Skip to content
This repository was archived by the owner on Nov 23, 2024. It is now read-only.

[Snyk] Upgrade jsonwebtoken from 8.1.0 to 8.5.1 #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade jsonwebtoken from 8.1.0 to 8.5.1 #10

wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Mar 22, 2023

Snyk has created this PR to upgrade jsonwebtoken from 8.1.0 to 8.5.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 4 years ago, on 2019-03-18.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Uninitialized Memory Exposure
npm:base64url:20180511		 526/1000
Why? Mature exploit, CVSS 7.1		 Mature

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: jsonwebtoken from jsonwebtoken GitHub release notes
Commit messages
Package name: jsonwebtoken
  • 7f1f8b4 8.5.1
  • e5874ae fix: ensure correct PS signing and verification (#585)
  • 84e03ef README: fix markdown for algorithms table
  • 1c0de55 8.5.0
  • eefb9d9 feat: add PS JWA support for applicable node versions (#573)
  • 8737789 Add complete option in jwt.verify (#522)
  • 7b60c12 Force use_strict during testing (#577)
  • 0c24fe6 Fix 'cert' token which isn't a cert (#554)
  • da8f55c ci: remove nsp from tests (#569)
  • 5147852 Add tests for private claims in the payload (#555)
  • 7eebbc7 Refactor tests related to jti and jwtid (#544)
  • 86334aa 8.4.0
  • e7938f0 Add verify option for nonce validation (#540)
  • 0268813 devDeps: [email protected] (#539)
  • dc89a64 Edited the README.md to make certain parts of the document for the api easier to read, emphasizing the examples. (#548)
  • 8864542 Refactor tests related to kid and keyid (#545)
  • 0906a3f Refactor tests related to iss and issuer (#543)
  • 1956c40 Update README.md (#538)
  • 7f9604a Fixed error message when empty string passed as expiresIn or notBefore option (#531)
  • cfd1079 Updating Node version in Engines spec in package.json (#528)
  • 1c8ff5a Implement async/sync tests for the aud claim (#535)
  • 88bc965 Implement async/sync tests for nbf claim (#537)
  • 9ae3f20 Implement async/sync tests for exp claim (#536)
  • 342b07b Implement async/sync tests for sub claim (#534)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot