From 8786d141c5f178a6019dc8bcfbd4d44d4de19f65 Mon Sep 17 00:00:00 2001 From: Cormac Curran Date: Mon, 29 Jul 2019 11:06:34 +0100 Subject: [PATCH 1/2] Bump published version to 2.0.16 https://github.com/ghdna/cognito-express/commit/f86c0f6ba7f133e3fd4945e5dcc20d18af852d13#diff-f0182e1c427d42d902575ffceb9d7fb3 The commit above narrowly missed the latest release v 2.0.15 and fixes an issue we are seeing Bump published version to include this fix --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ce58eea..3cb8bc9 100755 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cognito-express", - "version": "2.0.15", + "version": "2.0.16", "description": "cognito-express authenticates API requests on a Node-Express application by verifying the signature of AccessToken or IDToken generated by Amazon Cognito.", "main": "./lib/index.js", "scripts": { From 94357e8d17546b507a601d8d06a65e34d463ccd9 Mon Sep 17 00:00:00 2001 From: Cormac Curran Date: Mon, 29 Jul 2019 11:20:01 +0100 Subject: [PATCH 2/2] fix high severity security vulnerabilities --- package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5ad2b96..b59d826 100755 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "cognito-express", - "version": "2.0.14", + "version": "2.0.16", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -1251,9 +1251,9 @@ } }, "lodash": { - "version": "4.17.11", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz", - "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==" + "version": "4.17.15", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz", + "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==" }, "lodash.includes": { "version": "4.3.0",