Bump @auth0/auth0-spa-js from 1.13.6 to 2.0.2 in /admin

[dependabot]

Bumps @auth0/auth0-spa-js from 1.13.6 to 2.0.2.

Release notes

Sourced from @​auth0/auth0-spa-js's releases.

v2.0.2

Security

• Bump jsonwebtoken to v9 #1062 (dependabot)

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

v2.0.1

Changed

• Add openUrl and deprecate onRedirect #1058 (frederikprijck)

Fixed

• Export MissingRefreshTokenError #1043 (frederikprijck)

v2.0.0

Auth0-SPA-JS v2 includes many significant changes compared to v1:

• Refactor module output and avoid default export #942 (frederikprijck)
• Do not throw from checkSession #943 (frederikprijck)
• Rework ignoreCache to cacheMode and introduce cache-only #950 (ewanharris)
• Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
• Use form-encoded data by default #945 (frederikprijck)
• Remove getIdTokenClaimsOptions type #960 (ewanharris)
• Rename client_id to clientId #956 (ewanharris)
• Remove polyfills from bundles #951 (frederikprijck)
• Update output target to ES2017 #953 (frederikprijck)
• Introduce authorizationParams to hold properties sent to Auth0 #959 (ewanharris)
• Do not build Common JS module with externals #971 (frederikprijck)
• De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
• Remove advancedOptions.defaultScope and replace with scope #972 (ewanharris)
• Cache and return id token from memory #975 (ewanharris)
• Remove buildAuthorizeUrl #980 (frederikprijck)
• Make buildLogoutUrl internal #982 (ewanharris)
• Fix spelling mistakes in id token validation messages #940 (frederikprijck)

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

v2.0.0-beta.1

Fixed

• Ensure getTokenSilently works when mixing return types #1016 (frederikprijck)
• Close MessageChannel after receiving and processing message from worker #1023 (ewanharris)

v2.0.0-beta.0

Auth0-SPA-JS v2 includes many significant changes compared to v1:

• Refactor module output and avoid default export #942 (frederikprijck)

... (truncated)

Changelog

Sourced from @​auth0/auth0-spa-js's changelog.

v2.0.2 (2023-01-12)

Full Changelog

Security

• Bump jsonwebtoken to v9 #1062 (dependabot)

This patch release is identical to 2.0.1 but has been released to ensure tooling no longer detects a vulnerable version of jsonwebtoken being used.

Even though 2.0.1 was not vulnerable for the related CVE because of the fact that jsonwebtoken is a devDependency, we are cutting a release to ensure build tools no longer report our SDK as vulnerable to the mentioned CVE.

v2.0.1 (2022-12-08)

Full Changelog

Changed

• Add openUrl and deprecate onRedirect #1058 (frederikprijck)

Fixed

• Export MissingRefreshTokenError #1043 (frederikprijck)

v2.0.0 (2022-10-27)

Full Changelog

Auth0-SPA-JS v2 includes many significant changes compared to v1:

• Refactor module output and avoid default export #942 (frederikprijck)
• Do not throw from checkSession #943 (frederikprijck)
• Rework ignoreCache to cacheMode and introduce cache-only #950 (ewanharris)
• Do not fallback to refreshing tokens via iframe method by default #946 (ewanharris)
• Use form-encoded data by default #945 (frederikprijck)
• Remove getIdTokenClaimsOptions type #960 (ewanharris)
• Rename client_id to clientId #956 (ewanharris)
• Remove polyfills from bundles #951 (frederikprijck)
• Update output target to ES2017 #953 (frederikprijck)
• Introduce authorizationParams to hold properties sent to Auth0 #959 (ewanharris)
• Do not build Common JS module with externals #971 (frederikprijck)
• De-dupe Id token; getUser and getIdTokenClaims no longer take any arguments #967 (frederikprijck)
• Remove advancedOptions.defaultScope and replace with scope #972 (ewanharris)
• Cache and return id token from memory #975 (ewanharris)
• Remove buildAuthorizeUrl #980 (frederikprijck)
• Make buildLogoutUrl internal #982 (ewanharris)
• Fix spelling mistakes in id token validation messages #940 (frederikprijck)

As with any major version bump, v2 of Auth0-SPA-JS contains a set of breaking changes. Please review the migration guide thoroughly to understand the changes required to migrate your application to v2.

v2.0.0-beta.1 (2022-10-12)

Full Changelog

... (truncated)

Commits

• 34ee7f3 Release 2.0.2 (#1067)
• 3c883a0 build(deps-dev): bump jsonwebtoken from 8.5.1 to 9.0.0 (#1062)
• d8d3f6b build(deps): bump json5 from 2.2.1 to 2.2.3
• ab09110 Use URLSearchParams when parsing callback querystring (#1061)
• 19ddff4 Release v2.0.1 (#1059)
• 275d845 Add openUrl and deprecate onRedirect (#1058)
• dd95f63 build(deps): bump minimatch from 3.0.4 to 3.1.2 (#1057)
• 976581f build(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1056)
• 66fd76d Add CodeQL workflow for GitHub code scanning (#1040)
• dbbe765 Fix broken TOC links in MIGRATION_GUIDE (#1048)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by auth0-oss, a new releaser for @​auth0/auth0-spa-js since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)