From 785b6833bc9dc14d229118589455c3c19daad3f7 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 17 Oct 2022 21:02:53 +0000 Subject: [PATCH 1/2] fix: packages/api/package.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341 - https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960 - https://snyk.io/vuln/SNYK-JS-XMLDOMXMLDOM-3042243 --- packages/api/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/api/package.json b/packages/api/package.json index d975b9915bb..6884ad152a0 100644 --- a/packages/api/package.json +++ b/packages/api/package.json @@ -107,7 +107,7 @@ "p-retry": "^2.0.0", "p-wait-for": "^2.0.1", "querystring": "^0.2.0", - "saml2-js": "^3.0.1", + "saml2-js": "^4.0.0", "semver": "^7.3.2", "split2": "^2.2.0", "tough-cookie": "~4.0.0", From e42c793af2887fde07518974379abdb00ac26fdd Mon Sep 17 00:00:00 2001 From: jennyhliu Date: Tue, 18 Oct 2022 11:29:56 -0400 Subject: [PATCH 2/2] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d9812e2589..462393c8782 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,6 +43,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). ### Changed - Updated `example/cumulus-tf/variables.tf` to have `cmr_oauth_provider` default to `launchpad` +- Upgraded saml2-js from 3.1.0 to 4.0.0 - **CUMULUS-3024** - Update PUT /granules endpoint to operate consistently across datastores