You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
chore: Passport latest (#317)
* add missing changefrom master
* EXUI-3179: fixs failures on /o/token (#280)
* version updated
* chore: upgrade axios (#281)
* EXUI-2289: axios version update
* Update package.json
Update package.json
chore: axios version update
* EXUI-2289: upgrade axios
---------
Co-authored-by: RiteshHMCTS <74713687+RiteshHMCTS@users.noreply.github.com>
* fix: exui-3465 sso sign out (#284)
* sso redirect url
* sso logout issue fix
* version updated
* version updated
* feat: Remove unsafe-inline (#274)
* EXUI-2541 - New branch pre passport (#271)
* New branch pre passport
* change ver name
* Remove unsafe-inline
* Update package.json
* Add new csp
Adding new csp to test against current content security policy and make changes
* Add spec
* Update csp.spec.ts
* Update csp.spec.ts
* Update sonar-project.properties
* Update sonar-project.properties
* Update package.json
* Actually export csp
* Make additional changes to include old csp as standard
* Remove unsafe-eval from old csp
Enables csp to be strictly secure by default but keeps prior settings
* Update package.json
* Export SECURITY_POLICY
* Add new style attribute fix
* Fix styleSrcAttr
* Fix csp merging
* Add case consistency
* Add the new csp with scriptSrcAttr
Fixes javascript:void(0) issues
* Revert prior change
Did not fix issue
* Make slight change
* Update csp.ts
* Revert style-src change
Will stop errors on application
---------
Co-authored-by: Josh-HMCTS <128602796+Josh-HMCTS@users.noreply.github.com>
Co-authored-by: RiteshHMCTS <74713687+RiteshHMCTS@users.noreply.github.com>
* Clean up excess logging, clean up verify okay user log to only show specific keys (#287)
* cve fix
* revert changes
* EXUI-3994 - update to npm trusted publishing (#295)
* updated npmpublish workflow
* updated version
* updated publish-gpr step of workflow
* revert version update
* revert version update
* updated version
* updated version
* updated version
* version updated
---------
Co-authored-by: RiteshHMCTS <ritesh.dsouza@hmcts.net>
* Chore: add codeowners
* fix: tar cve vulnerability fix (#306)
* tar vulnerability fix
* tar version update
* trigger
* yarn lock
* EXUI-4184 - OAuth2/OIDC CSRF state handling and redirect_uri validation (#304)
* hardened OAuth callback state validation and callback URL configuration
* updated version number
* removed callback which was overwriting session state
* added unit test
* bumped version number
* EXUI-4185 - Secrets/tokens logged in plaintext (#303)
* added json.stringify replacer to redact specified values in when logging
* updated version number
* updated lockfile
* bumped version
* updated npmpublish
* version updated
---------
Co-authored-by: RiteshHMCTS <74713687+RiteshHMCTS@users.noreply.github.com>
Co-authored-by: RiteshHMCTS <ritesh.dsouza@hmcts.net>
* fix: Exui 3762 idam token issue (#292)
* idam token fix update
* version update
* unit test fix
* version updated
* version updated
---------
Co-authored-by: RiteshHMCTS <ritesh.dsouza@hmcts.net>
Co-authored-by: Josh <josh.glasgow@hmcts.net>
* update ver name
* fix: EXUI-4227 - CVE Vulnerabilities Mar26 (#308)
* replaced deprecated @hapi/joi with joi
* updated yarn-audit-known-issues
* bumped axios version
* refactoring
* bumped node-gyp version
* moved jest-mock-axios and jest-ts-auto-mock into devDependencies
* bumped node-lib version
* Add some minor upgrades
Upgrade of form-data and cookie (as has been done in MC)
* Update yarn.lock
* Update yarn-audit-known-issues
* version updated
---------
Co-authored-by: connorpgpmcelroy <connor.mcelroy@hmcts.net>
Co-authored-by: connorpgpmcelroy <74015088+connorpgpmcelroy@users.noreply.github.com>
Co-authored-by: RiteshHMCTS <74713687+RiteshHMCTS@users.noreply.github.com>
Co-authored-by: RiteshHMCTS <ritesh.dsouza@hmcts.net>
* align cve update
* set to release version
---------
Co-authored-by: Olu <142989683+olusegz07@users.noreply.github.com>
Co-authored-by: RiteshHMCTS <ritesh.dsouza@hmcts.net>
Co-authored-by: RiteshHMCTS <74713687+RiteshHMCTS@users.noreply.github.com>
Co-authored-by: connorpgpmcelroy <74015088+connorpgpmcelroy@users.noreply.github.com>
Co-authored-by: chrisjones-hmcts <christopher.jones@hmcts.net>
Co-authored-by: Greg Skinner <greg.skinner@hmcts.net>
Co-authored-by: balajisridharanhmcts <balaji.sridharan@hmcts.net>
Co-authored-by: gregs-cgi <144363053+gregs-cgi@users.noreply.github.com>
Co-authored-by: connorpgpmcelroy <connor.mcelroy@hmcts.net>
