Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Use of a Broken or Risky Cryptographic Algorithm
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 7.7
SNYK-JS-JSONWEBTOKEN-3180020
Why? Recently disclosed, Has a fix available, CVSS 6.5
SNYK-JS-JSONWEBTOKEN-3180022
Why? Recently disclosed, Has a fix available, CVSS 6.5
SNYK-JS-JSONWEBTOKEN-3180024
Why? Recently disclosed, Has a fix available, CVSS 4.8
SNYK-JS-JSONWEBTOKEN-3180026
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express-jwt
The new version differs by 89 commits.- c69a0e4 update changelog
- 2157954 8.0.0
- d8ffa02 upgrade jsonwebtoken to v9
- c555b48 Merge pull request #306 from auth0/SRE-57-Upload-opslevel-yaml
- 172d07c 7.7.7
- f79b001 7.7.6
- 076b3dc remove types for express-unless and update it. closes #307
- 0c87c3a Upload OpsLevel YAML
- f0e41d6 Fix misspelled word in readme
- 45ba2e0 7.7.5
- 139aa05 update express-unless
- 2f99e2d 7.7.4
- 2242f01 update express-unless
- eb50853 update changelog
- c30feb4 7.7.3
- c583fdd Merge branch 'ItzRabbs-master'
- 9ccf0cf Remove esModuleInterop and fix assert import in tests
- e1fe1d2 Fix tsc build error for express-unless
- 7c1fb33 7.7.2
- 6c87fe4 fix instaceof comparison for UnauthorizedError. closes #292
- b1344fa update changelog
- c5f00ea 7.7.1
- 7a02ca7 fix readme and package-lock
- f3f5af5 build(deps): required runtime types
See the full diffPackage name: jsonwebtoken
The new version differs by 17 commits.- e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
- 5eaedbf chore(ci): remove github test actions job (#861)
- cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
- ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
- 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
- 7e6a86b Upload OpsLevel YAML (#849)
- 74d5719 docs: update references vercel/ms references (#770)
- d71e383 docs: document "invalid token" error
- 3765003 docs: fix spelling in README.md: Peak -> Peek (#754)
- a46097e docs: make decode impossible to discover before verify
- 15a1bc4 refactor: make decode non-enumerable
- 5f10bf9 docs: add jwtid to options of jwt.verify (#704)
- 88cb9df Replace tilde-indexOf with includes (#647)
- a6235fa Adds not to README on decoded payload validation (#646)
- 5ed1f06 docs: fix tiny style change in readme (#622)
- 9fb90ca style: add missing semicolon (#641)
- a9e38b8 ci: use circleci (#589)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Use of a Broken or Risky Cryptographic Algorithm