Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address dependabot alerts #5503

Merged
merged 5 commits into from
Dec 22, 2022
Merged

Address dependabot alerts #5503

merged 5 commits into from
Dec 22, 2022

Conversation

tnorling
Copy link
Collaborator

Addresses a number of dependabot alerts

@github-actions github-actions bot added extensions Related to extensions for the base libraries msal-angular Related to @azure/msal-angular package msal-node Related to msal-node package msal-react Related to @azure/msal-react msal@1.x Related to msal@1.x (implicit flow) samples Related to the samples apps for the library. labels Dec 22, 2022
@tnorling tnorling mentioned this pull request Dec 22, 2022
Closed
@tnorling tnorling linked an issue Dec 22, 2022 that may be closed by this pull request
msal-node jsonwebtoken version below 9.0 causes npm audit failure #5500
Closed
@codecov-commenter
Copy link

codecov-commenter commented Dec 22, 2022
edited
Loading

Codecov Report

Merging #5503 (8383d2a) into dev (cf3dc59) will decrease coverage by 0.78%.
The diff coverage is n/a.

Flag Coverage Δ
msal-angular 96.50% <ø> (ø)
msal-common ?
msal-core 82.84% <ø> (ø)
msal-node 83.37% <ø> (ø)
msal-node-extensions 76.03% <ø> (ø)
msal-react 94.68% <ø> (ø)
node-token-validation ?
Impacted Files Coverage Δ
...ib/msal-common/src/cache/entities/AccountEntity.ts
lib/msal-common/src/account/ClientInfo.ts
...validation/src/config/TokenValidationParameters.ts
.../node-token-validation/src/config/Configuration.ts
...c/authority/CloudInstanceDiscoveryErrorResponse.ts
lib/msal-common/src/crypto/PopTokenGenerator.ts
...mon/src/telemetry/performance/PerformanceClient.ts
lib/msal-common/src/cache/CacheManager.ts
...node-token-validation/src/crypto/CryptoProvider.ts
lib/msal-common/src/client/OnBehalfOfClient.ts
... and 66 more

peterzenz
peterzenz reviewed Dec 22, 2022
View reviewed changes
samples/package.json
@@ -12,7 +12,7 @@
"typescript": "^4.1.3"
},
"devDependencies": {
"@azure/identity": "^1.5.2",
"@azure/identity": "^3.1.2",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a big jump, any risks here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glanced at the changelog and didn't see any breaking changes that would affect us. This package is used to get the test account credentials for the E2E tests so if something did break the tests on this PR would fail.

@tnorling tnorling merged commit 67a1646 into dev Dec 22, 2022
@tnorling tnorling deleted the address-dependabot-alerts branch December 22, 2022 22:23
@cheenamalhotra cheenamalhotra mentioned this pull request Dec 23, 2022
Merged
@tnorling tnorling mentioned this pull request Dec 27, 2022
Closed
deyaaeldeen
deyaaeldeen reviewed Dec 28, 2022
View reviewed changes
lib/msal-node/package.json
@@ -59,7 +59,7 @@
},
"dependencies": {
"@azure/msal-common": "^9.0.1",
"jsonwebtoken": "^8.5.1",
"jsonwebtoken": "^9.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When are you planning on making a release with this change for @azure/msal-node?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#5473

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be released on Monday, January 9th. Thanks for your patience!

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be released on Monday, January 9th. Thanks for your patience!

are you sure? That linked PR just got renamed to the February release rather than January

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. We release on the first Monday of every month, since yesterday was a holiday we've pushed it to the 9th. Ignore the release PR name, it's automated.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hello, @tnorling. I do not see any new release on the npm registry today. There is a new planned date for publishing the new version? Thank you very much.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@franher we'll be starting the release in a couple of hours :)

@tnorling tnorling mentioned this pull request Jan 3, 2023
Closed
@artificialrobot artificialrobot mentioned this pull request Jan 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WikiRik WikiRik WikiRik left review comments

@franher franher franher left review comments

@deyaaeldeen deyaaeldeen deyaaeldeen left review comments

@mungojam mungojam mungojam left review comments

@jo-arroyo jo-arroyo jo-arroyo approved these changes

@lalimasharda lalimasharda lalimasharda approved these changes

@peterzenz peterzenz peterzenz approved these changes

@sameerag sameerag Awaiting requested review from sameerag sameerag is a code owner

@hectormmg hectormmg Awaiting requested review from hectormmg hectormmg is a code owner

@bmahall bmahall Awaiting requested review from bmahall

@jennyf19 jennyf19 Awaiting requested review from jennyf19

@jmprieur jmprieur Awaiting requested review from jmprieur

@bgavrilMS bgavrilMS Awaiting requested review from bgavrilMS bgavrilMS is a code owner

@Robbie-Microsoft Robbie-Microsoft Awaiting requested review from Robbie-Microsoft Robbie-Microsoft is a code owner

@derisen derisen Awaiting requested review from derisen

Assignees
No one assigned
Labels
extensions Related to extensions for the base libraries msal@1.x Related to msal@1.x (implicit flow) msal-angular Related to @azure/msal-angular package msal-node Related to msal-node package msal-react Related to @azure/msal-react samples Related to the samples apps for the library.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

msal-node jsonwebtoken version below 9.0 causes npm audit failure
10 participants
@tnorling @codecov-commenter @mungojam @deyaaeldeen @franher @WikiRik @peterzenz @lalimasharda @jo-arroyo @Robbie-Microsoft