search

IBM / mixed-migration-forecasting

Forecasting mixed migration for the Danish Refugee Council.
Apache License 2.0
11 stars 15 forks source link

Bump jsonwebtoken and ibmcloud-appid in /ui #21

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps jsonwebtoken to 9.0.0 and updates ancestor dependency ibmcloud-appid. These dependencies need to be updated together.

Updates jsonwebtoken from 8.5.1 to 9.0.0

Changelog

Sourced from jsonwebtoken's changelog.

9.0.0 - 2022-12-21

Breaking changes: See Migration from v8 to v9

Breaking changes

Security fixes

  • security: fixes Arbitrary File Write via verify function - CVE-2022-23529
  • security: fixes Insecure default algorithm in jwt.verify() could lead to signature validation bypass - CVE-2022-23540
  • security: fixes Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - CVE-2022-23541
  • security: fixes Unrestricted key type could lead to legacy keys usage - CVE-2022-23539
Commits
  • e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
  • 5eaedbf chore(ci): remove github test actions job (#861)
  • cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
  • ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secr...
  • 8345030 fix(sign&verify)!: Remove default none support from sign and verify met...
  • 7e6a86b Upload OpsLevel YAML (#849)
  • 74d5719 docs: update references vercel/ms references (#770)
  • d71e383 docs: document "invalid token" error
  • 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
  • a46097e docs: make decode impossible to discover before verify
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by julien.wollscheid, a new releaser for jsonwebtoken since your current version.


Updates ibmcloud-appid from 6.1.0 to 6.3.1

Release notes

Sourced from ibmcloud-appid's releases.

6.3.1

6.3.1 (2023-01-05)

Bug Fixes

  • package.json: updating json webtoken to v9 (6435045), closes #286

6.3.0

6.3.0 (2022-12-20)

Features

  • add typescript support: - Update Dependencies (585b140)

6.2.7

6.2.7 (2022-12-14)

Bug Fixes

  • 🐛 Fixing version number (8f17ee1)
  • 🐛 Upgrade from vulnerable passport version to v6.0 (d0b54c6)

6.2.6

6.2.6 (2022-06-28)

Bug Fixes

  • 🐛 Bump GotJS from 11.8.3 to 11.8.5 (084cc50)

6.2.5

6.2.5 (2022-03-07)

Bug Fixes

  • package.json: bump GotJS from v9.6 to v11.8 (17328e3)
  • request-util.js: handle the Request Body for DELETE method (e35f145)

6.2.4

6.2.4 (2022-02-04)

Bug Fixes

  • package.json: update eslint dependency (98d97dc)
  • package.json: update eslint dependency (79c7caa)

... (truncated)

Commits
  • 82e30ed Merge pull request #290 from ibm-cloud-security/development
  • d39ef7d Merge branch 'master' into development
  • bc866d1 Merge pull request #289 from ibm-cloud-security/update-jsonwebtoken-to-v9
  • af73325 Add minimum node version
  • 4873b49 Merge pull request #288 from ibm-cloud-security/update-jsonwebtoken-to-v9
  • 6435045 fix(package.json): updating json webtoken to v9
  • e634a54 Merge pull request #285 from ibm-cloud-security/development
  • 7c12cc5 Merge pull request #284 from ibm-cloud-security/update-version-number-6-3
  • e7c9e3c Update package version number to 6.3
  • 711d26a Merge pull request #283 from ibm-cloud-security/development
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ibm-cloud-appid, a new releaser for ibmcloud-appid since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/IBM/mixed-migration-forecasting/network/alerts).