Skip to content

Conversation

DanielRivers
Copy link
Member

snyk-top-banner

Snyk has created this PR to upgrade @kinde-oss/kinde-typescript-sdk from 2.9.1 to 2.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 19 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
low severity Relative Path Traversal
SNYK-JS-VITE-12558116
222 Proof of Concept
Release notes
Package name: @kinde-oss/kinde-typescript-sdk
  • 2.13.1 - 2025-09-01

    What's Changed

    • fix: default persistence value
  • 2.13.0 - 2025-08-31
    • feat: set sessionManager persistent property depending on accessToken flag (7fe1a6c)
    • Add renovate.json (fb602d1)
    • Update dependancies
  • 2.13.0-6 - 2025-08-29
  • 2.13.0-2 - 2025-08-28
  • 2.13.0-1 - 2025-08-27
  • 2.13.0-0 - 2025-08-27
  • 2.12.0 - 2025-07-03
    • feat: add JWT validation on JWT retrieval (1d55abf)
    • fix: use decoder-only approach for ID tokens in getUserFromSession (e377c6d)
    • chore: Clean up Node environment condition (f43ef30)
    • fix: add cryptographic validation to getUserFromSession for security and update JSDocs (a25450f)
    • fix: update function signatures and move jose to devDependencies and Delete remote-jwks-cache.ts (d7cae17)
    • feat: migrate from jose to @ kinde/jwt-validator packages (b21411e)
  • 2.11.2-2 - 2025-07-03
  • 2.11.1 - 2025-06-23
    • deps: update @ kinde-js/utils (87ca62c)
  • 2.11.1-1 - 2025-06-13
  • 2.11.0 - 2025-06-04
    • feat: switch to vitest and fix mocks (c9140ee)
    • feat: createPortalUrl (e358d4c)
    • fix: state handling in auth params (b9431ab)
    • bump Jose to 6 to support Cloudflare workers, update ESlint (a003fe2)
  • 2.11.0-5 - 2025-06-04
  • 2.11.0-4 - 2025-06-03
  • 2.11.0-3 - 2025-06-03
  • 2.11.0-2 - 2025-06-03
  • 2.11.0-1 - 2025-06-03
  • 2.10.1 - 2025-04-04
    • fix: pull optional parameter up to refreshTokens abstraction (20eb0f5)
  • 2.10.0 - 2025-04-03
    • chore: package json update (a1144d9)
    • text: updates (299999a)
    • fix: add phone to UserType interface (74d240b)
    • chore: update doc typo (ff0c27b)
    • feat: update authcode impl with new refreshTokens parameter (d9b0d2c)
    • feat: update pkce client impl with new refreshTokens parameter (f861a46)
    • feat: update abstract refreshToken with optional param and doc changes (5e76e69)
    • Update token-utils.ts (9d28ea6)
  • 2.9.2-0 - 2025-03-12
  • 2.9.1 - 2024-05-15
    • chore: add release-it (ddcbee6)
    • bug: prevent expiry exception when reading id token claims (93ff59e)
    • bug: logout redirect is not required (6e968b3)
from @kinde-oss/kinde-typescript-sdk GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @kinde-oss/kinde-typescript-sdk from 2.9.1 to 2.13.1.

See this package in npm:
@kinde-oss/kinde-typescript-sdk

See this project in Snyk:
https://app.snyk.io/org/danielrivers/project/2cc51497-1212-4d44-9fb8-2dcf4dc9d31c?utm_source=github&utm_medium=referral&page=upgrade-pr
@DanielRivers DanielRivers requested a review from a team as a code owner October 9, 2025 12:21
Copy link
Contributor

coderabbitai bot commented Oct 9, 2025

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch snyk-upgrade-4782b03d1e3996abd1e019a4a8a23f93

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants