jasverix
System developer at EG Landax Also at @eg-jarik
Repos
24
Followers
8
jasverix/posh-hg

Mercurial integration for PowerShell

PowerShell
0
1

Events

push
jasverix/php-resque
jasverix push jasverix/php-resque

fix bad variable injection

Created at 4 days ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/minimist-1.2.8
Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/express-4.18.2
Created at 2 weeks ago
create branch
jasverix/random-name-picker
jasverix create branch dependabot/npm_and_yarn/express-4.18.2
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump minimist from 1.2.5 to 1.2.8 (#37)

Bumps minimist from 1.2.5 to 1.2.8.

updated-dependencies:

  • dependency-name: minimist dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump minimist from 1.2.5 to 1.2.8

Bumps minimist from 1.2.5 to 1.2.8.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/express-4.18.2
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump express from 4.17.1 to 4.18.2 (#36)

Bumps express from 4.17.1 to 4.18.2.

updated-dependencies:

  • dependency-name: express dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump express from 4.17.1 to 4.18.2

Bumps express from 4.17.1 to 4.18.2.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump qs from 6.5.2 to 6.5.3 (#35)

Bumps qs from 6.5.2 to 6.5.3.

updated-dependencies:

  • dependency-name: qs dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump qs from 6.5.2 to 6.5.3

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps qs from 6.5.2 to 6.5.3.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/decode-uri-component-0.2.2
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump decode-uri-component from 0.2.0 to 0.2.2 (#34)

Bumps decode-uri-component from 0.2.0 to 0.2.2.

updated-dependencies:

  • dependency-name: decode-uri-component dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump decode-uri-component from 0.2.0 to 0.2.2

Bumps decode-uri-component from 0.2.0 to 0.2.2.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/terser-4.8.1
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump terser from 4.8.0 to 4.8.1 (#33)

Bumps terser from 4.8.0 to 4.8.1.

updated-dependencies:

  • dependency-name: terser dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump terser from 4.8.0 to 4.8.1

Bumps terser from 4.8.0 to 4.8.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/shell-quote-1.7.3
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump shell-quote from 1.7.2 to 1.7.3 (#32)

Bumps shell-quote from 1.7.2 to 1.7.3.

updated-dependencies:

  • dependency-name: shell-quote dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump shell-quote from 1.7.2 to 1.7.3

Bumps shell-quote from 1.7.2 to 1.7.3.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/eventsource-1.1.1
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump eventsource from 1.0.7 to 1.1.1 (#31)

Bumps eventsource from 1.0.7 to 1.1.1.

updated-dependencies:

  • dependency-name: eventsource dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump eventsource from 1.0.7 to 1.1.1

Bumps eventsource from 1.0.7 to 1.1.1.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
delete branch
jasverix/random-name-picker
jasverix delete branch dependabot/npm_and_yarn/async-2.6.4
Created at 2 weeks ago
push
jasverix/random-name-picker
jasverix push jasverix/random-name-picker

Bump async from 2.6.3 to 2.6.4 (#30)

Bumps async from 2.6.3 to 2.6.4.

updated-dependencies:

  • dependency-name: async dependency-type: indirect ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Created at 2 weeks ago
pull request closed
jasverix/random-name-picker
Bump async from 2.6.3 to 2.6.4

Bumps async from 2.6.3 to 2.6.4.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Created at 2 weeks ago
issue comment
bshaffer/oauth2-server-php
upgrade firebase/jwt to v6

This branch now works, but a breaking change is that the TokenStorage is no longer mandatory in JwtAccessToken storage.

Created at 3 weeks ago
push
Uffe-Code/oauth2-server-php
jasverix push Uffe-Code/oauth2-server-php

fix unit-test

Created at 3 weeks ago
push
Uffe-Code/oauth2-server-php
jasverix push Uffe-Code/oauth2-server-php

use token storage to get inital access token to get client_id

Created at 3 weeks ago
issue comment
bshaffer/oauth2-server-php
Firebase/JWT <6 is considered security risk

JwtAccessToken tries to decode the access token without any key to fetch the client_id and that does not work in new FirebaseJwt, it needs the key. I made my own variant in our project that fetches access token from PDO storage to get the client_id and then decodes it. Unsure if it is something that I can commit, as it is a little hacky, and then the JwtAccessToken requires the PDO storage in constructor.

Created at 3 weeks ago