[Snyk] Upgrade auth0-js from 9.10.2 to 9.24.1 by dmh34 · Pull Request #14 · dmh34/A-PlusBlocks

dmh34 · 2024-03-29T17:44:50Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade auth0-js from 9.10.2 to 9.24.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 42 versions ahead of your current version.
The recommended version was released 3 months ago, on 2024-01-04.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-MIXINDEEP-450212	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-AJV-584908	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-LODASHES-2434290	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MERGEDEEP-1070277	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-450202	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASHES-2434283	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-AXIOS-174505	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-DOTPROP-543489	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HAPIHOEK-548452	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Insufficiently Protected Credentials SNYK-JS-AUTH0JS-565004	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Command Injection SNYK-JS-LODASHES-2434284	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-LODASHES-2434285	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-NODEFORGE-598677	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-469063	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-1540541	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579152	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Improper Input Validation SNYK-JS-URLPARSE-2407770	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Timing Attack SNYK-JS-ELLIPTIC-511941	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Information Exposure SNYK-JS-EVENTSOURCE-2823375	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-1078283	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Open Redirect SNYK-JS-URLPARSE-1533425	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: auth0-js

9.24.1 - 2024-01-04
Changed
- IAMRISK-3011 Auth0 V2 Captcha failOpen support #1382 (alexkoumarianos-okta)
9.24.0 - 2023-12-13
Added
- IAMRISK-2915 Added support for Auth0 v2 captcha provider #1368 (alexkoumarianos-okta)
9.23.3 - 2023-11-13
Security
- Bump idtoken-verifier from 2.2.2 to 2.2.4 #1362 (cgetzen)
9.23.2 - 2023-10-27
Security
- Bump crypto-js from 4.1.1 to 4.2.0 #1354 (dependabot[bot])
9.23.1 - 2023-10-19
Changed
- [IAMRISK-2817] Update API for Arkose to use a callback based API #1349 (srijonsaha)
9.23.0 - 2023-10-06
Added
- [IAMRISK-2602] Add support for Arkose #1341 (srijonsaha)
9.22.1 - 2023-07-19
Changed
- Do not lowercase org_name claim #1315 (frederikprijck)
9.22.0 - 2023-07-13
Added
- Added support for hCaptcha and Friendly Captcha #1312 (DominickBattistini)
- Support Organization Name #1313 (frederikprijck)
Security
- Security: Update Dependencies #1310 (evansims)
9.21.0 - 2023-05-24
Added
- Add cookieDomain option #1304 (telmaantunes)
9.20.2 - 2023-02-28
Fixed
- fix(docs): document error() option for renderCaptcha() #1290 (pmalouin)
Security
- chore: update superagent to 7.1.5 #1296 (stevehobbsdev)
9.20.1 - 2023-01-12
9.20.0 - 2022-12-13
9.19.2 - 2022-11-04
9.19.1 - 2022-09-09
9.19.0 - 2022-01-25
9.18.1 - 2022-01-18
9.18.0 - 2021-11-09
9.17.0 - 2021-10-15
9.16.4 - 2021-08-26
9.16.3 - 2021-08-24
9.16.2 - 2021-05-26
9.16.1 - 2021-05-25
9.16.0 - 2021-04-27
9.15.0 - 2021-03-19
9.14.3 - 2021-01-26
9.14.2 - 2021-01-14
9.14.1 - 2021-01-14
9.14.0 - 2020-09-11
9.13.4 - 2020-07-03
9.13.3 - 2020-06-29
9.13.2 - 2020-04-09
9.13.1 - 2020-04-01
9.13.0 - 2020-03-27
9.12.2 - 2020-01-14
9.12.1 - 2019-12-17
9.12.0 - 2019-12-11
9.11.3 - 2019-08-05
9.11.2 - 2019-07-15
9.11.1 - 2019-06-27
9.11.0 - 2019-06-26
9.10.4 - 2019-05-24
9.10.3 - 2019-05-23
9.10.2 - 2019-04-15