Skip to content
This repository has been archived by the owner on Jan 19, 2024. It is now read-only.

fix(deps): update dependency next-auth to v4.3.2 [security] #155

Merged
merged 1 commit into from
May 3, 2022
Merged

fix(deps): update dependency next-auth to v4.3.2 [security] #155

merged 1 commit into from
May 3, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 22, 2022

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
next-auth (source) 4.2.1 -> 4.3.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. (We recommend upgrading to v4 in most cases. See our migration guide).next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option:

// async redirect(url, baseUrl) { // v3
async redirect({ url, baseUrl }) { // v4
    // Allows relative callback URLs
    if (url.startsWith("/")) return new URL(url, baseUrl).toString()
    // Allows callback URLs on the same origin
    else if (new URL(url).origin === baseUrl) return url
    return baseUrl
}

If you already have a redirect callback, make sure that you match the incoming url origin against the baseUrl.

Release Notes

nextauthjs/next-auth

v4.3.2

Compare Source

v4.3.1

Compare Source

v4.3.0

Compare Source

Configuration

📅 Schedule: "" in timezone Europe/Paris.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Apr 22, 2022
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 April 22, 2022 21:37 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch from e1f092d to 945a681 Compare April 26, 2022 07:33
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 April 26, 2022 07:40 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch from 945a681 to 7fc6bbc Compare April 26, 2022 13:04
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 April 26, 2022 13:10 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch from 7fc6bbc to 443b597 Compare April 28, 2022 10:53
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 April 28, 2022 10:59 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch from 443b597 to 99cb553 Compare April 29, 2022 12:31
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 April 29, 2022 12:36 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch 2 times, most recently from 21e380a to be5162a Compare May 2, 2022 03:22
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 May 2, 2022 03:28 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch from be5162a to 35e7f2e Compare May 2, 2022 12:35
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 May 2, 2022 12:40 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch 2 times, most recently from f8eb7da to 68ef02e Compare May 3, 2022 07:35
@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 May 3, 2022 07:46 Inactive
@renovate renovate bot force-pushed the renovate/npm-next-auth-vulnerability branch from 68ef02e to 04ecc77 Compare May 3, 2022 08:08
@sonarcloud
Copy link

sonarcloud bot commented May 3, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@github-actions github-actions bot temporarily deployed to mon-psy-sante-renovate-npm-next-auth-vulnerability-2uh8w3 May 3, 2022 08:14 Inactive
@github-actions
Copy link

github-actions bot commented May 3, 2022

🎉 Deployment for commit 04ecc77 :

Ingresses
Docker images
  • 📦 docker pull ghcr.io/socialgouv/mon-psy-sante/app:sha-04ecc771a683c6483bc0ee96b8f4c5093ea29de6
Debug

@carolineBda carolineBda merged commit d5c8205 into main May 3, 2022
@carolineBda carolineBda deleted the renovate/npm-next-auth-vulnerability branch May 3, 2022 09:17
SocialGroovyBot added a commit that referenced this pull request May 3, 2022
@SocialGroovyBot
chore(release): version 1.28.5
3582f44 
## [1.28.5](v1.28.4...v1.28.5) (2022-05-03)

### Bug Fixes

* **deps:** update dependency next-auth to v4.3.2 [security] ([#155](#155)) ([d5c8205](d5c8205))
@SocialGroovyBot
Copy link
Member

🎉 This PR is included in version 1.28.5 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SocialGroovyBot @carolineBda @renovate-bot