feat: add storagePrefix option to react sdk#1216
feat: add storagePrefix option to react sdk#1216gustavofabro-i2p wants to merge 4 commits intodescope:mainfrom
Conversation
|
@gustavofabro is attempting to deploy a commit to the descope Team on Vercel. A member of the Team first needs to authorize it. |
Wiz Scan SummaryDisplaying only findings that violated a policy
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
![wiz-d45ab51820[bot]](https://avatars.githubusercontent.com/b/12521?s=60&v=4){kind=small}
There was a problem hiding this comment.
More Details
Vulnerabilities [form-data:4.0.0]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2025-7783 |  |
GHSA-fjxv-7rqg-78g4 | 4.0.4 | 9.4 | - | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [next:14.2.21]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2025-29927 | |
GHSA-f82v-jwr5-mffw | 14.2.25 | 9.1 | 3.9 | true | false |
| CVE-2025-32421 |  |
GHSA-qpjv-v59x-3qc4 | 14.2.24 | 3.7 | 2.2 | false | false |
| CVE-2025-48068 | |
GHSA-3h52-269p-cp9r | 14.2.30 | 2.3 | 2.8 | false | false |
| CVE-2025-55173 |  |
GHSA-xv57-4mr9-wg8v | 14.2.31 | 4.3 | 2.8 | false | false |
| CVE-2025-57752 | |
GHSA-g5qg-72qw-gw5v | 14.2.31 | 6.2 | 2.5 | false | false |
| CVE-2025-57822 | |
GHSA-4342-x723-ch2f | 14.2.32 | 8.2 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
There was a problem hiding this comment.
More Details
Vulnerabilities [next:14.2.10]
| Name | Severity | Source | Fixed version | CVSS score | CVSS exploitability score | Has public exploit | Has CISA KEV exploit |
|---|---|---|---|---|---|---|---|
| CVE-2024-51479 |  |
GHSA-7gfc-8cq8-jh5f | 14.2.15 | 7.5 | 3.9 | false | false |
| CVE-2024-56332 | |
GHSA-7m27-7ghc-44w9 | 14.2.21 | 5.3 | 3.9 | false | false |
| CVE-2025-29927 | |
GHSA-f82v-jwr5-mffw | 14.2.25 | 9.1 | 3.9 | true | false |
| CVE-2025-32421 | |
GHSA-qpjv-v59x-3qc4 | 14.2.24 | 3.7 | 2.2 | false | false |
| CVE-2025-48068 | |
GHSA-3h52-269p-cp9r | 14.2.30 | 2.3 | 2.8 | false | false |
| CVE-2025-55173 | |
GHSA-xv57-4mr9-wg8v | 14.2.31 | 4.3 | 2.8 | false | false |
| CVE-2025-57752 | |
GHSA-g5qg-72qw-gw5v | 14.2.31 | 6.2 | 2.5 | false | false |
| CVE-2025-57822 | |
GHSA-4342-x723-ch2f | 14.2.32 | 8.2 | 3.9 | false | false |
To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason
If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).
asafshen
left a comment
asafshen
left a comment
There was a problem hiding this comment.
very neat! thanks for the contribution!
there are other usage of the storage prefixes that I'm not sure that are considered, such as
- Descope component (
descope-wcinside web-compoent package) also creates an sdk - Widgets as well
we need to address those as well
| getExternalToken, | ||
| storagePrefix, | ||
| }); | ||
| }, [projectId, baseUrl, sessionTokenViaCookie, getExternalToken]); |
There was a problem hiding this comment.
storage prefix should also be in the deps array
The widget components have been updated, but I'm not sure about |
3 participants
Related Issues
Related PRs
#265
Description
Add storagePrefix option to react SDK
Must