[Snyk] Upgrade jwks-rsa from 1.3.0 to 1.7.0

[snyk-bot]

Snyk has created this PR to upgrade jwks-rsa from 1.3.0 to 1.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2020-02-18.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-450202	Proof of Concept

Release notes

Package name: jwks-rsa

• 1.7.0 - 2020-02-18
  

  Release 1.7.0

• 1.6.2 - 2020-01-21
  

  [1.6.2] - (2020-01-21)

  This patch release includes an alias for accessing the public key of a given JSON Web Key (JWK). This is in response to an unintended breaking change that was introduced as part of the last Typescript definitions change, included in the release with version 1.6.0.

  Now, no matter what the public key algorithm is, you can obtain it like this:

  client.getSigningKey(kid, (err, jwk) => {
    const publicKey = jwk.getPublicKey();
  });

  Fixed

  • Add alias for obtaining the public key #119 (lbalmaceda)
  • Handling case when Jwk doesn't have 'use' parameter #116 (manpreet-compro)
• 1.6.1 - 2020-01-13
  

  Changed

  • NPM dependencies update #112 (ecasilla)
  • Update lru-memoizer to 2.0.1 #106 (sobil)
• 1.6.0 - 2019-07-10
  

  Added

  • Add agentOptions to customize request TLS/SSL options. #84
• 1.5.1 - 2019-05-21
  

  Changed

  • Now includes the jsonwebtoken as a runtime dependency not dev to avoid breaks with 1.5.0 installs
  • Various dependencies in both the library and samples updated
• 1.5.0 - 2019-05-09
  

  Added

  • Integrate with passport-jwt #77 (gconnolly)
• 1.4.0 - 2019-02-08
  

  [1.4.0] - (2019-02-07)
  Added

  • Allow custom headers in request #77 (Mutmatt)
• 1.3.0 - 2018-06-26
  

  Added

  • Adding support for hapi 17.x.x #38 (degrammer)

  Fixed

  • Fixing wrong error message #41 (adematte)

from jwks-rsa GitHub release notes

Commit messages

Package name: jwks-rsa

• 398c05e Merge pull request #130 from auth0/prepare/1.7.0
• be9600a Release 1.7.0
• d0c5787 Merge pull request #129 from auth0/fix-linter-issues
• d122f08 fix linter issues
• 31177e3 Merge pull request #125 from Ogdentrod/feat/add-proxy
• 51d99e9 Merge branch 'master' into feat/add-proxy
• 5fc0f15 Merge pull request #128 from auth0/lbalmaceda-patch-1
• 6d304e5 Send the explicit commit SHA to Codecov
• 70efc54 Merge branch 'feat/add-proxy' of github.com:Ogdentrod/node-jwks-rsa into feat/add-proxy
• bc915d7 test: better testing for proxy
• 0988ccc Merge branch 'master' into feat/add-proxy
• b8ffdb6 Merge pull request #127 from auth0/add-ci
• 6663fc2 add badges to the README
• 7650ecb add CircleCI build and generate coverage
• c7c7ba5 feat: add proxy option to jwksClient
• 73a087d Merge pull request #123 from auth0/cacheChanges
• 17e83df Modify Cache Defaults
• 998a32d Merge pull request #121 from auth0/prepare-release
• d3d147e update package version
• b0321a2 Merge pull request #120 from auth0/prepare-release
• 13c05ed Apply suggestions from code review
• 7173c26 add changelog notes and migration guide
• 25cf2e7 Merge pull request #119 from auth0/fix-type-bc
• 73266e8 refactor the jwk object creation code

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs