auth0-extensions / auth0-extension-tools Goto Github PK

Need to update the version of the package to 6.0.3 or above.

There are public known vulnerabilities in some of your dependencies.
Some of them also look out of date.
jsonwebtoken is currently 8.2.1 for example

High Severity
https://snyk.io/vuln/npm:qs:20170213
[email protected] > [email protected] > [email protected] > [email protected]

Low Severity
https://snyk.io/vuln/npm:hoek:20180212
[email protected] > [email protected] > [email protected] > [email protected]
https://snyk.io/vuln/npm:hoek:20180212
[email protected] > [email protected] > [email protected] > [email protected] > [email protected]
https://snyk.io/vuln/npm:ms:20170412
[email protected] > [email protected]
https://snyk.io/vuln/npm:superagent:20170807
[email protected] > [email protected]
https://snyk.io/vuln/npm:hoek:20180212
[email protected] > [email protected] > [email protected] > [email protected]
https://snyk.io/vuln/npm:ms:20170412
[email protected] > [email protected] > [email protected] > [email protected]
https://snyk.io/vuln/npm:superagent:20170807
[email protected] > [email protected] > [email protected]
https://snyk.io/vuln/npm:mime:20170907
[email protected] > [email protected] > [email protected] > [email protected]

Need to update version of lodash to 4.17.21 or the latest to fix this security vulnerability.

As of now the package.json installs node-uuid. We should use uuid instead as mentioned at https://www.npmjs.com/package/node-uuid

Need to upgrade to versions 4.0.1, 5.0.5 or above to fix it.

Need to update the version of pug to 3.0.1 or above to fix this vulnerability.

Need to update dot-prop version to 5.1.1 or higher.

The webtaskStorageContext forces writes by default, which means that it does not take into account the fact that there can be write conflicts (concurrent writes).

We have to consider the fact that extensions set force: 0 which will cause write errors. Our write method should have a retry mechanism where we can wait a little bit and retry again.

Now merging happens on a higher level in the blobRecordProvider. This is where for example a record is removed from the JSON file and then saved again. The retry logic should happen here:

1. Fetch whole JSON
2. Make change (eg: delete record)
3. Write JSON
4. Conflict, wait 100ms
5. Fetch whole JSON again
6. Make change again
7. Write JSON again
8. Success

Step 5/6 are important because the change must be applied to the latest version of the JSON. The retry count (eg: try this max 4 times) and the incremental interval (first after 100ms, then after 500ms, then after 1s, ...) should be configurable.

Example retry library: https://www.npmjs.com/package/retry