh token storage with user auth config kubernetes-client/javascript#357)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade openid-client from 4.1.1 to 4.9.1. See this package in npm: https://www.npmjs.com/package/openid-client See this project in Snyk: https://app.snyk.io/org/roma8389/project/7873cf15-3c44-4d49-b218-ced57450efdb?utm_source=github&utm_medium=referral&page=upgrade-pr

github-actions · 2023-10-19T01:49:37Z

Mega-Linter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
❌ COPYPASTE	jscpd	yes		1	273.66s
❌ CREDENTIALS	secretlint	yes		1	611.37s
✅ EDITORCONFIG	editorconfig-checker	2		0	1.48s
✅ GIT	git_diff	yes		no	0.59s
✅ JSON	eslint-plugin-jsonc	2	0	0	2.99s
✅ JSON	jsonlint	2		0	2.03s
✅ JSON	prettier	2	2	0	2.86s
✅ JSON	v8r	2		0	7.86s
❌ SPELL	cspell	2		12	2.94s
✅ SPELL	misspell	2	2	0	0.68s

See errors details in artifact Mega-Linter reports on GitHub Action page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade openid-client from 4.1.1 to 4.9.1 #96

[Snyk] Upgrade openid-client from 4.1.1 to 4.9.1 #96

roma8389 commented Oct 19, 2023

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

github-actions bot commented Oct 19, 2023 •

edited

Loading

[Snyk] Upgrade openid-client from 4.1.1 to 4.9.1 #96

Are you sure you want to change the base?

[Snyk] Upgrade openid-client from 4.1.1 to 4.9.1 #96

Conversation

roma8389 commented Oct 19, 2023

Snyk has created this PR to upgrade openid-client from 4.1.1 to 4.9.1.

Bug Fixes

Features

Features

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

github-actions bot commented Oct 19, 2023 • edited Loading

Mega-Linter status: ❌ ERROR

github-actions bot commented Oct 19, 2023 •

edited

Loading