New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@cubejs-backend/api-gateway
Advanced tools
@cubejs-backend/api-gateway - npm Package Compare versions
Comparing version 0.11.16 to 0.11.17
@@ -6,2 +6,13 @@ # Change Log | ||
| ## [0.11.17](https://github.com/statsbotco/cubejs-client/compare/v0.11.16...v0.11.17) (2019-11-08) | ||
| ### Bug Fixes | ||
| * Default Express middleware security check is ignored in production ([4bdf6bd](https://github.com/statsbotco/cubejs-client/commit/4bdf6bd)) | ||
| ## [0.11.16](https://github.com/statsbotco/cubejs-client/compare/v0.11.15...v0.11.16) (2019-11-04) | ||
@@ -8,0 +19,0 @@ |
13
index.js
@@ -243,2 +243,3 @@ const jwt = require('jsonwebtoken'); | ||
| this.subscriptionStore = options.subscriptionStore || new LocalSubscriptionStore(); | ||
| this.enforceSecurityChecks = options.enforceSecurityChecks || (process.env.NODE_ENV === 'production'); | ||
| } | ||
@@ -469,3 +470,3 @@ | ||
| } catch (e) { | ||
| if (process.env.NODE_ENV === 'production') { | ||
| if (this.enforceSecurityChecks) { | ||
| throw new UserError('Invalid token'); | ||
@@ -480,3 +481,3 @@ } else { | ||
| } | ||
| } else if (process.env.NODE_ENV === 'production') { | ||
| } else if (this.enforceSecurityChecks) { | ||
| throw new UserError("Authorization header isn't set"); | ||
@@ -490,3 +491,6 @@ } | ||
| try { | ||
| this.checkAuthFn(req, auth); | ||
| await this.checkAuthFn(req, auth); | ||
| if (next) { | ||
| next(); | ||
| } | ||
| } catch (e) { | ||
@@ -504,5 +508,2 @@ if (e instanceof UserError) { | ||
| } | ||
| if (next) { | ||
| next(); | ||
| } | ||
| } | ||
@@ -509,0 +510,0 @@ |
@@ -5,3 +5,3 @@ { | ||
| "author": "Statsbot, Inc.", | ||
| "version": "0.11.16", | ||
| "version": "0.11.17", | ||
| "engines": { | ||
@@ -25,8 +25,10 @@ "node": ">=8.11.1" | ||
| "eslint-plugin-node": "^5.2.1", | ||
| "express": "^4.17.1", | ||
| "jest": "^24.9.0", | ||
| "mocha": "^5.2.0", | ||
| "should": "^13.2.3" | ||
| "should": "^13.2.3", | ||
| "supertest": "^4.0.2" | ||
| }, | ||
| "license": "Apache-2.0", | ||
| "gitHead": "c0257370432d087f72980ccc65c1bc4d53674362" | ||
| "gitHead": "fc330e8ade7e5fc484f05497c974395a68d425e4" | ||
| } |
Fixed alerts
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.4%
46660
- Number of package files
- increased by9.09%
12
- Lines of code
- increased by5.96%
747
- Number of medium maintenance alerts
- decreased by-100%
0
- Published versions last two months
- increased by7.69%
14
Worsened metrics
- Dev dependency count
- increased by40%
7
- Number of low supply chain risk alerts
- increased by33.33%
4
No dependency changes