Auth0 Spa Js Versions Save

Security

• Bump jsonwebtoken to v9 #1065 (frederikprijck)

This patch release is identical to 1.22.5 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 1.22.5 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

Security

• Bump jsonwebtoken to v9 #1062 (dependabot)

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

Changed

• Add openUrl and deprecate onRedirect #1058 (frederikprijck)

Fixed

• Export MissingRefreshTokenError #1043 (frederikprijck)

Auth0-SPA-JS v2 includes many significant changes compared to v1:

• Refactor module output and avoid default export #942 (frederikprijck)
• Do not throw from checkSession #943 (frederikprijck)
• Rework ignoreCache to cacheMode and introduce cache-only #950 (ewanharris)
• Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
• Use form-encoded data by default #945 (frederikprijck)
• Remove getIdTokenClaimsOptions type #960 (ewanharris)
• Rename client_id to clientId #956 (ewanharris)
• Remove polyfills from bundles #951 (frederikprijck)
• Update output target to ES2017 #953 (frederikprijck)
• Introduce authorizationParams to hold properties sent to Auth0 #959 (ewanharris)
• Do not build Common JS module with externals #971 (frederikprijck)
• De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
• Remove advancedOptions.defaultScope and replace with scope #972 (ewanharris)
• Cache and return id token from memory #975 (ewanharris)
• Remove buildAuthorizeUrl #980 (frederikprijck)
• Make buildLogoutUrl internal #982 (ewanharris)
• Fix spelling mistakes in id token validation messages #940 (frederikprijck)

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

Fixed

• Ensure getTokenSilently works when mixing return types #1016 (frederikprijck)
• Close MessageChannel after receiving and processing message from worker #1023 (ewanharris)

Fixed

• Ensure getTokenSilently works when mixing return types #1016 (frederikprijck)

Auth0-SPA-JS v2 includes many significant changes compared to v1:

• Refactor module output and avoid default export #942 (frederikprijck)
• Do not throw from checkSession #943 (frederikprijck)
• Rework ignoreCache to cacheMode and introduce cache-only #950 (ewanharris)
• Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
• Use form-encoded data by default #945 (frederikprijck)
• Remove getIdTokenClaimsOptions type #960 (ewanharris)
• Rename client_id to clientId #956 (ewanharris)
• Remove polyfills from bundles #951 (frederikprijck)
• Update output target to ES2017 #953 (frederikprijck)
• Introduce authorizationParams to hold properties sent to Auth0 #959 (ewanharris)
• Do not build Common JS module with externals #971 (frederikprijck)
• De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
• Remove advancedOptions.defaultScope and replace with scope #972 (ewanharris)
• Cache and return id token from memory #975 (ewanharris)
• Remove buildAuthorizeUrl #980 (frederikprijck)
• Make buildLogoutUrl internal #982 (ewanharris)
• Fix spelling mistakes in id token validation messages #940 (frederikprijck)

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

Fixed

• Release lock on pagehide #974 (frederikprijck)

Changed

• feat(ClientStorage#remove):added support of cookieDomain #935 (Dannnir)

Fixed

• Pin es-cookie to patch versions only #965 (frederikprijck)

Changed

• Avoid sending unnecessary request parameters #920 (frederikprijck)