fix: resolve null domain handling and v13 lock bug fixes#2807
fix: resolve null domain handling and v13 lock bug fixes#2807ankita10119 wants to merge 9 commits into
Conversation
|
Semgrep found 1 Risk: Affected versions of js-yaml are vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). js-yaml is vulnerable to prototype pollution through its YAML merge key ( Manual Review Advice: A vulnerability from this advisory is reachable if you are using Fix: Upgrade this library to at least version 4.1.1 at lock/package-lock.json:15684. Reference(s): GHSA-mh29-5h37-fv8m, CVE-2025-64718 |
…sions in lock file
…d-sheriff in lock file
Changes
Bug fixes for Lock v13:
References
This PR is a follow-up to #2787 (security dependency backport to v13, already merged). It backports the following bug fixes from master to the v13 branch:
Null domain guard in enterprise connections
nullandundefinedcases via||fallback)CordovaAuth0Plugin safe initialization
auth0-js >=9.30.0changed howcordova-auth0-pluginexports its constructor, causing aTypeErroron Lock initialization (internal ref: SDK-8308)HRD screen domain check (empty string / whitespace)
domain !== nullwidened todomain && domain.trim()so thatempty string or whitespace-only domains no longer incorrectly render the active login instructions header
too_many_attemptsauthorization error eventtoo_many_attemptstoerrorCodesThatEmitAuthorizationErrorEventso theauthorization_errorevent is correctly emitted for this error code on v13i18n
hrd.not_matching_emailkeyTesting
Added
src/__tests__/connection/enterprise/matchConnection.test.jscovering null domain edge casesChecklist