fix(token-vault): replace substring URL matching with strict equality

[ryanbas21]

https://pingidentity.atlassian.net/browse/SDKS-4732

Summary

• Fixes a security vulnerability in evaluateUrlForInterception where .includes() allowed URL allow-list bypass via query parameter injection (e.g. https://evil.com?https://valid.com would match https://valid.com)
• Replaces .includes() with === for exact string comparison
• Removes @forgerock/token-vault from changeset ignore list to enable re-release

Test plan

• Existing tests updated and passing (32/32)
• Added regression test for the exact attack vector from the pen test report
• Added test confirming blob URLs require explicit blob: wildcard patterns
• Verify downstream consumers that intercept blob URLs add explicit blob:https://origin/* patterns

[changeset-bot]

🦋 Changeset detected

Latest commit: 168c723

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@forgerock/token-vault	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 168c723

Command	Status	Duration	Result
nx affected -t build lint test docs e2e-ci	✅ Succeeded	34s	View ↗
nx-cloud record -- nx format:check --verbose	✅ Succeeded	6s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-27 20:55:36 UTC

[pkg-pr-new]

Open in StackBlitz

pnpm add https://pkg.pr.new/ForgeRock/forgerock-javascript-sdk/@forgerock/javascript-sdk@580

pnpm add https://pkg.pr.new/ForgeRock/forgerock-javascript-sdk/@forgerock/ping-protect@580

pnpm add https://pkg.pr.new/ForgeRock/forgerock-javascript-sdk/@forgerock/token-vault@580

commit: 168c723

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 28.52%. Comparing base (04ae8bb) to head (168c723).

Additional details and impacted files

@@             Coverage Diff              @@
##           develop     #580       +/-   ##
============================================
- Coverage    57.14%   28.52%   -28.63%     
============================================
  Files          105       11       -94     
  Lines        31752     1490    -30262     
  Branches      1800       49     -1751     
============================================
- Hits         18145      425    -17720     
+ Misses       13607     1065    -12542     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.